Analysis

  • max time kernel
    2122687s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    14-10-2021 11:13

General

  • Target

    ea4d3e5d72b8d354ed7f9f1d448dd3e9012ddba1cf64e85f86c23b043db41c80.apk

  • Size

    4.9MB

  • MD5

    0ea651aa4c3646edbe8e295db9c2e696

  • SHA1

    e23784bee2ef4f2425af242e65197702ac2ae938

  • SHA256

    ea4d3e5d72b8d354ed7f9f1d448dd3e9012ddba1cf64e85f86c23b043db41c80

  • SHA512

    96c3cc84ed2899cfa3c428345efd9876c7478caddfb743b93ffeb83b917226dfd9f7f053a43ff27670e52d4569769ab55498461b87cb50ed40c76035d13d989c

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Uses reflection 2 IoCs

Processes

  • com.thestore.main
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Uses reflection
    PID:4886
    • com.thestore.main
      2⤵
        PID:4918
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:4918

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads