malibot | 3eb7efa71648ae819f1bff89399717805129487081e8261dd65bf596f2467054

Analysis

max time kernel
2432129s
max time network
137s
platform
android_x64
resource
android-x64-arm64-20220621-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220621-enlocale:en-usos:android-11-x64system
submitted
12-08-2022 07:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3EB7EFA71648AE819F1BFF89399717805129487081E8261DD65BF596F2467054.apk
Size

5.2MB
MD5

ca559118f4605b0316a13b8cfa321f65
SHA1

5ef4d5784738d79f22f9bc5e8db7c94985bc1a3a
SHA256

3eb7efa71648ae819f1bff89399717805129487081e8261dd65bf596f2467054
SHA512

091f07d51e9d7c924666f28a30b03e5ff887e239ad2ed9a99cbd65e7b9350c6fc89cafdbbe05de27f8ea6dc90ff8484c1b692fc891b58fcc6104fa6878e8f3d7

Score

10^/10

malibot banker infostealer trojan

Malware Config

Signatures

malibot
Malibot is an Android banking malware with the ability to bypass 2FA/MFA codes.
infostealer trojan banker malibot

Makes use of the framework's Accessibility service. 1 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.slhytrowb.wfxaicaiw

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.slhytrowb.wfxaicaiw

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.slhytrowb.wfxaicaiw/ihoftigt8f/ffkyffUhHfh8I89/base.apk.hkyhafI1.g8k	5520	com.slhytrowb.wfxaicaiw

com.slhytrowb.wfxaicaiw
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
PID:5520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/Default/Cookies

Filesize
64KB

MD5
dfb2098ca7b3bf16d6f5f1e7d3839af5

SHA1
ebb7a8bc886062d77a4092bd306b77a0ce7a3e9d

SHA256
e4119d32577d7fc63b267cc23eb7a9bbfb12d238f23e08918c38838fe0181224

SHA512
fccec45399258eb98220b7f01b492a72b8b3d1254dec6e196e344d89a0376c6ee24534a31a6675c866d4a17256d3ac6823657eaf04e1d386757d0cbfc6597e50

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/Default/Cookies-journal

Filesize
1KB

MD5
dd2eb5a4234d95a1bdc259c4a2c5175a

SHA1
4bfd4920301493c4c91569e27ee929a7960d7bc5

SHA256
71156098b1636ea4b0c6331297f7b74d80fcae0b9e010393e2652bf35abe92fe

SHA512
4e553672f6ccdbd75b7d29815a46f2f0cb41f23efb46a639a92ef89d2aff23515cc73cf3a35f0ce9cdfe36a27c92ab6143afcbf151964765aac507a36ac7c879

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/Default/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/Default/GPUCache/index-dir/temp-index

Filesize
96B

MD5
215ad83344251574110f825ebb2b3ff3

SHA1
ef32bfadad806ee51c88b9d183bba3349b5503ab

SHA256
3448b0463d0fd37ad59266cefb50ad16f74a8a7ec08df1b76606a6a78aa8df90

SHA512
4eebda868c38cb26a4f665a0caa5cce2fea52a462bd8c5709a14a44627e37933df5e91fb3d988f451af99ade86cd8b48c1fcba5b60e1204f26c8c57277d3f0b7

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/Default/Web Data

Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/Default/Web Data-journal

Filesize
2KB

MD5
dac707e9efb928f642741b0cdfae19db

SHA1
45744ee80d0d26ef0545148cdb64a7254e5388d3

SHA256
82e9d1d0118889548d83acb59ab16474b43a31eb70a916c13f7af2488324328b

SHA512
5ab0a6414866a48c06193cf1b2e581b8d7b2f127368a2a3a8ca87cfbe41eacf7b0062b8ababc2a43051836f310547036bd91cd49bd24adcda9d5f103017eff57

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/webview_data.lock

Filesize
29B

MD5
f9e92622bcb81fbebdfc8210438a9c4a

SHA1
fe4a1de192fd6e6d7ac28be34c8a8cebe345ea78

SHA256
992576746433823b1cfe64625e7613f8966bb07381a7282cef028a843180e21e

SHA512
df01c8a921bf2b2682bb9f6c3e4fe17d36e44daedb1e9d0c987b691b09f30fc904a771374d05a88d426ef236c2768c17cbc8e191e0346fceae4c2b62123aa0ba

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
dc96d5499764a4f602614eea98966e88

SHA1
8501ef7e261cd2d8c10c842b0e35f229b477b13c

SHA256
4d699784af7c99fb1a04b080dae8957ae0854a8d35af4d6ca9ec8a5edc91d251

SHA512
290910401d92d82649a14474261f14b3e4f13b617e330b7434905c4163fc9234fefb11d02514590b32a549dabd3120a59dccc09a8cb04c9368b5c264325b9062

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/2fa35442860d43fc_0

Filesize
340B

MD5
ca0c5821ae7912a675580872652adc8c

SHA1
5fc677ee0233d312237fb11f6e88d2b71896144f

SHA256
fa1e81aabc3cb9e37e34e026fe494848b5819bde99dad9369ff6f07eec956114

SHA512
b1ebb5bbc4ecf84315448390f50150d72b56f84f864544dedc7667166df72a54ae13aa7a9433f964ce9b4e8e5706b87900639cdddd3cabf3509403c1bb318b9b

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/9083f7d8c2f97d68_0

Filesize
338B

MD5
7d278d7aed0f9e9e055ace29f4c35697

SHA1
21782b4d0af36882c2a9f0a8136992041153d476

SHA256
8d3a425e7697c3cf3a9fa6fbbcc582743920b140f43965d539f9ea284a4fb9e0

SHA512
f172b28b6ae14dabcef29bc3aa7c357fe309efb2f37093e2ca4a8dc06b9f6465626e14cc07883bbe1393fe530ac3abdd4f92d740b32fc25fe54882425e306a27

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
770b6697db8be5c77349d07fcfe1d4c4

SHA1
b972c2a60170475ba21366edf33dba7f0bf60bf0

SHA256
e78b55fb262884ad657637e5d86931fb3b55874754cef452760eff602390c314

SHA512
d59086415fec22f339ce9390e185d3dbcef82ab395d22cd4602da60183fb66a352ee5af29d66b04f68f4af0ae7aa947798b67fdde1a274ba0ec0299b4b5123a0

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

Filesize
96B

MD5
fa721ce295bb2015d3accd27e2b7233b

SHA1
e6cee45a331204f1f4f2d9fb5093a8c82e4f38b0

SHA256
f49768cc90962ce689ca90f09720a56be5aa6cbf8b5c3b7b5b7641126826d6f4

SHA512
bc16f4f00890559330be83291b01381440f80db587966670f1ad1555a2d302b54993463f8fa4955508020573089c18dcbe439e318934e42fa899713198c96099

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/fc82c67fb2a675f5_0

Filesize
520B

MD5
f9aa47cfc60edf0df6ecee46b0767538

SHA1
5da05c630f6a367dba3f7865b599f842cdd22274

SHA256
5a3509522297b9aeaf2a9cc62f126e4c1e486ce2fefb74e964254d039a8a5e95

SHA512
3d117bd29dc20ca597a98e0bcad53240a67264d5ded1e0d48a78fe9cdc3a4d4ee8079ea19f5d4f59d96ccc40812df9fc7160f0052080d85f24274e11ef660897

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/index-dir/temp-index

Filesize
144B

MD5
bd1dfd4cbf7dc5082d46b4eceaae626a

SHA1
ff35c07a41936ca21210cc6682312942ce32be69

SHA256
78415fe53cfba17b9c68027da8bd16bcea5ddd9a42bae8648140b2eee16075be

SHA512
0e4a1e14ffa637bc008ffc388b615568cdfbc097f9af9f6ae75bca0a6d64c28822003741976516e5c124e89c599ac4f1f34079f80fee4280f1903b4cb91f26b3

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/index-dir/temp-index

Filesize
96B

MD5
fbddbd533d99c99d1ffb8cba95f93942

SHA1
ed295839360ea7c6474bfa1ac80460fdc5a64cb4

SHA256
5dd49918fd547fe279bc2a513c21911957864d234c971f046514d144630dc15c

SHA512
66db50af3e4ded749d18c5ff2746461986b2117a92b99606cc55fe7eeea6b95392aea40d140309d86ef3279f627f84010633c62801a5ffcb78726f4e7e6adc54

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/font_unique_name_table.pb

Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/com.slhytrowb.wfxaicaiw/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads