Overview

overview

10

Static

static

7

4f9fb1830f...2a.apk

android_x86

10

4f9fb1830f...2a.apk

android_x64

10

4f9fb1830f...2a.apk

android_x64

10

Resubmissions

06-10-2022 16:34

221006-t3fgjshhe5 10

18-07-2022 09:59

220718-lz8pxscdaq 7

21-06-2022 09:18

220621-k9lsgacfep 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a

  • Size

    5.2MB

  • Sample

    220621-k9lsgacfep

  • MD5

    e3281f0f5840038135e319419e3d5338

  • SHA1

    56e7318683cb591051805d6018f619ca2937eda3

  • SHA256

    4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a

  • SHA512

    edc0673a0228432074165c3c52a1dcafa54164f71699f3ba10d47d4f92202137ada0b09ccd72f8b77d59f3e24f64bfe8342d6aeb53611eef9c4aa1ce5c5a1a90

Score
10/10
malibotandroidbankerevasioninfostealertrojan

Malware Config

Targets

    • Target

      4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a

    • Size

      5.2MB

    • MD5

      e3281f0f5840038135e319419e3d5338

    • SHA1

      56e7318683cb591051805d6018f619ca2937eda3

    • SHA256

      4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a

    • SHA512

      edc0673a0228432074165c3c52a1dcafa54164f71699f3ba10d47d4f92202137ada0b09ccd72f8b77d59f3e24f64bfe8342d6aeb53611eef9c4aa1ce5c5a1a90

    Score
    10/10
    malibotbankerevasioninfostealertrojan

    • Malibot payload

    • malibot

      Malibot is an Android banking malware with the ability to bypass 2FA/MFA codes.

      infostealertrojanbankermalibot

    • Makes use of the framework's Accessibility service.

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Removes a system notification.

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks