Analysis
-
max time kernel
179s -
max time network
191s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
26-08-2024 22:08
General
-
Target
4378c93a35083c348931837ef6be518e7c93642b1a5d2fa140115e6998db8c9e.apk
-
Size
4.1MB
-
MD5
02f8b54203644f951c8c4b5827708949
-
SHA1
3a431dd74ca00c4c894ede7dbfb880b1d62cbbd7
-
SHA256
4378c93a35083c348931837ef6be518e7c93642b1a5d2fa140115e6998db8c9e
-
SHA512
fe1bbdf68ee485e0d010075d2aeda51e298cc29064604905eb47e6fa2120b85504b1fc2e60282f93fcbebc6e38b85c5c231e4e0a1eb07b57112a1a2531a78d23
-
SSDEEP
98304:wPtaEnsjva/3TefTpBd2pMSDBHG3SZ4/iKGJn2hE:wcLyvI2fGCTKgn2W
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot payload 2 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
Processes
-
com.baidu.searchbox1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Makes use of the framework's foreground persistence service
- Queries information about active data network
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.baidu.searchbox/mfhbfvkfxj/hsspvbjhahjjhfh/base.apk.pndpmdd1.von --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.baidu.searchbox/mfhbfvkfxj/hsspvbjhahjjhfh/oat/x86/base.apk.pndpmdd1.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
859KB
MD55eae508a3697267a4149cddc854e7321
SHA136e307889a90e4c330e032ccbe7b8cd5157fb6dc
SHA256eaec71adcd1d0120d891b7a254528b0f633a970f077d19422007a8b7a38b09e2
SHA512f01ecc00821343253899702d08f95e02ec3625d06ff050db7e4bf8ce2804d596f49078ce570f7519c6189137e04e4319d239d91313a1cad477149ac0ced1916f
-
Filesize
2.3MB
MD570d1f00075406de3cd1b6eeaa8b3a465
SHA11dee0a19dc0dd73bd18fc3885d74f4a3ba3f3c9d
SHA256812beb41cf2b89fe7258538a7de97adf14f368e45292c0fa1bfe729edd52a323
SHA5121f0ede182f8429abe4af844bafd3295617383f0b951639c7fee38b43b50112517d882cd2c1e6fe08747afd838a3dd39ebbc48d88991ef294470a17063b895884
-
Filesize
2.3MB
MD5f73d6aea1f0261d2bec7ca8489fa4f9c
SHA134910f8e67d6bf0bd4d3d8035c7bc5b9f09c3915
SHA256e8d163e50ca2b0391476fee78ce577baca0b299de4978576301c9c7437bbe488
SHA512bae2a377e2b58b557b22e91785a2c750047daff5204b5666bad8961ed18ff5c421290a11c28280601a5e206d573b3f3da74688b001e547a03b0a4c6d14af539a