Analysis
-
max time kernel
1306990s -
platform
android_x86 -
resource
android-x86-arm -
submitted
16-08-2021 07:36
Static task
static1
Behavioral task
behavioral1
Sample
4284116e1f74c5046cdbdb070408f3e5bf8053485458750a917e776452dabf39.apk
Resource
android-x86-arm
0 signatures
0 seconds
General
-
Target
4284116e1f74c5046cdbdb070408f3e5bf8053485458750a917e776452dabf39.apk
-
Size
3.8MB
-
MD5
b5944c20866362c18851a2600e509aa2
-
SHA1
da92ba8fd43ffe3e0c14c6c9479b055365a490af
-
SHA256
4284116e1f74c5046cdbdb070408f3e5bf8053485458750a917e776452dabf39
-
SHA512
89a798ae5580a578d0a3ac7dc31b96b781c2879d840b15bbbb81bc20ac88218eda42dfb0ee87b63cc07afa7d322b20fcee70f2e85769fb2540091f0c989f66b1
Score
10/10
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
resource yara_rule behavioral1/files/4965-3.dat family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zip 4996 /system/bin/dex2oat /data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zip 4965 com.didiglobal.passenger -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.didiglobal.passenger -
Uses reflection 2 IoCs
description pid Process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 4965 com.didiglobal.passenger Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4965 com.didiglobal.passenger