General
-
Target
f900f93eb11648f815510895f6248f78411a89443c6e56918088aac366435a60.bin
-
Size
1.5MB
-
Sample
240208-13ctzsbg3y
-
MD5
5a36712612eb292e8630a5065450ce74
-
SHA1
d0523da40feab68ad37a223ec75dd92d45a914e2
-
SHA256
f900f93eb11648f815510895f6248f78411a89443c6e56918088aac366435a60
-
SHA512
bdc6177842395bfa3b646464e0cf09e97b86f4860943080cf3ef1bc62eef0c23f4cf1c410ab376e1f4509471220c05506cc777b8bf47a7d280beefb0e363b23a
-
SSDEEP
24576:clsDIZ2RLEQl7lhLbwi+EUswr6hVBKL0K1INKeFMxlhvJ:+Z4EybVrUCBQ0KmNKeSZh
Malware Config
Extracted
eventbot
http://pub.welcometothepub.com/gate_cb8a5aea1ab302f0_c
http://marta.martatovaglieri.it/gate_cb8a5aea1ab302f0_c
Targets
-
-
Target
f900f93eb11648f815510895f6248f78411a89443c6e56918088aac366435a60.bin
-
Size
1.5MB
-
MD5
5a36712612eb292e8630a5065450ce74
-
SHA1
d0523da40feab68ad37a223ec75dd92d45a914e2
-
SHA256
f900f93eb11648f815510895f6248f78411a89443c6e56918088aac366435a60
-
SHA512
bdc6177842395bfa3b646464e0cf09e97b86f4860943080cf3ef1bc62eef0c23f4cf1c410ab376e1f4509471220c05506cc777b8bf47a7d280beefb0e363b23a
-
SSDEEP
24576:clsDIZ2RLEQl7lhLbwi+EUswr6hVBKL0K1INKeFMxlhvJ:+Z4EybVrUCBQ0KmNKeSZh
Score10/10-
EventBot
A new Android banking trojan started to appear in March 2020.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-