Overview

overview

10

Static

static

7

cryptoapp.apk

android_x86

8

cryptoapp.apk

android_x64

1

cryptoapp.apk

android_x64

10

Resubmissions

22-09-2022 05:59

220922-gpshqsdhcq 10

04-07-2022 03:32

220704-d3qdragdc8 8

30-06-2022 05:11

220630-fvqqnagaep 8

28-06-2022 09:39

220628-lmr7eaach9 7

21-06-2022 09:05

220621-k17nksegh6 8

Analysis

  • max time kernel
    3003673s
  • max time network
    164s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220621-en
  • submitted
    30-06-2022 05:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cryptoapp.apk

  • Size

    3.7MB

  • MD5

    520855bdec84895dd57eb97e5f30b6e3

  • SHA1

    51428eaafc0d544da9a56ba00b8c9c774a01153f

  • SHA256

    b12dd66de4d180d4bbf4ae23f66bac875b3a9da455d9010720f0840541366490

  • SHA512

    b608aa376c1919cfad95d1ec31943b9350f8c25d30f60610dd1263e08b75fb5c400e635aee815fa29d186b9887e57b5cbb592e67d2e987a858e53e5f3d7c7e26

Score
10/10
malibotbankerinfostealertrojan

Malware Config

Signatures

  • malibot

    Malibot is an Android banking malware with the ability to bypass 2FA/MFA codes.

    infostealertrojanbankermalibot
  • Makes use of the framework's Accessibility service. 1 IoCs
  • Acquires the wake lock. 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • werwerwee.qwetrydsf.yfdefes
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    PID:5016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/werwerwee.qwetrydsf.yfdefes/databases/app_icons.db
    Filesize

    1.5MB

    MD5

    161523450a470330265bf8ff98f2ded8

    SHA1

    e29137d1e367fda458d5c7946e600f8b60d97dde

    SHA256

    d33d965849bb902629f7b983873b83b624c2de8a58f502ab373596f32ab18982

    SHA512

    dd5cb932ddd500b65d9731395637ec65c403668402eb84d110b4043473f155cc0d1d23d3a3d6ede5387cc2dd0e621609afa475cea13ae222bbf16bd62a340794

    Download Submit

  • /data/user/0/werwerwee.qwetrydsf.yfdefes/databases/app_icons.db-journal
    Filesize

    1KB

    MD5

    a27db5a03d599a9c179e085e955e8209

    SHA1

    afe84e1d4e05f8dd86a3914cad7b62d2775fd59d

    SHA256

    1aa450ef9011e3c4f50b0dca541091312d67d45ad6f26b489d3e28edaea91d38

    SHA512

    2a5411508951b507402ab4442575ff7bf49e2384c4287751a55bbb957314b2aa987e3545494c9ed7e2e250ea85ebf2c3fc38b5f752213e6206cd8cda75403978

    Download Submit

  • /data/user/0/werwerwee.qwetrydsf.yfdefes/databases/launcher.db
    Filesize

    184KB

    MD5

    7b871ca00b8bd1ca218ac0bd2e3d9c92

    SHA1

    9e6399c04781b15d9f37684aeca03a7e353a9d85

    SHA256

    18eb86ff1e51ccc7ddc3fac1d986d012e891abf133e041dd467d18c0a55d732c

    SHA512

    518806fd0b424fd4a655223c272279770b3a2691e6b0e7fa132ee6518ed0f5933db6bc578195b33ba8c63bc3549b7ba0a1d2840d32ae76957e37e0e7de09a2d3

    Download Submit

  • /data/user/0/werwerwee.qwetrydsf.yfdefes/databases/launcher.db-journal
    Filesize

    1KB

    MD5

    ee5c6bc438210ab23ad69ea7ceb473cd

    SHA1

    4a872eff294ce4dfcb6eaaeda67a4448a3a482a9

    SHA256

    1aa936681cd790051e7be0cfa7ceee6431a950b63119b37c88f96b5828678b26

    SHA512

    3558b6b1514317944d8440ac2be7eea351e3a9d2fa6bfdf16fb5c0884c11574d4b2e1bbe993a5d69e893aa69d7da4efbdec727dc490a361fdcfbc9e1fc027617

    Download Submit

  • /data/user/0/werwerwee.qwetrydsf.yfdefes/databases/widgetpreviews.db
    Filesize

    72KB

    MD5

    0678e6e6b1f4348088d4da865feed17f

    SHA1

    bb776ff575af7d93e0d673a42a23072e74e06956

    SHA256

    1620d357c5776920f359a8791327d4bb155107ee0b7278ebf8cd810595376d8b

    SHA512

    77b3dac14800fcfb6af4822ec77b0f85db66c626d72463e405fbfe5b90ae99a4a9096a877a08ccd5494e07d4c86e08be0ce9cf3d86af87445f7380e5730602de

