Overview

overview

10

Static

static

6

aa8a7563fe...51.apk

 

aa8a7563fe...51.apk

android-10-x64

10

aa8a7563fe...51.apk

android-11-x64

10

Analysis

  • max time kernel
    2503962s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    20-12-2023 11:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa8a7563fe9255d52e5f4bd1e165c4fa71758acc6d20fd23ec2127137ff93751.apk

  • Size

    4.8MB

  • MD5

    ff1a568ed2021ff708153e3fff1a8afb

  • SHA1

    652ea29ae5cd4e6b91f6b3678928ac726221e7ea

  • SHA256

    aa8a7563fe9255d52e5f4bd1e165c4fa71758acc6d20fd23ec2127137ff93751

  • SHA512

    ad405cb69b808f934e1613076db5daa5b978fee04fdc3b9eca9c3d238c049260dbb791e47b4f30ccb8e5e72e17215a3a98f68aa2ab0c50985842550e12fecc01

  • SSDEEP

    98304:68F3FGdInEZB7KOqdPval+28JDRpXvMJZJEvtIKMtlRM:nJRE2rdnoL8JvXkJjElgC

Score
10/10
flubotbankerevasioninfostealerstealthtrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 1 IoCs
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.qq.reader
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4642

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.qq.reader/hugdtGr7je/rkUjgI7tgghIfgU/base.apk.8IfGHhg1.uhg
    Filesize

    2.0MB

    MD5

    23f41eab5a899060cd41d0738b98e464

    SHA1

    acfa9b8fa72d332c95752a70b37f94d7aec9dcf8

    SHA256

    63883a9d048cf0d6e2ded8d4d8baa9997c4cf3198c4c5619d2799ddfcbb84255

    SHA512

    12f8c3805b198522befaed38dfbff247dd0947920f8d16aa3b3e9ecb18b79e66f7ed70658879de4cc1972adff3b02248373895ba84305540f8d14ef64d4857dd

    Download Submit

  • /data/user/0/com.qq.reader/hugdtGr7je/rkUjgI7tgghIfgU/tmp-base.apk.8IfGHhg144334076833798727.uhg
    Filesize

    418KB

    MD5

    b54235662370f572bb32f4d7fca4c58a

    SHA1

    ef1bac8507f0580934d6dd0c40c53d47914497b6

    SHA256

    246fe168f2f39a00cd9cdabc11a8bd376a835a770842301ae77627a9af661132

    SHA512

    1770a8e0a5d1d49ff18904e51024b0f39fc0c1ed7445e73a8037ed9aab6aece4b76b1862d639f09e0edffa91cf50b30e46bafd15f73b69cf1ef86c2485201260

    Download Submit