flubot | 446c6ef506cdc21f0c207f5de701fe1170bf4b2f2a7874c9d957b41702ea398d

Analysis

max time kernel
3483762s
max time network
162s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
24-08-2022 11:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DHLx25.apk
Size

4.5MB
MD5

6c0c1ee3e7975428e7c1423275598148
SHA1

7c0d4db1a811ac5b309862096fd83369488f479c
SHA256

446c6ef506cdc21f0c207f5de701fe1170bf4b2f2a7874c9d957b41702ea398d
SHA512

4a7a71d2fd2b2ee916219a1575526de5a2e3c1c2d5bc1142799fd633cb74e6310e5836a68ad11744e3b4e29740fe0f41c650f2e8e64053c21f76c21a4e752d0c
SSDEEP

98304:FMX/zsBkQwFIpogLIdEwviHkTDvfMdTfrXkJ+r1/94fAPbYj3W3w19:FowBDwINIawsk3p8r+D3d

Score

10^/10

flubot banker infostealer trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.thestore.main/swc5ul9hkh/dg9xbvk4elihluh/base.apk.ihjcGzk1.hvk	family_flubot

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.thestore.main

ioc pid process

/data/user/0/com.thestore.main/swc5ul9hkh/dg9xbvk4elihluh/base.apk.ihjcGzk1.hvk 4917 com.thestore.main
Reads information about phone network operator.

ioc	pid	process
/data/user/0/com.thestore.main/swc5ul9hkh/dg9xbvk4elihluh/base.apk.ihjcGzk1.hvk	4917	com.thestore.main

com.thestore.main
1⤵
- Loads dropped Dex/Jar
PID:4917

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.thestore.main/shared_prefs/DHL.xml

Filesize
133B

MD5
f916dc99ef355987f000f92d22ed6619

SHA1
f5ab7874c258ab8f93e3e3ef0ea7db1825342a49

SHA256
0a66c534a3950adcc3f5c39e4753db62a919ac4688a3b55a233142e6e8e46279

SHA512
5698b1a09feb3961504ae1439a3c68e9fec86da569264520d1e85d5b6229a80db24f1534ba24aa03214ed582736dded6f064faaf18c1a979441bd45bb33293bc

Download Submit
/data/user/0/com.thestore.main/shared_prefs/DHL.xml

Filesize
197B

MD5
05d6d704da03a3a1383de9d665d27c5e

SHA1
f2d9bc30b9bdf6059d8bc0dfb51baa64408325e2

SHA256
15f1f2bf24eec7f7c444b8b6ffd2db60bfe32c9fbb7f392f01cba70be9a97992

SHA512
2eaf8067dfeb760c26732b5dd384181940f1e6cbe5bf4cf99efd0f8249bc7471b928769abb3a3f6e2d6b56fd9aabd2610c66d1e0b90a8d853ebda86dabc8c35d

Download Submit
/data/user/0/com.thestore.main/shared_prefs/multidex.version.xml

Filesize
307B

MD5
80448842aaadeaf360a3567ff07eba0f

SHA1
b11d75a57ec620786b3779c42ab6f11ae6d7b34a

SHA256
647abe7a3c6091a919ed9c18abba906081c0f642571090b7aeecb5a8d179e3f6

SHA512
e5111b0ec3215b463c8a20a3357faf813767914427e8def660041d76124a8cdbe8124ca1dd7de4076f0fc72a2548a316e7db405c3253c7f338b76c48a5728ddd

Download Submit
/data/user/0/com.thestore.main/swc5ul9hkh/dg9xbvk4elihluh/base.apk.ihjcGzk1.hvk

Filesize
2.2MB

MD5
8ef59a9262f65398228bfa972668a458

SHA1
f091981c474eefa2f3abf2fde99379cc7744bbce

SHA256
f914d1cd45e713bec8dd0c20f0fbbcdf0dbe5099bb428e5911cfbf7c5cfff311

SHA512
b8baab8ecf5830ba587f6e18f9d9c07e9b6797dc2678cdbed566671b11f17ab1c873930ae36fcab3a90cea143637418e94b26665e2c31403cb8ce57fdff9724b

Download Submit
/data/user/0/com.thestore.main/swc5ul9hkh/dg9xbvk4elihluh/hdcdzkhh.kvo9

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.thestore.main/swc5ul9hkh/dg9xbvk4elihluh/tmp-base.apk.ihjcGzk8696908831766155267.hvk

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit