sharkbot | 8f45831b1df8fe44111e35b05271f6ec1796b03c104a67cd6481bf93f2affe86 | Triage

Resubmissions

08-11-2022 11:39

221108-nsawesecd7 10

26-08-2022 06:04

220826-gstvzagchk 8

16-11-2021 15:35

211116-s1c3zaedc7 7

Sharing

General

Target

8F45831B1DF8FE44111E35B05271F6EC1796B03C104A67CD6481BF93F2AFFE86.apk
Size

4.2MB
Sample

221108-nsawesecd7
MD5

38c44fed7fce6446c61858495cd473b2
SHA1

462eac7d79ea7c118aace51293d516873fca185c
SHA256

8f45831b1df8fe44111e35b05271f6ec1796b03c104a67cd6481bf93f2affe86
SHA512

f0772bd999cc5800315fb6ce2e91f566ef0ab6b70f69c9caa961821fced3fbf0bcb1117705365925eaf674b690e109c5b8314247bd5b469c04f2664df76e4283
SSDEEP

98304:RnMA8bYkCU18lSHGWVPxOBhwXOfb2mfaHU0/p73LCKVmKk+szyEPSytMzfrIhTA:RMykCw8lS7VPooXybNWUM72KVk+su+te

Score

10^/10

sharkbot android banker evasion ransomware

Malware Config

Extracted

Family

sharkbot

C2

http://y2znlm93bmvysuq0m3b.xyz/

Targets

- Target
  
  8F45831B1DF8FE44111E35B05271F6EC1796B03C104A67CD6481BF93F2AFFE86.apk
- Size
  
  4.2MB
- MD5
  
  38c44fed7fce6446c61858495cd473b2
- SHA1
  
  462eac7d79ea7c118aace51293d516873fca185c
- SHA256
  
  8f45831b1df8fe44111e35b05271f6ec1796b03c104a67cd6481bf93f2affe86
- SHA512
  
  f0772bd999cc5800315fb6ce2e91f566ef0ab6b70f69c9caa961821fced3fbf0bcb1117705365925eaf674b690e109c5b8314247bd5b469c04f2664df76e4283
- SSDEEP
  
  98304:RnMA8bYkCU18lSHGWVPxOBhwXOfb2mfaHU0/p73LCKVmKk+szyEPSytMzfrIhTA:RMykCw8lS7VPooXybNWUM72KVk+su+te
Score

8^/10

banker evasion ransomware
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bankerevasionransomware

behavioral2

behavioral3

bankerransomware