eventbot | c777e9bfd72dc259c5dc3877acbcc5eba1d45f39c76c4175d4a62606f69f06f4

Analysis

max time kernel
1712128s
platform
android_x86
resource
android-x86-arm
submitted
02-07-2021 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c777e9bfd72dc259c5dc3877acbcc5eba1d45f39c76c4175d4a62606f69f06f4.apk
Size

1.4MB
MD5

180c10cdcc909322766ea126e7cb15c5
SHA1

3490e515fafd3a22fc296fa888518715a8ac6cfc
SHA256

c777e9bfd72dc259c5dc3877acbcc5eba1d45f39c76c4175d4a62606f69f06f4
SHA512

4a57c2b6f2e3aa83d894edc3f35029bf70db63b429bdb88f3ab6005ce2fcda90c7757c79cf1dc7c8feb4bf37feb23ec36ddccbfa1626b6bd0dc7f85123aa3d6f

Score

10^/10

eventbot banker infostealer obfuscation overlay ransomware trojan

Malware Config

Signatures

EventBot
A new Android banking trojan started to appear in March 2020.
banker trojan infostealer overlay eventbot

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837

ioc	pid	process
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_dex/fd28514da9931d1ccd9bc66f109945f1.jar	4637	com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837

Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837
Uses reflection 1 IoCs
obfuscation

Processes:

com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837

description pid process

Invokes method android.content.pm.PackageManager.isInstantApp 4637 com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837

description	pid	process
Invokes method android.content.pm.PackageManager.isInstantApp	4637	com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837

com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses Crypto APIs (Might try to encrypt user data).
- Uses reflection
PID:4637

com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837
2⤵
PID:4845

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_dex/fd28514da9931d1ccd9bc66f109945f1.jar

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_dex/fd28514da9931d1ccd9bc66f109945f1.jar

MD5
3aea3e1dcc8b03af4b6f1de75ff5a159

SHA1
bfe5885613f6f55415eb0cd007b0e61d095c58a6

SHA256
925a465b8d71251f68d336978a8dd060a28e45b1257de4b2228eb2b42c8b4275

SHA512
c5e9e8b903ac5d3ea6aa6baec60278e29e6f50847b29bfc265b4189c3f5594b0b3eb682725e84353c7486fdc1f8753072d2ce6f9b1476a3d0e3ff9e97e8120e5

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_dex/fd28514da9931d1ccd9bc66f109945f1.jar.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_dex/oat/fd28514da9931d1ccd9bc66f109945f1.jar.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_dex/oat/x86/fd28514da9931d1ccd9bc66f109945f1.odex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_dex/oat/x86/fd28514da9931d1ccd9bc66f109945f1.vdex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_webview/GPUCache/index

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_webview/GPUCache/index-dir/temp-index

MD5
75e422475949d76495900c25ceecdeef

SHA1
6c4bc95310b6d3f7f964d6260acd3077022aa6e3

SHA256
3618b1295d31bf52bf07626c18e404b0e7d197bd11f8d7a70976b08990414bcc

SHA512
febbb4920fdee1ed71d5c38c8812923df6bfb74941cbc4acc1708cf22268011da367811f625b87265aeb1c673048a99fb61a402678b81ebfc45eb27c1b7a3468

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_webview/GPUCache/index-dir/temp-index

MD5
f93d00177f868618662286d884623f11

SHA1
3fb3edd04367f6010a7cca23db0829558b36adbf

SHA256
40397f3a6628953fc0fb0e0abaa4d5763ac792c8b9d5a3b5a92829fddc3fd90c

SHA512
00a12c59e504e543f7570ce83e90fe26bdaef7b5b0d22c86d00b1b6ebe0f2d57b115bd3248f20387ed367d21618fe2859b6220e47537b9c968e989ad542bcc26

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_webview/Web Data

MD5
5168d8c4556ac22decc2362ce61ddafb

SHA1
664cb3c7b0b5b13c3b915c28354793bcc0afd408

SHA256
5057cf5dab27589d93f7d55ffa505ea8249c213b79fd8c85ac39423c135c5db6

SHA512
81cefa22b3b1d30acf590b44b97a47b68c265a15b3725ff348ac0256faae0aa76b6a9bedece897c912bbcc86623c3a20c193ff131d9a25d0ee8e315394ae332d

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_webview/Web Data-journal

MD5
8f78c1b1c4a9a0535ea7bb7dbccb16b6

SHA1
0fcda45e2b5af82083cc48d3eb6922c5242189b7

SHA256
68a8f7e9b29c30c43d89a4673b97eaa49f93d7074ea221454545f4d208b48b1d

SHA512
998fd47845844870cc44edfe0958eef57e5ab495577eb912a281588820b007049c396f67000a3b4e38f405f4d60abd56f0a4dad992e895e806fa4a94355c8caa

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_webview/metrics_guid

MD5
7a5e13b85be8b6d85d0e4e1bc7789335

SHA1
0bcdc2b86c97dd21d0427b6785182381a9c83efd

SHA256
e5a60623a93d0c1b80e058e9e1a00dc53bec056853f58513869b03f731529e63

SHA512
6d91e2e53e08be809f2c986b915a6c265998c09109710b2c384caa1f182565d76f15c975cd955f63d750827c9b26df8adfb384e239771a80fdcaa498d90f9eae

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_webview/metrics_guid

MD5
7a5e13b85be8b6d85d0e4e1bc7789335

SHA1
0bcdc2b86c97dd21d0427b6785182381a9c83efd

SHA256
e5a60623a93d0c1b80e058e9e1a00dc53bec056853f58513869b03f731529e63

SHA512
6d91e2e53e08be809f2c986b915a6c265998c09109710b2c384caa1f182565d76f15c975cd955f63d750827c9b26df8adfb384e239771a80fdcaa498d90f9eae

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/shared_prefs/WebViewChromiumPrefs.xml

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.eae36b1f5a73a07c8673.aa6c17b1806f35.dd025eefbfc837/shared_prefs/gateUrlsPrefs.xml

MD5
202785d7fd1b615f3bea173265bd1e39

SHA1
67f0975b8ed2913506ff2506752bd671c30bf5c4

SHA256
40645128fdc07024c1a2c913adb4da4774901d1b0d98a6eb96b8fffef6ac23cd

SHA512
02e629c8608f8005b2a9d058156672adf8925ed6ee229fec175cf169888a1cdfda292b086ef1b7694576c7db828a76155be30a11c297dec3bd9bc1b1b1316a0b

Download Submit