Resubmissions
14-02-2022 15:46
220214-s7ym9ahgd5 1014-02-2022 15:42
220214-s5e35abcbn 1001-02-2022 23:08
220201-24xffscfer 1001-02-2022 22:53
220201-2t9m2acha7 1001-02-2022 12:27
220201-pm286ababm 1031-01-2022 12:44
220131-pygrlahbeq 731-01-2022 12:24
220131-pk6hsshbdj 1019-01-2022 11:27
220119-nkj45ahcg6 10General
-
Target
06371fc75740162de9e6275102012e6c
-
Size
6.0MB
-
Sample
220214-s5e35abcbn
-
MD5
06371fc75740162de9e6275102012e6c
-
SHA1
9b45243e89541ae26fea5ff2b9c7d14ff69044ed
-
SHA256
4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c
-
SHA512
c865d89143effb176c4be93fc16f54e06d248f5b7e22ffbf19754137f9da181f6d7f6019cdb28d2d7964375b1978a255c475dd3d17487fddb9fa0e4eda8bf248
Static task
static1
Behavioral task
behavioral1
Sample
06371fc75740162de9e6275102012e6c.apk
Resource
android-x64-arm64
Malware Config
Targets
-
-
Target
06371fc75740162de9e6275102012e6c
-
Size
6.0MB
-
MD5
06371fc75740162de9e6275102012e6c
-
SHA1
9b45243e89541ae26fea5ff2b9c7d14ff69044ed
-
SHA256
4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c
-
SHA512
c865d89143effb176c4be93fc16f54e06d248f5b7e22ffbf19754137f9da181f6d7f6019cdb28d2d7964375b1978a255c475dd3d17487fddb9fa0e4eda8bf248
Score10/10-
FluBot Payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Crypto APIs (Might try to encrypt user data).
-