Extracted

• • Target

    F73F66B15791A42DAC86D0CED46D660F

  • Size

    1.9MB

  • MD5

    f73f66b15791a42dac86d0ced46d660f

  • SHA1

    6987f4c7713111355781009e6eeab68d20c43972

  • SHA256

    6c0c788eddaf228df9c7f95ced4ea95dcb384b8dabcdd579dedba56915107779

  • SHA512

    75dade9dd98dc05cc69c2746beaaab5ac78a5a99544472ba7febbf96855f1a8fefa97c0ebb12ad1868f55c6069bb1346f294b777188449cf69b71d9cdc5cd1b9

  Score

  10^/10

  eventbotbankerinfostealeroverlayransomwaretrojan

  • EventBot

    A new Android banking trojan started to appear in March 2020.

    bankertrojaninfostealeroverlayeventbot

  • Makes use of the framework's Accessibility service.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    banker

  • Acquires the wake lock.

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data).

    ransomware
  behavioral1behavioral2behavioral3