Analysis Overview
SHA256
a0181864eed9294cac0d278fa0eadabe68b3adb333eeb2e26cc082836f82489d
Threat Level: Known bad
The file a0181864eed9294cac0d278fa0eadabe68b3adb333eeb2e26cc082836f82489d was found to be: Known bad.
Malicious Activity Summary
FluBot
FluBot Payload
Requests dangerous framework permissions
Requests enabling of the accessibility settings.
Loads dropped Dex/Jar
Uses reflection
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-08-17 11:08
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-08-17 11:08
Reported
2021-08-17 12:20
Platform
android-x86-arm
Max time kernel
1410232s
Command Line
Signatures
FluBot
FluBot Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
| N/A | /data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Requests enabling of the accessibility settings.
| Description | Indicator | Process | Target |
| Intent action | android.settings.ACCESSIBILITY_SETTINGS | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows | N/A | N/A | N/A |
Processes
com.didiglobal.passenger
com.didiglobal.passenger
/system/bin/dex2oat
Network
Files
/data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/tmp-base.apk.classes8317233690247608572.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zip.x86.flock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/oat/x86/base.apk.classes1.vdex
| MD5 | 370164212a03953b69d37a50616f1738 |
| SHA1 | b8e4aaf32eed6cebb900864a29f725fe9d2d86c1 |
| SHA256 | 982d38b3502769c6a583fccd898024a23021cbe5332fd87700596caaa1223022 |
| SHA512 | 3540ee9a04ccf2ac695f280f19f47f05b1b86a62383ddabc26aff85dbf4ea07bb3b0cb8380863c427b90d1c60dd88926b5771b03cad01df24c047c1ae5867309 |
/data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex
| MD5 | 25fd6c99341237f25064323d903b4484 |
| SHA1 | a9fc10505cf5cc5defe3f2b680ebcc966676c812 |
| SHA256 | e6ceeb6f10120cb8c8ecf671b6e9d56e96efc5fbf707cb161c1674bafe0c53ea |
| SHA512 | 393ffdaf14ca41134302e1b9c84b750ae18f694b9493ccabf2553a7d683300aec1ef52c129466f5c93d333f56933077f6c84aed9fae59991da8dc6849ccf9dde |
/data/user/0/com.didiglobal.passenger/shared_prefs/multidex.version.xml
| MD5 | a641000d8050599d08ee4bab047d9f9b |
| SHA1 | 4cd57ff9e4050f236b03f1fb450a9658af17e301 |
| SHA256 | 7d3263345bfb656d80f224a7c558fe4ebb3559858fc741c2436a0c6b8494b2d6 |
| SHA512 | 1c01a5568cbc0edead12e5be2285cc0c0030456da573c3e79bdbf2df55c02bc35833d2127d05a3a862741740aac658c7d715f5513ea7bff30231dd5a6ad528d9 |
/data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | 79992f0852cb9aa77c086c2c8a4b89ba |
| SHA1 | 58645d7ba402abf54a1045e209a9257c83d8640e |
| SHA256 | 18c71efffdbe40af161c649f2ce03ade10f9e7f4079efea6480617bc024c2f9d |
| SHA512 | ee08b7e30010d8e0873499c35fac29b0e817ced6720220175e4b55679e72cd791d74524d435e95c15ad11fb00f1b389a8d3e16181e715432784e9377ec21b667 |
/data/user/0/com.didiglobal.passenger/shared_prefs/Voicemail.xml
| MD5 | 28757d3945c932c125fe4a28a6ac4034 |
| SHA1 | 5bf9292f3b887ffbc7aba79fd25c430709d6f496 |
| SHA256 | b073e6ba02cb6078d79e7c1d5fd5e50c9ec128621065b7870811a4ff71e0d64e |
| SHA512 | 43960c7b9cfa271633ad27e59e707cb536bd7b5d7d6c90fe30bf53237454efd53dfe84d56a87e9a6de55d60a9aa10a68d374c1974031dd723a693ee6ee4ce78f |
Analysis: behavioral2
Detonation Overview
Submitted
2021-08-17 11:08
Reported
2021-08-17 12:20
Platform
