Analysis
-
max time kernel
1650578s -
platform
android_x86 -
resource
android-x86-arm -
submitted
20-08-2021 07:03
Static task
static1
Behavioral task
behavioral1
Sample
354257dc6e4704844cb01aa811ce141358cd49e7c523f717bb43b6a3a099fb89.apk
Resource
android-x86-arm
0 signatures
0 seconds
General
-
Target
354257dc6e4704844cb01aa811ce141358cd49e7c523f717bb43b6a3a099fb89.apk
-
Size
4.2MB
-
MD5
d1ea36bee71908d2c649d88a130a732c
-
SHA1
41d1610c393ea0336793c886e10b193e8c90f3b7
-
SHA256
354257dc6e4704844cb01aa811ce141358cd49e7c523f717bb43b6a3a099fb89
-
SHA512
439f9f214a2a5a7fe00bbd8a375f350daa0f014d33590c6f73c854b056ff0d957d522b0660a0c6dd1997094349d7a066e5be59c51adc38d695df8bc2d3574a54
Score
10/10
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 2 IoCs
resource yara_rule behavioral1/files/4691-3.dat family_flubot behavioral1/memory/4691-0.dex family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.autonavi.minimap/code_cache/secondary-dexes/base.apk.classes1.zip 4735 /system/bin/dex2oat /data/user/0/com.autonavi.minimap/code_cache/secondary-dexes/base.apk.classes1.zip 4691 com.autonavi.minimap -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.autonavi.minimap -
Uses reflection 2 IoCs
description pid Process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 4691 com.autonavi.minimap Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4691 com.autonavi.minimap