Analysis
-
max time kernel
1654583s -
platform
android_x86 -
resource
android-x86-arm -
submitted
20-08-2021 08:10
Static task
static1
Behavioral task
behavioral1
Sample
9248252f4f532bff4378504a8c860266ef490f4cf1de6a4abd9d06a3d84e7b87.apk
Resource
android-x86-arm
0 signatures
0 seconds
General
-
Target
9248252f4f532bff4378504a8c860266ef490f4cf1de6a4abd9d06a3d84e7b87.apk
-
Size
3.8MB
-
MD5
c26fbae02ccb0b579a4026b8562a8b78
-
SHA1
d232990a4227a5626a52d9590265e83f221993ff
-
SHA256
9248252f4f532bff4378504a8c860266ef490f4cf1de6a4abd9d06a3d84e7b87
-
SHA512
59c196ff5bce19e09a80064f00198d1a301d19b05e0582b2d768a10d339e2cb471b4dbe23df3f0ac9506940e72624cc956a711c12cbac7c7ccdcaac42bd7898c
Score
10/10
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
resource yara_rule behavioral1/files/4669-3.dat family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.baidu.searchbox/code_cache/secondary-dexes/base.apk.classes1.zip 4708 /system/bin/dex2oat /data/user/0/com.baidu.searchbox/code_cache/secondary-dexes/base.apk.classes1.zip 4669 com.baidu.searchbox -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.baidu.searchbox -
Uses reflection 2 IoCs
description pid Process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 4669 com.baidu.searchbox Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4669 com.baidu.searchbox