Overview

overview

10

Static

static

7

DHL52.apk

android_x86

10

Analysis

  • max time kernel
    3085736s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    14-12-2021 08:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DHL52.apk

  • Size

    5.3MB

  • MD5

    61ff170d4f7dabc86da8fb0f60bf36ad

  • SHA1

    3ba9a692d3d62284f279c75e4cfa0e5b69184e72

  • SHA256

    af83e659196774e779b22038e11c4b0a4665d082064fe997510634000fdb0222

  • SHA512

    937cc378c9a71bcddc6a798ff53374cb260363fc683ced7ea9130ff21a6071ff04bad8f2eda907172bc665f9d9cd0d8e9da3028a79684e73f26a9bb46ea5d2a2

Score
10/10
flubotbankerinfostealerransomwaretrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot Payload 2 IoCs
  • Makes use of the framework's Accessibility service. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.tencent.mobileqq
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4823
    • com.tencent.mobileqq
      2⤵
        PID:4862
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:4862

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads