malibot | b12dd66de4d180d4bbf4ae23f66bac875b3a9da455d9010720f0840541366490

Resubmissions

22-09-2022 05:59

220922-gpshqsdhcq 10

04-07-2022 03:32

30-06-2022 05:11

28-06-2022 09:39

21-06-2022 09:05

Analysis

max time kernel
1674171s
max time network
165s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
22-09-2022 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cryptoapp.apk
Size

3.7MB
MD5

520855bdec84895dd57eb97e5f30b6e3
SHA1

51428eaafc0d544da9a56ba00b8c9c774a01153f
SHA256

b12dd66de4d180d4bbf4ae23f66bac875b3a9da455d9010720f0840541366490
SHA512

b608aa376c1919cfad95d1ec31943b9350f8c25d30f60610dd1263e08b75fb5c400e635aee815fa29d186b9887e57b5cbb592e67d2e987a858e53e5f3d7c7e26
SSDEEP

98304:Yc4aG4U0q90ueyK2KvJ+1uznRUGNlytq4hh4RCNpp5rbMkt:Y1P4IBH90zhQqrRC7n/t

Score

10^/10

malibot banker infostealer trojan

Malware Config

Signatures

malibot
Malibot is an Android banking malware with the ability to bypass 2FA/MFA codes.
infostealer trojan banker malibot

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

werwerwee.qwetrydsf.yfdefes

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	werwerwee.qwetrydsf.yfdefes

Acquires the wake lock. 1 IoCs

Processes:

werwerwee.qwetrydsf.yfdefes

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock werwerwee.qwetrydsf.yfdefes
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

37 icanhazip.com

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	werwerwee.qwetrydsf.yfdefes

flow	ioc
37	icanhazip.com

werwerwee.qwetrydsf.yfdefes
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
PID:4541

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/app_icons.db
Filesize
1.4MB

MD5
63c173361fdb56a91229e8b0e7f435f0

SHA1
06e2fda3b60052b6cae9ecdfd93cfe47d0845fab

SHA256
34334c86aca4faa12a1cd4a5f4b28dffcaafa523246ecad684f9e01a2eee9d3d

SHA512
b0ebe832f1822e82d2a90e3b952c35b040ab96a311dbc86f6df5765ae5f81748b45f01119b514fb0767f538acd33a75b0d55be9135c8c76176e83f376854f2a9

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/app_icons.db-journal
Filesize
1KB

MD5
52ac1a57178412adf31591afb01d4737

SHA1
92f607c3ae402a679d5d63821f3ddc9db7da1cfa

SHA256
fc5c20e47ed95a9d247fb33f33ae3abad326c4a950b3cc4861877cc381546c41

SHA512
e3c30c6a96a5b163b7e9b34a74c3a40e91fa0ad803e40565e16306253bc14c49623b73135cf46c307003621ae5bdd87a4091eb9c29633e8dcd279366a6920e81

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/launcher.db
Filesize
184KB

MD5
0231294925e25fd7943e4a1fac22f946

SHA1
16c4c9476dff7d2baaa1840d92ff686621fcb84b

SHA256
56f5044f674e7d359f2eafb021d291789907f8d8f005a0e8750b4ef97c848d62

SHA512
f8b0056ced30b35455e43b6ec9db234dda894a0b3b1c7a85305e8527c5595298837d30c826616e0f1854bbc1bcb7b096c819af91d2641e912fc16e951fecf536

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/launcher.db-journal
Filesize
1KB

MD5
93339c6b76c9357743224d0a286671ad

SHA1
fc37170f37950afa5f8441070f71f4d738b1877e

SHA256
ca6adf44360e1788d36916701294e1b20115d8f1e49e44bc0e61a58131e31e81

SHA512
75792a0b5361325a5f2a9a8478014171a7cecbca362a0a531ba4b698d4c06fceab4a56e6decf70326cf0b9af2e557263c25a7ad7085a074292f3130534b38706

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/widgetpreviews.db
Filesize
72KB

MD5
0678e6e6b1f4348088d4da865feed17f

SHA1
bb776ff575af7d93e0d673a42a23072e74e06956

SHA256
1620d357c5776920f359a8791327d4bb155107ee0b7278ebf8cd810595376d8b

SHA512
77b3dac14800fcfb6af4822ec77b0f85db66c626d72463e405fbfe5b90ae99a4a9096a877a08ccd5494e07d4c86e08be0ce9cf3d86af87445f7380e5730602de

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/widgetpreviews.db-journal
Filesize
1KB

MD5
fb5a7fe92d2bc291e818f9d952be3400

SHA1
e9fbc1d9ee683e03676c5232a0ec7f7e8a4d4963

SHA256
c20637c5a009bcc0839a46db3fc19918e746e1b187925ca37d26612ddf2ea966

SHA512
9b251bdf534c156067365cf26ff35df0a88921b54339acf7a9e4f9774f5f2c6f3f8dc06134145449f7cc0a49b73fe2c94b590e53726cee0db69fdddb297887ac

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/files/downgrade_schema.json
Filesize
1KB

MD5
70435833064f71228d8d001901b56873

SHA1
2d68b64360bb323366fadab675f387c74b42a23a

SHA256
73353cdbb7fbf2ee224948f35a950ad7bbaad5269b59471e690b34988ecc19e2

SHA512
fb7642c1c01aeacc3d5748b8be977ef272e7e9325cfd9e64b8638d4be84ff030cab8483a92ea677ffc246223df81e4b2c544e121943ac9acc8e79b6255b5b55a

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.device.prefs.xml
Filesize
140B

MD5
95f9d5a733823e9707d22caa485ef488

SHA1
bc464249f2cc52b9953a771f5a3ec347eea64a52

SHA256
f8b9d5c96e273c71d639d52092f7ff7bc443431dd86ccb8dadf887e2f8364fd7

SHA512
efeca750bcf79d2504c367179dcf2a8ad758c6f37dfccec08b66102e5b15c30a407c828bf9d6993bc2554630e8ac4f08ce717ceb164d946d0adec06f9d95e0ce

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.managedusers.prefs.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml
Filesize
128B

MD5
20837fd8daf2a2de8d6c4ccd8e90653a

SHA1
7ac08617bd4585151c239325aea243d9eca586f7

SHA256
e05f0ae0ee70ef2efac07e999da273b5f506462b67549f9080f6cdf469d70cec

SHA512
a4fd7ac1ce847a84fe4f47c2e7079f00b16b86213fe840b70e3a55992a043da99ca6fe1c9a723e709e2ee3985ed3b7c5a299d1cf5b29e8228f3f81d3cbb6876a

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml
Filesize
187B

MD5
40629fd218a1921144fccde51155abc1

SHA1
259981316f38f3b538443eac60839b8b0268c774

SHA256
edc51de6ea378118e3aee11c10db88b84059deeaaed9434cfe4154d73b149306

SHA512
013143b1efeca433127b20ae5ff045259ff19ce90729a66c218921d825293038747f5251043fd511533263eddb8f7ada758b75f62981044da872e2e5322b0943

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml
Filesize
405B

MD5
67dce169e73475e1eb94437105689584

SHA1
6a473b4cb597088f9766ea6e5ed49378b3b2e6c4

SHA256
8ee6d0d12cc6588a8d0463a9213e43aa5b73906b79d403b682bf6f5c737c2154

SHA512
f10935fcc230e9c15b3d25d74ad4248381c49fa0e4228c005cfa3e2f9612d41af3bff1884f654e0f728da935dd5019cbe0ccafb2bc223560b6025ebe70dc532f

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml
Filesize
403B

MD5
a44c2fb81476599162792952dc18e93d

SHA1
8b2dd43570ac7ccda7648c90f13788c1d507e51c

SHA256
8f27506efdf280d6a67f8cd3fd10307cc597e7dd40315f0cb100b171e432b0a7

SHA512
fe17a9cb751a4c4c7185e178b66a91e1113e4bddaa49429a0d36e1e2137a08d0bd8ec5531602debd1ae6e48a8e7a468d5b6ed47d8122608f755809d4b13f1734

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml
Filesize
344B

MD5
40e6801daac7f1acd559c527a34cdf6d

SHA1
832ac9144f5b1d76b309c0228e63d0878e8a8f7d

SHA256
a7d09131de77bab23af3f8f10290af517d6f0bafe3c0257b108edf837f3097e5

SHA512
77a0e86e62336afda48a3d51c2b4a79e32003a77efcccb0f2619e827c787701c258e8b29bcf3f994555d00a05e8039f2461caec57fef90e7a631f99d9630a1db

Download Submit