Overview

overview

10

Static

static

7

base.apk

android-9-x86

10

base.apk

android-10-x64

10

base.apk

android-11-x64

10

Zw6IGlco.ppt

windows7-x64

1

Zw6IGlco.ppt

windows10-2004-x64

1

license-ru.html

windows7-x64

1

license-ru.html

windows10-2004-x64

1

license.html

windows7-x64

1

license.html

windows10-2004-x64

1

UserDict.pyc

windows7-x64

3

UserDict.pyc

windows10-2004-x64

3

_abcoll.pyc

windows7-x64

3

_abcoll.pyc

windows10-2004-x64

3

_sysconfigdata.pyc

windows7-x64

3

_sysconfigdata.pyc

windows10-2004-x64

3

_weakrefset.pyc

windows7-x64

3

_weakrefset.pyc

windows10-2004-x64

3

abc.pyc

windows7-x64

3

abc.pyc

windows10-2004-x64

3

copy_reg.pyc

windows7-x64

3

copy_reg.pyc

windows10-2004-x64

3

genericpath.pyc

windows7-x64

3

genericpath.pyc

windows10-2004-x64

3

linecache.pyc

windows7-x64

3

linecache.pyc

windows10-2004-x64

3

os.pyc

windows7-x64

3

os.pyc

windows10-2004-x64

3

posixpath.pyc

windows7-x64

3

posixpath.pyc

windows10-2004-x64

3

re.pyc

windows7-x64

3

re.pyc

windows10-2004-x64

3

site.pyc

windows7-x64

3

Analysis

  • max time kernel
    2927680s
  • max time network
    159s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    12-06-2023 07:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    base.apk

  • Size

    3.3MB

  • MD5

    15328ea6d31bef8ddd15a81e0f5a549b

  • SHA1

    c52f12651d91a9bf0d625a879b34d194eba69ed4

  • SHA256

    a778818cc08d213d1f66db5fa8b34aabc862569ecb99fd1aea37ff6ccab48400

  • SHA512

    5939a527d289315ff6d354bbd6e834ae9b3f452aebc54114a0fb46cb5422e5537ff0592aa62fbd20d753162f6a3ae56cfd97c4320613d1377a9b5a7d6a525336

  • SSDEEP

    49152:qLzu436uB6iejEyNRe1kqqGI18iNwDelhcTUr4T1S0NwBbGJ3H5+ELr42SKn2IQI:qHuKB6BzReWqqGWNN8g4ETBaJ7n2Izl

Score
10/10
flubotbankerdiscoveryevasioninfostealertrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 4 IoCs
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Removes a system notification. 1 IoCs
    evasion

Processes

  • com.sina.weibo
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    PID:4177
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sina.weibo/app_apkprotector_dex/Zw6IGlco.ppt --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.sina.weibo/app_apkprotector_dex/oat/x86/Zw6IGlco.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4227

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.sina.weibo/app_apkprotector_dex/Zw6IGlco.ppt
    Filesize

    2.3MB

    MD5

    44e5099c255320beb84c347c28d9ffba

    SHA1

    32bccc9ebf25868ac299f14f45da44e166f424f1

    SHA256

    51a29d7ced99b68bf97e8dfff99f3a99aa157c7e6f86161e83935f750c5c73d3

    SHA512

    4efcbd07e80007e6b2c178c203a218cdcdba2c58347010485148e237aa4bc4b6a8c9aa2b53a9907b430349a1643e5e262e4049541dbab09a171b4f0ce73a9d88

    Download Submit

  • /data/user/0/com.sina.weibo/app_apkprotector_dex/Zw6IGlco.ppt
    Filesize

    2.3MB

    MD5

    44e5099c255320beb84c347c28d9ffba

    SHA1

    32bccc9ebf25868ac299f14f45da44e166f424f1

    SHA256

    51a29d7ced99b68bf97e8dfff99f3a99aa157c7e6f86161e83935f750c5c73d3

    SHA512

    4efcbd07e80007e6b2c178c203a218cdcdba2c58347010485148e237aa4bc4b6a8c9aa2b53a9907b430349a1643e5e262e4049541dbab09a171b4f0ce73a9d88

    Download Submit

  • /data/user/0/com.sina.weibo/app_apkprotector_dex/Zw6IGlco.ppt
    Filesize

    2.3MB

    MD5

    d30fdff5e1af065724fb93a0485558fa

    SHA1

    bfc1c22592902ef6e1b9db375d597d4bed0a1e0a

    SHA256

    d502b442bb18bd65eb7aa16d59aa9bcde0c8940fd78247e53aa67afcac784546

    SHA512

    c6c5fe14a951d97df73a153bc6f3e4c4bbe7a6e21c101a4e6303f21a54ba7c11548bfaa9afbd0c94f4e1acb8ed58941ff9c53de83dd8465e50af40e8beda53dd

    Download Submit

  • /data/user/0/com.sina.weibo/app_apkprotector_dex/Zw6IGlco.ppt
    Filesize

    2.3MB

    MD5

    44e5099c255320beb84c347c28d9ffba

    SHA1

    32bccc9ebf25868ac299f14f45da44e166f424f1

    SHA256

    51a29d7ced99b68bf97e8dfff99f3a99aa157c7e6f86161e83935f750c5c73d3

    SHA512

    4efcbd07e80007e6b2c178c203a218cdcdba2c58347010485148e237aa4bc4b6a8c9aa2b53a9907b430349a1643e5e262e4049541dbab09a171b4f0ce73a9d88

    Download Submit

  • /data/user/0/com.sina.weibo/app_apkprotector_dex/Zw6IGlco.ppt.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.sina.weibo/app_apkprotector_dex/oat/x86/Zw6IGlco.odex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.sina.weibo/app_apkprotector_dex/oat/x86/Zw6IGlco.vdex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.sina.weibo/shared_prefs/Voicemail.xml
    Filesize

    133B

    MD5

    82f37297fe4bd0f26fbf599d777ae767

    SHA1

    c1b2567627f79d57962ac9feeed02814b1841fa0

    SHA256

    88f1761701abab2eb2c7642f5cd68f573487c03c487d8218e086e1d571b25be2

    SHA512

    c653a97ac4e644397a111d7910493139c78f8919a2a1b97f900884199aeb91a65e36c57cae319e95c3d59a9add1a8cdc2ead494583bb1cce5b7d1ac75f3ce992

    Download Submit

  • /data/user/0/com.sina.weibo/shared_prefs/Voicemail.xml
    Filesize

    197B

    MD5

    2b556ba7bc5c8ad858c2ae43834de7a6

    SHA1

    bd05be86fa6f062a48650d2a7609ae3b8768160b

    SHA256

    02e07035d641b3a7d042b9642ceac347ed1a9c672f759eda1e9de926c2ada67b

    SHA512

    2a99a194952a1f0fe196a28db42ba073993ba1f17935b4b3f096d37973edc2d3cb913537ed8db89e947c4bcc68ceb425396b6ab38d9f194cd115371b17ed552e

    Download Submit