Analysis
-
max time kernel
978719s -
platform
android_x86 -
resource
android-x86-arm -
submitted
12-08-2021 12:25
Static task
static1
Behavioral task
behavioral1
Sample
f69231c51bc535cd517d48a5269f794c7edacb38c24ce323b2716033fa1310a8.apk
Resource
android-x86-arm
0 signatures
0 seconds
General
-
Target
f69231c51bc535cd517d48a5269f794c7edacb38c24ce323b2716033fa1310a8.apk
-
Size
3.8MB
-
MD5
fd2d6e7a510a9494bb4ae0bbebcad66e
-
SHA1
e9ad5867ac97d6bef3dc02a02e256114489f213f
-
SHA256
f69231c51bc535cd517d48a5269f794c7edacb38c24ce323b2716033fa1310a8
-
SHA512
d094208e4fc61317814ee82ee5f2e197c4656aa01ca455149dcbd8d3c4018e09127e76c7b9b068a436752a24001e929c1580b5e09534fb7dca897340865e2d8e
Score
10/10
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
resource yara_rule behavioral1/files/4964-3.dat family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.iqiyi.i18n/code_cache/secondary-dexes/base.apk.classes1.zip 4995 /system/bin/dex2oat /data/user/0/com.iqiyi.i18n/code_cache/secondary-dexes/base.apk.classes1.zip 4964 com.iqiyi.i18n -
Uses reflection 1 IoCs
description pid Process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 4964 com.iqiyi.i18n