Analysis

  • max time kernel
    1395306s
  • max time network
    95s
  • platform
    android_x64
  • resource
    android-x64-arm64
  • submitted
    17-08-2021 08:10

General

  • Target

    c9254f055d63b3dfd1ca483d8e671a13c7b53453f7eacf8f2b135964e862442c.apk

  • Size

    3.4MB

  • MD5

    026ee5db94dde3b029a12bcad30ca4fe

  • SHA1

    3f78a5d7dd08f5beb4668e60fef80030a2662b0a

  • SHA256

    c9254f055d63b3dfd1ca483d8e671a13c7b53453f7eacf8f2b135964e862442c

  • SHA512

    1182919a0110f970ed1916d1d8d357a3e03dbfd67946444c1398dc4a340236c4ab4c4bcc049cf0cf9e2984dadd4b9b312c5723dc7fcf209cfe9d96ec67b75c97

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 2 IoCs
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
  • Uses reflection 54 IoCs

Processes

  • kiunb.trvh4j.refyyhv
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    • Uses reflection
    PID:4101

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads