sharkbot | 900fe34d5394689c86ead76666e79620ad7a10109c75d661af9bc7d8fb0c27b8

General

Target

900fe34d5394689c86ead76666e79620ad7a10109c75d661af9bc7d8fb0c27b8
Size

7.2MB
MD5

dd1d30c44c6519c58f79f660fdf9f04c
SHA1

ae705015f8c6613e63fb0639d8e8222d45108982
SHA256

900fe34d5394689c86ead76666e79620ad7a10109c75d661af9bc7d8fb0c27b8
SHA512

47d0fcdb2fee633e0e3e8d041055ccf092911ea9be1c461d912ee3480deb4ea941045395f7201fb6bafc0422664583e4e71cd0dc17452a93656d0257d5c4e1d5
SSDEEP

196608:a1FadIbsA229ZcqjAIb2Ju9nhQ3x14sHtateu1VbQhMXs5P:a1FqS96Udah14sHtateu11ls5P

Score

10^/10

sharkbot

Malware Config

Extracted

Family

sharkbot

C2

https://cdopea.store/stats/

Attributes

target_apps
com.barclays.android.barclaysmobilebanking

com.bankofireland.mobilebanking

com.cooperativebank.bank

ftb.ibank.android

com.nearform.ptsb

uk.co.mbna.cardservices.android

com.danskebank.mobilebank3.uk

com.barclays.bca

com.tescobank.mobile

com.virginmoney.uk.mobile.android

com.monitise.client.android.yorkshire

com.monitise.client.android.clydesdale

com.cooperativebank.smile

com.starlingbank.android

uk.co.metrobankonline.mobile.android.production

uk.co.santander.santanderUK

uk.co.hsbc.hsbcukmobilebanking

uk.co.tsb.newmobilebank

com.grppl.android.shell.BOS

com.grppl.android.shell.halifax

com.grppl.android.shell.CMBlloydsTSB73

it.copergmps.rt.pf.android.sp.bmps

it.extrabanca.mobile

it.relaxbanking

it.bnl.apps.banking

it.bnl.apps.enterprise.hellobank

it.ingdirect.app

it.popso.SCRIGNOapp

it.nogood.container

posteitaliane.posteapp.appbpol

com.latuabancaperandroid

com.latuabancaperandroid.pg

com.latuabancaperandroid.ispb

com.fineco.it

com.CredemMobile

com.bmo.mobile

com.fideuram.alfabetobanking

com.lynxspa.bancopopolare

com.vipera.chebanca

rc4.plain

Signatures

Sharkbot family
sharkbot

Requests dangerous framework permissions 6 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to collect component usage statistics.	android.permission.PACKAGE_USAGE_STATS
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application a broad access to external storage in scoped storage.	android.permission.MANAGE_EXTERNAL_STORAGE

Files

900fe34d5394689c86ead76666e79620ad7a10109c75d661af9bc7d8fb0c27b8
.apk android

com.potsepko9.FileManagerApp

com.potsepko9.FileManagerApp.ui.intro.IntroActivity

Activities

com.potsepko9.FileManagerApp.ui.intro.IntroActivity

android.intent.action.MAIN

com.potsepko9.FileManagerApp.ui.splash.SplashActivity

android.intent.action.VIEW

com.dropbox.core.android.AuthActivity

android.intent.action.VIEW

com.microsoft.identity.client.BrowserTabActivity

android.intent.action.VIEW

Permissions

android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
com.google.android.gms.permission.AD_ID
android.permission.PACKAGE_USAGE_STATS
android.permission.REQUEST_DELETE_PACKAGES
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.QUERY_ALL_PACKAGES
android.permission.GET_ACCOUNTS
android.permission.MANAGE_ACCOUNTS
android.permission.ACCESS_NETWORK_STATE
android.permission.WAKE_LOCK
com.android.vending.BILLING
android.permission.MANAGE_EXTERNAL_STORAGE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.FOREGROUND_SERVICE

Receivers

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

Services

Android Permissions

900fe34d5394689c86ead76666e79620ad7a10109c75d661af9bc7d8fb0c27b8

Permissions

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.INTERNET

com.google.android.gms.permission.AD_ID

android.permission.PACKAGE_USAGE_STATS

android.permission.REQUEST_DELETE_PACKAGES

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.QUERY_ALL_PACKAGES

android.permission.GET_ACCOUNTS

android.permission.MANAGE_ACCOUNTS

android.permission.ACCESS_NETWORK_STATE

android.permission.WAKE_LOCK

com.android.vending.BILLING

android.permission.MANAGE_EXTERNAL_STORAGE

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.FOREGROUND_SERVICE

Sharing

General

Malware Config

Extracted

Signatures

Files

com.potsepko9.FileManagerApp

com.potsepko9.FileManagerApp.ui.intro.IntroActivity

Activities

com.potsepko9.FileManagerApp.ui.intro.IntroActivity

com.potsepko9.FileManagerApp.ui.splash.SplashActivity

com.dropbox.core.android.AuthActivity

com.microsoft.identity.client.BrowserTabActivity

Permissions

Receivers

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

Services

Android Permissions

900fe34d5394689c86ead76666e79620ad7a10109c75d661af9bc7d8fb0c27b8