Analysis

  • max time kernel
    1392958s
  • max time network
    125s
  • platform
    android_x64
  • resource
    android-x64
  • submitted
    17-08-2021 07:30

General

  • Target

    6095140ebd9bd139530107f1eb4e50a8f023dada2e2d2f1845fbe1500c8de1b8.apk

  • Size

    3.4MB

  • MD5

    86c5bf8ab902bb70d6a9b79f16300cd9

  • SHA1

    fce44fe1b2f27d8bfb94e7aef20795e96915e7e0

  • SHA256

    6095140ebd9bd139530107f1eb4e50a8f023dada2e2d2f1845fbe1500c8de1b8

  • SHA512

    1987ae59a3f6e86e8f8ff0fe4732992ab0dd50b95b63da2f28ca05fce37e1621f4623191f9f75886b0f3fb5e897c776781a0cce0b78fe1b787f1dceb6e09e5e9

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Reads name of network operator 1 IoCs

    Uses Android APIs to discover system information.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
  • Uses reflection 37 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Reads name of network operator
    • Uses Crypto APIs (Might try to encrypt user data).
    • Uses reflection
    PID:3593

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads