Overview

overview

10

Static

static

7

9b04500fcd...93.apk

android-9-x86

10

9b04500fcd...93.apk

android-10-x64

10

9b04500fcd...93.apk

android-11-x64

10

Analysis

  • max time kernel
    1373272s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-20231023.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
  • submitted
    10-12-2023 03:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b04500fcd4237ddb27a25cf4483bbefe03c6aaf12500c0b7b46ed898f999393.apk

  • Size

    4.8MB

  • MD5

    ca5240489cfb5b97fde09a85e2d90c9b

  • SHA1

    26517a68db93bb36ebf31c2fe4b4b8c0f2fc3c84

  • SHA256

    9b04500fcd4237ddb27a25cf4483bbefe03c6aaf12500c0b7b46ed898f999393

  • SHA512

    df458a089cd18e0cb8e80e8e8eb81d5ad0b9f16c7dddfb968e0a50ac356dffb9149b6957d3b27d4908cc1da366fae98736cb650f5ad8f988f2a63945cf1aeae4

  • SSDEEP

    98304:u9srlNqjQuH5a3udaBi/coneFEGOlOKQr3lIrSTjorzM13/wkT:u9srlia3mQgMO47lIrSXU83xT

Score
10/10
flubotbankerdiscoveryinfostealerstealthtrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 1 IoCs
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4902

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/gjkIffF8Gr/Gqf8kT8eykUggjI/tmp-base.apk.tgFg88i3871074105981892574.uGr
    Filesize

    918KB

    MD5

    09addc9463b0e5a285d1a703c6115690

    SHA1

    cb66362de29c90243cebd64a1bd0e262273fb0bf

    SHA256

    a7f0e97755cf1382c7f91f864c6364953d6788efdf87aff494b130308aa73fb7

    SHA512

    9f397c53594c4faedf1cae103cf1624f19849192a688f5a1ef323215c378093fe06f4e14cfe20a6c05bab79b93a0ca0ba816f92a840ba07f1d64f7053848caf7

    Download Submit

  • /data/user/0/com.tencent.mm/gjkIffF8Gr/Gqf8kT8eykUggjI/base.apk.tgFg88i1.uGr
    Filesize

    2.0MB

    MD5

    74270ed316d2cb906ff202450c26fdb3

    SHA1

    d244f3c10b18ed51e8e0ec6603fb3bc31851879f

    SHA256

    42869292be53a7dd02c7bda15982192193dcf975a6052e8e6aef908ba1557753

    SHA512

    4f5b6aecfdc5f34444e6a79fce60fd6e7a422bf337c3d82382c604498eb3ae5042a2fb51d7d0e788f738d416040a10cfee291288cfeea5d59f416ea15098da48

    Download Submit