Overview

overview

10

Static

static

7

30d557fef0...d8.apk

android-9-x86

1

30d557fef0...d8.apk

android-10-x64

10

30d557fef0...d8.apk

android-11-x64

10

appboy-htm...ent.js

windows7-x64

1

appboy-htm...ent.js

windows10-2004-x64

1

t-rex.html

windows7-x64

1

t-rex.html

windows10-2004-x64

1

vk_dex.apk

android-9-x86

vk_dex.apk

android-10-x64

vk_dex.apk

android-11-x64

Analysis

  • max time kernel
    529212s
  • max time network
    161s
  • platform
    android_x64
  • resource
    android-x64-20230831-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
  • submitted
    11-10-2023 10:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    30d557fef09fc14bea100e880d5cd5c3784faadfd39a1940ce17cb4eea8d8fd8.apk

  • Size

    5.5MB

  • MD5

    2600311823e0c228f0231650689bc751

  • SHA1

    8cb68c08014f70d84f63acd0c8829a977d538a6b

  • SHA256

    30d557fef09fc14bea100e880d5cd5c3784faadfd39a1940ce17cb4eea8d8fd8

  • SHA512

    3f0b8713613c94a40e61cef6eeb782ebb8455d12a889c46051d89ddeab68c5b2fb17c50543dd782b0f23f7887a496f6dc2a23063ce879197f5460b72e6903eff

  • SSDEEP

    98304:Dmn7cHFTHHYDODB7Cg2kJ+KKLht8//i6fZKPHfrXuJsJSsfxVc3ntn5OrQ/sWYrw:Dmolz4DwBP2O+KKGiEFSJ9fxVc9nMrVu

Score
10/10
flubotbankerinfostealerransomwaretrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 1 IoCs
  • Makes use of the framework's Accessibility service. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.snda.wifilocating
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4998

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.snda.wifilocating/foevkdih4J/jfefinzzueY9ghv/tmp-base.apk.kfsgkhg6954669137408401606.hhI
    Filesize

    1.4MB

    MD5

    05beee762bb9e5788dd57281673df6c6

    SHA1

    84978922920e9f1c866fdf4fafae4af3c248096b

    SHA256

    ab055501404491212b433cb8ea3079a60e226d5d8ad15faa9cf49aad997d835e

    SHA512

    cb015631559b57feec3ecc5753304386d5334fdab2fd5a2a0be69e4a502138034a4b1d4bdb1c2487093f612fb81801b79277ec07a2e4fcf12470a214061c2f75

    Download Submit

  • /data/user/0/com.snda.wifilocating/foevkdih4J/jfefinzzueY9ghv/base.apk.kfsgkhg1.hhI
    Filesize

    5.1MB

    MD5

    fa800b8d7c67bee9f8b1236e1c766ca8

    SHA1

    164f2b12a9454b469519c03df13c46b1b1072838

    SHA256

    5517fe2688946160f19ceb65e704bb43ea60556b9cd33a67f57d0a1a2074b992

    SHA512

    ef3ee966a1eb15713f4637631afc7ba9a0c1fe3e49e5ae52f11f3a78fe1e607f485f693b37bf849f554566a89421628a9fc2540565563a15ef9f5e0ff677bfdd

    Download Submit