Overview

overview

10

Static

static

7

feafee8579...b2.apk

android-9-x86

1

feafee8579...b2.apk

android-10-x64

1

feafee8579...b2.apk

android-11-x64

10

Analysis

  • max time kernel
    352638s
  • max time network
    326s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220621-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220621-enlocale:en-usos:android-11-x64system
  • submitted
    19-07-2022 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    feafee85796aef8b11370da246b5c3ffd756fd276b71b4a207f5abb2f41608b2.apk

  • Size

    4.8MB

  • MD5

    5e9672e3e712f60b48b4924ae32263a0

  • SHA1

    944b91700cec1a4b9a2f9f0c8a23de9615939a17

  • SHA256

    feafee85796aef8b11370da246b5c3ffd756fd276b71b4a207f5abb2f41608b2

  • SHA512

    f840154547b38033050325001798a83d1058d320d5a8444e98de146ebc47497f5c6360f4e04304dfc878a037c7e0deb21ab216b6eb209a361a89c3f5e5c02628

Score
10/10
flubotbankerdiscoveryevasioninfostealerransomwaresuricatatrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 1 IoCs
  • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    suricata
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.qiyi.video
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:5226

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.qiyi.video/shared_prefs/multidex.version.xml
    Filesize

    307B

    MD5

    d8a0a7ce02d950bd805a4048f4aec227

    SHA1

    a5b9a286387ee69e8869123179ca660f0790b93e

    SHA256

    a1904bfb6cd359bb87f2195e9fe3d6429d028b3763419f13de136e9c0d451601

    SHA512

    1ef9aed570d6d8155b0f59935e5f53fc6995db9929f8c5d8933c5f5c1fcfb8ae85868e92ee23a4a46776840af12229da89d278452b269629827d84a9df074e88

    Download Submit

  • /data/user/0/com.qiyi.video/zspzgsvbjs/sjopdbapYvamjfs/base.apk.bfjpbhY1.cpk
    Filesize

    2.3MB

    MD5

    be85de08f9e6c47f946106fc37b0b43c

    SHA1

    e433390deb69904a29d0fbfdeb86aa80cbb97c6a

    SHA256

    c90ad2158fb9a5a571a128877c6ad0d0805e2052a4e6f9cb6b53e803d5fd10e1

    SHA512

    f17011371980c23df9074e5a98ca20329124b2c6e8309289b5b97e6a1a110f02c0eb60f0f64afd9d57f5c0f485c8fbfafca8c63f64846be06cfdac3755193eb8

    Download Submit

  • /data/user/0/com.qiyi.video/zspzgsvbjs/sjopdbapYvamjfs/hbcgGxbc.vxgl
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.qiyi.video/zspzgsvbjs/sjopdbapYvamjfs/tmp-base.apk.bfjpbhY4307529118373861308.cpk
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit