Analysis
-
max time kernel
1393157s -
max time network
137s -
platform
android_x64 -
resource
android-x64 -
submitted
17-08-2021 07:33
Static task
static1
Behavioral task
behavioral1
Sample
902f4da6eb79de1975a2068b527e552be05004875752e6539d58a6f35a2b08ee.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
902f4da6eb79de1975a2068b527e552be05004875752e6539d58a6f35a2b08ee.apk
-
Size
3.3MB
-
MD5
169e5fb504afb803ca683b149983a11a
-
SHA1
d43142ca01344aecfc682fbc371f802e5fdcb9e4
-
SHA256
902f4da6eb79de1975a2068b527e552be05004875752e6539d58a6f35a2b08ee
-
SHA512
c06215e0c84ee0f1e6439305fda9d2d7fae6e2877f91ad8e060e256261ee34826ce520674e45d91b7612de6f14cecd8a8bb1dde7150d5f7c20ce99611788eeff
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
resource yara_rule behavioral1/files/3608-3.dat family_flubot -
Loads dropped Dex/Jar 6 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.cn.sppeds/cache/src8433375789001741248/dp.kotlin-v1.lua.mph 3608 com.cn.sppeds /data/user/0/com.cn.sppeds/cache/src8433375789001741248/dp.kotlin-v1.lua.mph 3608 com.cn.sppeds /data/user/0/com.cn.sppeds/app_apkprotector_dex/classes-v1.bin 3608 com.cn.sppeds /data/user/0/com.cn.sppeds/app_apkprotector_dex/classes-v1.bin 3608 com.cn.sppeds /data/user/0/com.cn.sppeds/app_ded/cBL1vZLdSpcXTY5g5qrZnKXXtieBd3hl.dex 3608 com.cn.sppeds /data/user/0/com.cn.sppeds/app_ded/cBL1vZLdSpcXTY5g5qrZnKXXtieBd3hl.dex 3608 com.cn.sppeds -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.cn.sppeds -
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
description ioc Process Framework API call android.telephony.TelephonyManager.getNetworkOperatorName com.cn.sppeds -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.cn.sppeds -
Uses reflection 64 IoCs
description pid Process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 3608 com.cn.sppeds Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3608 com.cn.sppeds