Analysis

  • max time kernel
    3653376s
  • max time network
    160s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230831-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
  • submitted
    28-09-2023 03:06

General

  • Target

    df98a8b9f15f4c70505d7c8e0c74b12ea708c084fbbffd5c38424481ae37976f.apk

  • Size

    5.5MB

  • MD5

    42331cf55ee2174ac0d137d27633f7ea

  • SHA1

    c67ce535777198f1bac3a7b7bd34817255c05e13

  • SHA256

    df98a8b9f15f4c70505d7c8e0c74b12ea708c084fbbffd5c38424481ae37976f

  • SHA512

    ffef78b5f7507cf444f9b1b03f5d655b4c88b6c9d00fa10455179d63003d2cd52b120d5ec81fa031bd920f711f5a3cf42d804da51f418314779de4e508336d32

  • SSDEEP

    98304:f++ca+O+GSgUvtRZb9WFbto/q5qb3S1B3Y70sOyrDrfK/+xyxrUh4:W+cRODULN++S5qbOsOqCmxyNUh4

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot payload 1 IoCs
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Removes its main activity from the application launcher 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Looks up external IP address via web service 6 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
  • Removes a system notification. 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

Processes

  • com.tencent.mobileqq
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4573

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mobileqq/jG8seijrgu/8f8IjGUrgjhhrUf/base.apk.geIqgyG1.dUG

    Filesize

    2.0MB

    MD5

    ad656fc403c35b6a716e073bcd6d7824

    SHA1

    eb6b8c513a3abe5906a07d2fd3aed39a0de0cbd6

    SHA256

    a72640470a5611a7c6864eafe02e2ed8bf589dfb88a7195a66423327c924953e

    SHA512

    5c1c15c79ffdb4be81e7a7804d3dfa22122f9931ceff8e8a515d981aa8fee3211ad8acf08f02d946e7bb997ef016ddbe3f592ba742cc62712fd39c44725b3568

  • /data/user/0/com.tencent.mobileqq/jG8seijrgu/8f8IjGUrgjhhrUf/tmp-base.apk.geIqgyG1050802090192501409.dUG

    Filesize

    927KB

    MD5

    fc9a38a6a589ebfd6725ee0ed4fb2f55

    SHA1

    c6f325b7ef825fadbf75c470971ab1ea60799442

    SHA256

    e8e2b883293a477f5797b140941dd8790c494415426f4d7dd6994b4c02c14e9b

    SHA512

    e183e6e4daa676e52d4c6696bef6bee85e1ea43a511614e82612e86f198bbb36cf47d8e5251e503292f5ab7c4cc641ab1ef5b5903bc3db4a49638d6b84c98d1c