Analysis

  • max time kernel
    1393157s
  • max time network
    137s
  • platform
    android_x64
  • resource
    android-x64
  • submitted
    17-08-2021 07:33

General

  • Target

    902f4da6eb79de1975a2068b527e552be05004875752e6539d58a6f35a2b08ee.apk

  • Size

    3.3MB

  • MD5

    169e5fb504afb803ca683b149983a11a

  • SHA1

    d43142ca01344aecfc682fbc371f802e5fdcb9e4

  • SHA256

    902f4da6eb79de1975a2068b527e552be05004875752e6539d58a6f35a2b08ee

  • SHA512

    c06215e0c84ee0f1e6439305fda9d2d7fae6e2877f91ad8e060e256261ee34826ce520674e45d91b7612de6f14cecd8a8bb1dde7150d5f7c20ce99611788eeff

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 1 IoCs
  • Loads dropped Dex/Jar 6 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Reads name of network operator 1 IoCs

    Uses Android APIs to discover system information.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
  • Uses reflection 64 IoCs

Processes

  • com.cn.sppeds
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Reads name of network operator
    • Uses Crypto APIs (Might try to encrypt user data).
    • Uses reflection
    PID:3608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads