Analysis
-
max time kernel
1395306s -
max time network
95s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
17-08-2021 08:10
Static task
static1
Behavioral task
behavioral1
Sample
c9254f055d63b3dfd1ca483d8e671a13c7b53453f7eacf8f2b135964e862442c.apk
Resource
android-x64-arm64
0 signatures
0 seconds
General
-
Target
c9254f055d63b3dfd1ca483d8e671a13c7b53453f7eacf8f2b135964e862442c.apk
-
Size
3.4MB
-
MD5
026ee5db94dde3b029a12bcad30ca4fe
-
SHA1
3f78a5d7dd08f5beb4668e60fef80030a2662b0a
-
SHA256
c9254f055d63b3dfd1ca483d8e671a13c7b53453f7eacf8f2b135964e862442c
-
SHA512
1182919a0110f970ed1916d1d8d357a3e03dbfd67946444c1398dc4a340236c4ab4c4bcc049cf0cf9e2984dadd4b9b312c5723dc7fcf209cfe9d96ec67b75c97
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 2 IoCs
resource yara_rule behavioral1/files/4101-1.dat family_flubot behavioral1/memory/4101-2.dex family_flubot -
Loads dropped Dex/Jar 4 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/kiunb.trvh4j.refyyhv/app_apkprotector_dex/classes-v1.bin 4101 kiunb.trvh4j.refyyhv /data/user/0/kiunb.trvh4j.refyyhv/app_apkprotector_dex/classes-v1.bin 4101 kiunb.trvh4j.refyyhv /data/user/0/kiunb.trvh4j.refyyhv/app_ded/B3xwDWwUJigASlUensdiO2l66ca1HPk8.dex 4101 kiunb.trvh4j.refyyhv /data/user/0/kiunb.trvh4j.refyyhv/app_ded/B3xwDWwUJigASlUensdiO2l66ca1HPk8.dex 4101 kiunb.trvh4j.refyyhv -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal kiunb.trvh4j.refyyhv -
Uses reflection 54 IoCs
description pid Process Acesses field android.os.Build.BOARD 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.BOARD 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.BOOTLOADER 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.BOOTLOADER 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.BRAND 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.BRAND 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.CPU_ABI 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.CPU_ABI 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.CPU_ABI2 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.CPU_ABI2 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.DEVICE 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.DEVICE 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.DISPLAY 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.DISPLAY 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.FINGERPRINT 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.FINGERPRINT 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.HARDWARE 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.HARDWARE 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.HOST 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.HOST 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.ID 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.ID 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.IS_DEBUGGABLE 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.IS_DEBUGGABLE 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.IS_EMULATOR 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.IS_EMULATOR 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.MANUFACTURER 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.MANUFACTURER 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.MODEL 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.MODEL 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.PERMISSIONS_REVIEW_REQUIRED 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.PERMISSIONS_REVIEW_REQUIRED 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.PRODUCT 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.PRODUCT 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.RADIO 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.RADIO 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.SERIAL 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.SERIAL 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.SUPPORTED_32_BIT_ABIS 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.SUPPORTED_32_BIT_ABIS 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.SUPPORTED_64_BIT_ABIS 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.SUPPORTED_64_BIT_ABIS 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.SUPPORTED_ABIS 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.SUPPORTED_ABIS 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.TAGS 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.TAGS 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.TIME 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.TIME 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.TYPE 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.TYPE 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.UNKNOWN 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.UNKNOWN 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.USER 4101 kiunb.trvh4j.refyyhv Acesses field android.os.Build.USER 4101 kiunb.trvh4j.refyyhv