flubot | e897d931de7b19112b0ebd27d6b78801a15f9b054f11e56917fc8e7407fbf8f4 | Triage

Analysis

max time kernel
2088717s
max time network
161s
platform
android_x64
resource
android-x64
submitted
21-01-2022 11:54

Sharing

Report Analysis Logs

General

Target

e897d931de7b19112b0ebd27d6b78801a15f9b054f11e56917fc8e7407fbf8f4.apk
Size

6.3MB
MD5

4bbc77bc6903f1b8292eaa768f411685
SHA1

8e0da0d227626c40a2005535eb89e1ca314282fe
SHA256

e897d931de7b19112b0ebd27d6b78801a15f9b054f11e56917fc8e7407fbf8f4
SHA512

978a016ed18e52b3bd640285296ba2ccf7efc6dc63287a0359f07d5bfacf2da9f30b974504df86a70604b800a2306b98dedad2e2e33a006c9757e6e7e874f511

Score

10^/10

flubot banker infostealer ransomware trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot Payload 1 IoCs

resource	yara_rule
behavioral2/memory/3804-0.dex	family_flubot

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.snda.wifilocating/qUgUhwTg8g/g7FgsGk8fTIeTjh/base.apk.utIgggg1.hhI	3804	com.snda.wifilocating

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.snda.wifilocating

com.snda.wifilocating
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:3804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads