Analysis

  • max time kernel
    1496878s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    18-08-2021 12:21

General

  • Target

    d0ecde777a6805e6b63c8dd082bff71dd3434aab42271ff417971905f77d3a33.apk

  • Size

    3.8MB

  • MD5

    13c86a76e18948c447b4f0b569697127

  • SHA1

    e3756af4102c92daa5b829b5c60da53815dfb01a

  • SHA256

    d0ecde777a6805e6b63c8dd082bff71dd3434aab42271ff417971905f77d3a33

  • SHA512

    f5c401b4c33b39e3ffef29a98b4bcffcf52b05d4edaa3d85f347b14185ae92e12b8fa40fb564ed7770851a4de4ee590e896e95a05badff425c9e6cd3ddb1bf77

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Uses reflection 2 IoCs

Processes

  • com.xunmeng.pinduoduo
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Uses reflection
    PID:4972
    • com.xunmeng.pinduoduo
      2⤵
        PID:5003
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:5003

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads