flubot | f1bcf62ae8af19e38cfa19809e5a65cddd9b638cce72598f053774dda76bf398

Analysis

max time kernel
3519015s
max time network
167s
platform
android_x64
resource
android-x64-arm64-20230621-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230621-enlocale:en-usos:android-11-x64system
submitted
07-08-2023 20:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1bcf62ae8af19e38cfa19809e5a65cddd9b638cce72598f053774dda76bf398.apk
Size

3.8MB
MD5

930b9130e8a74dfc0b36be26fa051991
SHA1

a49e598dcb275b3a4180feaa5a89a6e1941864ee
SHA256

f1bcf62ae8af19e38cfa19809e5a65cddd9b638cce72598f053774dda76bf398
SHA512

87908ee5c7288bf426aa7b38aa5cd9b20bc2dc7027d9e945e125aa45de55fa9e833ca25ea9f6d81fa36e0ccd603f63b51728a816de93d21caeca0c4a1f945026
SSDEEP

98304:p//rDg40SwA5x2eC/Z+6br/rXwhyPQSEYjefkYZ5Vk3W3Uhjy:p/jU43h5x2e60gPlEYjZD3Pm

Score

10^/10

flubot banker infostealer trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.qiyi.video/hkuGnjd84n/fhrz8bjeJd4jusw/base.apk.Ghjoj4v1.vvh	family_flubot

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

com.qiyi.video

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.qiyi.video

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.qiyi.video

ioc pid process

/data/user/0/com.qiyi.video/hkuGnjd84n/fhrz8bjeJd4jusw/base.apk.Ghjoj4v1.vvh 4357 com.qiyi.video
Reads information about phone network operator.

ioc	pid	process
/data/user/0/com.qiyi.video/hkuGnjd84n/fhrz8bjeJd4jusw/base.apk.Ghjoj4v1.vvh	4357	com.qiyi.video

com.qiyi.video
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:4357

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.qiyi.video/hkuGnjd84n/fhrz8bjeJd4jusw/base.apk.Ghjoj4v1.vvh

Filesize
2.2MB

MD5
0b4d3de8f586f0925eda275d5ebf3727

SHA1
ab2d6234d53020d2bd4238e4ab525168ade3618f

SHA256
8f3f7b5a292efc43392d516eeabd8a24fb45cfe1b835ed25184deffe0b6d0a16

SHA512
d97869e7b32a1e19c09f96ea82e2426649e793e6d970c3feec7b366541b03ac797ab5a94e9abc5565d4c2cbedc6fe09025f6d5170a15592914df2f063e13424d

Download Submit
/data/user/0/com.qiyi.video/hkuGnjd84n/fhrz8bjeJd4jusw/tmp-base.apk.Ghjoj4v8289820670522017714.vvh

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qiyi.video/hkuGnjd84n/fhrz8bjeJd4jusw/whhomuof.hIbw

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qiyi.video/shared_prefs/DHL.xml

Filesize
133B

MD5
3bfaa1adb1cc9455953f957090490c51

SHA1
69394b0db4a9c38042bcf1cc65cf4d9b0f852018

SHA256
5ab9472a26e190f159930175694775f7501c28fa9bb7b5f18c6a564c3ba63924

SHA512
a62429aa6f1b220d7e6ed015913b43dc40297d128ba414c6de80376e92bb868e8852da946a1c3faf23b6a002bf6f2bd24e162773a1950baf5862184b1b85655c

Download Submit
/data/user/0/com.qiyi.video/shared_prefs/multidex.version.xml

Filesize
306B

MD5
692abb09cd441c469f47eb201ff65251

SHA1
b976270f66d5943ffc897c9117ff43be201a5d38

SHA256
77a9db4abcd585eb1dc4ef0cbe43167e7176e3c082ac0c7a110d146e3f0a7433

SHA512
844d3242fa11aff42a2adfdbc70dc0299400408b42859030c00163c2c8bf2bb32f0c3b6088ce9fe777c71a99a20ba8f95afc06173a0859e2a0016b2488efd01c

Download Submit