Extracted

• • Target

    8fcb9f0174535f8e8aba33560a2758f8d75b689a203aeb5948e7fbf588535e1f.bin

  • Size

    1.4MB

  • MD5

    4ccca48528ea0ac71efeef95391b52f3

  • SHA1

    895726b8ac21bca5ad6b89167c1ef8c0722c1e3a

  • SHA256

    8fcb9f0174535f8e8aba33560a2758f8d75b689a203aeb5948e7fbf588535e1f

  • SHA512

    3de956e48ae96131737724b5290470c81250a763b0182d9abb0538525388d32f0ebf66ae2c60f765d6392ad2188c29f882d906bc8fab3c4033203740fbd270dd

  • SSDEEP

    24576:ATA/XMHBU+cPWcT2in3861wL/UPhw3/6bpQJLX/yM13NKe3Mxd8:Ak/MHBHcPI+86GT6G3/nXaM13NKec38

  Score

  10^/10

  eventbotbankercollectiondiscoveryevasioninfostealeroverlaystealthtrojan

  • EventBot

    A new Android banking trojan started to appear in March 2020.

    bankertrojaninfostealeroverlayeventbot

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Acquires the wake lock

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3