Resubmissions
13-08-2021 14:18
210813-a2lr1cn6vs 7Analysis
-
max time kernel
1410232s -
platform
android_x86 -
resource
android-x86-arm -
submitted
17-08-2021 11:08
Static task
static1
Behavioral task
behavioral1
Sample
a0181864eed9294cac0d278fa0eadabe68b3adb333eeb2e26cc082836f82489d.apk
Resource
android-x86-arm
Behavioral task
behavioral2
Sample
a0181864eed9294cac0d278fa0eadabe68b3adb333eeb2e26cc082836f82489d.apk
Resource
android-x64-arm64
Behavioral task
behavioral3
Sample
a0181864eed9294cac0d278fa0eadabe68b3adb333eeb2e26cc082836f82489d.apk
Resource
android-x64
General
-
Target
a0181864eed9294cac0d278fa0eadabe68b3adb333eeb2e26cc082836f82489d.apk
-
Size
3.8MB
-
MD5
c23426edaf37a2fc6fc3a6e5daa17bfa
-
SHA1
a362e1aaf8bc7a7491b10eab252c3b7ee8532a46
-
SHA256
a0181864eed9294cac0d278fa0eadabe68b3adb333eeb2e26cc082836f82489d
-
SHA512
98b78e62a63d87ddc55722658e85acb5f9ba4b792578ca8868e8214e04f4336e9728bec2c386b6afbac4f2183f8232d6e958b215c5c0948746f4254d32ffa2ff
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 2 IoCs
resource yara_rule behavioral1/files/5011-3.dat family_flubot behavioral1/memory/5011-0.dex family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zip 5039 /system/bin/dex2oat /data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zip 5011 com.didiglobal.passenger -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.didiglobal.passenger -
Uses reflection 1 IoCs
description pid Process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 5011 com.didiglobal.passenger