Analysis
-
max time kernel
1584117s -
platform
android_x86 -
resource
android-x86-arm -
submitted
19-08-2021 12:35
Static task
static1
Behavioral task
behavioral1
Sample
aa177271503b0d4c7c56455246efa9c2a92569ffff71dd77ee41ab91ff3c601d.apk
Resource
android-x86-arm
0 signatures
0 seconds
General
-
Target
aa177271503b0d4c7c56455246efa9c2a92569ffff71dd77ee41ab91ff3c601d.apk
-
Size
3.8MB
-
MD5
192ff2065a83cfd424e8c928fb62d32d
-
SHA1
7d6d151f31eab81432a563f0c73dfb1496f40b3e
-
SHA256
aa177271503b0d4c7c56455246efa9c2a92569ffff71dd77ee41ab91ff3c601d
-
SHA512
c8a1d822f4a181efd22c8c3a030d69cc1aebe122308434aba0f49c51825811f8162f8bca1e610b301365bba2209466943cef9d018265bac608c63c4b3edef834
Score
10/10
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
resource yara_rule behavioral1/files/4989-3.dat family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zip 5019 /system/bin/dex2oat /data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zip 4989 com.didiglobal.passenger -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.didiglobal.passenger -
Uses reflection 2 IoCs
description pid Process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 4989 com.didiglobal.passenger Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4989 com.didiglobal.passenger