Analysis

  • max time kernel
    1395377s
  • max time network
    81s
  • platform
    android_x64
  • resource
    android-x64
  • submitted
    17-08-2021 08:10

General

  • Target

    2645dfecebb9ee68e9ad3cd24ceab8a4b104f3a8442a7fd74eaebef5da56e261.apk

  • Size

    2.6MB

  • MD5

    8f1f347209edd6964a647222bab33ee3

  • SHA1

    b93dc8285543912e56b87a4e89f87980d2f734ff

  • SHA256

    2645dfecebb9ee68e9ad3cd24ceab8a4b104f3a8442a7fd74eaebef5da56e261

  • SHA512

    3be110e74ea28a4d7903f22202328743cff1c14b96fa771420acc5eab9a21f6ef58ea31103ef6e03a92b7aa114db2a2a5f5f0ba119c583e71aa91f316c43ef40

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
  • Uses reflection 1 IoCs

Processes

  • com.tencent.mobileqq
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Uses Crypto APIs (Might try to encrypt user data).
    • Uses reflection
    PID:3652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads