flubot | e6fa66fc4795131cfbb97668279b84fbf389cc0ff736ae77ec351caa15a45038

Analysis

max time kernel
2122955s
platform
android_x86
resource
android-x86-arm
submitted
14-10-2021 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e6fa66fc4795131cfbb97668279b84fbf389cc0ff736ae77ec351caa15a45038.apk
Size

4.1MB
MD5

532cfe30d666611e34eb49ae310c81cf
SHA1

4e446a48e0a4097371442a2cf88a202226828d10
SHA256

e6fa66fc4795131cfbb97668279b84fbf389cc0ff736ae77ec351caa15a45038
SHA512

dd991e6e4accde9f70e5da9f8c2bab220905ec4083f0ae81e9c7a02b1b3cc9f9f571d95a89774539ef9e0795bb8399ae028e56766d155251938b8d6becb27589

Score

10^/10

flubot banker infostealer obfuscation trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot Payload 2 IoCs

Processes:

resource	yara_rule
/data/user/0/com.baidu.searchbox/Yfzjhhjpkv/bzxjopjhbhhbhjg/oat/x86/base.apk.jdkhjbg1.vdex	family_flubot
/data/user/0/com.baidu.searchbox/Yfzjhhjpkv/bzxjopjhbhhbhjg/base.apk.jdkhjbg1.xbY	family_flubot

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oatcom.baidu.searchbox

ioc	pid	process
/data/user/0/com.baidu.searchbox/Yfzjhhjpkv/bzxjopjhbhhbhjg/base.apk.jdkhjbg1.xbY	4881	/system/bin/dex2oat
/data/user/0/com.baidu.searchbox/Yfzjhhjpkv/bzxjopjhbhhbhjg/base.apk.jdkhjbg1.xbY	4818	com.baidu.searchbox

Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.baidu.searchbox

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.baidu.searchbox

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.baidu.searchbox

Uses reflection 8 IoCs

obfuscation

Processes:

com.baidu.searchbox

description	pid	process
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4818	com.baidu.searchbox
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4818	com.baidu.searchbox
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4818	com.baidu.searchbox
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4818	com.baidu.searchbox
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4818	com.baidu.searchbox
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4818	com.baidu.searchbox
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4818	com.baidu.searchbox
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4818	com.baidu.searchbox

com.baidu.searchbox
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:4818

com.baidu.searchbox
2⤵
PID:4881

/system/bin/dex2oat
2⤵
- Loads dropped Dex/Jar
PID:4881

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.baidu.searchbox/Yfzjhhjpkv/bzxjopjhbhhbhjg/base.apk.jdkhjbg1.xbY
MD5
a401d039ac4a86e4ba0c8a8e4307b04e

SHA1
ff6b1513ed9f9aa0e9dc011aac4c765274d5ec42

SHA256
912180b0d7b832fae516edea705335202b7fcea64f5461c512dc9f413fd8808c

SHA512
4a04292f2e09e9cd62e97507283f70458656a3efc801ca8543a22fff5e283caa6c58686b518c68c7b7a395ff82f8b365c85bf49e5fb4ae063aec3b0d09559e4c

Download Submit
/data/user/0/com.baidu.searchbox/Yfzjhhjpkv/bzxjopjhbhhbhjg/base.apk.jdkhjbg1.xbY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.baidu.searchbox/Yfzjhhjpkv/bzxjopjhbhhbhjg/base.apk.jdkhjbg1.xbY.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.baidu.searchbox/Yfzjhhjpkv/bzxjopjhbhhbhjg/oat/x86/base.apk.jdkhjbg1.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.baidu.searchbox/Yfzjhhjpkv/bzxjopjhbhhbhjg/oat/x86/base.apk.jdkhjbg1.vdex
MD5
49b160a886da2410d77cc14674feaefc

SHA1
de4e16e840e0eaa8159fb7cf1dc0ce0ce7db891e

SHA256
14ce6af4c54ddd4d39b5f8ce37f68072b748195b2ca467d31d722626303bc5fe

SHA512
62fd71d4cb0484e9c1a3ce500508378f3c4cd88498d54e1b29e9cf69ee32c79548c529fec7d5ef7c41d5fbba0cd61017a245b88ede2e2661de89b9345af29efe

Download Submit
/data/user/0/com.baidu.searchbox/Yfzjhhjpkv/bzxjopjhbhhbhjg/shhjhpja.kvsg
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.baidu.searchbox/Yfzjhhjpkv/bzxjopjhbhhbhjg/tmp-base.apk.jdkhjbg619749483889074381.xbY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.baidu.searchbox/shared_prefs/Voicemail.xml
MD5
e8f52eaad5c7d731628b7f70d75fc09b

SHA1
c07b16fd5903e3051e02d29909d500278696afdc

SHA256
d3013b580850676b17409fb10df99a7c9588586e545dc2b39aeb2fb4eac2ec78

SHA512
2e6f24183720f6fe602d5c67e0fe65d5faa07259665a1dfb0a4dc407d475f52dc2619684d444faabb866d8a39075f2d57f5305c920665b85d6b05a3f74c9968e

Download Submit
/data/user/0/com.baidu.searchbox/shared_prefs/Voicemail.xml
MD5
333272e8f9d535cdea8e83c7afacbbe0

SHA1
4f62a110172cfe22d92ede386df0721545e648fe

SHA256
54724e0c58436ee9b5da9353043622d1dde57c48d6058b3be6ca14347bce3893

SHA512
4806707cbdfb76b71fd2cb75beeb070bcb8bb98e25f228403c2e1b83e281b336b040c6d87edbdfc7a6395dac66cccee345735db20abdf70077433b2f553c76fb

Download Submit
/data/user/0/com.baidu.searchbox/shared_prefs/multidex.version.xml
MD5
aacbd3996c2a1fc66fca6454a7b451cf

SHA1
cb915d412cc8224e31a784a9e42bc1fb9785bb1c

SHA256
06bad83ef46912a933ff39197f9ee3273647a4c23408875a7a4f543361d5a822

SHA512
59ddac35c17ae7e1efacf169cfd3df0e379eb503e723f7d62e919438620261b2409bdedceed7f08c65eb500e5dcf5c443e83620380cd553ace8db177cda4adac

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads