sharkbot | SharkBot (4)[.]apk

General

Target

SharkBot (4).apk
Size

13.5MB
MD5

fbbce12a67330ab04ae6f774e71a8f24
SHA1

54334b07761041f00953cb0048a5b1ef96b6fdc1
SHA256

7f55dddcfad05403f71580ec2e5acafdc8c9555e72f724eb1f9e37bf09b8cc0c
SHA512

e1dfe3a9c023290de819aa93e2835cca1acaeada3959c99efce2eac4cea8e734e7ce6aaf019002c49d31d1ea1215c753304e7ce8da383e5243681953d0017c5d
SSDEEP

393216:BH5macX7X52NWdXJq2TNhMfw6zpMrfum7H:BZqgY5b2qH

Score

10^/10

sharkbot

Malware Config

Extracted

Family

sharkbot

C2

http://statscodicefiscale.xyz/stats/

Signatures

Sharkbot family
sharkbot

Requests dangerous framework permissions 3 IoCs

Processes:

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Required to be able to access the camera device.	android.permission.CAMERA

Files

SharkBot (4).apk
.apk android

com.pagnotto28.sellsourcecode.supercleaner

com.pagnotto28.sellsourcecode.supercleaner.screen.main.MainActivity

Activities

com.pagnotto28.sellsourcecode.supercleaner.screen.main.MainActivity

android.intent.action.MAIN

Permissions

android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.CHANGE_WIFI_STATE
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.FOREFGROUND_SERVICE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_SYNC_SETTINGS
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.REQUEST_DELETE_PACKAGES
android.permission.WAKE_LOCK
android.permission.GET_PACKAGE_SIZE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.QUICKBOOT_POWERON
android.permission.CLEAR_APP_CACHE
android.permission.WRITE_SETTINGS
android.permission.INTERNET
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.GET_TASKS
android.permission.PACKAGE_USAGE_STATS
android.permission.FOREGROUND_SERVICE
android.permission.CAMERA
android.permission.USE_FINGERPRINT
android.permission.ACCESS_WIFI_STATE
android.permission.RECEIVE_USER_PRESENT
android.permission.CHANGE_NETWORK_STATE
android.permission.SET_WALLPAPER
android.permission.VIBRATE
android.permission.QUERY_ALL_PACKAGES
android.permission.ACCESS_NETWORK_STATE

Receivers

com.pagnotto28.sellsourcecode.supercleaner.receiver.AlarmReceiver

com.app.action.alarmmanager

com.pagnotto28.sellsourcecode.supercleaner.lock.receiver.BootBroadcastReceiver

android.intent.action.BOOT_COMPLETED

com.pagnotto28.sellsourcecode.supercleaner.receiver.AutoRebootReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.SCREEN_ON
android.net.wifi.WIFI_STATE_CHANGED
android.net.wifi.STATE_CHANGE
android.intent.action.USER_PRESENT
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.QUICKBOOT_POWERON

com.security.applock.service.receiver.WatchmenReceiver

android.net.wifi.WIFI_STATE_CHANGED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.USER_PRESENT
android.intent.action.MEDIA_MOUNTED
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.SCREEN_ON
android.intent.action.TIME_SET
android.intent.action.BOOT_COMPLETED

com.security.applock.service.receiver.WidgetReceiver

android.appwidget.action.APPWIDGET_UPDATE
android.intent.action.SCREEN_ON
android.intent.action.USER_PRESENT
android.intent.action.SCREEN_ON
android.intent.action.USER_PRESENT

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

Services

com.pagnotto28.sellsourcecode.supercleaner.service.ForceStopAccessibility

android.accessibilityservice.AccessibilityService

com.pagnotto28.sellsourcecode.supercleaner.api.NotificationListener

android.service.notification.NotificationListenerService

Android Permissions

SharkBot (4).apk

Permissions

android.permission.BLUETOOTH

android.permission.BLUETOOTH_ADMIN

android.permission.CHANGE_WIFI_STATE

android.permission.KILL_BACKGROUND_PROCESSES

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.FOREFGROUND_SERVICE

android.permission.SYSTEM_ALERT_WINDOW

android.permission.WRITE_SYNC_SETTINGS

com.android.launcher.permission.INSTALL_SHORTCUT

android.permission.ACCESS_NOTIFICATION_POLICY

android.permission.REQUEST_DELETE_PACKAGES

android.permission.WAKE_LOCK

android.permission.GET_PACKAGE_SIZE

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.QUICKBOOT_POWERON

android.permission.CLEAR_APP_CACHE

android.permission.WRITE_SETTINGS

android.permission.INTERNET

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.GET_TASKS

android.permission.PACKAGE_USAGE_STATS

android.permission.FOREGROUND_SERVICE

android.permission.CAMERA

android.permission.USE_FINGERPRINT

android.permission.ACCESS_WIFI_STATE

android.permission.RECEIVE_USER_PRESENT

android.permission.CHANGE_NETWORK_STATE

android.permission.SET_WALLPAPER

android.permission.VIBRATE

android.permission.QUERY_ALL_PACKAGES

android.permission.ACCESS_NETWORK_STATE

Sharing

General

Malware Config

Extracted

Signatures

Files

com.pagnotto28.sellsourcecode.supercleaner

com.pagnotto28.sellsourcecode.supercleaner.screen.main.MainActivity

Activities

com.pagnotto28.sellsourcecode.supercleaner.screen.main.MainActivity

Permissions

Receivers

com.pagnotto28.sellsourcecode.supercleaner.receiver.AlarmReceiver

com.pagnotto28.sellsourcecode.supercleaner.lock.receiver.BootBroadcastReceiver

com.pagnotto28.sellsourcecode.supercleaner.receiver.AutoRebootReceiver

com.security.applock.service.receiver.WatchmenReceiver

com.security.applock.service.receiver.WidgetReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

Services

com.pagnotto28.sellsourcecode.supercleaner.service.ForceStopAccessibility

com.pagnotto28.sellsourcecode.supercleaner.api.NotificationListener

Android Permissions

SharkBot (4).apk