Overview

overview

10

Static

static

7

cb43d09133...74.apk

android-9-x86

10

cb43d09133...74.apk

android-10-x64

10

cb43d09133...74.apk

android-11-x64

10

android-su...v4.jar

windows7-x64

1

android-su...v4.jar

windows10-2004-x64

1

corejs.1.3.4.js

windows7-x64

1

corejs.1.3.4.js

windows10-2004-x64

1

libfolly_futures.so

ubuntu-18.04-amd64

libfolly_futures.so

debian-9-armhf

libfolly_futures.so

debian-9-mips

libfolly_futures.so

debian-9-mipsel

libjsijniprofiler.so

ubuntu-18.04-amd64

libjsijniprofiler.so

debian-9-armhf

libjsijniprofiler.so

debian-9-mips

libjsijniprofiler.so

debian-9-mipsel

libnative-...der.so

ubuntu-18.04-amd64

libnative-...der.so

debian-9-armhf

libnative-...der.so

debian-9-mips

libnative-...der.so

debian-9-mipsel

libreactnativeblob.so

ubuntu-18.04-amd64

libreactnativeblob.so

debian-9-armhf

libreactnativeblob.so

debian-9-mips

libreactnativeblob.so

debian-9-mipsel

Analysis

  • max time kernel
    377679s
  • max time network
    161s
  • platform
    android_x64
  • resource
    android-x64-20230831-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
  • submitted
    09-10-2023 22:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb43d09133f6c65bdd25001f231cc1379aa63bd8ad5a20e8671861f5f0da2b74.apk

  • Size

    3.9MB

  • MD5

    4e5b975596521d64b8f9ae1cbe4a9879

  • SHA1

    64569d6caecae1cb0a7982bdcbaec104f99eb7d4

  • SHA256

    cb43d09133f6c65bdd25001f231cc1379aa63bd8ad5a20e8671861f5f0da2b74

  • SHA512

    530b27bed6d9b06086d3b80347acbd73c3fabc3198fb53a35918a3222586b791adee1323132e0bffd6971c75ba31f2c966a5719956a5c840e4398a0f17311199

  • SSDEEP

    98304:eqC/loKvtb7KA0mTsL6kr3dQf+AC7rjZRFJtYvw:eqC/e47lElLdC6rj7FJz

Score
10/10
flubotbankerinfostealerransomwarestealthtrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 3 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:5037

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/app_apkprotector_dex/classes-v1.bin
    Filesize

    3.1MB

    MD5

    8538cc53fd4119591abd013f06d128d1

    SHA1

    39baf7deeec73f5b121f828a01e1ebc8c048cee4

    SHA256

    cdd4364a1f94ae4e1e7e5338eb77ac491d21077ebcd693d82cc017277e64c903

    SHA512

    93cf0afce901b84a4f33d636f61384fb4067dbcb325c23ee0b4723071bc07ec7b5fcb0a2e65f6a12a94bd02186ea65e2d69501b944c17f7e583847eca6ae0f2b

    Download Submit

  • /data/user/0/com.tencent.mm/app_apkprotector_dex/classes-v1.bin
    Filesize

    3.1MB

    MD5

    8538cc53fd4119591abd013f06d128d1

    SHA1

    39baf7deeec73f5b121f828a01e1ebc8c048cee4

    SHA256

    cdd4364a1f94ae4e1e7e5338eb77ac491d21077ebcd693d82cc017277e64c903

    SHA512

    93cf0afce901b84a4f33d636f61384fb4067dbcb325c23ee0b4723071bc07ec7b5fcb0a2e65f6a12a94bd02186ea65e2d69501b944c17f7e583847eca6ae0f2b

    Download Submit

  • /data/user/0/com.tencent.mm/app_apkprotector_dex/classes-v1.bin
    Filesize

    3.1MB

    MD5

    8538cc53fd4119591abd013f06d128d1

    SHA1

    39baf7deeec73f5b121f828a01e1ebc8c048cee4

    SHA256

    cdd4364a1f94ae4e1e7e5338eb77ac491d21077ebcd693d82cc017277e64c903

    SHA512

    93cf0afce901b84a4f33d636f61384fb4067dbcb325c23ee0b4723071bc07ec7b5fcb0a2e65f6a12a94bd02186ea65e2d69501b944c17f7e583847eca6ae0f2b

    Download Submit