Overview

overview

10

Static

static

10

6323ac6516...b6.apk

android-9-x86

10

6323ac6516...b6.apk

android-10-x64

10

6323ac6516...b6.apk

android-11-x64

10

Analysis

  • max time kernel
    87s
  • max time network
    160s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    27/03/2025, 07:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6323ac65167e8d48c3bd6c8b839eb600b5b9be9b942e582640147be8d98cedb6.apk

  • Size

    2.6MB

  • MD5

    b65b16fb181011fdaf1fa4bcc22edf5b

  • SHA1

    93c3c66ede2d13c5ec2325ee0f774a6808c0d7af

  • SHA256

    6323ac65167e8d48c3bd6c8b839eb600b5b9be9b942e582640147be8d98cedb6

  • SHA512

    6ea8a8c5ca4875707ac338236f9f945787a793ee125a41f8a4423d3e5b6339ddd8bf59432f17da5c1c98026001f797d0520b51bc0d16bafe68d931b202a10d76

  • SSDEEP

    49152:w2mWPAlycYeV11r5N1SlVF4VyNHBn9bsTaU6KbN39kpkOwdWp8fAV6uXhDL9Iqq:Mdlkeb1r5aPFIkHxFs+49PcfVXhvu

Score
10/10
flubotbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 1 IoCs
  • Flubot family
    flubot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests changing the default SMS application. 2 TTPs 1 IoCs
    collectionimpact
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.baidu.searchbox
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Requests changing the default SMS application.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests enabling of the accessibility settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4834

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.baidu.searchbox/app_apkprotector_dex/8CYbZjFp.blue
    Filesize

    2.3MB

    MD5

    16e74e8e6081d78fc2f804d30072bac1

    SHA1

    46a2b5cc24ed7bf38150336254cb97900cebfdf1

    SHA256

    4c84e63a079fc96c2905123315fe2471f80a460747631e47bb8f9bfd36c20fb0

    SHA512

    08e1eec4271a23d3800516984c439a93299826c7786db9cc8808a46e8c2017af0d52bebac5558c1861cd4483ee3233adda361647b62e49863f106ccc31de226c

    Download Submit