Analysis

  • max time kernel
    1584117s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    19-08-2021 12:35

General

  • Target

    aa177271503b0d4c7c56455246efa9c2a92569ffff71dd77ee41ab91ff3c601d.apk

  • Size

    3.8MB

  • MD5

    192ff2065a83cfd424e8c928fb62d32d

  • SHA1

    7d6d151f31eab81432a563f0c73dfb1496f40b3e

  • SHA256

    aa177271503b0d4c7c56455246efa9c2a92569ffff71dd77ee41ab91ff3c601d

  • SHA512

    c8a1d822f4a181efd22c8c3a030d69cc1aebe122308434aba0f49c51825811f8162f8bca1e610b301365bba2209466943cef9d018265bac608c63c4b3edef834

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Uses reflection 2 IoCs

Processes

  • com.didiglobal.passenger
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Uses reflection
    PID:4989
    • com.didiglobal.passenger
      2⤵
        PID:5019
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:5019

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads