Analysis

  • max time kernel
    1654583s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    20-08-2021 08:10

General

  • Target

    9248252f4f532bff4378504a8c860266ef490f4cf1de6a4abd9d06a3d84e7b87.apk

  • Size

    3.8MB

  • MD5

    c26fbae02ccb0b579a4026b8562a8b78

  • SHA1

    d232990a4227a5626a52d9590265e83f221993ff

  • SHA256

    9248252f4f532bff4378504a8c860266ef490f4cf1de6a4abd9d06a3d84e7b87

  • SHA512

    59c196ff5bce19e09a80064f00198d1a301d19b05e0582b2d768a10d339e2cb471b4dbe23df3f0ac9506940e72624cc956a711c12cbac7c7ccdcaac42bd7898c

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Uses reflection 2 IoCs

Processes

  • com.baidu.searchbox
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Uses reflection
    PID:4669
    • com.baidu.searchbox
      2⤵
        PID:4708
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:4708

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads