Analysis
-
max time kernel
150s -
max time network
159s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
-
submitted
13-03-2024 20:48
General
-
Target
53721f5f5eb05250b7d7e599983dc34d2ea2061e8032d4be8fcf9693452757a3.apk
-
Size
3.3MB
-
MD5
b670a3277e69ff3f6aa23c0116675cd9
-
SHA1
f7a6aab778d3a3a348cbb329ef32ed3c492c1ea8
-
SHA256
53721f5f5eb05250b7d7e599983dc34d2ea2061e8032d4be8fcf9693452757a3
-
SHA512
72062267c183060db58f21af96a6d8350cac37b34e85d523576b3a6000d14e515547c57916452b11d4a6370a3e0e4377a80a556956944c9f909e2ba427f2d80b
-
SSDEEP
98304:B0zGt3ZuI7y690JAD/oD4/mQs6/LTdCHZs:B+GfuI7y2oDrq
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot payload 2 IoCs
-
Makes use of the framework's Accessibility service 2 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes
-
com.tencent.qqmusic1⤵
- Makes use of the framework's Accessibility service
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.qqmusic/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.tencent.qqmusic/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
481KB
MD59a79b980ad0fd98833584c9c73ceb0d8
SHA14b2430b4c3a6c9bb6cbd5614fb9ba5758985bac4
SHA256074afe14e0445caa107a4461e6d29c3c70385951a37cce40046649ae204f2a63
SHA512dc49a8aaba7841d129c2db223deaaab7f012e2582400613816fe426afa3727642671e9179a53802d947f2ceb5df1488583c460ba75fe30fe908d2222e81b2b70
-
Filesize
2.4MB
MD527379556444fc08020692572e967528e
SHA1e98aba77f9fabaeed582c6b52de050f010a5b49f
SHA2563ccfc2d60ce8334446368ffb790a5b523cb1c3a21a1d15b75d50cf2084fb7fd9
SHA512f8f36bcf84119169d721082de6ad14fdb76368a0f85862e02b6595b6c806cdbb05d5878f7f2af46bcea465f50c9957b0ea7375796167a2131634f64a1ddd6626
-
Filesize
629KB
MD5dda7581d19b6a31bfc1482ad5e2fa4ac
SHA1e5fe2cbf4184622a55b20c5ebcb76f686a6544aa
SHA2562254bcf811f635d660d9a34c5bc4a938c3d201408dc66364c6f7c2ba9d30bf5f
SHA5122575233e8b196e28fc6c64bdcc9b5bcca74c94b5aa6d292fc5278e435144453eec5b69e4cda872573f2c50eb8f46032f9e4c9dba69610c2e8bc562fdece83f36