Analysis

  • max time kernel
    1650578s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    20-08-2021 07:03

General

  • Target

    354257dc6e4704844cb01aa811ce141358cd49e7c523f717bb43b6a3a099fb89.apk

  • Size

    4.2MB

  • MD5

    d1ea36bee71908d2c649d88a130a732c

  • SHA1

    41d1610c393ea0336793c886e10b193e8c90f3b7

  • SHA256

    354257dc6e4704844cb01aa811ce141358cd49e7c523f717bb43b6a3a099fb89

  • SHA512

    439f9f214a2a5a7fe00bbd8a375f350daa0f014d33590c6f73c854b056ff0d957d522b0660a0c6dd1997094349d7a066e5be59c51adc38d695df8bc2d3574a54

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Uses reflection 2 IoCs

Processes

  • com.autonavi.minimap
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Uses reflection
    PID:4691
    • com.autonavi.minimap
      2⤵
        PID:4735
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:4735

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads