flubot | 22b054513b595301a4e7ba3e6c879b11e198ca8392e572d70514b0a0336e43b5 | Triage

Analysis

max time kernel
2487513s
max time network
66s
platform
android_x64
resource
android-x64-20220310-en
submitted
16-03-2022 19:45

Sharing

Report Analysis Logs

General

Target

22b0545.apk
Size

4.4MB
MD5

59f204776aeca11f4e2f29535edd82e4
SHA1

f99b1f9ebedc086cfe1e446d446ed830264d457b
SHA256

22b054513b595301a4e7ba3e6c879b11e198ca8392e572d70514b0a0336e43b5
SHA512

9d3c39897bb6b87b72fecc7f47f78df03fad4e50b8b976f0f0e591949295c0adb789ad45d023a55312b512e276dd38a8588b3a8ab1410579da521ea0ddd07806

Score

10^/10

flubot banker infostealer ransomware trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot Payload 1 IoCs

resource	yara_rule
behavioral1/memory/6268-0.dex	family_flubot

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.tencent.mobileqq/HT8f9kIqiT/hjhIg8gIwgGygIg/base.apk.9jk7i8I1.seh	6268	com.tencent.mobileqq

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.mobileqq

com.tencent.mobileqq
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:6268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads