Overview

overview

10

Static

static

7

Malware.unknown.apk

android-9-x86

10

Malware.unknown.apk

android-10-x64

10

Malware.unknown.apk

android-11-x64

10

Resubmissions

07-02-2023 12:04

230207-n8lymaef8v 10

07-02-2023 12:03

230207-n71emaef71 10

Analysis

  • max time kernel
    734334s
  • max time network
    170s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220823-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
  • submitted
    07-02-2023 12:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Malware.unknown.apk

  • Size

    3.0MB

  • MD5

    75c0eb2c78ff31534a588ec47088b622

  • SHA1

    abc703f6e5b824d0a1c14108228009001509a162

  • SHA256

    0de7ded6e4db0cb540ef7249c4bb96ca3147aa193801b06c5235781271bc4b23

  • SHA512

    d0b74f972f851fc7a1f715e152e6f439a080b4d7b1f3129cec6c3164d8b1f75c34a920c393d5d05be45185a2b926b6c382b5e83387436b7905b2500e3db4c36b

  • SSDEEP

    49152:Y09ypryDHH0D6gmPOroTV8asMbUCNhSBNwj0ciNcJ3W7HxTQqUonX73lwp:YXrWn0DAOroTV87w4kjD09RzUsyp

Score
10/10
flubotbankerevasioninfostealertrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 3 IoCs
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion

Processes

  • com.xunmeng.pinduoduo
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    PID:4278

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.xunmeng.pinduoduo/app_apkprotector_dex/xCSswjlO.king
    Filesize

    2.4MB

    MD5

    5b49441a9350dd3b4dba093b8faa2c8e

    SHA1

    bbe36075bd706b87eb7f96fc498c83088b717226

    SHA256

    c23491993bd680fa89ca42a5ff0695365e07c83874e4db29b96234d8a21fe10d

    SHA512

    e4ce7f58ed24644094dee157d4e364c9bd4d68507bac760c760695dc2280052914bfeeb2c020f53b4e9e5da75e173bba28fd994176a4cea66d79a0e648279f94

    Download Submit

  • /data/user/0/com.xunmeng.pinduoduo/app_apkprotector_dex/xCSswjlO.king
    Filesize

    2.4MB

    MD5

    5b49441a9350dd3b4dba093b8faa2c8e

    SHA1

    bbe36075bd706b87eb7f96fc498c83088b717226

    SHA256

    c23491993bd680fa89ca42a5ff0695365e07c83874e4db29b96234d8a21fe10d

    SHA512

    e4ce7f58ed24644094dee157d4e364c9bd4d68507bac760c760695dc2280052914bfeeb2c020f53b4e9e5da75e173bba28fd994176a4cea66d79a0e648279f94

    Download Submit

  • /data/user/0/com.xunmeng.pinduoduo/app_apkprotector_dex/xCSswjlO.king
    Filesize

    2.4MB

    MD5

    5b49441a9350dd3b4dba093b8faa2c8e

    SHA1

    bbe36075bd706b87eb7f96fc498c83088b717226

    SHA256

    c23491993bd680fa89ca42a5ff0695365e07c83874e4db29b96234d8a21fe10d

    SHA512

    e4ce7f58ed24644094dee157d4e364c9bd4d68507bac760c760695dc2280052914bfeeb2c020f53b4e9e5da75e173bba28fd994176a4cea66d79a0e648279f94

    Download Submit

  • /data/user/0/com.xunmeng.pinduoduo/shared_prefs/Voicemail.xml
    Filesize

    133B

    MD5

    98a5ba40998ac53b2af8b64c3e40dc79

    SHA1

    5fadd0fdbc4c1bf109d28d422ac629213ff71b47

    SHA256

    d27dc42975c31fafce26c0e1c2f4a4d997fb857c1bb4a92aeaa8758182da12ee

    SHA512

    13558b824a6b980a029ccc66520b34bdd0366dfde78b0087eed4dcfb0f745d1d75637d9ddb32ba142e098413bfc827c1dce515b5b47138ca3ea340df5e67bd24

    Download Submit

  • /data/user/0/com.xunmeng.pinduoduo/shared_prefs/Voicemail.xml
    Filesize

    197B

    MD5

    560351221c0fcd8afad5c2ef6768b398

    SHA1

    ac678802156375038559561cab007372030f1087

    SHA256

    5277d932875c184382b036b9498843783d56789438d5df7c7b2175f1da62e466

    SHA512

    f3fab182ad7e6e00cfda16853dd5b2a41a0fc03c5b13b82ebe4d15a4cdbda9425d873a1f3825d9d29a187b3dc37571880ef2cdc3f5ade06c0897657d4b7c11cb

    Download Submit