General
-
Target
SharkBot (15).apk
-
Size
14.9MB
-
Sample
240402-hp2xvaad7v
-
MD5
cfe82625d3db2378994554ef7a2eba2b
-
SHA1
e511c4d99bfe0f8b47c32ea0c88b9d1024fbbd61
-
SHA256
6f1eb9c21b026eecfd65459ec4cffe3954d24619010741e18722108d7bacf3d1
-
SHA512
8742aab0ed45a1bc307a715d478acd7f6a37feb0029d4988496d27116c1907495476b4dfc98a997d0d3ae82971e44a20d2677861c0bede98c5806f2b2b78e27f
-
SSDEEP
393216:RPI3MBmacX7X52NWdXJq2TN51XIwUpObrfum7X9:RPIiqgY5xSOLX9
Behavioral task
behavioral1
Sample
SharkBot (15).apk
Resource
android-x64-20240221-en
Behavioral task
behavioral2
Sample
SharkBot (15).apk
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral3
Sample
SharkBot (15).apk
Resource
android-33-x64-arm64-20240229-en
Behavioral task
behavioral4
Sample
SharkBot (15).apk
Resource
android-x86-arm-20240221-en
Malware Config
Extracted
sharkbot
http://mefika.me/
-
target_apps
com.example.creatersa
com.barclays.android.barclaysmobilebanking
com.bankofireland.mobilebanking
com.cooperativebank.bank
ftb.ibank.android
com.nearform.ptsb
uk.co.mbna.cardservices.android
com.danskebank.mobilebank3.uk
com.barclays.bca
com.tescobank.mobile
com.virginmoney.uk.mobile.android
com.monitise.client.android.yorkshire
com.monitise.client.android.clydesdale
com.cooperativebank.smile
com.starlingbank.android
uk.co.metrobankonline.mobile.android.production
uk.co.santander.santanderUK
uk.co.hsbc.hsbcukmobilebanking
uk.co.tsb.newmobilebank
com.grppl.android.shell.BOS
com.grppl.android.shell.halifax
com.grppl.android.shell.CMBlloydsTSB73
it.copergmps.rt.pf.android.sp.bmps
it.extrabanca.mobile
it.relaxbanking
it.bnl.apps.banking
it.bnl.apps.enterprise.hellobank
it.ingdirect.app
it.popso.SCRIGNOapp
it.nogood.container
posteitaliane.posteapp.appbpol
com.latuabancaperandroid
com.latuabancaperandroid.pg
com.latuabancaperandroid.ispb
com.fineco.it
com.CredemMobile
com.bmo.mobile
com.fideuram.alfabetobanking
com.lynxspa.bancopopolare
com.vipera.chebanca
Targets
-
-
Target
SharkBot (15).apk
-
Size
14.9MB
-
MD5
cfe82625d3db2378994554ef7a2eba2b
-
SHA1
e511c4d99bfe0f8b47c32ea0c88b9d1024fbbd61
-
SHA256
6f1eb9c21b026eecfd65459ec4cffe3954d24619010741e18722108d7bacf3d1
-
SHA512
8742aab0ed45a1bc307a715d478acd7f6a37feb0029d4988496d27116c1907495476b4dfc98a997d0d3ae82971e44a20d2677861c0bede98c5806f2b2b78e27f
-
SSDEEP
393216:RPI3MBmacX7X52NWdXJq2TN51XIwUpObrfum7X9:RPIiqgY5xSOLX9
Score7/10-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-