Overview

overview

10

Static

static

6

68e7085eeb...da.apk

 

68e7085eeb...da.apk

android-10-x64

10

68e7085eeb...da.apk

android-11-x64

10

Analysis

  • max time kernel
    2821646s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    22-12-2023 04:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68e7085eebe634fb54baaf20cd8d5cda.apk

  • Size

    2.6MB

  • MD5

    68e7085eebe634fb54baaf20cd8d5cda

  • SHA1

    8a45da188ceb595d7564a904b0018e42e6cb6eda

  • SHA256

    c8912a4ea44e34d8abbd7a40e303d1c236e1b0ee8c37ad90c96c91f006da8eff

  • SHA512

    edd5f6acf650086cb3390cd2d9886544966cf92007387bf86f7c1c1019769e71093955e40b433e15c780ab50b047589b9d2e641e03bc059608ce0594b87217a2

  • SSDEEP

    49152:nt6drmFXYEjfe1JVBm8V/nHMt9Nw2xO0Lav9QMmqW8bvtDkP31V:nirKZbSJVBdV/HYI2MP1QzsLtOV

Score
10/10
flubotbankerdiscoveryinfostealertrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 1 IoCs
  • Makes use of the framework's Accessibility service 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.tencent.qqmusic
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4990

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.qqmusic/code_cache/secondary-dexes/tmp-base.apk.classes2058177043971639770.zip
    Filesize

    316KB

    MD5

    38a1897a950ed911271aa0e0b131007f

    SHA1

    b1c34f5c5b5b48c95c6b0f6066588ad40f083601

    SHA256

    6945ba2cf7e98216ac449fd42d8e8fff4051929c26448258a0c417d5af3c782a

    SHA512

    eec94821e7323633605d310133d91c396534d471ecc4807ec060e49cb2b4c0063887c70fc0b7e4813563f4690b45c7905a951eb5aab63d369259716907fffbe3

    Download Submit

  • /data/user/0/com.tencent.qqmusic/code_cache/secondary-dexes/base.apk.classes1.zip
    Filesize

    2.3MB

    MD5

    2f84073f750cce3b9c61df0a3a769ceb

    SHA1

    b237b7305d30c408205b92188d3ecaa957301140

    SHA256

    4e4249a1ebd84edcce0c22ace40dead606579eb44f23b0bbf4c45c93c01cc4cf

    SHA512

    32f3d750c68c4e85f9e81f82c1a6232d66129843d437035cdf4eeafe5d90fcfd51f035d092e6bc266986b21eac083bf077dea4c2a69b0f495d77d199eef6348c

    Download Submit