Analysis
-
max time kernel
2717835s -
max time network
1190s -
platform
android_x64 -
resource
android-x64 -
submitted
21-10-2021 08:16
Static task
static1
Behavioral task
behavioral1
Sample
1547e5669f2cbb2391c6f6790298eda5502dde28819985f131138a2d25fc0f89.apk
Resource
android-x64
General
-
Target
1547e5669f2cbb2391c6f6790298eda5502dde28819985f131138a2d25fc0f89.apk
-
Size
4.1MB
-
MD5
45767dc1a56de15fcb761395114b18b7
-
SHA1
e7d930b1c824ecbade93df44f6139d6e2334427b
-
SHA256
1547e5669f2cbb2391c6f6790298eda5502dde28819985f131138a2d25fc0f89
-
SHA512
7e2bd248bb48548f4cbb2edb8b286cdfd6532438d196c054d901b1e1bed9e4ffbe5c39f9e81db8b54fc3a1e6e695462ad1b68887c8829f3bf0beee7d7644beeb
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
Processes:
resource yara_rule /data/user/0/com.baidu.searchbox/hhjsGGofgz/hclmgvlGfsmphbh/base.apk.vaahjhh1.axY family_flubot -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.baidu.searchboxioc pid process /data/user/0/com.baidu.searchbox/hhjsGGofgz/hclmgvlGfsmphbh/base.apk.vaahjhh1.axY 3683 com.baidu.searchbox -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.baidu.searchboxdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.baidu.searchbox
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.baidu.searchbox/hhjsGGofgz/hclmgvlGfsmphbh/base.apk.vaahjhh1.axYMD5
c9bb380d82552712b0b690d8888c4ee6
SHA1e541cfefb00e67ee94bebc3344acf3b8e1dc40b6
SHA256227f7f46e0c88513b8b6271107393206416aa965b36a86ad163aae5cd752861c
SHA5128fc922bbf5c7e1ee8b4fa00b770229a2631a30e45ee7092ea2f1c6e210468605849373d0a5de9df072116e58136d75829202faf58d0b58c7ae57a386c58337d4