flubot | c22c7b1f473939ebaa1ae8f891065633a767a4ad84b804e1c61faa7d8ad22763

Analysis

max time kernel
381028s
max time network
101s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
26-10-2022 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c22c7b1f473939ebaa1ae8f891065633a767a4ad84b804e1c61faa7d8ad22763.apk
Size

3.8MB
MD5

c136b8d59db8d91ec022aa0151028e05
SHA1

9eae5b7351e1cfb35d67a78d441b9c612dce491f
SHA256

c22c7b1f473939ebaa1ae8f891065633a767a4ad84b804e1c61faa7d8ad22763
SHA512

34b0c0947f321ba8b785ed36412bbc7a59c77438962afaf0d67179232e36ab7c1d885c9f83e0384900c0c1723249f29cd8fc7548423ff647a01678d349b08fe3
SSDEEP

98304:tNerged/OIfZCj2e2GVoEnyAXaJMTp/fGCpQDM:t4rgtj2+/p93pQDM

Score

10^/10

flubot banker infostealer trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.iqiyi.i18n/code_cache/secondary-dexes/base.apk.classes1.zip	family_flubot

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.iqiyi.i18n

ioc pid process

/data/user/0/com.iqiyi.i18n/code_cache/secondary-dexes/base.apk.classes1.zip 4765 com.iqiyi.i18n

ioc	pid	process
/data/user/0/com.iqiyi.i18n/code_cache/secondary-dexes/base.apk.classes1.zip	4765	com.iqiyi.i18n

com.iqiyi.i18n
1⤵
- Loads dropped Dex/Jar
PID:4765

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.iqiyi.i18n/code_cache/secondary-dexes/MultiDex.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.iqiyi.i18n/code_cache/secondary-dexes/base.apk.classes1.zip

Filesize
2.4MB

MD5
97dda0e8d28f6defb1950d05e650b4b4

SHA1
9883c2bf6cba5d1b46fcba54baf01342f2adb7a1

SHA256
2a7d1f5b88741377488ac0bf0c22b81573803a7729738c3a7dc081fefcb88c7d

SHA512
7b7c75790dc77ac71f3b9bfbfea4bd48cddb03347d6ce33cb1266a3b1af0e9759249c800b57f084353fa6a9ecc41c90149060a0e3cb8136b801cab6743219127

Download Submit
/data/user/0/com.iqiyi.i18n/code_cache/secondary-dexes/tmp-base.apk.classes180683737032714692.zip

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.iqiyi.i18n/shared_prefs/Voicemail.xml

Filesize
133B

MD5
3779b90ec03171c54e58addccd8871e3

SHA1
ebde1444eac5e98b29e8b5581cd0f7a6f00d7137

SHA256
2b15b3db0d7d6bf584db0da7d3942e00fdbab97f4914d89ad3a3ca025c638edf

SHA512
43cbbdcf69f97c2ccdd41ffbd76623fcadc1b4a8aaf27a63e5116e7c4e9d990fc3b071d87f65fc7d962e4a2021732306cae817a02e7327be9130236456fb6384

Download Submit
/data/user/0/com.iqiyi.i18n/shared_prefs/Voicemail.xml

Filesize
197B

MD5
f33a4f593bd6295aac0a9b9d552e658a

SHA1
b65f28714f60bb56868d38b812a3462b6e4ec254

SHA256
df6682973d56512ff1a61d14441998557376030540612ebf3be022aa0da8f9db

SHA512
87e5a3852ee8411b461e9c69027d5d230ea1e97f48b331244ee3a6b079fba2fa33231e909e9c8329b7f3cb55dbec11222270e62d99ce55054497be38d6efa9e3

Download Submit
/data/user/0/com.iqiyi.i18n/shared_prefs/multidex.version.xml

Filesize
307B

MD5
b609c2c5066d2aae8d65d749a7165e17

SHA1
f12e06745c21bd96583c66b734c13a3a6a687ba3

SHA256
2cb15641dd8ca4879195bd5385b19733c6fb9882271feb9c0d86d8550b474ec1

SHA512
42702c0350afd11523f2e36b292c0fbca3da4a446876ad9601c5589c016e84e56a97082d20900eb85719f81f002e4ea305c65908d41772366a3d522ffcd1031c

Download Submit