Analysis
-
max time kernel
179s -
max time network
185s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
04-08-2024 22:08
General
-
Target
b421cc0f878b4ed4a2e535d1e9d9e6ffd3c6b822b55e701bc137c2360fd5e7ee.apk
-
Size
3.2MB
-
MD5
3bb9ad5acdbe20df21068ad42801c30d
-
SHA1
20a654d79cc6e5a6209f001601288b2209f54082
-
SHA256
b421cc0f878b4ed4a2e535d1e9d9e6ffd3c6b822b55e701bc137c2360fd5e7ee
-
SHA512
637535aa3034a425c40b3ef428ff51e3bd360e7a4317716887cc19e0755930ad22836dd8b7dc0fbfca977dce58342571ee15c1df8397c00e9bfcc24d9e502e6e
-
SSDEEP
49152:uYzaaObrX+7P0Fv7f0r9oj/tOLW93L2WhOhzOGNwNUWAvNDT66NnlqIbXob3GoO:uPbrO7P0FgGjEO3QyJNUxV1DqAVoO
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot payload 2 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
Processes
-
com.qq.reader1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Makes use of the framework's foreground persistence service
- Queries information about active data network
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qq.reader/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.qq.reader/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
859KB
MD511623a9652d49007d0decc3589a32ebf
SHA14176835f8291859b5e511059bd85b1cea92f0e88
SHA2569dfc548902590afe5014af37ff98e1d06f346b62f247f1bd6129967d964ad033
SHA512e935bbb356e556d1d75145224131e4686ac5c1188ddf66ccb7807acb00905492845b93a6665848938ab01e009bdd3d00347f1aca6117ac776a109002940d0360
-
Filesize
2.3MB
MD51c9e57d1cc04c19845c8324b47b37e96
SHA1b9cd851e8b55476b1cb3b5673eccd987d174b60d
SHA256b50ff5c39458bc6bcf8fbfe51cd7e43f4d9ed84274f1b4563e567098687ed7d6
SHA5128446723490fa85978cbbae33c8ab0143ca2f0716b71e235df37af3890709cf78a1a7f19288a528e4cda3d60a3c5ae3d634a60ab8a09a2d17e01435f450e12f8e
-
Filesize
2.3MB
MD5e8170ac6d96755570012d752a213969b
SHA186c14c3e8c46de00b21738447b326f3bc53d9582
SHA25616c7fccdd1eb8b489943a98dd26d3448fe49a8cdd000de295f5b1c9d9139f6dc
SHA5120c12ef816e7686000ec6d783155093b8dcecc3013c59882564c600b76d0f72d86f2eb4ee3c72954af9f11fad219dcdbd5d3d7327ca550f81efa40acf5a1ce492