Extracted

• • Target

    294abe33999539ece52ce971b3371ae9d87ea16cd095606e97f93a8611d353f5.bin

  • Size

    1.5MB

  • MD5

    9ce2dce3e19f40e7914c5f2a8c540177

  • SHA1

    a0d8864efa335616943b9d3c0870f0c8a6e12e1c

  • SHA256

    294abe33999539ece52ce971b3371ae9d87ea16cd095606e97f93a8611d353f5

  • SHA512

    eda54de21b9621927eddcd157f58fa209b75715831b22605f25e42a47bff51708e85d777d50c4db8fd7359f8576628d3fcef7c6f6f6af880baa893e58374cb44

  • SSDEEP

    24576:hqrQnV55SkeuFdrVgdNo1oK7ZRT0FPdwa5ZmCtNKe6Mxv/ibA:P5ENuFDgUF7ZMwiZmCtNKehF/aA

  Score

  10^/10

  eventbotbankercollectiondiscoveryevasioninfostealeroverlaystealthtrojan

  • EventBot

    A new Android banking trojan started to appear in March 2020.

    bankertrojaninfostealeroverlayeventbot

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Acquires the wake lock

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3