Rewterz Threat Alert – Sharkbot Android Banking Malware

Rewterz Threat Alert – Lyceum APT aka HEXANE, Spirlin – Active IOCs

March 16, 2022

Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs

March 17, 2022

Rewterz Threat Alert – Sharkbot Android Banking Malware – Active IOCs

Severity

High

Analysis Summary

A rise in Android banking Malware has been observed this year. An addition in this list is the new Android banking malware “Sharkbot.” The malware is distributed via the official Google play store. The main purpose of the malware is to initiate bank transfers from compromised devices through ATS (Automatic Transfer Systems). The malware is distributed as fake antivirus and it abuses the “Direct Reply” android feature to spread.

Impact

Keylogging
Financial Theft
Credential Theft

Indicators of Compromise

Domain Name

n3bvakjjouxir0zkzmd[.]xyz
mjayoxbvakjjouxir0z[.]xyz

IP

185[.]219[.]221[.]99

MD5

1f32aa3ad68eac774cfcaeb0cd84de4d
acaed4c74eb9f0c85c603d4077a95697
33b9fc2e5c1972186c9c552d4720f321

SHA-256

a56dacc093823dc1d266d68ddfba04b2265e613dcc4b69f350873b485b9e1f1c
20e8688726e843e9119b33be88ef642cb646f1163dce4109b8b8a2c792b5f9fc
187b9f5de09d82d2afbad9e139600617685095c26c4304aaf67a440338e0a9b6

SHA-1

512f378b8821064d5b48ceb0624dd17eca673667
6683969c617c5d72dcd1cf32500ed34ecb427ecc
9c306e6c6d8bcbef3ae77d9f0dabba68f0411d8e

URL

http[:]//statscodicefiscale[.]xyz/stats/
https[:]//bit[.]ly/34ArUxI

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.