General
-
Target
8ee97d5fd2aab608e056a5b3ce9a6a4ab006a7e1b8ace404078d9672a9046443
-
Size
1.2MB
-
Sample
220521-xc25eaegdm
-
MD5
8a996f4b434a6e7218c3ce2ae71dfd89
-
SHA1
33e411b8695874a91d6aa73f3b529542ea867cf6
-
SHA256
8ee97d5fd2aab608e056a5b3ce9a6a4ab006a7e1b8ace404078d9672a9046443
-
SHA512
764c12d32e39ec82199da0d8c8819e0fb8ca40049d31b28432c7c1ca2f20d859801979ebb5b484ce5e1d7db1399d23003a29c99cc7eec48b1dba4cd436e4a14e
Malware Config
Extracted
eventbot
http://sigasrl.fun/index
http://sigasrl.online/index
Targets
-
-
Target
8ee97d5fd2aab608e056a5b3ce9a6a4ab006a7e1b8ace404078d9672a9046443
-
Size
1.2MB
-
MD5
8a996f4b434a6e7218c3ce2ae71dfd89
-
SHA1
33e411b8695874a91d6aa73f3b529542ea867cf6
-
SHA256
8ee97d5fd2aab608e056a5b3ce9a6a4ab006a7e1b8ace404078d9672a9046443
-
SHA512
764c12d32e39ec82199da0d8c8819e0fb8ca40049d31b28432c7c1ca2f20d859801979ebb5b484ce5e1d7db1399d23003a29c99cc7eec48b1dba4cd436e4a14e
Score10/10-
EventBot
A new Android banking trojan started to appear in March 2020.
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-