Analysis
-
max time kernel
2690093s -
max time network
1832s -
platform
android_x86 -
resource
android-x86-arm -
submitted
28-01-2022 10:28
General
-
Target
df98a8b9f15f4c70505d7c8e0c74b12ea708c084fbbffd5c38424481ae37976f.apk
-
Size
5.5MB
-
MD5
42331cf55ee2174ac0d137d27633f7ea
-
SHA1
c67ce535777198f1bac3a7b7bd34817255c05e13
-
SHA256
df98a8b9f15f4c70505d7c8e0c74b12ea708c084fbbffd5c38424481ae37976f
-
SHA512
ffef78b5f7507cf444f9b1b03f5d655b4c88b6c9d00fa10455179d63003d2cd52b120d5ec81fa031bd920f711f5a3cf42d804da51f418314779de4e508336d32
Score
10/10
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 2 IoCs
-
Makes use of the framework's Accessibility service. 1 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
-
Acquires the wake lock. 1 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes
-
com.tencent.mobileqq1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
-
com.tencent.mobileqq2⤵
-
-
/system/bin/dex2oat2⤵
- Loads dropped Dex/Jar
-