General
-
Target
F73F66B15791A42DAC86D0CED46D660F
-
Size
1.9MB
-
Sample
220602-np33ssfgb3
-
MD5
f73f66b15791a42dac86d0ced46d660f
-
SHA1
6987f4c7713111355781009e6eeab68d20c43972
-
SHA256
6c0c788eddaf228df9c7f95ced4ea95dcb384b8dabcdd579dedba56915107779
-
SHA512
75dade9dd98dc05cc69c2746beaaab5ac78a5a99544472ba7febbf96855f1a8fefa97c0ebb12ad1868f55c6069bb1346f294b777188449cf69b71d9cdc5cd1b9
Malware Config
Extracted
eventbot
http://ora.studiolegalebasili.com/gate_cb8a5aea1ab302f0_c
http://ora.carlaarrabitoarchitetto.com/gate_cb8a5aea1ab302f0_c
Targets
-
-
Target
F73F66B15791A42DAC86D0CED46D660F
-
Size
1.9MB
-
MD5
f73f66b15791a42dac86d0ced46d660f
-
SHA1
6987f4c7713111355781009e6eeab68d20c43972
-
SHA256
6c0c788eddaf228df9c7f95ced4ea95dcb384b8dabcdd579dedba56915107779
-
SHA512
75dade9dd98dc05cc69c2746beaaab5ac78a5a99544472ba7febbf96855f1a8fefa97c0ebb12ad1868f55c6069bb1346f294b777188449cf69b71d9cdc5cd1b9
Score10/10-
EventBot
A new Android banking trojan started to appear in March 2020.
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Uses Crypto APIs (Might try to encrypt user data).
-