General
-
Target
35912d55de4afa5fad6a00b052c528ea1b9ff0e4a5e0709860c64544474423de.bin
-
Size
2.0MB
-
Sample
240208-12545sdd22
-
MD5
3d61adc35b5d166265a679a93825fda2
-
SHA1
480b016bab64cb8610559e485195f9476c37c56a
-
SHA256
35912d55de4afa5fad6a00b052c528ea1b9ff0e4a5e0709860c64544474423de
-
SHA512
514f949d8969cdd6fe7356944cb90f13b9f950d49691381e000670f1892c009c9bd74de79a92a66db3bebc4647765f2abfc1d4966f1ca15aab4b1a7509d39970
-
SSDEEP
49152:aB5aEfff1ZbAOS6V/kxtRNkr2LxPaQQFNKehF5LTdr1:ukEfff1ZbyGMx2r2LIQQbFNn
Malware Config
Extracted
eventbot
http://ora.blindsidefantasy.com/gate_cb8a5aea1ab302f0_c
http://rxc.rxcoordinator.com/gate_cb8a5aea1ab302f0_c
Targets
-
-
Target
35912d55de4afa5fad6a00b052c528ea1b9ff0e4a5e0709860c64544474423de.bin
-
Size
2.0MB
-
MD5
3d61adc35b5d166265a679a93825fda2
-
SHA1
480b016bab64cb8610559e485195f9476c37c56a
-
SHA256
35912d55de4afa5fad6a00b052c528ea1b9ff0e4a5e0709860c64544474423de
-
SHA512
514f949d8969cdd6fe7356944cb90f13b9f950d49691381e000670f1892c009c9bd74de79a92a66db3bebc4647765f2abfc1d4966f1ca15aab4b1a7509d39970
-
SSDEEP
49152:aB5aEfff1ZbAOS6V/kxtRNkr2LxPaQQFNKehF5LTdr1:ukEfff1ZbyGMx2r2LIQQbFNn
Score10/10-
EventBot
A new Android banking trojan started to appear in March 2020.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-