eventbot | 05782e267bd62de78a3db22b1a83ddd3c72cbef95f5a5bc9defdd42a4f5786ec | Triage

Analysis

max time kernel
4168181s
max time network
166s
platform
android_x64
resource
android-x64-20220310-en
submitted
24-05-2022 23:33

Sharing

Report Analysis Logs

General

Target

05782e267bd62de78a3db22b1a83ddd3c72cbef95f5a5bc9defdd42a4f5786ec.apk
Size

1.9MB
MD5

66ae6bb78ed76b252c2ea6ec8072b0e8
SHA1

8c0942edf9964aa2048d5c536c6dfef38b775568
SHA256

05782e267bd62de78a3db22b1a83ddd3c72cbef95f5a5bc9defdd42a4f5786ec
SHA512

1834d905ae2f4a55194eed3bc070ba89d9e06f341d31ec4adaf938c1abbd13711d8902d9b21a563505dba3325b2ed047faa89f3e7be3a50a58cbbeaa1db2f4c3

Score

10^/10

eventbot banker infostealer overlay ransomware trojan

Malware Config

Extracted

Family

eventbot

C2

http://ora.studiolegalebasili.com/gate_cb8a5aea1ab302f0_b

http://ora.carlaarrabitoarchitetto.com/gate_cb8a5aea1ab302f0_b

RC4_key

Signatures

EventBot
A new Android banking trojan started to appear in March 2020.
banker trojan infostealer overlay eventbot
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.example.eventbot

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.example.eventbot

com.example.eventbot
1⤵
- Uses Crypto APIs (Might try to encrypt user data).
PID:6192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads