Analysis
-
max time kernel
1496878s -
platform
android_x86 -
resource
android-x86-arm -
submitted
18-08-2021 12:21
Static task
static1
Behavioral task
behavioral1
Sample
d0ecde777a6805e6b63c8dd082bff71dd3434aab42271ff417971905f77d3a33.apk
Resource
android-x86-arm
0 signatures
0 seconds
General
-
Target
d0ecde777a6805e6b63c8dd082bff71dd3434aab42271ff417971905f77d3a33.apk
-
Size
3.8MB
-
MD5
13c86a76e18948c447b4f0b569697127
-
SHA1
e3756af4102c92daa5b829b5c60da53815dfb01a
-
SHA256
d0ecde777a6805e6b63c8dd082bff71dd3434aab42271ff417971905f77d3a33
-
SHA512
f5c401b4c33b39e3ffef29a98b4bcffcf52b05d4edaa3d85f347b14185ae92e12b8fa40fb564ed7770851a4de4ee590e896e95a05badff425c9e6cd3ddb1bf77
Score
10/10
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
resource yara_rule behavioral1/files/4972-3.dat family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.xunmeng.pinduoduo/code_cache/secondary-dexes/base.apk.classes1.zip 5003 /system/bin/dex2oat /data/user/0/com.xunmeng.pinduoduo/code_cache/secondary-dexes/base.apk.classes1.zip 4972 com.xunmeng.pinduoduo -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.xunmeng.pinduoduo -
Uses reflection 2 IoCs
description pid Process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 4972 com.xunmeng.pinduoduo Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4972 com.xunmeng.pinduoduo