General
-
Target
0fe3e54629332bddca26815d8245979e57136ca5f630a7b2ae4f1a5df50a16c9.bin
-
Size
1.9MB
-
Sample
240807-1zffpsvdpp
-
MD5
99830c5ec772173dd7195dc06bd5351a
-
SHA1
d4f68573893ac058c68c62295baba60035d7873d
-
SHA256
0fe3e54629332bddca26815d8245979e57136ca5f630a7b2ae4f1a5df50a16c9
-
SHA512
c95ed5487ca6c1391efb55b76f1fce4e00b94f7de9c2b206b31e23a2d63b004ebd4cb0ce7e9116ddb7356cab661f8f376166bcbe5f81639005de55676a340b5a
-
SSDEEP
49152:INYAAUjW03xR0afeNBgZjASHn+saRrkVujUpeMB:INY7x0hCafeNBgZE8n+fguaB
Malware Config
Extracted
eventbot
http://rob.jmitchelldayton.com/gate_cb8a5aea1ab302f0_c
http://rob.alanrmarble.com/gate_cb8a5aea1ab302f0_c
Targets
-
-
Target
0fe3e54629332bddca26815d8245979e57136ca5f630a7b2ae4f1a5df50a16c9.bin
-
Size
1.9MB
-
MD5
99830c5ec772173dd7195dc06bd5351a
-
SHA1
d4f68573893ac058c68c62295baba60035d7873d
-
SHA256
0fe3e54629332bddca26815d8245979e57136ca5f630a7b2ae4f1a5df50a16c9
-
SHA512
c95ed5487ca6c1391efb55b76f1fce4e00b94f7de9c2b206b31e23a2d63b004ebd4cb0ce7e9116ddb7356cab661f8f376166bcbe5f81639005de55676a340b5a
-
SSDEEP
49152:INYAAUjW03xR0afeNBgZjASHn+saRrkVujUpeMB:INY7x0hCafeNBgZE8n+fguaB
Score10/10-
EventBot
A new Android banking trojan started to appear in March 2020.
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Reads the contacts stored on the device.
-
Acquires the wake lock
-
Queries the mobile country code (MCC)
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Requests enabling of the accessibility settings.
-