Analysis
-
max time kernel
1305905s -
max time network
69s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
16-08-2021 07:20
Static task
static1
Behavioral task
behavioral1
Sample
55f479f47852acadd57595f0a08628c13318842633a2a0b94d6bbe45f10d31ef.apk
Resource
android-x64-arm64
0 signatures
0 seconds
General
-
Target
55f479f47852acadd57595f0a08628c13318842633a2a0b94d6bbe45f10d31ef.apk
-
Size
4.6MB
-
MD5
016d5ee98f7773e1d95f60a2393a8a0c
-
SHA1
58266a8c727a531a575d0fd31fdb110a5cc1c083
-
SHA256
55f479f47852acadd57595f0a08628c13318842633a2a0b94d6bbe45f10d31ef
-
SHA512
6248badfc2a5b3af6be435f85baa74bc494745d50f3928c440ab89f0fb571393216e0488c441314281f16c0347a660e0d971621de82e6078c81b63656cd001ae
Score
10/10
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 2 IoCs
resource yara_rule behavioral1/files/4228-0.dat family_flubot behavioral1/memory/4228-2.dex family_flubot -
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.baidu.searchbox/app_apkprotector_dex/fAcKSnrN.kts 4228 com.baidu.searchbox /data/user/0/com.baidu.searchbox/app_apkprotector_dex/fAcKSnrN.kts 4228 com.baidu.searchbox /data/user/0/com.baidu.searchbox/app_apkprotector_dex/fAcKSnrN.kts 4228 com.baidu.searchbox -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.baidu.searchbox