General
-
Target
8931d7629dec8b3eff9ff12db1311e50394fa79c9c28472b702fb3f44848a620.bin
-
Size
2.0MB
-
Sample
240208-1x7geabe51
-
MD5
de1c74d6c6d4f8fcc442fc9ec46a0e71
-
SHA1
9f5aa16b21ac77be6e6caff0ef2b1b9b84497f23
-
SHA256
8931d7629dec8b3eff9ff12db1311e50394fa79c9c28472b702fb3f44848a620
-
SHA512
b90fa6ee40984af30b4d0acf2c22c565279e84866176fda4d9314554f24eba5d47f549f170c19bf4701d68dc06861abd09486e5ee831311eb3fc8c86f9eaab81
-
SSDEEP
49152:osaCh0nqaff87CpAZ7QAfYxl/Vok6UNKepVLT+/Xk:8Jqaff87Cp6QjlSk6uxU0
Malware Config
Extracted
eventbot
http://ora.blindsidefantasy.com/gate_cb8a5aea1ab302f0_c
http://rxc.rxcoordinator.com/gate_cb8a5aea1ab302f0_c
Targets
-
-
Target
8931d7629dec8b3eff9ff12db1311e50394fa79c9c28472b702fb3f44848a620.bin
-
Size
2.0MB
-
MD5
de1c74d6c6d4f8fcc442fc9ec46a0e71
-
SHA1
9f5aa16b21ac77be6e6caff0ef2b1b9b84497f23
-
SHA256
8931d7629dec8b3eff9ff12db1311e50394fa79c9c28472b702fb3f44848a620
-
SHA512
b90fa6ee40984af30b4d0acf2c22c565279e84866176fda4d9314554f24eba5d47f549f170c19bf4701d68dc06861abd09486e5ee831311eb3fc8c86f9eaab81
-
SSDEEP
49152:osaCh0nqaff87CpAZ7QAfYxl/Vok6UNKepVLT+/Xk:8Jqaff87Cp6QjlSk6uxU0
Score10/10-
EventBot
A new Android banking trojan started to appear in March 2020.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-