Overview

overview

10

Static

static

7

16427dc764...7c.apk

android-9-x86

10

16427dc764...7c.apk

android-10-x64

10

16427dc764...7c.apk

android-11-x64

10

Analysis

  • max time kernel
    848361s
  • max time network
    164s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220823-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
  • submitted
    12-09-2022 16:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16427dc764ddd03c890ccafa61121597ef663cba3e3a58fc6904daf644467a7c.apk

  • Size

    5.4MB

  • MD5

    098b5ec115662385d761042806d85492

  • SHA1

    a66cf97d9458f7c3b568f801a99f54f9bde14efe

  • SHA256

    16427dc764ddd03c890ccafa61121597ef663cba3e3a58fc6904daf644467a7c

  • SHA512

    898bb420badffdfeba358dd290dba02238b7acf166080b55a8189c76f532865878ccf8fc4f02ae542469eef2d80414f9fbfd2e7fe9280ff1c26c0a875cc8b918

  • SSDEEP

    98304:Bg3vvJeZDDJkZlLbgOQ0vUMO01QfEuhd5YJ7Efhm1dSScc0uDObtPxK:G3HJq3S1Q0MMTyhd5wNbSPcebtU

Score
10/10
flubotbankerdiscoveryevasioninfostealerransomwaretrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 1 IoCs
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.tencent.mobileqq
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4298

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mobileqq/dI8Gewhjhf/6jghjGtqgfTgItH/base.apk.8dejHg61.gyg
    Filesize

    2.1MB

    MD5

    ff4a28a91c63039a7a6ea1ee9f958e70

    SHA1

    bdaeffce5a25686164d3d2d0469ca2000d8bca3f

    SHA256

    ea4107eb9315c9ec499485e299519de74b2d5815f96a74603364b3434e576109

    SHA512

    77eae92b130a9e4b78de3082237e22a1a5e1d8f390b2f29e273a6771942e722d5e0fd6566144814727846c83e97f7df6caf93b7c17382507e7c875e7c4399de3

    Download Submit

  • /data/user/0/com.tencent.mobileqq/dI8Gewhjhf/6jghjGtqgfTgItH/tmp-base.apk.8dejHg66683472357922573330.gyg
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.tencent.mobileqq/dI8Gewhjhf/6jghjGtqgfTgItH/yIugjhgG.jq6I
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.tencent.mobileqq/shared_prefs/Voicemail.xml
    Filesize

    133B

    MD5

    e496d4dfaa3b6c5720cd4339c98c9be3

    SHA1

    4f41b7c7aa258e013c13f6de0a15c9cb1884fbf9

    SHA256

    3ee69bf90b4e8bd7f7049f4d05c5e713745dad6f0e29ad19d49b8ed2c2ba455b

    SHA512

    7c370645868ed13e4fdb5d2620df341f0b888a81d2c0660ce91026fc27aeedde85fd25d23874cc8eb82bef17da0e0e3de825eb5dd478a98bc2cb1f45f70457de

    Download Submit

  • /data/user/0/com.tencent.mobileqq/shared_prefs/Voicemail.xml
    Filesize

    176B

    MD5

    5ce521696ed77dac9d5e36032bfdb09a

    SHA1

    e438f5855f53dd9dbec77db8512fcab9da43b355

    SHA256

    8f6d41949c8c78fca53cb0d0a41169874e0366ba47b24b305dedd0c4116949f1

    SHA512

    f4e9589aeac79b8e2184792ba82b4e3296aa1fc0f7def99b35cd21fc6f5e7e9b798aa222305921a2c5f07fa18ed16c7dce8c47654a96ac1f7ef3a1c8762182d6

    Download Submit

  • /data/user/0/com.tencent.mobileqq/shared_prefs/Voicemail.xml
    Filesize

    240B

    MD5

    5eba66ab7f67a49443a6e536d3860c5b

    SHA1

    48ea2418d3f535d60cb1e679e4d6aa2999b447ee

    SHA256

    a5c8ee4a6b1e7949d0fbfa75da764d1bb4b38a03e096b3b183b4b9f8739d5f1e

    SHA512

    c0bd877c20f17d21089be498ccdc940669eb27e33202888c154a95ad1081dfb808280744d00e86671c1d6aea7868d65008f82d29243a1c65b34741405a2949e5

    Download Submit