flubot | d2c5e4af486a01426f5c98f8ffb13f69f1defece0e07f2c7e4f39d8c2593829b

Analysis

max time kernel
1858065s
max time network
73s
platform
android_x64
resource
android-x64-20230621-en
resource tags

androidarch:x64arch:x86image:android-x64-20230621-enlocale:en-usos:android-10-x64system
submitted
19-07-2023 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2c5e4af486a01426f5c98f8ffb13f69f1defece0e07f2c7e4f39d8c2593829b.apk
Size

5.6MB
MD5

95fb562c7721bc502223e9a0b9e5b0f6
SHA1

6ed60847eefb78b9a91d8e0433dc5ea3494357f0
SHA256

d2c5e4af486a01426f5c98f8ffb13f69f1defece0e07f2c7e4f39d8c2593829b
SHA512

a59d5e5840378df2610f599f1529835ec0dc9fd9e74fbaae167152d16dc9b0e01a2d46c99d722e7c88f02ff8fbfed4c25caa3e51fd101e28bd940d0ce6117f15
SSDEEP

98304:Q6NZwHRVLnc20uge7A1PVTf4uFwEEp/txdrroaMtiXIFvGxQdyxrk:Q6fwHRBncHudM9VTfRFwEGRiyKGWdyNk

Score

10^/10

flubot banker infostealer ransomware trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot payload 1 IoCs

resource	yara_rule
behavioral2/memory/5104-0.dex	family_flubot

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.tencent.reading/Gtfgw8g8UU/HhjIUhGUGG7ej8e/base.apk.UGdkqyf1.I88	5104	com.tencent.reading

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
34	ipinfo.io
267	ipinfo.io
269	ipinfo.io

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.reading

com.tencent.reading
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:5104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tencent.reading/Gtfgw8g8UU/HhjIUhGUGG7ej8e/base.apk.UGdkqyf1.I88

Filesize
2.0MB

MD5
ac89082019a67c0d8dfea697649b7d01

SHA1
9cf9568be109a80e10ba82fcfae9067a3803784d

SHA256
8a447c8a6faa42d24be09983197f851b970caf6392a9a02ecda21b0d13810277

SHA512
108834466356a51337ca27cf061df22d140cc00ff9843892d25e14e7d33fb6aad938bb647af0703b2dc8f561f0f748f4bdd74351c58740ffc80a5646fa2e7838

Download Submit
/data/user/0/com.tencent.reading/shared_prefs/DHL.xml

Filesize
133B

MD5
23099b6d2b596ca90538330522e37153

SHA1
49fa59b952f97ffc0fa4a1cf491e3ddaa2f74591

SHA256
9cd7b688a052a3262e60cfc53b897911db0aabe53e2b3818fb378e8f8c0a33b0

SHA512
b1850fe406fd2320bc7fc4f3a278bae7987c9129e26ab8dfd054ef58ac040e0db88a39563b16e6758b725b81b77c85c8ef5537ec1f4b06e38c26d9700c36c767

Download Submit
/data/user/0/com.tencent.reading/shared_prefs/DHL.xml

Filesize
176B

MD5
d64e3dbd61114cf52c4b681827bee1ce

SHA1
140ad7efab3a66476def60ebe533058fc476ea9c

SHA256
dab82e42f4498da3da9b1c43ae77a508e9f56e5ea3ffa22a2570e78d3b2d8299

SHA512
e6334d60ee9150a0b9502371010f2bc9024b3a2adbc3c364833a2313c7714edfbb988fb44ff29d1b781fc3e6df3b2ccc39d722596ca15a81dae32867b6b223ba

Download Submit
/data/user/0/com.tencent.reading/shared_prefs/DHL.xml

Filesize
240B

MD5
0ac06f8004040f2040d78e9ee7528619

SHA1
be5e6a7259ef7dba45c30c66318384abf4f0d0e6

SHA256
c5bebd16e2fdb64c444e1a14e0c6465b5e9604bb065ce5672e367b91253ea8c3

SHA512
285f480bff55c992ad14276706847b66fdbcf6276bc824508937570a1a4a4852176b7f1a14aa2f8f027ba3c479411eb56da00c223bfcdc4df1cc9eac536921cb

Download Submit