Analysis
-
max time kernel
2122687s -
platform
android_x86 -
resource
android-x86-arm -
submitted
14-10-2021 11:13
Static task
static1
Behavioral task
behavioral1
Sample
ea4d3e5d72b8d354ed7f9f1d448dd3e9012ddba1cf64e85f86c23b043db41c80.apk
Resource
android-x86-arm
0 signatures
0 seconds
General
-
Target
ea4d3e5d72b8d354ed7f9f1d448dd3e9012ddba1cf64e85f86c23b043db41c80.apk
-
Size
4.9MB
-
MD5
0ea651aa4c3646edbe8e295db9c2e696
-
SHA1
e23784bee2ef4f2425af242e65197702ac2ae938
-
SHA256
ea4d3e5d72b8d354ed7f9f1d448dd3e9012ddba1cf64e85f86c23b043db41c80
-
SHA512
96c3cc84ed2899cfa3c428345efd9876c7478caddfb743b93ffeb83b917226dfd9f7f053a43ff27670e52d4569769ab55498461b87cb50ed40c76035d13d989c
Score
10/10
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
resource yara_rule behavioral1/files/4886-3.dat family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.thestore.main/lxphkmaGzx/YnaohbfhxcbhslG/base.apk.jxbjhxf1.ojh 4918 /system/bin/dex2oat /data/user/0/com.thestore.main/lxphkmaGzx/YnaohbfhxcbhslG/base.apk.jxbjhxf1.ojh 4886 com.thestore.main -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.thestore.main -
Uses reflection 2 IoCs
description pid Process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 4886 com.thestore.main Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4886 com.thestore.main