android-x64-arm64
Max time kernel
1410227s
Max time network
315s
Command Line
Signatures
FluBot
FluBot Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows | N/A | N/A | N/A |
Processes
com.didiglobal.passenger
Network
| Country | Destination | Domain | Proto |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 172.217.16.228:443 | udp | |
| N/A | 216.239.35.0:123 | time.android.com | udp |
| N/A | 172.217.169.74:443 | udp | |
| N/A | 172.217.169.74:443 | udp | |
| N/A | 172.217.16.238:443 | udp | |
| N/A | 142.250.187.232:443 | tcp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 142.250.180.3:443 | udp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 1.1.1.1:853 | tcp |
Files
/data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/tmp-base.apk.classes5229399370719062229.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | 225a4f4ef23e049c8eeef4d9188e5559 |
| SHA1 | c9bce30752acf148b0941e187ccf94bd9b410004 |
| SHA256 | e2c47c6eaca1f0b8454ec5091a37000e351b1565c20636e30b209d0cbf1de077 |
| SHA512 | 615d9d1ffc81728a0b5c4f77ef20444f563aa6c81aaaacce3286f99f1c76d737da63750110fb3cf78c187d800d9116c261ac6c26b7038e5cfe33e741f936b0d7 |
/data/user/0/com.didiglobal.passenger/shared_prefs/multidex.version.xml
| MD5 | 7d3b5d1e51fcbcb28fe42f3a695557cf |
| SHA1 | c77dfb92a2c58a153642b1ddb49343825bc5de3f |
| SHA256 | 6b7bda3ddb157263f196c220e92ae51d54a2e66700766c120d2b4562c71b1081 |
| SHA512 | 7c0d6fb25a7c03cb1aeca519c49cf304e8878dc020c81697734514c0e65ab7af27d40a0e045adc5c846c244d149e26265cff8d61221c97ba209e0a9a1a55a94f |
/data/user/0/com.didiglobal.passenger/shared_prefs/Voicemail.xml
| MD5 | 140b49b6378de59e206ecffb7f37e586 |
| SHA1 | b90eb5ae946e85b55da1c4ca3b4b0509cdb94a2f |
| SHA256 | b55d5c4b61349b3d5afe8ba3a208a3af68841d9a3bfd3b0cf6a5601876fe3011 |
| SHA512 | d4cdf82ce6e2ccd5153cf5210930e14d49b7ea538fbe267ca69df8e8fd92723f6cdd62ac36326ea11ba4a64fa926a2ad7aa2edac77b5fbbc0033b4ab84f6e66f |
Analysis: behavioral3
Detonation Overview
Submitted
2021-08-17 11:08
Reported
2021-08-17 12:20
Platform
android-x64
Max time kernel
1410208s
Max time network
50s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows | N/A | N/A | N/A |
Processes
com.didiglobal.passenger
Network
| Country | Destination | Domain | Proto |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 216.239.35.4:123 | time.android.com | udp |
Files
/data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/tmp-base.apk.classes3090857284597658648.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.didiglobal.passenger/shared_prefs/multidex.version.xml
| MD5 | a61aa170e1621e6e104dd6bc29318cb3 |
| SHA1 | b5202e2ebc214588735f7ca666ab7cbfa6bf062c |
| SHA256 | 9de9672a8da7758d93e7ae7a1e8399050fdda61d193ba8449fa4b3defc1e43f4 |
| SHA512 | a5b987c9e9f03a6327712236e848f05352249fad726902ab27ba6d66a6381bb3d592797197fd7c70d415fe67e7d103a7d7eb980500910d3dd47928f3c1127b7a |
/data/user/0/com.didiglobal.passenger/shared_prefs/Voicemail.xml
| MD5 | dff1368a0af336c1ce0a2a74c46d0a19 |
| SHA1 | 34db6921aeefecd279e6446e65854d61b8aa4aab |
| SHA256 | 2b07ebd25737269e22e823ad49c044398e8382bcd944244118ba4b1950a95779 |
| SHA512 | d35b2a74b4868760f08fa79ada298178ac8d7801b788292b713771f53691167656d9fc2be828077e1c9f013b5132879ee9c36ad38449f51af8c55c0577029f0a |