Analysis
-
max time kernel
1393010s -
platform
android_x86 -
resource
android-x86-arm -
submitted
17-08-2021 07:30
Static task
static1
Behavioral task
behavioral1
Sample
34c9c73ff73d72986f4e77534aa4496319c7bae59115501bfde127fbf2ddce63.apk
Resource
android-x86-arm
0 signatures
0 seconds
General
-
Target
34c9c73ff73d72986f4e77534aa4496319c7bae59115501bfde127fbf2ddce63.apk
-
Size
3.0MB
-
MD5
5393bb1c24405ecb0c5dd7f099d5ba7a
-
SHA1
ee101e62bacb603ebca543d7b059fa73f65afecd
-
SHA256
34c9c73ff73d72986f4e77534aa4496319c7bae59115501bfde127fbf2ddce63
-
SHA512
bcf66ec29404ee3e35523c0edc3402f7e756ce0c1d53d84559d494def1a0b02db052a4c19cfa59a7fb67d543cfb78c8be19f8a380a53cc45be8499a5d5b53d91
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 2 IoCs
resource yara_rule behavioral1/memory/4979-0.dex family_flubot behavioral1/files/4979-2.dat family_flubot -
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.bilibili.app.in/app_apkprotector_dex/SwjiZZV0.nfs 4979 com.bilibili.app.in /data/user/0/com.bilibili.app.in/app_apkprotector_dex/SwjiZZV0.nfs 5005 /system/bin/dex2oat /data/user/0/com.bilibili.app.in/app_apkprotector_dex/SwjiZZV0.nfs 4979 com.bilibili.app.in -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.bilibili.app.in -
Uses reflection 1 IoCs
description pid Process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 4979 com.bilibili.app.in