Analysis

  • max time kernel
    1306990s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    16-08-2021 07:36

General

  • Target

    4284116e1f74c5046cdbdb070408f3e5bf8053485458750a917e776452dabf39.apk

  • Size

    3.8MB

  • MD5

    b5944c20866362c18851a2600e509aa2

  • SHA1

    da92ba8fd43ffe3e0c14c6c9479b055365a490af

  • SHA256

    4284116e1f74c5046cdbdb070408f3e5bf8053485458750a917e776452dabf39

  • SHA512

    89a798ae5580a578d0a3ac7dc31b96b781c2879d840b15bbbb81bc20ac88218eda42dfb0ee87b63cc07afa7d322b20fcee70f2e85769fb2540091f0c989f66b1

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Uses reflection 2 IoCs

Processes

  • com.didiglobal.passenger
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Uses reflection
    PID:4965
    • com.didiglobal.passenger
      2⤵
        PID:4996
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:4996

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads