Analysis
-
max time kernel
4098173s -
max time network
120s -
platform
android_x86 -
resource
android-x86-arm -
submitted
13-02-2022 18:04
General
-
Target
DHLlApp.apk
-
Size
4.6MB
-
MD5
f8c592e8c5e0f0d6fe063479fe91c86d
-
SHA1
592b1965ff2605c18ea90144ad47be5d527cf98f
-
SHA256
40b548fb37f7d9dbba820c450c3ff02bc2745d269e3e1192c692d32e5512c161
-
SHA512
398f0259c4d8048605deb65557844791418c3a9ada7f7bafb99e83868a8ccacef87217f9eba1f329ef6ea055ae870dba584e1af99b622d3279c2664580f2a208
Score
10/10
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 2 IoCs
-
Makes use of the framework's Accessibility service. 1 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
-
Acquires the wake lock. 1 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes
-
com.snda.wifilocating1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
-
com.snda.wifilocating2⤵
-
-
/system/bin/dex2oat2⤵
- Loads dropped Dex/Jar
-