Overview

overview

10

Static

static

7

16427dc764...7c.apk

android-9-x86

10

16427dc764...7c.apk

android-10-x64

10

16427dc764...7c.apk

android-11-x64

10

Analysis

  • max time kernel
    848349s
  • max time network
    153s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    12-09-2022 16:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16427dc764ddd03c890ccafa61121597ef663cba3e3a58fc6904daf644467a7c.apk

  • Size

    5.4MB

  • MD5

    098b5ec115662385d761042806d85492

  • SHA1

    a66cf97d9458f7c3b568f801a99f54f9bde14efe

  • SHA256

    16427dc764ddd03c890ccafa61121597ef663cba3e3a58fc6904daf644467a7c

  • SHA512

    898bb420badffdfeba358dd290dba02238b7acf166080b55a8189c76f532865878ccf8fc4f02ae542469eef2d80414f9fbfd2e7fe9280ff1c26c0a875cc8b918

  • SSDEEP

    98304:Bg3vvJeZDDJkZlLbgOQ0vUMO01QfEuhd5YJ7Efhm1dSScc0uDObtPxK:G3HJq3S1Q0MMTyhd5wNbSPcebtU

Score
10/10
flubotbankerdiscoveryevasioninfostealerransomwaretrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 2 IoCs
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.tencent.mobileqq
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4002
    • /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.tencent.mobileqq/dI8Gewhjhf/6jghjGtqgfTgItH/base.apk.8dejHg61.gyg --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.tencent.mobileqq/dI8Gewhjhf/6jghjGtqgfTgItH/oat/x86/base.apk.8dejHg61.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4118

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mobileqq/dI8Gewhjhf/6jghjGtqgfTgItH/base.apk.8dejHg61.gyg
    Filesize

    2.1MB

    MD5

    ff4a28a91c63039a7a6ea1ee9f958e70

    SHA1

    bdaeffce5a25686164d3d2d0469ca2000d8bca3f

    SHA256

    ea4107eb9315c9ec499485e299519de74b2d5815f96a74603364b3434e576109

    SHA512

    77eae92b130a9e4b78de3082237e22a1a5e1d8f390b2f29e273a6771942e722d5e0fd6566144814727846c83e97f7df6caf93b7c17382507e7c875e7c4399de3

    Download Submit

  • /data/user/0/com.tencent.mobileqq/dI8Gewhjhf/6jghjGtqgfTgItH/base.apk.8dejHg61.gyg
    Filesize

    2.1MB

    MD5

    ff4a28a91c63039a7a6ea1ee9f958e70

    SHA1

    bdaeffce5a25686164d3d2d0469ca2000d8bca3f

    SHA256

    ea4107eb9315c9ec499485e299519de74b2d5815f96a74603364b3434e576109

    SHA512

    77eae92b130a9e4b78de3082237e22a1a5e1d8f390b2f29e273a6771942e722d5e0fd6566144814727846c83e97f7df6caf93b7c17382507e7c875e7c4399de3

    Download Submit

  • /data/user/0/com.tencent.mobileqq/dI8Gewhjhf/6jghjGtqgfTgItH/base.apk.8dejHg61.gyg.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.tencent.mobileqq/dI8Gewhjhf/6jghjGtqgfTgItH/oat/x86/base.apk.8dejHg61.odex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.tencent.mobileqq/dI8Gewhjhf/6jghjGtqgfTgItH/oat/x86/base.apk.8dejHg61.vdex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.tencent.mobileqq/dI8Gewhjhf/6jghjGtqgfTgItH/tmp-base.apk.8dejHg67261971270525865497.gyg
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.tencent.mobileqq/dI8Gewhjhf/6jghjGtqgfTgItH/yIugjhgG.jq6I
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.tencent.mobileqq/shared_prefs/Voicemail.xml
    Filesize

    133B

    MD5

    d9010a01deecd780f2b39d3b6b4d1e4d

    SHA1

    b3a3fb05f0be0dd20b646fcff1c34d31c1e60cce

    SHA256

    074aef94c376db99d768ab007eaba8d2488553938f928396a0ce7c4eef0aea30

    SHA512

    2e59679081ed8f8aaac25188dfc7265535b196152347d1d8fcfac8152ce968545786d9cc416f7a58261990693ff37405cb615db566ea6e0f4c366b9998d2786b

    Download Submit

  • /data/user/0/com.tencent.mobileqq/shared_prefs/Voicemail.xml
    Filesize

    197B

    MD5

    aeb4879947be87397bee6bd2a88f6272

    SHA1

    34182d9c9fea48943793077b118dead621e6c31b

    SHA256

    c685be7265fd5040d2514060a82c07799d8a3143ac1c6822b0a7f3aec8a60030

    SHA512

    21b5a830b00fa674073598e6e795ff10fadda584284227d81ebdd5a4be320124425e8814e17057d8c90f3a82d504cf0fef6c65bedce8b971b2f0a097b7ed5b4c

    Download Submit

  • /data/user/0/com.tencent.mobileqq/shared_prefs/Voicemail.xml
    Filesize

    240B

    MD5

    6b6350ec389d446bee1a429c4c218318

    SHA1

    0c4d42d23e014d9a5450f90f4822b39f035b2d8f

    SHA256

    e86a6e72d9c6544951dc15e42c20427be41ad6893e8f6d635381dd87c7610e6f

    SHA512

    6c1961418e796a871dc42409d9968c83903d1d7e1e62bc3d152e4585e08aee3f1c55dd5b6a393104f098f953cf03c90c7c32240947daef8d5fed8bee8c9c8e6b

    Download Submit