Analysis
-
max time kernel
1403458s -
max time network
117s -
platform
android_x64 -
resource
android-x64 -
submitted
17-08-2021 10:25
Static task
static1
Behavioral task
behavioral1
Sample
991fa28524eeda6f8fe3430c1d44a7ef42c4240c275e630548e2eda73789b469.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
991fa28524eeda6f8fe3430c1d44a7ef42c4240c275e630548e2eda73789b469.apk
-
Size
4.2MB
-
MD5
4b987acb7d22fe3a094e2d04e584201d
-
SHA1
b27810fdf72bda52b82de0122299ecb5ebf45ba9
-
SHA256
991fa28524eeda6f8fe3430c1d44a7ef42c4240c275e630548e2eda73789b469
-
SHA512
74263fd9143ca6b5fff707413c9588628f54132c00569f21ab3f3e16cc9a0cacd57de3f01b8ec55ebd51b0cb397549cacc684af1f2d7df0e8f64a8d14e9ac5dc
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 2 IoCs
resource yara_rule behavioral1/files/3593-0.dat family_flubot behavioral1/memory/3593-1.dex family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.tencent.mobileqq/app_DynamicOptDex/btJiFwP.json 3593 com.tencent.mobileqq /data/user/0/com.tencent.mobileqq/app_DynamicOptDex/btJiFwP.json 3593 com.tencent.mobileqq -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.tencent.mobileqq -
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
description ioc Process Framework API call android.telephony.TelephonyManager.getNetworkOperatorName com.tencent.mobileqq -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.tencent.mobileqq -
Uses reflection 15 IoCs
description pid Process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3593 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.tencent.mobileqq