MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d05fb8c6899c96d1519e46eaea848ead6a17c7ddd0e20228e83c1aa9f264011d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SharkBot

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	d05fb8c6899c96d1519e46eaea848ead6a17c7ddd0e20228e83c1aa9f264011d
SHA3-384 hash:	0475e677467fa9047a84b8449eed8febd69621de15a62a93729f6190d98a504823974e7f47e8f4a53d852f287da99a77
SHA1 hash:	e09fd3dc9e6090aaafde5fadb9390646b633aabf
MD5 hash:	60d9c2095ed150373a6b1fa0221d016e
humanhash:	oklahoma-cup-magazine-victor
File name:	Powerful Cleaner Antivirus_v1.9.apk
Download:	download sample
Signature	SharkBot Create hunting rule
File size:	14'808'743 bytes
First seen:	2022-03-04 09:44:14 UTC
Last seen:	2022-11-24 08:01:49 UTC
File type:	apk
MIME type:	application/zip
ssdeep	393216:j9XnFH5macX7X52NWdXJq2TNhMXw6zpMrfum7h:J1ZqgY5D2qh
TLSH	T101E6128BFB98CA1EC8332132C827423372970E155A4297B76615F72C29B7DD14F56BCA
Reporter	500mk500
Tags:	apk sharkbot

Intelligence

File Origin

# of uploads :

# of downloads :

526

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/d05fb8c6899c96d1519e46eaea848ead6a17c7ddd0e20228e83c1aa9f264011d

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj.evad

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/950677

Signature

Kills background processes

Removes its application launcher (likely to stay hidden)

Tries to detect the analysis device (e.g. the Android emulator)

Uses accessibility services (likely to control other applications)

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d05fb8c6899c96d1519e46eaea848ead6a17c7ddd0e20228e83c1aa9f264011d/

Threat name:

Android.Trojan.Generic

Status:

Suspicious

First seen:

2022-03-04 09:45:36 UTC

File Type:

Binary (Archive)

Extracted files:

1148

AV detection:

4 of 27 (14.81%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

7/10

Tags:

android ransomware

Link:

https://tria.ge/reports/220304-lq3gjsfggl/

Behaviour

Uses Crypto APIs (Might try to encrypt user data).

Checks Qemu related system properties.

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.30

Link:

https://yomi.yoroi.company/submissions/d05fb8c6899c96d1519e46eaea848ead6a17c7ddd0e20228e83c1aa9f264011d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SharkBot

apk d05fb8c6899c96d1519e46eaea848ead6a17c7ddd0e20228e83c1aa9f264011d

(this sample)

https://twitter.com/ReBensk/status/1499680943178543105

Dropping

Android Sharkbot

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample