Analysis Overview
SHA256
ea4d3e5d72b8d354ed7f9f1d448dd3e9012ddba1cf64e85f86c23b043db41c80
Threat Level: Known bad
The file ea4d3e5d72b8d354ed7f9f1d448dd3e9012ddba1cf64e85f86c23b043db41c80.apk was found to be: Known bad.
Malicious Activity Summary
FluBot Payload
FluBot
Loads dropped Dex/Jar
Requests enabling of the accessibility settings.
Requests dangerous framework permissions
Uses reflection
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-10-14 11:13
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-10-14 11:13
Reported
2021-10-14 11:17
Platform
android-x86-arm
Max time kernel
2122687s
Command Line
Signatures
FluBot
FluBot Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.thestore.main/lxphkmaGzx/YnaohbfhxcbhslG/base.apk.jxbjhxf1.ojh | N/A | N/A |
| N/A | /data/user/0/com.thestore.main/lxphkmaGzx/YnaohbfhxcbhslG/base.apk.jxbjhxf1.ojh | N/A | N/A |
Requests enabling of the accessibility settings.
| Description | Indicator | Process | Target |
| Intent action | android.settings.ACCESSIBILITY_SETTINGS | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows | N/A | N/A | N/A |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
Processes
com.thestore.main
com.thestore.main
/system/bin/dex2oat
Network
Files
/data/user/0/com.thestore.main/lxphkmaGzx/YnaohbfhxcbhslG/dhzngolb.nghm
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.thestore.main/lxphkmaGzx/YnaohbfhxcbhslG/tmp-base.apk.jxbjhxf5236726493338493618.ojh
| MD5 | f84a428fbcd669ca7d4755afc3f7143e |
| SHA1 | 73f10e8740e3cf44bc73983f2325c234175fcf43 |
| SHA256 | 18396b74224064e0ec423aace712cd325d9b78203b0615727ac7a9b9eaeb5db7 |
| SHA512 | e29e9bf06cd938cb15fe0d3a437ef8c51119fb2ae312934eb6aca574764d68c821a32573092f5e02da3b704ed04615c8fc8b93bccc711c97d212546d035c718d |
/data/user/0/com.thestore.main/lxphkmaGzx/YnaohbfhxcbhslG/base.apk.jxbjhxf1.ojh.x86.flock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.thestore.main/lxphkmaGzx/YnaohbfhxcbhslG/oat/x86/base.apk.jxbjhxf1.vdex
| MD5 | 5aea8d61f72f7ee34ec0f17e786449f1 |
| SHA1 | d9da182fdd6f7a916a01682f8cc0674692cc6056 |
| SHA256 | 94990f3b36fcc5fedd51f11c3b2f7b9ac7aadad2aad50252e34d9903dc2233e4 |
| SHA512 | 3a81574c80d48a6987a64574a284a577c177e77565b057512746401385e5570cfde0171085b695f40393320c763c7e8ffaebc1cd8b4a0e08dfbe4cb730d88589 |
/data/user/0/com.thestore.main/lxphkmaGzx/YnaohbfhxcbhslG/oat/x86/base.apk.jxbjhxf1.odex
| MD5 | 66e5fe44145b4aab7beb57c2fc4ed885 |
| SHA1 | 60bada19908cb7155dcf23fdc1492b7d09e3de2a |
| SHA256 | 4d370f2cafe594992be0d2739835621c968d101bc3f60e158a3e8f6a6995a084 |
| SHA512 | e8c3b0010e5fe439dcc75bd269c5c645cf9a86447c706c99f7c15b9f0f78e9c5bc3e0fd3a9c7adb197883bdaf89f29e15a26857268e65c2f3fa0b60f59c94ab2 |
/data/user/0/com.thestore.main/shared_prefs/multidex.version.xml
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.thestore.main/lxphkmaGzx/YnaohbfhxcbhslG/base.apk.jxbjhxf1.ojh
| MD5 | 3d8eab29f6070663e0cec3d2162d7571 |
| SHA1 | b3c0699884a63f0513072917eed207dce53aa5b8 |
| SHA256 | 6050c242acd21ca3171db133b83a01607c72ab4c1a9ba36dd6dc2fab4ef356fb |
| SHA512 | c5b9fad0d4b03e7caf21b4ade74c93141db9d204ea3a532f1b48ab65409fd43da98009e0e4b9001078e7c3a8f54ea7a959120cfb2e17503e8c4600e676757c02 |
/data/user/0/com.thestore.main/lxphkmaGzx/YnaohbfhxcbhslG/base.apk.jxbjhxf1.ojh
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.thestore.main/shared_prefs/Voicemail.xml
| MD5 | 7805bd71b835286833f470c5a63cdbfc |
| SHA1 | 55a877274a44b833383d8663e6653351e5135a38 |
| SHA256 | 1edda1975ed8b020bf527ab9b00ea709597fd3bb837f1fb752d42355b94e88ce |
| SHA512 | a28afad15004a1acb1f16484eea85bf4a0490e55f428c59f5036972de6f6ab502bb27b6ef715ce46e6d3ab97ce05a67ee7274848d5c352df9515f284db284ad9 |