Overview

overview

10

Static

static

7

42331cf55e...ea.apk

android-9-x86

10

42331cf55e...ea.apk

android-10-x64

10

42331cf55e...ea.apk

android-11-x64

10

Resubmissions

02-11-2022 04:23

221102-ezznpahcd9 10

Analysis

  • max time kernel
    912404s
  • max time network
    157s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    02-11-2022 04:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42331cf55ee2174ac0d137d27633f7ea.apk

  • Size

    5.5MB

  • MD5

    42331cf55ee2174ac0d137d27633f7ea

  • SHA1

    c67ce535777198f1bac3a7b7bd34817255c05e13

  • SHA256

    df98a8b9f15f4c70505d7c8e0c74b12ea708c084fbbffd5c38424481ae37976f

  • SHA512

    ffef78b5f7507cf444f9b1b03f5d655b4c88b6c9d00fa10455179d63003d2cd52b120d5ec81fa031bd920f711f5a3cf42d804da51f418314779de4e508336d32

  • SSDEEP

    98304:f++ca+O+GSgUvtRZb9WFbto/q5qb3S1B3Y70sOyrDrfK/+xyxrUh4:W+cRODULN++S5qbOsOqCmxyNUh4

Score
10/10
flubotbankerdiscoveryevasioninfostealerransomwaretrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 2 IoCs
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.tencent.mobileqq
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4052
    • /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.tencent.mobileqq/jG8seijrgu/8f8IjGUrgjhhrUf/base.apk.geIqgyG1.dUG --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.tencent.mobileqq/jG8seijrgu/8f8IjGUrgjhhrUf/oat/x86/base.apk.geIqgyG1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4166

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mobileqq/jG8seijrgu/8f8IjGUrgjhhrUf/base.apk.geIqgyG1.dUG
    Filesize

    2.0MB

    MD5

    ad656fc403c35b6a716e073bcd6d7824

    SHA1

    eb6b8c513a3abe5906a07d2fd3aed39a0de0cbd6

    SHA256

    a72640470a5611a7c6864eafe02e2ed8bf589dfb88a7195a66423327c924953e

    SHA512

    5c1c15c79ffdb4be81e7a7804d3dfa22122f9931ceff8e8a515d981aa8fee3211ad8acf08f02d946e7bb997ef016ddbe3f592ba742cc62712fd39c44725b3568

    Download Submit

  • /data/user/0/com.tencent.mobileqq/jG8seijrgu/8f8IjGUrgjhhrUf/base.apk.geIqgyG1.dUG
    Filesize

    2.0MB

    MD5

    ad656fc403c35b6a716e073bcd6d7824

    SHA1

    eb6b8c513a3abe5906a07d2fd3aed39a0de0cbd6

    SHA256

    a72640470a5611a7c6864eafe02e2ed8bf589dfb88a7195a66423327c924953e

    SHA512

    5c1c15c79ffdb4be81e7a7804d3dfa22122f9931ceff8e8a515d981aa8fee3211ad8acf08f02d946e7bb997ef016ddbe3f592ba742cc62712fd39c44725b3568

    Download Submit

  • /data/user/0/com.tencent.mobileqq/jG8seijrgu/8f8IjGUrgjhhrUf/base.apk.geIqgyG1.dUG.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.tencent.mobileqq/jG8seijrgu/8f8IjGUrgjhhrUf/ktfgfg7u.8jHp
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.tencent.mobileqq/jG8seijrgu/8f8IjGUrgjhhrUf/oat/x86/base.apk.geIqgyG1.odex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.tencent.mobileqq/jG8seijrgu/8f8IjGUrgjhhrUf/oat/x86/base.apk.geIqgyG1.vdex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.tencent.mobileqq/jG8seijrgu/8f8IjGUrgjhhrUf/tmp-base.apk.geIqgyG7943379360249020205.dUG
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.tencent.mobileqq/shared_prefs/DHL.xml
    Filesize

    133B

    MD5

    3c136a3579733f8d927fb81db261171a

    SHA1

    10b69e6113e84cb3ae4a7101a3f783c5421b6690

    SHA256

    435d4033200197b215ef014ac5215104446871750bbcc9c6582074944ed9ed83

    SHA512

    61f2829c296751973b9a609c05b35464b13fe803e42a765a1f0f38582c858d9a341650aaa9bf1a7b3a22683eeb2f14f6bc2c87325482f3a271fb473fb5825457

    Download Submit

  • /data/user/0/com.tencent.mobileqq/shared_prefs/DHL.xml
    Filesize

    197B

    MD5

    e3304487e2c1766ea8e04d26d4a837f9

    SHA1

    f35005793462445f8e1645546639a614b011700a

    SHA256

    9b5d4217cac6d61532a06e7d5b45cfabb4d9f9a24bbe8ce4ffb33b1f264b82b1

    SHA512

    c12856a49accac0c0e671acb8d0195ca27fbbbc18edddab667d2088204569045ecf6e0372b9a7df2e0b08d7be438aca71ece72e31fef6923a27f9ced749be3f1

    Download Submit

  • /data/user/0/com.tencent.mobileqq/shared_prefs/DHL.xml
    Filesize

    240B

    MD5

    fd2d62b00425724446bf3378f1eee59c

    SHA1

    699f087a067e7faa6ff6766907a2593a5168e63f

    SHA256

    160e49bdadd38efa22aa5689db8fcf11bac94734bb6d2b0408cc06293a3778a7

    SHA512

    888238fb333a362b5b81f4ec1d662eb59a5d911af3ad307fdb488881b5795ae6012003737866ff3f3f8515662a6a309f942efc309c083502f3c9b52aa49b080c

    Download Submit