Analysis
-
max time kernel
2177761s -
platform
android_x86 -
resource
android-x86-arm -
submitted
26-08-2021 09:28
Static task
static1
Behavioral task
behavioral1
Sample
2e43062d0e753c21b62d1fc029947fe8ab916be2492fd2d0464b24a427712b34.apk
Resource
android-x86-arm
0 signatures
0 seconds
General
-
Target
2e43062d0e753c21b62d1fc029947fe8ab916be2492fd2d0464b24a427712b34.apk
-
Size
3.3MB
-
MD5
3f26a9ebaac036a052b5ad07177d544d
-
SHA1
c990da79bcd538b267754de1db3c7c1265e4ebaa
-
SHA256
2e43062d0e753c21b62d1fc029947fe8ab916be2492fd2d0464b24a427712b34
-
SHA512
0fc656a50475386038da4ce192b4e606a1862c4aa1296865e40c5d43958daa7474f41bb56f89267c170f402ed2e211c76b36f581c0b5307bcc912f755a9638f4
Score
10/10
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
resource yara_rule behavioral1/files/4974-3.dat family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.baidu.BaiduMap/code_cache/secondary-dexes/base.apk.classes1.zip 5004 /system/bin/dex2oat /data/user/0/com.baidu.BaiduMap/code_cache/secondary-dexes/base.apk.classes1.zip 4974 com.baidu.BaiduMap -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.baidu.BaiduMap -
Uses reflection 2 IoCs
description pid Process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 4974 com.baidu.BaiduMap Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4974 com.baidu.BaiduMap