Extracted

• • Target

    1ab16ea032b2b3109cd2efa6357ef01171576c35efa5a565434960465d03612a.bin

  • Size

    1.9MB

  • MD5

    cb2ba719d3e311537744f1faf7178dde

  • SHA1

    fe555840e9c0699024a1a8c1a041486c025f6b3d

  • SHA256

    1ab16ea032b2b3109cd2efa6357ef01171576c35efa5a565434960465d03612a

  • SHA512

    675c0b13b583e7fdd934263ae842043805ec4d1ec670f9c8b943131dbc09534d644b56b2f0255993a48c15095182bed3b97486a53655215bafd89aedc7653268

  • SSDEEP

    49152:vZJDjE4O00Yt3Tp24JwLA8QXgf0NUNJUEr:vZJDg60w3A0wLAhgfeA

  Score

  10^/10

  eventbotbankerevasioninfostealeroverlaystealthtrojan

  • EventBot

    A new Android banking trojan started to appear in March 2020.

    bankertrojaninfostealeroverlayeventbot

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    banker

  • Removes its main activity from the application launcher

    stealthtrojan

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3