Novel Android Trojan ‘BlankBot’ Aims to Steal Financial Data of Turkish Users

    Wednesday, August 14, 2024 In: Threat Research Print

    Date: 08/14/2024

    Severity: Medium

    Summary

    The "BlankBot" is a newly discovered Android Trojan targeting Turkish users with the aim of stealing financial data. This malware operates by disguising itself as a legitimate application, then once installed, it can access sensitive information such as banking credentials and other financial data. The Trojan employs various techniques to avoid detection and enhance its ability to capture user data, posing a significant risk to individuals' financial security in Turkey. Security experts recommend vigilance in app installation and regularly monitoring financial accounts to mitigate potential impacts.

    Indicators of Compromise (IOC) List

    IP Address

    185.255.92.185

    79.133.41.52

    Hash

    ecb88089d65d5b07d166194b09a876e3

ce167bfe38252062a561d29ca3277ad8

b06d0b2ce11c3f7c8e6717a99476b80e

550787d4ddaed57cb108b19b3e9a8876

d29ff55cb960be165cc6f7014e03a921

f3f710e4bc25df2eb9bd4445f3393b2a

c47991ed9f249941d13068c0a4b9e7a7

d5b824f84baa152f63f963f500ba52d9

f60ded14fe45e04f9e10d7c6feda6d25

bf93fb35be6dc4c40d24c6c1b4c74007f2dd897b

3356574b7e4566602fd599a9bd70c96f13b8e2c2

801fb2428f70d4a3a185cf5b92ac32a17a0304e8

60336ee9075559a4874eaf802f70fa36e4d0a524

9f2eb0ddb098e74402e190f516efec7e1fd76d79

39be1acaaf19087f39e4c859da5cf86e672c8090

d3052e1555e86e41e28de93229b24d53821865c5

c1979a6bf677a7bb77b431db80188328b04f5cf9

860f0e25b649dff70bfeef4bf83fc996e5ac68ff

11751c6aa3e5c44c92765876bc9cd46da90f466b9924b9b1993fa1c91157681d

6fc672288e68146930b86c7a3d490f551c8d7a7e8ba3229d64a6280118095bea

ad9044d9762453e2813be8ab96b9011efb2f42ab72a0cb26d7f98b9bd1d65965

b4b4b195e14e9fda5a6d890ddb57f93ef81d6d9a976078354450ee45d18c89e3

d163cc15a39fb36391bd67f6eaada6691f0c7bc75fc80282a4a258244163e12a

6681b0613fc6d5a3e1132f7499380eb9db52b03ab429f0c2109a641c9a2ea4d3

fc5099e5be818f8268327aaf190cd07b4b4ebb04e9d63eefa5a04ea504f93d62

7d5b6bcc9b93aedc540e76059ee27841a96acb9ea74a51545dfef18b0fcf5b57

8d6ca64e4c3c19587405e19d53d0e2f4d52b77f927621d4178a3f7c2bf50c2ea

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    IP Address

    dstipaddress IN ("185.255.92.185","79.133.41.52") or ipaddress IN ("185.255.92.185","79.133.41.52") or publicipaddress IN ("185.255.92.185","79.133.41.52") or srcipaddress IN ("185.255.92.185","79.133.41.52")

    Hash

    md5hash IN ("ecb88089d65d5b07d166194b09a876e3","ce167bfe38252062a561d29ca3277ad8","b06d0b2ce11c3f7c8e6717a99476b80e","550787d4ddaed57cb108b19b3e9a8876","d29ff55cb960be165cc6f7014e03a921","f3f710e4bc25df2eb9bd4445f3393b2a","c47991ed9f249941d13068c0a4b9e7a7","d5b824f84baa152f63f963f500ba52d9","f60ded14fe45e04f9e10d7c6feda6d25")

sha1hash IN ("bf93fb35be6dc4c40d24c6c1b4c74007f2dd897b","3356574b7e4566602fd599a9bd70c96f13b8e2c2","801fb2428f70d4a3a185cf5b92ac32a17a0304e8","60336ee9075559a4874eaf802f70fa36e4d0a524","9f2eb0ddb098e74402e190f516efec7e1fd76d79","39be1acaaf19087f39e4c859da5cf86e672c8090","d3052e1555e86e41e28de93229b24d53821865c5","c1979a6bf677a7bb77b431db80188328b04f5cf9","860f0e25b649dff70bfeef4bf83fc996e5ac68ff")

sha256hash IN ("11751c6aa3e5c44c92765876bc9cd46da90f466b9924b9b1993fa1c91157681d","6fc672288e68146930b86c7a3d490f551c8d7a7e8ba3229d64a6280118095bea","ad9044d9762453e2813be8ab96b9011efb2f42ab72a0cb26d7f98b9bd1d65965","b4b4b195e14e9fda5a6d890ddb57f93ef81d6d9a976078354450ee45d18c89e3","d163cc15a39fb36391bd67f6eaada6691f0c7bc75fc80282a4a258244163e12a","6681b0613fc6d5a3e1132f7499380eb9db52b03ab429f0c2109a641c9a2ea4d3","fc5099e5be818f8268327aaf190cd07b4b4ebb04e9d63eefa5a04ea504f93d62","7d5b6bcc9b93aedc540e76059ee27841a96acb9ea74a51545dfef18b0fcf5b57","8d6ca64e4c3c19587405e19d53d0e2f4d52b77f927621d4178a3f7c2bf50c2ea")

    Reference: 

    https://www.rewterz.com/threat-advisory/novel-android-trojan-blankbot-aims-to-steal-financial-data-of-turkish-users-active-iocs

     

     


    Tags

    MalwareTrojan

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.