General
-
Target
77ac103554fb15df890bb45239f43903a57111b7d9a9db567c8239e730b04575.bin
-
Size
2.0MB
-
Sample
240208-1x5yksbe5z
-
MD5
eede86fc102df1b94fde88caef781716
-
SHA1
c8ec2f477508ed5884a42349509ab0e813bc564f
-
SHA256
77ac103554fb15df890bb45239f43903a57111b7d9a9db567c8239e730b04575
-
SHA512
f49ba0875d1e2eb0a9d3ae271b02725f326dfd8e38a98d759a0db0057a5384dfbeaa15695aca4d461c6a5a7475f308b6091195839298a34221130ceb2cc196f1
-
SSDEEP
49152:wBnhApwhTnsF7Gjcou3MwlOPt5rgbqZYRsNKepJLTy/hQ:wEwhA1GjG39lu1gmYR29ghQ
Malware Config
Extracted
eventbot
http://ora.blindsidefantasy.com/gate_cb8a5aea1ab302f0_c
http://rxc.rxcoordinator.com/gate_cb8a5aea1ab302f0_c
Targets
-
-
Target
77ac103554fb15df890bb45239f43903a57111b7d9a9db567c8239e730b04575.bin
-
Size
2.0MB
-
MD5
eede86fc102df1b94fde88caef781716
-
SHA1
c8ec2f477508ed5884a42349509ab0e813bc564f
-
SHA256
77ac103554fb15df890bb45239f43903a57111b7d9a9db567c8239e730b04575
-
SHA512
f49ba0875d1e2eb0a9d3ae271b02725f326dfd8e38a98d759a0db0057a5384dfbeaa15695aca4d461c6a5a7475f308b6091195839298a34221130ceb2cc196f1
-
SSDEEP
49152:wBnhApwhTnsF7Gjcou3MwlOPt5rgbqZYRsNKepJLTy/hQ:wEwhA1GjG39lu1gmYR29ghQ
Score10/10-
EventBot
A new Android banking trojan started to appear in March 2020.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-