Extracted

• • Target

    5f9f09f48083f548e86e72ccb87c04ed0af38fb729d12939868edc5bd0ec8036.bin

  • Size

    1.9MB

  • MD5

    d4bf5b9143db0fa6cb3d2f2a2d8681f6

  • SHA1

    19bc24aa99d6fb4379d9251283032792b70d1a7c

  • SHA256

    5f9f09f48083f548e86e72ccb87c04ed0af38fb729d12939868edc5bd0ec8036

  • SHA512

    2c734289bb83844225268f96bf00d1d39105dc76c87ad171bd76edc2b6d73c9c37c7bcc44faa818e0198eb7e6a9a4d056b7d91b8f52c888c3f72548d5705e724

  • SSDEEP

    49152:i9myxO+HqyxQXsfPhGO5jVvV4vsaRrkVuHUpeLd:i9myxOqQ+wvfgu9d

  Score

  10^/10

  eventbotbankercollectioncredential_accessdiscoveryevasionimpactinfostealeroverlaypersistencestealthtrojan

  • EventBot

    A new Android banking trojan started to appear in March 2020.

    bankertrojaninfostealeroverlayeventbot

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Reads the contacts stored on the device.

    collection

  • Acquires the wake lock

  • Queries the mobile country code (MCC)

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Requests enabling of the accessibility settings.

  behavioral1behavioral2behavioral3