General
-
Target
Voicemail.apk
-
Size
5.8MB
-
Sample
220526-tp7c4sghbm
-
MD5
77da191edf9bd56bd550c47d28519848
-
SHA1
526856561d862131a8866732bcd8c63b70069968
-
SHA256
32d11dd0c65f101499a7c94eeae319afc43bfd0f730733a3357d294ef94c9a11
-
SHA512
3719b675353c3bb78dc1aa4cf79ae4da1df192762a422b586545bad6a724db55bbc9a9e5ec3d76253816af97276d967afa7689783d6f2bc0ea9cc51475975406
Static task
static1
Behavioral task
behavioral1
Sample
Voicemail.apk
Resource
android-x86-arm-20220310-en
Behavioral task
behavioral2
Sample
Voicemail.apk
Resource
android-x64-20220310-en
Behavioral task
behavioral3
Sample
Voicemail.apk
Resource
android-x64-arm64-20220310-en
Malware Config
Targets
-
-
Target
Voicemail.apk
-
Size
5.8MB
-
MD5
77da191edf9bd56bd550c47d28519848
-
SHA1
526856561d862131a8866732bcd8c63b70069968
-
SHA256
32d11dd0c65f101499a7c94eeae319afc43bfd0f730733a3357d294ef94c9a11
-
SHA512
3719b675353c3bb78dc1aa4cf79ae4da1df192762a422b586545bad6a724db55bbc9a9e5ec3d76253816af97276d967afa7689783d6f2bc0ea9cc51475975406
-
FluBot Payload
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Makes use of the framework's Accessibility service.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-