Analysis

  • max time kernel
    978445s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    12-08-2021 12:21

General

  • Target

    f69231c51bc535cd517d48a5269f794c7edacb38c24ce323b2716033fa1310a8.apk

  • Size

    3.8MB

  • MD5

    fd2d6e7a510a9494bb4ae0bbebcad66e

  • SHA1

    e9ad5867ac97d6bef3dc02a02e256114489f213f

  • SHA256

    f69231c51bc535cd517d48a5269f794c7edacb38c24ce323b2716033fa1310a8

  • SHA512

    d094208e4fc61317814ee82ee5f2e197c4656aa01ca455149dcbd8d3c4018e09127e76c7b9b068a436752a24001e929c1580b5e09534fb7dca897340865e2d8e

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses reflection 1 IoCs

Processes

  • com.iqiyi.i18n
    1⤵
    • Loads dropped Dex/Jar
    • Uses reflection
    PID:5005
    • com.iqiyi.i18n
      2⤵
        PID:5034
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:5034

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads