sharkbot | 6f1eb9c21b026eecfd65459ec4cffe3954d24619010741e18722108d7bacf3d1 | Triage

Resubmissions

02-04-2024 06:55

240402-hp2xvaad7v 10

24-11-2022 08:04

221124-jybmpaad66 7

Sharing

General

Target

SharkBot (15).apk
Size

14.9MB
Sample

240402-hp2xvaad7v
MD5

cfe82625d3db2378994554ef7a2eba2b
SHA1

e511c4d99bfe0f8b47c32ea0c88b9d1024fbbd61
SHA256

6f1eb9c21b026eecfd65459ec4cffe3954d24619010741e18722108d7bacf3d1
SHA512

8742aab0ed45a1bc307a715d478acd7f6a37feb0029d4988496d27116c1907495476b4dfc98a997d0d3ae82971e44a20d2677861c0bede98c5806f2b2b78e27f
SSDEEP

393216:RPI3MBmacX7X52NWdXJq2TN51XIwUpObrfum7X9:RPIiqgY5xSOLX9

Score

10^/10

sharkbot android evasion persistence

Malware Config

Extracted

Family

sharkbot

C2

http://mefika.me/

Attributes

target_apps
com.example.creatersa

com.barclays.android.barclaysmobilebanking

com.bankofireland.mobilebanking

com.cooperativebank.bank

ftb.ibank.android

com.nearform.ptsb

uk.co.mbna.cardservices.android

com.danskebank.mobilebank3.uk

com.barclays.bca

com.tescobank.mobile

com.virginmoney.uk.mobile.android

com.monitise.client.android.yorkshire

com.monitise.client.android.clydesdale

com.cooperativebank.smile

com.starlingbank.android

uk.co.metrobankonline.mobile.android.production

uk.co.santander.santanderUK

uk.co.hsbc.hsbcukmobilebanking

uk.co.tsb.newmobilebank

com.grppl.android.shell.BOS

com.grppl.android.shell.halifax

com.grppl.android.shell.CMBlloydsTSB73

it.copergmps.rt.pf.android.sp.bmps

it.extrabanca.mobile

it.relaxbanking

it.bnl.apps.banking

it.bnl.apps.enterprise.hellobank

it.ingdirect.app

it.popso.SCRIGNOapp

it.nogood.container

posteitaliane.posteapp.appbpol

com.latuabancaperandroid

com.latuabancaperandroid.pg

com.latuabancaperandroid.ispb

com.fineco.it

com.CredemMobile

com.bmo.mobile

com.fideuram.alfabetobanking

com.lynxspa.bancopopolare

com.vipera.chebanca

rc4.plain

Targets

- Target
  
  SharkBot (15).apk
- Size
  
  14.9MB
- MD5
  
  cfe82625d3db2378994554ef7a2eba2b
- SHA1
  
  e511c4d99bfe0f8b47c32ea0c88b9d1024fbbd61
- SHA256
  
  6f1eb9c21b026eecfd65459ec4cffe3954d24619010741e18722108d7bacf3d1
- SHA512
  
  8742aab0ed45a1bc307a715d478acd7f6a37feb0029d4988496d27116c1907495476b4dfc98a997d0d3ae82971e44a20d2677861c0bede98c5806f2b2b78e27f
- SSDEEP
  
  393216:RPI3MBmacX7X52NWdXJq2TN51XIwUpObrfum7X9:RPIiqgY5xSOLX9
Score

7^/10

evasion persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

behavioral3

evasionpersistence

behavioral4

evasionpersistence