Analysis

  • max time kernel
    1393010s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    17-08-2021 07:30

General

  • Target

    34c9c73ff73d72986f4e77534aa4496319c7bae59115501bfde127fbf2ddce63.apk

  • Size

    3.0MB

  • MD5

    5393bb1c24405ecb0c5dd7f099d5ba7a

  • SHA1

    ee101e62bacb603ebca543d7b059fa73f65afecd

  • SHA256

    34c9c73ff73d72986f4e77534aa4496319c7bae59115501bfde127fbf2ddce63

  • SHA512

    bcf66ec29404ee3e35523c0edc3402f7e756ce0c1d53d84559d494def1a0b02db052a4c19cfa59a7fb67d543cfb78c8be19f8a380a53cc45be8499a5d5b53d91

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 2 IoCs
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
  • Uses reflection 1 IoCs

Processes

  • com.bilibili.app.in
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    • Uses reflection
    PID:4979
    • com.bilibili.app.in
      2⤵
        PID:5005
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:5005

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads