Extracted

• • Target

    b2f671c810dde7918d17ae40369a56dffe7062493a059e81c5a54ed357fac495.bin

  • Size

    1.9MB

  • MD5

    2b4ff678c31fe179cf7ddb951ce2d3dd

  • SHA1

    a73227337fc2b00bea8d5ec3c0dd8156cc21c958

  • SHA256

    b2f671c810dde7918d17ae40369a56dffe7062493a059e81c5a54ed357fac495

  • SHA512

    f4f3760424e4c8d2faa7ef5d03c86ce627928fd3f0e79ad2294cb7a1c803765c0712d55d961e12e487c23fe057dfb28b8b3e67ce4a06fb72f70fa5aab0cce4a6

  • SSDEEP

    49152:L+pFbSwFUbK72pKCpGdfG0f+W/6gJ74Dg3YNUNJU8R:ipFbJFUs20qyfx2S6o+g3ai

  Score

  10^/10

  eventbotbankerevasioninfostealeroverlaystealthtrojan

  • EventBot

    A new Android banking trojan started to appear in March 2020.

    bankertrojaninfostealeroverlayeventbot

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    banker

  • Removes its main activity from the application launcher

    stealthtrojan

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3