Overview

overview

10

Static

static

7

51143dafcb...1b.apk

android_x86

10

51143dafcb...1b.apk

android_x64

10

51143dafcb...1b.apk

android_x64

10

Analysis

  • max time kernel
    4174387s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-arm64
  • submitted
    14-02-2022 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51143dafcb45ab864b0265c8752fe4b548687c409a3500d011e62b3c313c2b1b.apk

  • Size

    4.2MB

  • MD5

    9117b7d20ce3864e8ea24645346cdbc8

  • SHA1

    ac545f005905aa31d77ee1335cea7a0de68ba48e

  • SHA256

    51143dafcb45ab864b0265c8752fe4b548687c409a3500d011e62b3c313c2b1b

  • SHA512

    44dc3f722f448a77081a41705262ad6b50cd58ffbaff95af03a45b4ab05f7e3ddf7c6d36d10517b548b02c13e23c208caaae8bcdb28404864ffd0e9ad366914f

Score
10/10
flubotbankerinfostealerransomwaretrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot Payload 1 IoCs
  • Makes use of the framework's Accessibility service. 1 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.tencent.mobileqq
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:5530

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads