Analysis
-
max time kernel
4179521s -
max time network
162s -
platform
android_x64 -
resource
android-x64 -
submitted
14-02-2022 16:41
General
-
Target
b2dafc4faea81f4addf1ac3a295627e9f7e1d36efa2a8b82a813d853cfcf87c4.apk
-
Size
5.6MB
-
MD5
1a62b069940c7d64a4b5d5326cf36bf2
-
SHA1
80926e3c3edbabcd765ae5fa3b81a08367d86057
-
SHA256
b2dafc4faea81f4addf1ac3a295627e9f7e1d36efa2a8b82a813d853cfcf87c4
-
SHA512
6db9e15426a04bdce1acd1197bab4c600a2d8d8144d3cf107e92b0d3b5ead83eb29b8fcd9d34b1144b916b09a6709449ba774ee3f6a977875dd8c503a73f51ac
Score
10/10
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
-
Checks Qemu related system properties. 1 IoCs
Checks for Android system properties related to Qemu for Emulator detection.
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes
-
com.autonavi.minimap1⤵
- Checks Qemu related system properties.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).