Overview

overview

10

Static

static

7

9cb020a79c...df.apk

android-9-x86

10

9cb020a79c...df.apk

android-10-x64

10

9cb020a79c...df.apk

android-11-x64

10

appboy-htm...ent.js

windows7-x64

1

appboy-htm...ent.js

windows10-2004-x64

1

t-rex.html

windows7-x64

1

t-rex.html

windows10-2004-x64

1

vk_dex.apk

android-9-x86

vk_dex.apk

android-10-x64

vk_dex.apk

android-11-x64

Analysis

  • max time kernel
    377391s
  • max time network
    159s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
  • submitted
    09-10-2023 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9cb020a79c3a1028b5a278712923a3246978c68a544009480e57887e14d674df.apk

  • Size

    4.8MB

  • MD5

    c10214331255a0c1e74fea2aac739e8c

  • SHA1

    5ce619517de7a4c22dd473f6bfb2e989b543d864

  • SHA256

    9cb020a79c3a1028b5a278712923a3246978c68a544009480e57887e14d674df

  • SHA512

    307058d35b165cefe2485f97d046d0baf597ff43991705b93732c32c701e8e52e3012e30240364992c59bd8d7ad81c3ac1db75d7927c6e8d14e6c92c598cb452

  • SSDEEP

    98304:BS5spIP290ty+u50+F1/ZlZVZqMA3gdj7DrX8N+fU33W3Ys7pE0eV7:B8spU292yE+33ZVZ9t0Yf+3SdReN

Score
10/10
flubotbankerdiscoveryinfostealerransomwaretrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 1 IoCs
  • Makes use of the framework's Accessibility service. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.moji.mjweather
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4141

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.moji.mjweather/jihJ5gddds/kgkllewvkdbdhhg/tmp-base.apk.lgluzfg1820742092105806838.ulx
    Filesize

    813KB

    MD5

    4b83f701678b6db13ff34f4ffc9e0b5e

    SHA1

    a5537ff82d1faadeb3a9e28b62e26ed66a14f379

    SHA256

    a6f6135c38827e8d622522eafa487b5ea4267ebcce6113ab799e0f9367ae5b5f

    SHA512

    c987433c90f525791d5666e4c44310734e3529203768e448a9a828f692ab273ee6fa2afce2450d962f8393cccec71a37303ef97f3553cbee17684dbb8cbbf87c

    Download Submit

  • /data/user/0/com.moji.mjweather/jihJ5gddds/kgkllewvkdbdhhg/base.apk.lgluzfg1.ulx
    Filesize

    2.2MB

    MD5

    869a9724da56cd72adb674bc5a79f6ef

    SHA1

    01e6fd521e80d4abfec5f7a2db690b7405d69e01

    SHA256

    7ec429f886d3309476a85627e746756b559a645138e9e57dedc9f60664a5eb97

    SHA512

    62687bf58593b44e37f6a4cabed8f472da1f122e14c3d90dfc848af7d4808aad25b2a7c92b905bb51ebfca10de9aa933a14f7a5ad4518c8c48a0f093599771dd

    Download Submit