Analysis

  • max time kernel
    1051715s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-arm64
  • submitted
    13-08-2021 08:42

General

  • Target

    7d8ecd35868f24d7ebe3b0c3a3d234b4a4451e5b5c0675220e561026963ccd4f.apk

  • Size

    4.9MB

  • MD5

    3a7abc95848383dafb1457ec6716535a

  • SHA1

    142c7f5587d64f04cbbecf5ea72fe900abf6fbbd

  • SHA256

    7d8ecd35868f24d7ebe3b0c3a3d234b4a4451e5b5c0675220e561026963ccd4f

  • SHA512

    09acc8888fe61f05a0ec93ad3dae16d21b1a4a0c05188376c18000171b430f8064193eeee1ed209119f3df6ad93a9b69630788362c264363e9d7e2a0b1044a1f

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Reads name of network operator 1 IoCs

    Uses Android APIs to discover system information.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
  • Uses reflection 11 IoCs

Processes

  • slight.glare.rail
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Reads name of network operator
    • Uses Crypto APIs (Might try to encrypt user data).
    • Uses reflection
    PID:3852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads