malibot | b12dd66de4d180d4bbf4ae23f66bac875b3a9da455d9010720f0840541366490 | Triage

Resubmissions

22-09-2022 05:59

220922-gpshqsdhcq 10

04-07-2022 03:32

220704-d3qdragdc8 8

30-06-2022 05:11

220630-fvqqnagaep 8

28-06-2022 09:39

220628-lmr7eaach9 7

21-06-2022 09:05

220621-k17nksegh6 8

Sharing

General

Target

cryptoapp.apk
Size

3.7MB
Sample

220630-fvqqnagaep
MD5

520855bdec84895dd57eb97e5f30b6e3
SHA1

51428eaafc0d544da9a56ba00b8c9c774a01153f
SHA256

b12dd66de4d180d4bbf4ae23f66bac875b3a9da455d9010720f0840541366490
SHA512

b608aa376c1919cfad95d1ec31943b9350f8c25d30f60610dd1263e08b75fb5c400e635aee815fa29d186b9887e57b5cbb592e67d2e987a858e53e5f3d7c7e26

Score

10^/10

malibot android banker infostealer trojan

Malware Config

Targets

- Target
  
  cryptoapp.apk
- Size
  
  3.7MB
- MD5
  
  520855bdec84895dd57eb97e5f30b6e3
- SHA1
  
  51428eaafc0d544da9a56ba00b8c9c774a01153f
- SHA256
  
  b12dd66de4d180d4bbf4ae23f66bac875b3a9da455d9010720f0840541366490
- SHA512
  
  b608aa376c1919cfad95d1ec31943b9350f8c25d30f60610dd1263e08b75fb5c400e635aee815fa29d186b9887e57b5cbb592e67d2e987a858e53e5f3d7c7e26
Score

10^/10

malibot banker infostealer trojan
- malibot
  Malibot is an Android banking malware with the ability to bypass 2FA/MFA codes.
  infostealer trojan banker malibot
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

malibotbankerinfostealertrojan