Overview

overview

10

Static

static

7

B01B74AAF2...52.apk

android-9-x86

10

B01B74AAF2...52.apk

android-10-x64

10

B01B74AAF2...52.apk

android-11-x64

1

Resubmissions

06/10/2022, 16:35 UTC

221006-t3xqtshhe6 10

12/08/2022, 07:30 UTC

220812-jbsyfsadar 10

Analysis

  • max time kernel
    2432191s
  • max time network
    140s
  • platform
    android_x86
  • resource
    android-x86-arm-20220621-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220621-enlocale:en-usos:android-9-x86system
  • submitted
    12/08/2022, 07:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    B01B74AAF249D0740F541C081C0C0DE4BF455B4B68F2634FAB6CF8AAFCD95D52.apk

  • Size

    2.3MB

  • MD5

    0533968891354ac78b45c486600a7890

  • SHA1

    4e9bc1bcbeec32ad93762482b9e1295c7f1bcee5

  • SHA256

    b01b74aaf249d0740f541c081c0c0de4bf455b4b68f2634fab6cf8aafcd95d52

  • SHA512

    cdf2fcb3d7968b113563b602a476e54bdad4bf30548492941d7d18072c4542007c0f29dd2174ce1cf196c0369651788dc01e5d9f8d5ece9fa0aeeeccdf7348ce

Score
10/10
malibotbankerevasioninfostealertrojan

Malware Config

Signatures

  • Malibot payload 4 IoCs
  • malibot

    Malibot is an Android banking malware with the ability to bypass 2FA/MFA codes.

    infostealertrojanbankermalibot
  • Makes use of the framework's Accessibility service. 1 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Removes a system notification. 1 IoCs
    evasion

Processes

  • com.gdwicoopc.mlwmelkys
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    PID:4730
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR --output-vdex-fd=42 --oat-fd=43 --oat-location=/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/oat/x86/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4786

Network

  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    142.251.36.42
  • flag-us
    DNS
    socrersutagans.site
    Remote address:
    1.1.1.1:53
    Request
    socrersutagans.site
    IN A
    Response
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    216.58.214.14
  • 142.251.39.106:443
    40 B
     52 B
     1
    1
  • 142.250.179.142:443
    tls, https
    803 B
     40 B
     1
    1
  • 216.58.214.14:443
    android.apis.google.com
    tls
    2.9kB
     7.2kB
     12
    13
  • 216.58.214.14:443
    android.apis.google.com
    tls
    1.8kB
     2.2kB
     8
    8
  • 1.1.1.1:853
    tls
    776 B
     3.5kB
     10
    9
  • 216.58.214.14:443
    android.apis.google.com
    52 B
     1
  • 1.1.1.1:853
    tls
    810 B
     5.0kB
     9
    11
  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     96 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    142.251.36.42

  • 1.1.1.1:53
    socrersutagans.site
    dns
    65 B
     130 B
     1
    1

    DNS Request

    socrersutagans.site

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    216.58.214.14

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.gdwicoopc.mlwmelkys/app_webview/Cookies
    Filesize

    64KB

    MD5

    cb7543c4df600f2af58097cce0e334ba

    SHA1

    83cc92f38c27fdb4fa519b1ce2f37912f24af1f0

    SHA256

    64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233

    SHA512

    ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

    Download Submit

  • /data/user/0/com.gdwicoopc.mlwmelkys/app_webview/Cookies-journal
    Filesize

    1KB

    MD5

    2bcd78fea299d511e0eb7d582ccc3084

    SHA1

    320f28da0575a8a6eaad40ad7e8839aa8d15ddc8

    SHA256

    bb18d278cec55a8a1870bc414015e014795b1a64a5f897cc0c18e6daa5000741

    SHA512

    fe0dd9e7c6b302ed634efbfb4025957c641b5acf58c02e1d0011af518f21a05eba5c73da78b731aff2721e2b8a5d9b47999fdea7e3ebca96ea7381c0ebd16b59

    Download Submit

  • /data/user/0/com.gdwicoopc.mlwmelkys/app_webview/GPUCache/index
    Filesize

    20B

    MD5

    93027d42b314432c4216e6cfca48b384

    SHA1

    43448dd8102979c3926828182579691945eedd4e

    SHA256

    3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

    SHA512

    a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

    Download Submit

  • /data/user/0/com.gdwicoopc.mlwmelkys/app_webview/GPUCache/index-dir/temp-index
    Filesize

    48B

    MD5

    28b0c6d318e3747ff825e8f3a0f0ee68

    SHA1

    26e5bf0cf365b7ed2085e817c21aacbe13002f34

    SHA256

    3d9e2e4e6d31fabedf31535d7d6235004368e66cf910b6e269d0f57d07a774a8

    SHA512

    76c578c4fe073153ffb500524daff23873add285c589f0055f350176db03ea771ca0f529adb9981b145e921ea022da2eea36246f12988d0791a623d343c704ae

    Download Submit

  • /data/user/0/com.gdwicoopc.mlwmelkys/app_webview/Web Data
    Filesize

    104KB

    MD5

    dc79f9ce5f3ab5270b33e61119dfc959

    SHA1

    1844bf222a5144b513dcf2fb50a18c011701c647

    SHA256

    47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

    SHA512

    18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

    Download Submit

  • /data/user/0/com.gdwicoopc.mlwmelkys/app_webview/Web Data-journal
    Filesize

    1KB

    MD5

    93ea2c52dd6f7fd25a790b4ddbabdca5

    SHA1

    a9e4787036915495963857e7db661d193ab423ac

    SHA256

    c31ba674f27811274e02e99f251d4e81b23cf7212267af7eef74ffd3adf362e8

    SHA512

    d26940cf6af3f5e88561b16dc278fb8093cb56cb00035ada6023833378c8568ce79ef5c739f2e034a1d5f0ae192f8baf306bbce875bdd4d5fc7a6438da8d254a

    Download Submit

  • /data/user/0/com.gdwicoopc.mlwmelkys/app_webview/metrics_guid
    Filesize

    36B

    MD5

    6c8d0e379df712988c2be0a0203414fe

    SHA1

    557af320299feac3718a62da8f952e8952314b95

    SHA256

    2e0fe1b727501d1bd7d453308e83ea2b2f2d0ddc37f01e25e90761c808bd6778

    SHA512

    b3d6dc3870e430cfd1b434a40e5fe6bb1859ee3dd11837661167da012cafe8e2323e609a19c47cc942224e7c4cf2e35a907200adaaf98e1c9e062d2f360d5e38

    Download Submit

  • /data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/0df34e23dfa8db67_0
    Filesize

    248B

    MD5

    2d17c70410fe8d27c20c7f288d240d8d

    SHA1

    8f8b45010e1a4f96eff289896c31caeb9517ecdd

    SHA256

    bc8fa912b968f9d7fdc290e0579e3e9e93fe44779ce571d470b30e5782bb13a2

    SHA512

    1f7e02137c30c3b2992225ac07ae6c98bea56fa0c9d2b291651c16caf1154048ae1f14a2f14624dffc1a068e2c0d0431335f31bf59bef25a88e631f04f19a916

    Download Submit

  • /data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/e14563e063702837_0
    Filesize

    175B

    MD5

    1f3750b012c1ef69054445ab66ea86a9

    SHA1

    d3b68da152a3fbe2b9b37fd6153e0103a88deb64

    SHA256

    873fe75e1903e66f54ce451476b8d5c15b57d32dc3df2ffd9abafdd234b616d9

    SHA512

    b5004bc8f78f1d2167d545f3ee9f2c81befa913fc5d8189583ef1384401d58f02f6d0585e805e5844b08edb53161589abbafbea9b8c469d561b87cdd4091af9a

    Download Submit

  • /data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/index
    Filesize

    20B

    MD5

    93027d42b314432c4216e6cfca48b384

    SHA1

    43448dd8102979c3926828182579691945eedd4e

    SHA256

    3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

    SHA512

    a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

    Download Submit

  • /data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/index-dir/temp-index
    Filesize

    48B

    MD5

    a1882704bc7e2549a520e05932725681

    SHA1

    d0a03e55c92b3eff1ad49089334e3cdc410e2584

    SHA256

    7c34389581b0ee603b325f1942b25286dd199d80b14a12bca21f2ece4ab634c2

    SHA512

    f1f8b01f30af5f7977fb68612aeb965f97a8b7e5cb0bf2af4641771161bdebcf84a26c24cf52feaeb978afad4874d9aa507345603b5cfb2d20d9da78b1698880

    Download Submit

  • /data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/index-dir/temp-index
    Filesize

    48B

    MD5

    74391132140b1f7568b1a0405dea913f

    SHA1

    1f6e85a10df8bf427269cfd24974bd4cdedd005f

    SHA256

    0d76c56c0f358f801976990eadea4f11364415e4f9b4b39c9f237fb525887420

    SHA512

    628d41ff1e356768995d64cfa9f8ef63a368f865e461b9bbb854d6fe36e696f09a7220d8fa1d32fa538146ce2357531595d2494002a3652074306fd764c737e7

    Download Submit

  • /data/user/0/com.gdwicoopc.mlwmelkys/shared_prefs/WebViewChromiumPrefs.xml
    Filesize

    127B

    MD5

    21223e9184445fe043476484cd8cb1f9

    SHA1

    2b4813f849121d60ba35eb0889080668bb62c778

    SHA256

    bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

    SHA512

    be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

    Download Submit

  • /storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR
    Filesize

    716KB

    MD5

    20523fb5f80852f7d03b9ca83d6d62b7

    SHA1

    9423b1f76829b6052918e6346b58fd69782612d1

    SHA256

    dd71c863722556aa5967e79619f23063138b678d4154b1991f6417547f3a54d4

    SHA512

    0bf7618ce24b4426a8780fb2eeb223a4f65399ab4daf3f9ef6a212709d3c22f745847465490eac4f892e97546d4da98be8774f2421271a51f35c498ca4e7bbe9

    Download Submit

  • /storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR
    Filesize

    716KB

    MD5

    20523fb5f80852f7d03b9ca83d6d62b7

    SHA1

    9423b1f76829b6052918e6346b58fd69782612d1

    SHA256

    dd71c863722556aa5967e79619f23063138b678d4154b1991f6417547f3a54d4

    SHA512

    0bf7618ce24b4426a8780fb2eeb223a4f65399ab4daf3f9ef6a212709d3c22f745847465490eac4f892e97546d4da98be8774f2421271a51f35c498ca4e7bbe9

    Download Submit

  • /storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR
    Filesize

    716KB

    MD5

    8f0101b8896c699c16acaa37a7343f26

    SHA1

    34b286f4121088c085e89411ac54a44691bd3e68

    SHA256

    6396aa51da3ec835e4f26697fbdd18dff5499878e27264a48221de05aa572aa9

    SHA512

    ce4ccc08254b228c498599cd1bd701ed9e248e66cda81ffc9115b062c461d9944d2fd2f9d9c90f5ceb7ee24db2d092d9a299efb00cd9020e545313d20a650af8

    Download Submit

  • /storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR
    Filesize

    716KB

    MD5

    20523fb5f80852f7d03b9ca83d6d62b7

    SHA1

    9423b1f76829b6052918e6346b58fd69782612d1

    SHA256

    dd71c863722556aa5967e79619f23063138b678d4154b1991f6417547f3a54d4

    SHA512

    0bf7618ce24b4426a8780fb2eeb223a4f65399ab4daf3f9ef6a212709d3c22f745847465490eac4f892e97546d4da98be8774f2421271a51f35c498ca4e7bbe9

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.