Analysis

  • max time kernel
    1403458s
  • max time network
    117s
  • platform
    android_x64
  • resource
    android-x64
  • submitted
    17-08-2021 10:25

General

  • Target

    991fa28524eeda6f8fe3430c1d44a7ef42c4240c275e630548e2eda73789b469.apk

  • Size

    4.2MB

  • MD5

    4b987acb7d22fe3a094e2d04e584201d

  • SHA1

    b27810fdf72bda52b82de0122299ecb5ebf45ba9

  • SHA256

    991fa28524eeda6f8fe3430c1d44a7ef42c4240c275e630548e2eda73789b469

  • SHA512

    74263fd9143ca6b5fff707413c9588628f54132c00569f21ab3f3e16cc9a0cacd57de3f01b8ec55ebd51b0cb397549cacc684af1f2d7df0e8f64a8d14e9ac5dc

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Reads name of network operator 1 IoCs

    Uses Android APIs to discover system information.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
  • Uses reflection 15 IoCs

Processes

  • com.tencent.mobileqq
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Reads name of network operator
    • Uses Crypto APIs (Might try to encrypt user data).
    • Uses reflection
    PID:3593

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads