Analysis

  • max time kernel
    1842747s
  • max time network
    178s
  • platform
    android_x86
  • resource
    android-x86-arm-20220310-en
  • submitted
    16-06-2022 18:42

General

  • Target

    4da397dcda35bd469b3af3c0f49ef7a2a4e19e3338f2b557560384d174b197fa.apk

  • Size

    6.7MB

  • MD5

    528e717abda498c72a11370631410cad

  • SHA1

    3a41286bdc3becf2f6eb6403c71ff4cce5dd6b0d

  • SHA256

    4da397dcda35bd469b3af3c0f49ef7a2a4e19e3338f2b557560384d174b197fa

  • SHA512

    0e054e89e39fa004580575002f6df4e484cc69bf5be6eabb968acd9d854ce34e77e3fb1aa47ef6c314885667d0419ac8c656af0bee5f64dd3872be8062a14e24

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 3 IoCs
  • Makes use of the framework's Accessibility service. 1 IoCs
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

Processes

  • com.tencent.mobileqq
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:5305
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mobileqq/app_DynamicOptDex/oBN.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tencent.mobileqq/app_DynamicOptDex/oat/x86/oBN.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:5409

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mobileqq/app_DynamicOptDex/oBN.json

    Filesize

    3.1MB

    MD5

    50dd5aa3d270400f2a8b5ae821bc0146

    SHA1

    eff69432d8b2e72be0bb035b0d9f99abfd47680e

    SHA256

    c23e1e9350074d07bdd4478851401a53bff1acccb762a50f7e6fc6f9c8e5bb12

    SHA512

    99584f250854cdffbbce1890fec38b7a36716556983c11f5566ffbef885614a74b97f74b11da0aabf01160157b7a580aea5261f09b44e4f991026c3e3b623afa

  • /data/user/0/com.tencent.mobileqq/app_DynamicOptDex/oBN.json

    Filesize

    3.1MB

    MD5

    ad8465c129549af17e79674174d034f0

    SHA1

    68d7f89e3f976b5ad66fcf9eb9b881259a41c8fb

    SHA256

    41dd1e6416de4f990cfbc24ad3d9dc6bf830d2028adff42202bc5587fbf4c668

    SHA512

    84f87c7f23c9e73d342ef5aca9bacf25dcce00d1b76c38d01b2678cf72c82689a62e41adfc77060d80e170ea8aece7022bc407c5f38065c7f4873f14de9df29e

  • /data/user/0/com.tencent.mobileqq/app_DynamicOptDex/oBN.json

    Filesize

    3.1MB

    MD5

    e0ce873a45d32bd641a0a4981e46fbe8

    SHA1

    f5970c914d369b828ca047d7a82c09167718c85f

    SHA256

    6f28b5814816ab869a28068f78811a555fb51d6e686ead3241a5827be5fb708b

    SHA512

    6ab787cfab7a19aca2d9d6e5b216fb57922d394afb830cd627b44a9a0b1d914f813b5a69ff712609507e97203f2c9aeb2b5aa1bf01275b17ece3f84ac06f6ac9

  • /data/user/0/com.tencent.mobileqq/app_DynamicOptDex/oBN.json

    Filesize

    3.1MB

    MD5

    ad8465c129549af17e79674174d034f0

    SHA1

    68d7f89e3f976b5ad66fcf9eb9b881259a41c8fb

    SHA256

    41dd1e6416de4f990cfbc24ad3d9dc6bf830d2028adff42202bc5587fbf4c668

    SHA512

    84f87c7f23c9e73d342ef5aca9bacf25dcce00d1b76c38d01b2678cf72c82689a62e41adfc77060d80e170ea8aece7022bc407c5f38065c7f4873f14de9df29e