Overview

overview

10

Static

static

6

305c6ef783...d6.apk

android-9-x86

10

305c6ef783...d6.apk

android-10-x64

10

305c6ef783...d6.apk

android-11-x64

10

Analysis

  • max time kernel
    4051214s
  • max time network
    170s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    31-12-2023 09:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    305c6ef783ba3db66c8b3262d0ad26d6.apk

  • Size

    3.3MB

  • MD5

    305c6ef783ba3db66c8b3262d0ad26d6

  • SHA1

    efd066effa3bfea6c04521a1b32c417f9d19ed34

  • SHA256

    dcfe4d8c0265186f24f56cb774f0087cfde3d46fc0d31a7edf7e036a2006513d

  • SHA512

    b625d6838cd10bb75cf4e25e97e98c3bbbbdf51c020a085ba140dd036994c1f6661efab53b4dbfd42e77f52eee11200537e8f87b851509640ac09886792e5a03

  • SSDEEP

    49152:q77+QbVwYD57Qyr5nsqNz+yBcvPDCkUHXCKgNwVQX3pUyN7AYpDMaSwXZ4coH:qX+AD57QyrKZOcDrjGVzyZAWRS+Zm

Score
10/10
flubotbankerdiscoveryevasioninfostealertrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 1 IoCs
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.tencent.qqmusic
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.qqmusic/code_cache/secondary-dexes/base.apk.classes1.zip
    Filesize

    2.4MB

    MD5

    8c1e1e8fd268c6ef44c8e8d77f590f25

    SHA1

    12ce51dd7ab27c0a202bb85c95b441b2f90970bb

    SHA256

    2047fe3136788eb566b1057d5aff87d91f337d16566e0c28f67c381c2f10d014

    SHA512

    c6999e0b2a4c055b203dc9212f2c89659a6e689262438896d9ef2e895fb27175dabced1368b3b6c748a4b17eb5395673ddd9eba0021b994ecd4c2c14040a43db

    Download Submit