Extracted

• • Target

    8c1fdb973840991f060152044dce5de36e24b60637c4b632b10eab2a4c70ec8f.bin

  • Size

    1.9MB

  • MD5

    80d426880968cade90828ae497b4cdae

  • SHA1

    bab63ad1ea54291271fa9a0282802835ba3de4c7

  • SHA256

    8c1fdb973840991f060152044dce5de36e24b60637c4b632b10eab2a4c70ec8f

  • SHA512

    77aaed3a111b362d78daabbd5a3ed91f170fac339f15e8051247cd0d2629445d325babff72a982311cb1c0156d4c93170368dea2d6a3f95c792ae87bfa13544c

  • SSDEEP

    24576:edagJDHJS5jM/TDGDx5afGG4ILKLvbsfiHgc6QUxishoe8gHYNUNJPMwB9QkFy:ei5uDzh1LyvIfiHgc+ozgHYNUNJUsql

  Score

  10^/10

  eventbotbankercollectiondiscoveryevasioninfostealeroverlaystealthtrojan

  • EventBot

    A new Android banking trojan started to appear in March 2020.

    bankertrojaninfostealeroverlayeventbot

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Acquires the wake lock

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3