    Download Submit

  • /data/user/0/werwerwee.qwetrydsf.yfdefes/databases/widgetpreviews.db-journal
    Filesize

    1KB

    MD5

    a230198b1881635662cb309e3bc26509

    SHA1

    9037db35676c2aab7eeb47a71cf354c6b3fe03bc

    SHA256

    b3cc355d793022993bc700f1913d1a7bbe173e1aa86841207320f4e9320d8ff3

    SHA512

    e5290b59540852474e13f54f98c541933444a7f6840e1e0fce296536b8a9901f2dcbb5a228002d12d2e946d01f0c65353680e4ca77ee9c56afc0902f4e9c2fdc

    Download Submit

  • /data/user/0/werwerwee.qwetrydsf.yfdefes/files/downgrade_schema.json
    Filesize

    1KB

    MD5

    70435833064f71228d8d001901b56873

    SHA1

    2d68b64360bb323366fadab675f387c74b42a23a

    SHA256

    73353cdbb7fbf2ee224948f35a950ad7bbaad5269b59471e690b34988ecc19e2

    SHA512

    fb7642c1c01aeacc3d5748b8be977ef272e7e9325cfd9e64b8638d4be84ff030cab8483a92ea677ffc246223df81e4b2c544e121943ac9acc8e79b6255b5b55a

    Download Submit

  • /data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.device.prefs.xml
    Filesize

    140B

    MD5

    3c16cb4832deadb43a96abc38eb13af4

    SHA1

    7bcd9e314b0c3eae16aabe46a3aba681c5c516f9

    SHA256

    3f0ed1762d4f00d55093d9f6244be7cdf0298e5fde7e090421a2e66f2302ca91

    SHA512

    296f96a5b57add3dafc8d8b0eeb0333ff79497ac8451ce97d37ed7e72e88e01e6c65b5779c812bbedc7f956125fc734a38852c01727e0274adba27d2a5890007

    Download Submit

  • /data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.managedusers.prefs.xml
    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

    Download Submit

  • /data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml
    Filesize

    128B

    MD5

    20837fd8daf2a2de8d6c4ccd8e90653a

    SHA1

    7ac08617bd4585151c239325aea243d9eca586f7

    SHA256

    e05f0ae0ee70ef2efac07e999da273b5f506462b67549f9080f6cdf469d70cec

    SHA512

    a4fd7ac1ce847a84fe4f47c2e7079f00b16b86213fe840b70e3a55992a043da99ca6fe1c9a723e709e2ee3985ed3b7c5a299d1cf5b29e8228f3f81d3cbb6876a

    Download Submit

  • /data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml
    Filesize

    187B

    MD5

    40629fd218a1921144fccde51155abc1

    SHA1

    259981316f38f3b538443eac60839b8b0268c774

    SHA256

    edc51de6ea378118e3aee11c10db88b84059deeaaed9434cfe4154d73b149306

    SHA512

    013143b1efeca433127b20ae5ff045259ff19ce90729a66c218921d825293038747f5251043fd511533263eddb8f7ada758b75f62981044da872e2e5322b0943

    Download Submit

  • /data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml
    Filesize

    344B

    MD5

    40e6801daac7f1acd559c527a34cdf6d

    SHA1

    832ac9144f5b1d76b309c0228e63d0878e8a8f7d

    SHA256

    a7d09131de77bab23af3f8f10290af517d6f0bafe3c0257b108edf837f3097e5

    SHA512

    77a0e86e62336afda48a3d51c2b4a79e32003a77efcccb0f2619e827c787701c258e8b29bcf3f994555d00a05e8039f2461caec57fef90e7a631f99d9630a1db

    Download Submit

  • /data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml
    Filesize

    403B

    MD5

    a44c2fb81476599162792952dc18e93d

    SHA1

    8b2dd43570ac7ccda7648c90f13788c1d507e51c

    SHA256

    8f27506efdf280d6a67f8cd3fd10307cc597e7dd40315f0cb100b171e432b0a7

    SHA512

    fe17a9cb751a4c4c7185e178b66a91e1113e4bddaa49429a0d36e1e2137a08d0bd8ec5531602debd1ae6e48a8e7a468d5b6ed47d8122608f755809d4b13f1734

    Download Submit

  • /data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml
    Filesize

    344B

    MD5

    40e6801daac7f1acd559c527a34cdf6d

    SHA1

    832ac9144f5b1d76b309c0228e63d0878e8a8f7d

    SHA256

    a7d09131de77bab23af3f8f10290af517d6f0bafe3c0257b108edf837f3097e5

    SHA512

    77a0e86e62336afda48a3d51c2b4a79e32003a77efcccb0f2619e827c787701c258e8b29bcf3f994555d00a05e8039f2461caec57fef90e7a631f99d9630a1db

    Download Submit