Overview

overview

10

Static

static

6

7fab5ee06a...67.apk

android-9-x86

10

7fab5ee06a...67.apk

android-10-x64

10

7fab5ee06a...67.apk

android-11-x64

10

vk_dex.apk

android-9-x86

vk_dex.apk

android-10-x64

vk_dex.apk

android-11-x64

Analysis

  • max time kernel
    4030950s
  • max time network
    165s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    09-01-2024 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7fab5ee06a6a5cc391b8b0e94b44bd253eb59e90fda924662534951dc21c9d67.apk

  • Size

    4.4MB

  • MD5

    b718f106e9085c2efe48ad20f475b9f4

  • SHA1

    259aa2501a02f400fff56dd7f02d4b300846ce82

  • SHA256

    7fab5ee06a6a5cc391b8b0e94b44bd253eb59e90fda924662534951dc21c9d67

  • SHA512

    744f7dc20b23b5dbcb3ed43a70ed6f0505bb3afa1c2615928b2439c9d15da68b7fc9e5c4965daacc109bbaa4bf907ba429a86d9dccb04fba6a6bdc4041b64449

  • SSDEEP

    98304:AkBUI5nk4YRl0wLpqPOJu5uIA1Ima4X6H0jJWnfrXnvfMD43W3sAu:AYUIiZhYPGuQj6HasHME39T

Score
10/10
flubotbankerdiscoveryinfostealertrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 1 IoCs
  • Makes use of the framework's Accessibility service 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.tencent.weishi
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4617

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.weishi/wkijhhz9sh/okeizeuv4kh8udi/base.apk.eferhie1.wnu
    Filesize

    2.2MB

    MD5

    2fc80a341e50499c6463d7eeb63c650d

    SHA1

    8d23e240ecce9cab95ddd4e131c2832462c2672b

    SHA256

    e23b74134415ebdc2d4df2d93eb5ee45fbd6491ea994c1f735fce0aba741c6d3

    SHA512

    6f1f8c5500f78fc3d2116250db13534f2de74533cba91895c203af6f926679feace03a89fd2b5d0dcdf4f73db8bee1396bcf02f519bbe0420963153c55e5c4db

    Download Submit