General
-
Target
7b1ac3a8caa556c9208d4db62395cca2f8a53420e5d51a1537bc45622e41b63f
-
Size
1.9MB
-
Sample
231220-b7xyaafcaj
-
MD5
7f5d728119951839b46895808107b281
-
SHA1
137219a5de551d2594899c3d208cdf9d1dbc43ab
-
SHA256
7b1ac3a8caa556c9208d4db62395cca2f8a53420e5d51a1537bc45622e41b63f
-
SHA512
20eb55e3fa949ec483bc7159ae0cfc7b7a6386771191f75e928be95607ba02aca40c03f5174981ae8911e7ebc057a84c64abbad6cb1cbf8ffd8c9d178ea8e7c8
-
SSDEEP
49152:T5GYWYc+DBlh8AJN7FA7Op6o4sY4sYe1hYIdh3GhUpeBw:VRDc+DhrpX3Y4szhr3aw
Malware Config
Extracted
eventbot
http://ora.studiolegalebasili.com/gate_cb8a5aea1ab302f0_c
http://ora.carlaarrabitoarchitetto.com/gate_cb8a5aea1ab302f0_c
Targets
-
-
Target
7b1ac3a8caa556c9208d4db62395cca2f8a53420e5d51a1537bc45622e41b63f
-
Size
1.9MB
-
MD5
7f5d728119951839b46895808107b281
-
SHA1
137219a5de551d2594899c3d208cdf9d1dbc43ab
-
SHA256
7b1ac3a8caa556c9208d4db62395cca2f8a53420e5d51a1537bc45622e41b63f
-
SHA512
20eb55e3fa949ec483bc7159ae0cfc7b7a6386771191f75e928be95607ba02aca40c03f5174981ae8911e7ebc057a84c64abbad6cb1cbf8ffd8c9d178ea8e7c8
-
SSDEEP
49152:T5GYWYc+DBlh8AJN7FA7Op6o4sY4sYe1hYIdh3GhUpeBw:VRDc+DhrpX3Y4szhr3aw
Score10/10-
EventBot
A new Android banking trojan started to appear in March 2020.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-