8ee97d5fd2aab608e056a5b3ce9a6a4ab006a7e1b8ace404078d9672a9046443

General
Target

8ee97d5fd2aab608e056a5b3ce9a6a4ab006a7e1b8ace404078d9672a9046443

Size

1MB

Sample

220521-xc25eaegdm

Score
10 /10
MD5

8a996f4b434a6e7218c3ce2ae71dfd89

SHA1

33e411b8695874a91d6aa73f3b529542ea867cf6

SHA256

8ee97d5fd2aab608e056a5b3ce9a6a4ab006a7e1b8ace404078d9672a9046443

SHA512

764c12d32e39ec82199da0d8c8819e0fb8ca40049d31b28432c7c1ca2f20d859801979ebb5b484ce5e1d7db1399d23003a29c99cc7eec48b1dba4cd436e4a14e

Malware Config

Extracted

Family eventbot
C2

http://sigasrl.fun/index

http://sigasrl.online/index

RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
RC4_key
Targets
Target

8ee97d5fd2aab608e056a5b3ce9a6a4ab006a7e1b8ace404078d9672a9046443

MD5

8a996f4b434a6e7218c3ce2ae71dfd89

Filesize

1MB

Score
10/10
SHA1

33e411b8695874a91d6aa73f3b529542ea867cf6

SHA256

8ee97d5fd2aab608e056a5b3ce9a6a4ab006a7e1b8ace404078d9672a9046443

SHA512

764c12d32e39ec82199da0d8c8819e0fb8ca40049d31b28432c7c1ca2f20d859801979ebb5b484ce5e1d7db1399d23003a29c99cc7eec48b1dba4cd436e4a14e

Tags

Signatures

  • EventBot

    Description

    A new Android banking trojan started to appear in March 2020.

    Tags

  • Makes use of the framework's Accessibility service.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    Tags

  • Acquires the wake lock.

  • Loads dropped Dex/Jar

    Description

    Runs executable file dropped to the device during analysis.

  • Removes a system notification.

    Tags

  • Uses Crypto APIs (Might try to encrypt user data).

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation