General
-
Target
1b4c23ae2c36acaa2e705e1f757a79811f9da476d070ee7a1395f435b60fec0d.bin
-
Size
1.5MB
-
Sample
240208-1ymhmabe7t
-
MD5
2aa115d3ba4456ba7782628d38ee8e21
-
SHA1
ceb40024576e2f78c23e886183d0ba424bc703fb
-
SHA256
1b4c23ae2c36acaa2e705e1f757a79811f9da476d070ee7a1395f435b60fec0d
-
SHA512
560f1328e060119bc661e0d051474fa082daf1fff93a1533f2e741f4c90b770f0b8c8ea7b69b789414952743ba24fd5d549374ff6e04738be2f0a3154b8cc65d
-
SSDEEP
24576:4AvZCfrAGtzQALYbApZNUIS7/tuKCAVYNKemMxn/DO:1NuzfgOZNculAVYNKe1l/C
Static task
static1
Behavioral task
behavioral1
Sample
1b4c23ae2c36acaa2e705e1f757a79811f9da476d070ee7a1395f435b60fec0d.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
1b4c23ae2c36acaa2e705e1f757a79811f9da476d070ee7a1395f435b60fec0d.apk
Resource
android-x64-20231215-en
Malware Config
Extracted
eventbot
http://pub.welcometothepub.com/gate_cb8a5aea1ab302f0_c
http://marta.martatovaglieri.it/gate_cb8a5aea1ab302f0_c
Targets
-
-
Target
1b4c23ae2c36acaa2e705e1f757a79811f9da476d070ee7a1395f435b60fec0d.bin
-
Size
1.5MB
-
MD5
2aa115d3ba4456ba7782628d38ee8e21
-
SHA1
ceb40024576e2f78c23e886183d0ba424bc703fb
-
SHA256
1b4c23ae2c36acaa2e705e1f757a79811f9da476d070ee7a1395f435b60fec0d
-
SHA512
560f1328e060119bc661e0d051474fa082daf1fff93a1533f2e741f4c90b770f0b8c8ea7b69b789414952743ba24fd5d549374ff6e04738be2f0a3154b8cc65d
-
SSDEEP
24576:4AvZCfrAGtzQALYbApZNUIS7/tuKCAVYNKemMxn/DO:1NuzfgOZNculAVYNKe1l/C
-
EventBot
A new Android banking trojan started to appear in March 2020.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-