flubot | b711fce602d19f10c34650842f610eeefb848e0d12e69d040db45bec67652bf6

Analysis

max time kernel
1842683s
max time network
166s
platform
android_x64
resource
android-x64-arm64-20220310-en
submitted
16-06-2022 18:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b711fce602d19f10c34650842f610eeefb848e0d12e69d040db45bec67652bf6.apk
Size

3.1MB
MD5

a7c8ad14f45770ee7890ebcf327a85f3
SHA1

5891fe3d91d2e9c7ad4141b54776ca86d0650218
SHA256

b711fce602d19f10c34650842f610eeefb848e0d12e69d040db45bec67652bf6
SHA512

1716278f58fc0705f7ec432321a6e06ff17ab3e4e9c487f15f27093df9fed8b20c02334b47a44943b343f23aabc2c1393db0b016d7a3f012f26b984b717e3d2d

Score

10^/10

flubot banker discovery infostealer ransomware suricata trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot Payload 1 IoCs

resource	yara_rule
behavioral3/memory/5830-0.dex	family_flubot

suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata

Makes use of the framework's Accessibility service. 1 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.qq.reader

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.qq.reader/code_cache/secondary-dexes/base.apk.classes1.zip	5830	com.qq.reader

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qq.reader

com.qq.reader
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:5830

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.qq.reader/code_cache/secondary-dexes/base.apk.classes1.zip

Filesize
2.4MB

MD5
aa09de680eec3e37e520f9cc99f6df4f

SHA1
6415fe1e6ef75360667bdf406bbbb484610c6dd2

SHA256
47d7a2d9acdc4c87289d90c63f25ecda1ce272fd81a397af6953618e40114502

SHA512
3ccc85be780b5558d0d0d3e4d92b2c3a95399b89ceef5eea37f5479f4ed890adbc4b4c7bd07d16eea8aa37759c5538a225d1239b55adafeb99fe8e8e9d7be404

Download Submit
/data/user/0/com.qq.reader/shared_prefs/multidex.version.xml

Filesize
306B

MD5
d28f8db9ae826ee78564df8f0866d8ba

SHA1
db9cafac44ac11ba84b04023e202b298c7eb6110

SHA256
0de80ce5442431dfad7c81e917377ab43b613c01dc880c118d4127d1f0b001fe

SHA512
3e1d7dea81c9380f2a55c383fe62f861f516b8814841bc23989a617f5772d63400d5871d2949b3effb210a7159c155bcbdebfd7762e5631bc919427911192ec2

Download Submit