Analysis
-
max time kernel
1314768s -
platform
android_x86 -
resource
android-x86-arm -
submitted
16-08-2021 09:46
Static task
static1
Behavioral task
behavioral1
Sample
9db3104f47dbba8f876dc5a53c069df93054878e8f247caeb2d9646e973538d7.apk
Resource
android-x86-arm
0 signatures
0 seconds
General
-
Target
9db3104f47dbba8f876dc5a53c069df93054878e8f247caeb2d9646e973538d7.apk
-
Size
3.8MB
-
MD5
8ac0d7105f2b024a28c370a39900577c
-
SHA1
1931a89223f875ea4ca8fe1b104b6d0d9ce3e776
-
SHA256
9db3104f47dbba8f876dc5a53c069df93054878e8f247caeb2d9646e973538d7
-
SHA512
70608b3f5730a3e94df863eeef7e630a05c1c8758aff890832a914c4c6a0ec0b2701776afc32ab1acaae3dff2521be02a91d70fb8e8936c297c16168add878cd
Score
10/10
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
resource yara_rule behavioral1/files/4740-3.dat family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.iqiyi.i18n/code_cache/secondary-dexes/base.apk.classes1.zip 4782 /system/bin/dex2oat /data/user/0/com.iqiyi.i18n/code_cache/secondary-dexes/base.apk.classes1.zip 4740 com.iqiyi.i18n -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.iqiyi.i18n -
Uses reflection 2 IoCs
description pid Process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 4740 com.iqiyi.i18n Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4740 com.iqiyi.i18n