Analysis
-
max time kernel
1395330s -
max time network
21s -
platform
android_x64 -
resource
android-x64 -
submitted
17-08-2021 08:10
Static task
static1
Behavioral task
behavioral1
Sample
152cd810aa27c2878d7b464e519a4a5be05347933ca2f916b78fa75f2bda1a03.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
152cd810aa27c2878d7b464e519a4a5be05347933ca2f916b78fa75f2bda1a03.apk
-
Size
4.0MB
-
MD5
0bca41c5ad1e7892f35b9a1ccf4606a1
-
SHA1
0edd6af252b424016cc3c8943ecfba0da15203be
-
SHA256
152cd810aa27c2878d7b464e519a4a5be05347933ca2f916b78fa75f2bda1a03
-
SHA512
81af17a406c85aa695d9fbf2383e9910a6a4a7924d21d0bfecac9500a1b8df0ff491baf05aa69131f0abfed067bcc98b0d5f40071df338d83ce665450839fd57
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
resource yara_rule behavioral1/files/3593-0.dat family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.weico.international/app_apkprotector_dex/Glij7UHy.aws 3593 com.weico.international /data/user/0/com.weico.international/app_apkprotector_dex/Glij7UHy.aws 3593 com.weico.international -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.weico.international -
Uses reflection 1 IoCs
description pid Process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 3593 com.weico.international