Analysis

  • max time kernel
    1314768s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    16-08-2021 09:46

General

  • Target

    9db3104f47dbba8f876dc5a53c069df93054878e8f247caeb2d9646e973538d7.apk

  • Size

    3.8MB

  • MD5

    8ac0d7105f2b024a28c370a39900577c

  • SHA1

    1931a89223f875ea4ca8fe1b104b6d0d9ce3e776

  • SHA256

    9db3104f47dbba8f876dc5a53c069df93054878e8f247caeb2d9646e973538d7

  • SHA512

    70608b3f5730a3e94df863eeef7e630a05c1c8758aff890832a914c4c6a0ec0b2701776afc32ab1acaae3dff2521be02a91d70fb8e8936c297c16168add878cd

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Uses reflection 2 IoCs

Processes

  • com.iqiyi.i18n
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Uses reflection
    PID:4740
    • com.iqiyi.i18n
      2⤵
        PID:4782
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:4782

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads