Analysis Overview
SHA256
3eb7efa71648ae819f1bff89399717805129487081e8261dd65bf596f2467054
Threat Level: Known bad
The file 3EB7EFA71648AE819F1BFF89399717805129487081E8261DD65BF596F2467054.apk was found to be: Known bad.
Malicious Activity Summary
malibot
Makes use of the framework's Accessibility service.
Loads dropped Dex/Jar
Requests dangerous framework permissions
Acquires the wake lock.
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-08-12 07:29
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. | android.permission.PROCESS_OUTGOING_CALLS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2022-08-12 07:29
Reported
2022-08-12 07:32
Platform
android-x86-arm-20220621-en
Max time network
183s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| NL | 216.58.208.106:443 | tcp | |
| NL | 216.58.208.106:443 | tcp | |
| NL | 216.58.214.14:443 | tcp | |
| NL | 216.58.214.14:443 | tcp | |
| NL | 142.251.36.34:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| NL | 142.250.179.131:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.39.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:853 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2022-08-12 07:29
Reported
2022-08-12 07:32
Platform
android-x64-20220621-en
Max time network
170s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 172.217.168.202:443 | tcp | |
| NL | 172.217.168.202:443 | tcp | |
| NL | 142.250.179.206:443 | tcp | |
| NL | 216.58.208.98:443 | tcp | |
| NL | 172.217.168.234:443 | tcp | |
| NL | 142.250.179.195:443 | tcp | |
| NL | 142.250.179.170:443 | tcp | |
| NL | 172.217.168.202:443 | tcp | |
| NL | 172.217.168.202:443 | tcp | |
| US | 1.1.1.1:853 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2022-08-12 07:29
Reported
2022-08-12 07:31
Platform
android-x64-arm64-20220621-en
Max time kernel
2432129s
Max time network
137s
Command Line
Signatures
malibot
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.slhytrowb.wfxaicaiw/ihoftigt8f/ffkyffUhHfh8I89/base.apk.hkyhafI1.g8k | N/A | N/A |
Processes
com.slhytrowb.wfxaicaiw
Network
| Country | Destination | Domain | Proto |
| NL | 142.250.179.195:443 | tcp | |
| NL | 142.251.36.3:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 142.250.179.138:443 | tcp | |
| NL | 142.250.179.138:443 | tcp | |
| NL | 142.250.179.138:443 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 142.251.39.104:443 | tcp | |
| NL | 172.217.168.206:443 | tcp | |
| NL | 172.217.168.206:443 | tcp |
Files
/data/user/0/com.slhytrowb.wfxaicaiw/ihoftigt8f/ffkyffUhHfh8I89/g8yUt8ff.atdy
/data/user/0/com.slhytrowb.wfxaicaiw/ihoftigt8f/ffkyffUhHfh8I89/tmp-base.apk.hkyhafI8698955310780440046.g8k
/data/user/0/com.slhytrowb.wfxaicaiw/ihoftigt8f/ffkyffUhHfh8I89/base.apk.hkyhafI1.g8k
/data/user/0/com.slhytrowb.wfxaicaiw/shared_prefs/multidex.version.xml
/data/user/0/com.slhytrowb.wfxaicaiw/shared_prefs/com.android.launcher3.prefs.xml
/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.slhytrowb.wfxaicaiw/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 97ccd9a2b2063143df56b6937f961ca4 |
| SHA1 | 5e78a91ae5df289ce83443cb7d5589dd3504fb5d |
| SHA256 | 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd |
| SHA512 | 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b |
/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/webview_data.lock
| MD5 | f9e92622bcb81fbebdfc8210438a9c4a |
| SHA1 | fe4a1de192fd6e6d7ac28be34c8a8cebe345ea78 |
| SHA256 | 992576746433823b1cfe64625e7613f8966bb07381a7282cef028a843180e21e |
| SHA512 | df01c8a921bf2b2682bb9f6c3e4fe17d36e44daedb1e9d0c987b691b09f30fc904a771374d05a88d426ef236c2768c17cbc8e191e0346fceae4c2b62123aa0ba |
/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/Default/Web Data
| MD5 | a48cd9324b1f8754b07f00d863b840f3 |
| SHA1 | 11c6614775b35a58f440971dfc87c8aaac6d6173 |
| SHA256 | 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420 |
| SHA512 | 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1 |
/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/Default/Web Data-journal
| MD5 | dac707e9efb928f642741b0cdfae19db |
| SHA1 | 45744ee80d0d26ef0545148cdb64a7254e5388d3 |
| SHA256 | 82e9d1d0118889548d83acb59ab16474b43a31eb70a916c13f7af2488324328b |
| SHA512 | 5ab0a6414866a48c06193cf1b2e581b8d7b2f127368a2a3a8ca87cfbe41eacf7b0062b8ababc2a43051836f310547036bd91cd49bd24adcda9d5f103017eff57 |
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/Code Cache/js/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/Default/GPUCache/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/Default/GPUCache/index-dir/temp-index
| MD5 | 215ad83344251574110f825ebb2b3ff3 |
| SHA1 | ef32bfadad806ee51c88b9d183bba3349b5503ab |
| SHA256 | 3448b0463d0fd37ad59266cefb50ad16f74a8a7ec08df1b76606a6a78aa8df90 |
| SHA512 | 4eebda868c38cb26a4f665a0caa5cce2fea52a462bd8c5709a14a44627e37933df5e91fb3d988f451af99ade86cd8b48c1fcba5b60e1204f26c8c57277d3f0b7 |
/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/Default/Cookies
| MD5 | dfb2098ca7b3bf16d6f5f1e7d3839af5 |
| SHA1 | ebb7a8bc886062d77a4092bd306b77a0ce7a3e9d |
| SHA256 | e4119d32577d7fc63b267cc23eb7a9bbfb12d238f23e08918c38838fe0181224 |
| SHA512 | fccec45399258eb98220b7f01b492a72b8b3d1254dec6e196e344d89a0376c6ee24534a31a6675c866d4a17256d3ac6823657eaf04e1d386757d0cbfc6597e50 |
/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/Default/Cookies-journal
| MD5 | dd2eb5a4234d95a1bdc259c4a2c5175a |
| SHA1 | 4bfd4920301493c4c91569e27ee929a7960d7bc5 |
| SHA256 | 71156098b1636ea4b0c6331297f7b74d80fcae0b9e010393e2652bf35abe92fe |
| SHA512 | 4e553672f6ccdbd75b7d29815a46f2f0cb41f23efb46a639a92ef89d2aff23515cc73cf3a35f0ce9cdfe36a27c92ab6143afcbf151964765aac507a36ac7c879 |
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index
| MD5 | fa721ce295bb2015d3accd27e2b7233b |
| SHA1 | e6cee45a331204f1f4f2d9fb5093a8c82e4f38b0 |
| SHA256 | f49768cc90962ce689ca90f09720a56be5aa6cbf8b5c3b7b5b7641126826d6f4 |
| SHA512 | bc16f4f00890559330be83291b01381440f80db587966670f1ad1555a2d302b54993463f8fa4955508020573089c18dcbe439e318934e42fa899713198c96099 |
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index
| MD5 | 770b6697db8be5c77349d07fcfe1d4c4 |
| SHA1 | b972c2a60170475ba21366edf33dba7f0bf60bf0 |
| SHA256 | e78b55fb262884ad657637e5d86931fb3b55874754cef452760eff602390c314 |
| SHA512 | d59086415fec22f339ce9390e185d3dbcef82ab395d22cd4602da60183fb66a352ee5af29d66b04f68f4af0ae7aa947798b67fdde1a274ba0ec0299b4b5123a0 |
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/fc82c67fb2a675f5_0
| MD5 | f9aa47cfc60edf0df6ecee46b0767538 |
| SHA1 | 5da05c630f6a367dba3f7865b599f842cdd22274 |
| SHA256 | 5a3509522297b9aeaf2a9cc62f126e4c1e486ce2fefb74e964254d039a8a5e95 |
| SHA512 | 3d117bd29dc20ca597a98e0bcad53240a67264d5ded1e0d48a78fe9cdc3a4d4ee8079ea19f5d4f59d96ccc40812df9fc7160f0052080d85f24274e11ef660897 |
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/index-dir/temp-index
| MD5 | bd1dfd4cbf7dc5082d46b4eceaae626a |
| SHA1 | ff35c07a41936ca21210cc6682312942ce32be69 |
| SHA256 | 78415fe53cfba17b9c68027da8bd16bcea5ddd9a42bae8648140b2eee16075be |
| SHA512 | 0e4a1e14ffa637bc008ffc388b615568cdfbc097f9af9f6ae75bca0a6d64c28822003741976516e5c124e89c599ac4f1f34079f80fee4280f1903b4cb91f26b3 |
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Crashpad/settings.dat
| MD5 | dc96d5499764a4f602614eea98966e88 |
| SHA1 | 8501ef7e261cd2d8c10c842b0e35f229b477b13c |
| SHA256 | 4d699784af7c99fb1a04b080dae8957ae0854a8d35af4d6ca9ec8a5edc91d251 |
| SHA512 | 290910401d92d82649a14474261f14b3e4f13b617e330b7434905c4163fc9234fefb11d02514590b32a549dabd3120a59dccc09a8cb04c9368b5c264325b9062 |
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/font_unique_name_table.pb
| MD5 | f080fa2a56ab5479d58063e5ea871447 |
| SHA1 | 4b3fd57a98916fa5784305b76ba30af26b5253d9 |
| SHA256 | 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815 |
| SHA512 | 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936 |
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/2fa35442860d43fc_0
| MD5 | ca0c5821ae7912a675580872652adc8c |
| SHA1 | 5fc677ee0233d312237fb11f6e88d2b71896144f |
| SHA256 | fa1e81aabc3cb9e37e34e026fe494848b5819bde99dad9369ff6f07eec956114 |
| SHA512 | b1ebb5bbc4ecf84315448390f50150d72b56f84f864544dedc7667166df72a54ae13aa7a9433f964ce9b4e8e5706b87900639cdddd3cabf3509403c1bb318b9b |
/data/user/0/com.slhytrowb.wfxaicaiw/app_webview/.com.google.Chrome.JCZ1Qs
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/9083f7d8c2f97d68_0
| MD5 | 7d278d7aed0f9e9e055ace29f4c35697 |
| SHA1 | 21782b4d0af36882c2a9f0a8136992041153d476 |
| SHA256 | 8d3a425e7697c3cf3a9fa6fbbcc582743920b140f43965d539f9ea284a4fb9e0 |
| SHA512 | f172b28b6ae14dabcef29bc3aa7c357fe309efb2f37093e2ca4a8dc06b9f6465626e14cc07883bbe1393fe530ac3abdd4f92d740b32fc25fe54882425e306a27 |
/data/user/0/com.slhytrowb.wfxaicaiw/cache/WebView/Default/HTTP Cache/index-dir/temp-index
| MD5 | fbddbd533d99c99d1ffb8cba95f93942 |
| SHA1 | ed295839360ea7c6474bfa1ac80460fdc5a64cb4 |
| SHA256 | 5dd49918fd547fe279bc2a513c21911957864d234c971f046514d144630dc15c |
| SHA512 | 66db50af3e4ded749d18c5ff2746461986b2117a92b99606cc55fe7eeea6b95392aea40d140309d86ef3279f627f84010633c62801a5ffcb78726f4e7e6adc54 |