Analysis
-
max time kernel
1395377s -
max time network
81s -
platform
android_x64 -
resource
android-x64 -
submitted
17-08-2021 08:10
Static task
static1
Behavioral task
behavioral1
Sample
2645dfecebb9ee68e9ad3cd24ceab8a4b104f3a8442a7fd74eaebef5da56e261.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
2645dfecebb9ee68e9ad3cd24ceab8a4b104f3a8442a7fd74eaebef5da56e261.apk
-
Size
2.6MB
-
MD5
8f1f347209edd6964a647222bab33ee3
-
SHA1
b93dc8285543912e56b87a4e89f87980d2f734ff
-
SHA256
2645dfecebb9ee68e9ad3cd24ceab8a4b104f3a8442a7fd74eaebef5da56e261
-
SHA512
3be110e74ea28a4d7903f22202328743cff1c14b96fa771420acc5eab9a21f6ef58ea31103ef6e03a92b7aa114db2a2a5f5f0ba119c583e71aa91f316c43ef40
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 2 IoCs
resource yara_rule behavioral1/files/3652-0.dat family_flubot behavioral1/memory/3652-1.dex family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.tencent.mobileqq/app_apkprotector_dex/6PRc77Y5.art 3652 com.tencent.mobileqq /data/user/0/com.tencent.mobileqq/app_apkprotector_dex/6PRc77Y5.art 3652 com.tencent.mobileqq -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.tencent.mobileqq -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.tencent.mobileqq -
Uses reflection 1 IoCs
description pid Process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 3652 com.tencent.mobileqq