flubot | 4a49972ed962b5326b9edcb9edbfeef47d3a216cf5847d579eb0c69a3ed6b9be | Triage

Analysis

max time kernel
3620922s
max time network
161s
platform
android_x64
resource
android-x64
submitted
20-12-2021 12:28

Sharing

Report Analysis Logs

General

Target

4a49972ed962b5326b9edcb9edbfeef47d3a216cf5847d579eb0c69a3ed6b9be.apk
Size

4.9MB
MD5

cf24c8590d4fa7d8bf3a0872b98ae647
SHA1

911b4bfdc4d3a99096d375cedfc5e29520580389
SHA256

4a49972ed962b5326b9edcb9edbfeef47d3a216cf5847d579eb0c69a3ed6b9be
SHA512

dada00f02754a645c583b52a7fcacd9d6198f8703d9d3470f3680d77f6dec14973fac47a47f99de75ffb4a4b79c6d7d67ac366d2b0fb15e476d609914fb44b09

Score

10^/10

flubot banker infostealer ransomware trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot Payload 1 IoCs

resource	yara_rule
behavioral1/memory/3613-0.dex	family_flubot

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.thestore.main/lxphkmaGzx/YnaohbfhxcbhslG/base.apk.jxbjhxf1.ojh	3613	com.thestore.main

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.thestore.main

com.thestore.main
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:3613

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads