Resubmissions

02-04-2024 06:55

240402-hp2xvaad7v 10

24-11-2022 08:04

221124-jybmpaad66 7

General

  • Target

    SharkBot (15).apk

  • Size

    14.9MB

  • Sample

    240402-hp2xvaad7v

  • MD5

    cfe82625d3db2378994554ef7a2eba2b

  • SHA1

    e511c4d99bfe0f8b47c32ea0c88b9d1024fbbd61

  • SHA256

    6f1eb9c21b026eecfd65459ec4cffe3954d24619010741e18722108d7bacf3d1

  • SHA512

    8742aab0ed45a1bc307a715d478acd7f6a37feb0029d4988496d27116c1907495476b4dfc98a997d0d3ae82971e44a20d2677861c0bede98c5806f2b2b78e27f

  • SSDEEP

    393216:RPI3MBmacX7X52NWdXJq2TN51XIwUpObrfum7X9:RPIiqgY5xSOLX9

Malware Config

Extracted

Family

sharkbot

C2

http://mefika.me/

Attributes
  • target_apps

    com.example.creatersa

    com.barclays.android.barclaysmobilebanking

    com.bankofireland.mobilebanking

    com.cooperativebank.bank

    ftb.ibank.android

    com.nearform.ptsb

    uk.co.mbna.cardservices.android

    com.danskebank.mobilebank3.uk

    com.barclays.bca

    com.tescobank.mobile

    com.virginmoney.uk.mobile.android

    com.monitise.client.android.yorkshire

    com.monitise.client.android.clydesdale

    com.cooperativebank.smile

    com.starlingbank.android

    uk.co.metrobankonline.mobile.android.production

    uk.co.santander.santanderUK

    uk.co.hsbc.hsbcukmobilebanking

    uk.co.tsb.newmobilebank

    com.grppl.android.shell.BOS

    com.grppl.android.shell.halifax

    com.grppl.android.shell.CMBlloydsTSB73

    it.copergmps.rt.pf.android.sp.bmps

    it.extrabanca.mobile

    it.relaxbanking

    it.bnl.apps.banking

    it.bnl.apps.enterprise.hellobank

    it.ingdirect.app

    it.popso.SCRIGNOapp

    it.nogood.container

rc4.plain

Targets

    • Target

      SharkBot (15).apk

    • Size

      14.9MB

    • MD5

      cfe82625d3db2378994554ef7a2eba2b

    • SHA1

      e511c4d99bfe0f8b47c32ea0c88b9d1024fbbd61

    • SHA256

      6f1eb9c21b026eecfd65459ec4cffe3954d24619010741e18722108d7bacf3d1

    • SHA512

      8742aab0ed45a1bc307a715d478acd7f6a37feb0029d4988496d27116c1907495476b4dfc98a997d0d3ae82971e44a20d2677861c0bede98c5806f2b2b78e27f

    • SSDEEP

      393216:RPI3MBmacX7X52NWdXJq2TN51XIwUpObrfum7X9:RPIiqgY5xSOLX9

    Score
    7/10
    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Mobile v15

Tasks