malibot | b01b74aaf249d0740f541c081c0c0de4bf455b4b68f2634fab6cf8aafcd95d52

Analysis

max time kernel
2201368s
max time network
138s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
28-09-2022 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b01b74aaf249d0740f541c081c0c0de4bf455b4b68f2634fab6cf8aafcd95d52.apk
Size

2.3MB
MD5

0533968891354ac78b45c486600a7890
SHA1

4e9bc1bcbeec32ad93762482b9e1295c7f1bcee5
SHA256

b01b74aaf249d0740f541c081c0c0de4bf455b4b68f2634fab6cf8aafcd95d52
SHA512

cdf2fcb3d7968b113563b602a476e54bdad4bf30548492941d7d18072c4542007c0f29dd2174ce1cf196c0369651788dc01e5d9f8d5ece9fa0aeeeccdf7348ce
SSDEEP

24576:JbuUHfXVoL6D8RyE2cZBGUMfYm3At+y6/DA4kf4TyQ0jPwVCnY4DDMpkghSUPFE+:JqKlomDBy+y6/DPkQzuY4OhxdEuX

Score

10^/10

malibot banker evasion infostealer trojan

Malware Config

Signatures

Malibot payload 4 IoCs

resource	yara_rule
behavioral1/files/4126-0.dat	family_malibot
behavioral1/memory/4126-0.dex	family_malibot
behavioral1/memory/4179-0.dex	family_malibot
behavioral1/memory/4126-1.dex	family_malibot

malibot
Malibot is an Android banking malware with the ability to bypass 2FA/MFA codes.
infostealer trojan banker malibot

Makes use of the framework's Accessibility service. 1 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.gdwicoopc.mlwmelkys

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.gdwicoopc.mlwmelkys

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR	4126	com.gdwicoopc.mlwmelkys
/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR	4179	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR --output-vdex-fd=42 --oat-fd=43 --oat-location=/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/oat/x86/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR	4126	com.gdwicoopc.mlwmelkys

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.gdwicoopc.mlwmelkys

com.gdwicoopc.mlwmelkys
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Removes a system notification.
PID:4126
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR --output-vdex-fd=42 --oat-fd=43 --oat-location=/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/oat/x86/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4179

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.gdwicoopc.mlwmelkys/app_webview/Cookies

Filesize
64KB

MD5
cb7543c4df600f2af58097cce0e334ba

SHA1
83cc92f38c27fdb4fa519b1ce2f37912f24af1f0

SHA256
64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233

SHA512
ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/app_webview/Cookies-journal

Filesize
1KB

MD5
cf14ccaf3bb836cf1d86abcb44b3038f

SHA1
ee27ca62753358ff6910c96e02f19a8012dd7e40

SHA256
bddf83e2a831dd95bef09b4610f0e85ddec0995fffec276734ea7186ba542468

SHA512
11164d811ffccbcc3bca95c6f8f1e685c74d975aa3d28fbb3755ac096b7daeedfe12bed54a7dc2f97d2cb1e4d1f114c17a39ab769b5693df7cc227a980aad5ae

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/app_webview/GPUCache/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/app_webview/GPUCache/index-dir/temp-index

Filesize
48B

MD5
f277e7b480d6174d3425402fc1df1029

SHA1
3d0da4312fbefcb89551ceb481a3537b36c57f72

SHA256
80cbe1e3d9d0193854af9dd00b578ca7251fe44fc037acc0ce2a1ffcaf0157b9

SHA512
d993a9bb464ae67a3def3df8dc1ea35fb9c8604491a0f165f0267e74dee6966cffa1d2a05cf53f4b032875bf164fbbec29e24f61863d05a4f5b9302503ff8365

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/app_webview/Web Data-journal

Filesize
1KB

MD5
6c77829c77aed7383b6b5f837cb3b6f0

SHA1
a5660d28cbd5ff832b2de2fd01791daa1e2ffe34

SHA256
fa19737d9b34b27e27ee0a54f3f7a0a4df58f0b38c362013f19806e94610ba1c

SHA512
4db50a42bf5eda3075c80cce6584373d3bde65c41b938763c8f3269e884e893d63e94c768ccfd9741767cbfdc96e261c7eec59d55dc008dbeb9ba46559d1afee

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/app_webview/metrics_guid

Filesize
36B

MD5
2b384e14df744d35c4732eeecad915c3

SHA1
cf7273499c7ae37bea1af8b3e52bd19dea5d8e65

SHA256
4f43711078c05422fbe7d073775016af02a162e4c11097fe407391291724d743

SHA512
137a20f1bea19880e6caa9606042c430a7d2c3d89c79064afb6fb9b5aecdf30af6ee1a73a74c79601afbd35d1ac2c3ac43422db28556299935c0580ed32be744

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/90a55387e95cf3dd_0

Filesize
248B

MD5
fa1af7073342404710f39e5a950c29a7

SHA1
98d43655c18be2943910ce398dfe0cbe1c85d5f5

SHA256
8e962d5e0b2f6cea75abb3937eae09c04c2f7bc0142f31ad5711434b1cea2641

SHA512
e4eb93155fd1f164b217e664580e3a9a8be39ca88066e5c7472a76a30a9ab32a8733e7c5df255d2e44cf78072a9540584c63a0c06520982fc05f2038eb1bbaaa

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/f3337cb1992247df_0

Filesize
175B

MD5
446fc19d58a370f60f0cce237fa62c21

SHA1
7a5925cfc4ffc3c889ed1c9457c6a291917b1e6b

SHA256
c5e05dfc9119126e6b7e71edd27bcd5fc544e2a6886e9218c9eb8eba64610d51

SHA512
311ea799628faea00ead7a67c9f0a446b21d19bdcd4105af88cb592723ad03da1b71758a8b94f05f0235a2877d49f6fc7aca5526f7b58d61addb4ed4ed474774

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
48B

MD5
28f0d5494842e4b8a34729694006d507

SHA1
a101f603236773472caddfdce76768105c486d2c

SHA256
9f04bf29517e6d0ae2f0eec5d402530180781abe3e7b82179b6a370e3b0d7595

SHA512
a6878e53ab3b35475da6c4cb68182803d8827f4a7bc02cff3527d34aef3f272c27da1c54c90f28d69d7a13a499e114984478a8de3d0657ae276bacb09fbfa1ac

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
48B

MD5
c8f8b8fc26c1599bbc1da6923a00e9bd

SHA1
31fd86e588638bef009289a2527dec7292b1a784

SHA256
6b72ed6d540bd3fe58a83133ff46c16c4ad8339f987dfb1837c769ffafefa45c

SHA512
90bbcb03ff145a9f13f8ae1f9ed453174b07f1c79901a209be8d2dc652902abb15599e97bbfc4016ec43a379330324996f2c0e9f70b717d5405e28c5b15ea089

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/shared_prefs/app.xml

Filesize
121B

MD5
5535ae3843517e6073e1642921beb1ed

SHA1
868e60832ea64690cb818624df595ddbd17cadc3

SHA256
074130eabfb009728aa65a15e3edd9c1014be0fcd761dc970163360444b7a4ce

SHA512
57b45ef51c396baad839ed4416537528d3385d260b3e598339c2a240998c33dd705c930a1178309a5cc2495f298fd0161997472f5cae463c22a1bcd74bd259d2

Download Submit
/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR

Filesize
716KB

MD5
20523fb5f80852f7d03b9ca83d6d62b7

SHA1
9423b1f76829b6052918e6346b58fd69782612d1

SHA256
dd71c863722556aa5967e79619f23063138b678d4154b1991f6417547f3a54d4

SHA512
0bf7618ce24b4426a8780fb2eeb223a4f65399ab4daf3f9ef6a212709d3c22f745847465490eac4f892e97546d4da98be8774f2421271a51f35c498ca4e7bbe9

Download Submit
/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR

Filesize
716KB

MD5
20523fb5f80852f7d03b9ca83d6d62b7

SHA1
9423b1f76829b6052918e6346b58fd69782612d1

SHA256
dd71c863722556aa5967e79619f23063138b678d4154b1991f6417547f3a54d4

SHA512
0bf7618ce24b4426a8780fb2eeb223a4f65399ab4daf3f9ef6a212709d3c22f745847465490eac4f892e97546d4da98be8774f2421271a51f35c498ca4e7bbe9

Download Submit
/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR

Filesize
716KB

MD5
8f0101b8896c699c16acaa37a7343f26

SHA1
34b286f4121088c085e89411ac54a44691bd3e68

SHA256
6396aa51da3ec835e4f26697fbdd18dff5499878e27264a48221de05aa572aa9

SHA512
ce4ccc08254b228c498599cd1bd701ed9e248e66cda81ffc9115b062c461d9944d2fd2f9d9c90f5ceb7ee24db2d092d9a299efb00cd9020e545313d20a650af8

Download Submit
/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR

Filesize
716KB

MD5
20523fb5f80852f7d03b9ca83d6d62b7

SHA1
9423b1f76829b6052918e6346b58fd69782612d1

SHA256
dd71c863722556aa5967e79619f23063138b678d4154b1991f6417547f3a54d4

SHA512
0bf7618ce24b4426a8780fb2eeb223a4f65399ab4daf3f9ef6a212709d3c22f745847465490eac4f892e97546d4da98be8774f2421271a51f35c498ca4e7bbe9

Download Submit