Overview

overview

10

Static

static

7

flubot_08d...99.apk

android_x86

1

flubot_08d...99.apk

android_x64

1

flubot_08d...99.apk

android_x64

10

Analysis

  • max time kernel
    4062788s
  • max time network
    161s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220621-en
  • submitted
    12-07-2022 11:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    flubot_08d8dd235769dc19fb062299d749e4a91b19ef5ec532b3ce5d2d3edcc7667799.apk

  • Size

    2.9MB

  • MD5

    6b5da3300ced10ba3a623e5e1237ad1e

  • SHA1

    1918850207a582012c541b24e0dfa243f0a90671

  • SHA256

    08d8dd235769dc19fb062299d749e4a91b19ef5ec532b3ce5d2d3edcc7667799

  • SHA512

    ab3521226f60d5ef83e29e74e9d3fb979450a2da8c9909ee6997b8af5288f2b5170f9e387de3681c670490d9af27e47efcacd2b6e868c6905bcbf0f29adbf93b

Score
10/10
flubotbankerdiscoveryinfostealerransomwaretrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 1 IoCs
  • Makes use of the framework's Accessibility service. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.tencent.qqmusic
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4434

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.qqmusic/FFg8hU9pUG/IpaUfifITIf87pu/IU8jgffg.ke8u
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.tencent.qqmusic/FFg8hU9pUG/IpaUfifITIf87pu/base.apk.gi8ugIh1.7qg
    Filesize

    2.0MB

    MD5

    9718564b4725c3e9249c4bd85c01b1be

    SHA1

    4715c01f92b4f100b464d2602f89d5c463daa670

    SHA256

    237bfcb9eda5f8350c48fee459d41da1610b2271e46518e5307c2f64571fc687

    SHA512

    74488917d6983ed701131c36d0c09f942127e627ab1dfb379b93b0161d668a863862ac14d95fadae90246482320265db806cfc4eef330e0b744124e0728009e8

    Download Submit

  • /data/user/0/com.tencent.qqmusic/FFg8hU9pUG/IpaUfifITIf87pu/tmp-base.apk.gi8ugIh2018854941682945689.7qg
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit