sharkbot | 63e606cf643dea4a7434b391e450537285d221d5fbba4400f6c9172ac7e8c308 | Triage

Sharing

General

Target

63e606cf643dea4a7434b391e450537285d221d5fbba4400f6c9172ac7e8c308.apk
Size

3.9MB
Sample

221108-nbspxafcbl
MD5

fb16ce7216ef97e8ac60c73f74d104a5
SHA1

7b4628a1166690fdb008655b4928c6a895a700ae
SHA256

63e606cf643dea4a7434b391e450537285d221d5fbba4400f6c9172ac7e8c308
SHA512

c480b0c19cc3511993bf0a66f5694815d32b59669ea0f79ca49e4ba42f5d31e4c97a58d0010a0f3e9dc5f1f62c6de00c365072ee9229a737d8e1c5df6e6be7d3
SSDEEP

98304:QhJC9HmLBxqZFgot6WcdB1bld6r/yJNzfrPaag:QhJiHmLBA3ZYWild6r6Jq

Score

10^/10

sharkbot android banker evasion ransomware

Malware Config

Extracted

Family

sharkbot

C2

http://c2hhcmtlzdq3cg9qqkk.info/,http://nddwb2pcstlmsedgzgz.top/

Targets

- Target
  
  63e606cf643dea4a7434b391e450537285d221d5fbba4400f6c9172ac7e8c308.apk
- Size
  
  3.9MB
- MD5
  
  fb16ce7216ef97e8ac60c73f74d104a5
- SHA1
  
  7b4628a1166690fdb008655b4928c6a895a700ae
- SHA256
  
  63e606cf643dea4a7434b391e450537285d221d5fbba4400f6c9172ac7e8c308
- SHA512
  
  c480b0c19cc3511993bf0a66f5694815d32b59669ea0f79ca49e4ba42f5d31e4c97a58d0010a0f3e9dc5f1f62c6de00c365072ee9229a737d8e1c5df6e6be7d3
- SSDEEP
  
  98304:QhJC9HmLBxqZFgot6WcdB1bld6r/yJNzfrPaag:QhJiHmLBA3ZYWild6r6Jq
Score

8^/10

banker evasion ransomware
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bankerevasionransomware

behavioral2

behavioral3

bankerransomware