Analysis Overview
SHA256
0874e9f71ea55cb76a638029e5978f3f5a39504d0c0bb752ca676b095552cab4
Threat Level: Known bad
The file 0874e9f71ea55cb76a638029e5978f3f5a39504d0c0bb752ca676b095552cab4.apk was found to be: Known bad.
Malicious Activity Summary
FluBot
FluBot Payload
Makes use of the framework's Accessibility service.
Requests dangerous framework permissions
Loads dropped Dex/Jar
Requests enabling of the accessibility settings.
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-11-08 16:41
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-11-08 16:41
Reported
2021-11-08 16:44
Platform
android-x86-arm
Max time kernel
3701s
Command Line
Signatures
FluBot
FluBot Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.UCMobile.intl/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
| N/A | /data/user/0/com.UCMobile.intl/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Requests enabling of the accessibility settings.
| Description | Indicator | Process | Target |
| Intent action | android.settings.ACCESSIBILITY_SETTINGS | N/A | N/A |
Processes
com.UCMobile.intl
com.UCMobile.intl
/system/bin/dex2oat
Network
Files
/data/user/0/com.UCMobile.intl/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | 916a86edb93b502ce8bddbb448921f3e |
| SHA1 | 2616e0abe1073bdb42dd0a29461046a12d1a2e98 |
| SHA256 | 12947442fc6d45ef970e04a16158d011726a0cd814c00769bd63f8643e82df31 |
| SHA512 | 0596ae796f2dacca8769aa0fc41cc4d851e228e9c5e0262c3696c82175a68ecd14f8d7c6024c04d11041c95f8bdbc86b48031d490e17a5f250c2801364fdc9a1 |
/data/user/0/com.UCMobile.intl/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | 02b6923636d3b380a244caeec652e7e3 |
| SHA1 | 111a7e7163056da20d5903fcb41f70ae09ddbd2d |
| SHA256 | 2cc3bc9a39f20f7d493a85c8877fd3ccb7034dbe75d41bc9ac5c2db3026d0edd |
| SHA512 | 84c33fee6e7634f00a57cd324c176802e9eb1ecff381a3f6bd03261518394844f275175c088c6f61d1aa3794e506a08a1930272313bab5acc4c93a32059e85b5 |