Analysis

  • max time kernel
    2177761s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    26-08-2021 09:28

General

  • Target

    2e43062d0e753c21b62d1fc029947fe8ab916be2492fd2d0464b24a427712b34.apk

  • Size

    3.3MB

  • MD5

    3f26a9ebaac036a052b5ad07177d544d

  • SHA1

    c990da79bcd538b267754de1db3c7c1265e4ebaa

  • SHA256

    2e43062d0e753c21b62d1fc029947fe8ab916be2492fd2d0464b24a427712b34

  • SHA512

    0fc656a50475386038da4ce192b4e606a1862c4aa1296865e40c5d43958daa7474f41bb56f89267c170f402ed2e211c76b36f581c0b5307bcc912f755a9638f4

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Uses reflection 2 IoCs

Processes

  • com.baidu.BaiduMap
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Uses reflection
    PID:4974
    • com.baidu.BaiduMap
      2⤵
        PID:5004
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:5004

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads