Extracted

• • Target

    7f40c75a3014c195003d5aa45a3b868e7926b241f8634f47ebf6dbca8df5a24f.bin

  • Size

    1.9MB

  • MD5

    6e3b5075151c4c674212e0c3b1ae6272

  • SHA1

    ce0e30d45654d88b325687d33a19020868f830fe

  • SHA256

    7f40c75a3014c195003d5aa45a3b868e7926b241f8634f47ebf6dbca8df5a24f

  • SHA512

    20a3126e12ddc4b44884237ef7af76626b9147ec0bb1b12eb36c0e6a1c4cc48d76f749346e3b3049c7f278d82e74cce61c42bf37b629e2364de9c793784b007b

  • SSDEEP

    49152:ICNxIQJ96kzg77vaPVvHST0F5oKTuydq9EhwNUNJUy5:ZxBJNzU7SPpymTT0Ehio

  Score

  10^/10

  eventbotbankercollectiondiscoveryevasioninfostealeroverlaystealthtrojan

  • EventBot

    A new Android banking trojan started to appear in March 2020.

    bankertrojaninfostealeroverlayeventbot

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Acquires the wake lock

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3