flubot | df98a8b9f15f4c70505d7c8e0c74b12ea708c084fbbffd5c38424481ae37976f

Resubmissions

02-11-2022 04:23

221102-ezznpahcd9 10

Analysis

max time kernel
915949s
max time network
44s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
02-11-2022 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42331cf55ee2174ac0d137d27633f7ea.apk
Size

5.5MB
MD5

42331cf55ee2174ac0d137d27633f7ea
SHA1

c67ce535777198f1bac3a7b7bd34817255c05e13
SHA256

df98a8b9f15f4c70505d7c8e0c74b12ea708c084fbbffd5c38424481ae37976f
SHA512

ffef78b5f7507cf444f9b1b03f5d655b4c88b6c9d00fa10455179d63003d2cd52b120d5ec81fa031bd920f711f5a3cf42d804da51f418314779de4e508336d32
SSDEEP

98304:f++ca+O+GSgUvtRZb9WFbto/q5qb3S1B3Y70sOyrDrfK/+xyxrUh4:W+cRODULN++S5qbOsOqCmxyNUh4

Score

10^/10

flubot banker infostealer ransomware trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4824-0.dex	family_flubot

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.tencent.mobileqq

ioc	pid	Process
/data/user/0/com.tencent.mobileqq/jG8seijrgu/8f8IjGUrgjhhrUf/base.apk.geIqgyG1.dUG	4824	com.tencent.mobileqq

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

Processes:

com.tencent.mobileqq

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.mobileqq

com.tencent.mobileqq
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tencent.mobileqq/jG8seijrgu/8f8IjGUrgjhhrUf/base.apk.geIqgyG1.dUG

Filesize
2.0MB

MD5
ad656fc403c35b6a716e073bcd6d7824

SHA1
eb6b8c513a3abe5906a07d2fd3aed39a0de0cbd6

SHA256
a72640470a5611a7c6864eafe02e2ed8bf589dfb88a7195a66423327c924953e

SHA512
5c1c15c79ffdb4be81e7a7804d3dfa22122f9931ceff8e8a515d981aa8fee3211ad8acf08f02d946e7bb997ef016ddbe3f592ba742cc62712fd39c44725b3568

Download Submit
/data/user/0/com.tencent.mobileqq/jG8seijrgu/8f8IjGUrgjhhrUf/ktfgfg7u.8jHp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.tencent.mobileqq/jG8seijrgu/8f8IjGUrgjhhrUf/tmp-base.apk.geIqgyG8093937491063504212.dUG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.tencent.mobileqq/shared_prefs/DHL.xml

Filesize
133B

MD5
2b0ab2f85f1e928a71db26b7db06a1f4

SHA1
dbf0373b0eb473a793e81e1047870ae7940cf189

SHA256
42afbec02a8c9b747b2d535b8d80961fc160e064e04b5c3d34eaab7c5959d7ef

SHA512
d2f3c6549ad3b1f61550cb9b733c5c442841d7e8801345e49e31c370fd1193f073bd9de0bd2a7cfc23521bf26767d64296d93d618e00dc88aa32b20e5849f6f5

Download Submit
/data/user/0/com.tencent.mobileqq/shared_prefs/DHL.xml

Filesize
176B

MD5
4cd272a79b8771ed1c67b38a9b021f0a

SHA1
8b783f942f8a20150cdba48d9d26d94c5859d0ab

SHA256
a1cb1f80edf6ea020d31d1b1a41f37cc5c2ef7e1d1b4619e024d32b802bbfa25

SHA512
898c6d8d382f8ef2b5766f1d56c9851c45ac5142513574caa66fbeaf381a46da7593a98ff4d7eb664768daadd3f047ca5cada511688ede40b85e5a787e6116f9

Download Submit
/data/user/0/com.tencent.mobileqq/shared_prefs/DHL.xml

Filesize
240B

MD5
774e0e8a2e7e35acfed6f5d3060d3d93

SHA1
d76e3ea6a195e6a9c86e01cc3bc64cf8b42ef5ff

SHA256
aa2e1391918260159376a2f252d6bb21521567f4fc0e136d3d01a45bb525cec0

SHA512
effef0c4ea54ee673c385426479395172daffeb34a380c4f276a44aab37bd4b13f379916432a2e7be10af269d76cd6a87d533c54a05d89051c97cd2c9affb28f

Download Submit