Analysis Overview
SHA256
446631292a2670814ea0110ab4942c7625627bc13fbd577d62fe4c100856de9b
Threat Level: Known bad
The file 446631292a2670814ea0110ab4942c7625627bc13fbd577d62fe4c100856de9b.apk was found to be: Known bad.
Malicious Activity Summary
FluBot
FluBot Payload
Loads dropped Dex/Jar
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data).
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-11-24 11:15
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-11-24 11:15
Reported
2021-11-24 11:16
Platform
android-x86-arm
Max time kernel
1366443s
Command Line
Signatures
FluBot
FluBot Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.bilibili.app.in/app_apkprotector_dex/adB5wyVZ.av | N/A | N/A |
| N/A | /data/user/0/com.bilibili.app.in/app_apkprotector_dex/adB5wyVZ.av | N/A | N/A |
| N/A | /data/user/0/com.bilibili.app.in/app_apkprotector_dex/adB5wyVZ.av | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.bilibili.app.in
com.bilibili.app.in
/system/bin/dex2oat
Network
Files
/data/user/0/com.bilibili.app.in/app_apkprotector_dex/adB5wyVZ.av
| MD5 | d988f5e407bae7499bc1b0b1a3184f5c |
| SHA1 | 0b772e095aa1d70a54f7ef3d4b47dad5b1ea0a54 |
| SHA256 | ea53fd30259591de1bc7426bdc4784d290938de43887aad6c3d9016a04a34646 |
| SHA512 | 61a6ebf71119f1882913eb109532c99f1d56f4a03699924be88b9a53f6078d2c47551024db1a2686feea6ec0c7da82610a4a06fc43b4a241c14d31f00d90996a |
/data/user/0/com.bilibili.app.in/app_apkprotector_dex/adB5wyVZ.av
| MD5 | d988f5e407bae7499bc1b0b1a3184f5c |
| SHA1 | 0b772e095aa1d70a54f7ef3d4b47dad5b1ea0a54 |
| SHA256 | ea53fd30259591de1bc7426bdc4784d290938de43887aad6c3d9016a04a34646 |
| SHA512 | 61a6ebf71119f1882913eb109532c99f1d56f4a03699924be88b9a53f6078d2c47551024db1a2686feea6ec0c7da82610a4a06fc43b4a241c14d31f00d90996a |
/data/user/0/com.bilibili.app.in/app_apkprotector_dex/adB5wyVZ.av
| MD5 | e4a9a07629604827adca076a3679b7b1 |
| SHA1 | 72ec1fb73e830131b1b75a8ae9986446728443fe |
| SHA256 | 0f30343d42c84e09b432ff9eb48ad86d8217263ca0af5eb9c3581e42ad1d890c |
| SHA512 | a6b8755a2e4b228df14f48e8c98f6538f75af94eb461d799dc1f73711356bbe0689db9b886210ac052adf107ac1fbd240b96a51334a4570068a3491fb5cc6773 |