Overview

overview

10

Static

static

6

8e4307f958...97.apk

android-9-x86

10

8e4307f958...97.apk

android-10-x64

10

8e4307f958...97.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    09/04/2025, 22:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e4307f958ef3e5c62e3f0c75176044be90c4863fa546a19a716635379367b97.apk

  • Size

    4.8MB

  • MD5

    afa0e0d9a5a4c04cc27529611cc14e10

  • SHA1

    2c7eda5dd664bca45e46366fd73f868f59aa498a

  • SHA256

    8e4307f958ef3e5c62e3f0c75176044be90c4863fa546a19a716635379367b97

  • SHA512

    6f8ec0148e7d4d016f23569d1777890b2fd5d24c8ee0bc4193311005e41faec97484c9b7ddb1981fb0fcd798c45a33254d2283297e8365a32bde90288dddb16f

  • SSDEEP

    98304:nntSFACZS4YkeOocf0GyqUzhLvS2EuCgvTMPAgi8BFp/BZd4AnObpD1YsFn6:ntS/ZtYkNocf0GDGu2EuJvIPm8BFFdLf

Score
10/10
flubotbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot payload 1 IoCs
  • Flubot family
    flubot
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.tencent.mobileqq
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5139

Network

MITRE ATT&CK Enterprise v16

MITRE ATT&CK Mobile v16

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mobileqq/tfTfw8FftU/j8hrjgyuG8gegHg/tmp-base.apk.GGygUge107723903529080741.yHI
    Filesize

    926KB

    MD5

    3518269466786fb051a325bbbda1c503

    SHA1

    fd6de26618e4c43f79417f51b71d0f5ffe4c7ed7

    SHA256

    123891b598d35bbaedefa21bdd356a012d4f19200d222b0042a6da4119eeb36d

    SHA512

    a87552d7ba140aaa83a92eaf736c44e10bd4fd1c62d35e2734e4b2e5d112977dfc03d6a697913afff347c788206303a3b0057d19d108ae2d7da6c85f4e83fb94

    Download Submit

  • /data/user/0/com.tencent.mobileqq/tfTfw8FftU/j8hrjgyuG8gegHg/base.apk.GGygUge1.yHI
    Filesize

    2.0MB

    MD5

    63d9afc3e175f404b88d33ca77d13bff

    SHA1

    666f529dfc341e945bb9a4c72e3489bb2979a4d1

    SHA256

    34162d3f6b5c4d97769abb4e753b1ff4581b4e60537c186836ffc1fe8116f0b0

    SHA512

    96ea57f78069528d731e5e2ae7d179c67c9be4f33fe590687451f72b34e831706b6325a472ed995ac54447d79b72518c71a155363d0001015f5faf32347b6c0b

    Download Submit