Analysis

  • max time kernel
    1309725s
  • max time network
    167s
  • platform
    android_x64
  • resource
    android-x64
  • submitted
    16-08-2021 08:22

General

  • Target

    fccdbb621e56f9671fa7917168db2c238b76d37ae00ecae9f8a1d95c49e9c7a7.apk

  • Size

    1.9MB

  • MD5

    77f451c5cd7e3b832f487e6b96b61f8d

  • SHA1

    dedaf00e5888c8afe382379dd119668a46c02505

  • SHA256

    fccdbb621e56f9671fa7917168db2c238b76d37ae00ecae9f8a1d95c49e9c7a7

  • SHA512

    d2e074a447a338650f151f57e2d43fd61860c644fafe9d0c13950c3776bc5a969e351b408dc91d581ded94f9b5ffb6d9c4145959cd86ffc78f8bdc561be06e3e

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
  • Uses reflection 64 IoCs

Processes

  • com.xunmeng.pinduoduo
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Uses Crypto APIs (Might try to encrypt user data).
    • Uses reflection
    PID:3665

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads