Analysis
-
max time kernel
136s -
max time network
148s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
02-09-2024 07:55
General
-
Target
60fe45472b87bb261930e74422c7a9b5.apk
-
Size
4.2MB
-
MD5
60fe45472b87bb261930e74422c7a9b5
-
SHA1
742334d1697c73d5c7a6621a5f278c397afdfe14
-
SHA256
5c9057d6d19f82fbba255d58e9b0da7102fed08ee25e548e08f0a5b22efc42a2
-
SHA512
5acbdf22b276db4a9848c8153b008026df6cff40f26097967696e2c1ca3c5e12a723ca34ec8b055f10da2e549fb74db2947d85e294527f8a7a65331475cf73ea
-
SSDEEP
98304:5mhzX3DSNLLs4iqrwDn0pFartCVTbBRrQDjhCIwhErEwS1H:sFX3+pCY5PaR2yjUIHrzS1H
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
Processes
-
com.tencent.mobileqq1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Makes use of the framework's foreground persistence service
- Queries information about active data network
Network
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD56b29e9919853e01c16472187366b6e40
SHA1129bb8877b6dc976abea1c63f75d7f869a31644a
SHA256fcfc51132cdb215bfff7d1256ccbd2fed09340bcb9a90ecedd7fe1fade66e65b
SHA51264aab54c5cf04afbab4fc11e4c86ca58279e0ddab86d5af7875d0fe4839b8c7e72745fc8364b4447b51c781d58cd1329a70d7a57d3030c02fc310bee452d6af4
-
Filesize
1.5MB
MD5c76a33c8c0cad41b82d0d8d6e88ec7ac
SHA1ed844413b06f6e2fbba087cd8dfee9ce0d36b815
SHA2562b5330a23d4fa7031d0d90e3146ec674d2353b25476d259c9d34ad429005fed8
SHA5123e19d1ccdb5857a5f87092039f3d7a88e4655d4db53419b6e516a55baf594775bc0d44755df9d15f330b337638e5226c303096e75f664fcad4f5bf14bf03df68
-
Filesize
2KB
MD5121d1071ecab50a3c16a25c079afa60c
SHA101f53bb046b4a200764ff64e7cc00bef7da659b7
SHA2569a3f8cad64dcfed0a550f78f1ce7724667c9392b768764326b9c72bf3aadf5e3
SHA512ab7b8222d0a3202d22dec8637751725e74e5a8eb31de474a993214eee0b4e7a83de97ff9058d82e547c68d6aa438a2e71cf944db4c611cbb1b6e446fe16a1d66