S1092 Escobar
Escobar is an Android banking trojan, first detected in March 2021, believed to be a new variant of AbereBot.1
| Item | Value |
|---|---|
| ID | S1092 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 28 September 2023 |
| Last Modified | 11 October 2023 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1517 | Access Notifications | Escobar can monitor a device’s notifications.1 |
| mobile | T1429 | Audio Capture | Escobar can record audio from the device’s microphone.1 |
| mobile | T1616 | Call Control | Escobar can initiate phone calls.1 |
| mobile | T1533 | Data from Local System | Escobar can collect sensitive information, such as Google Authenticator codes.1 |
| mobile | T1420 | File and Directory Discovery | Escobar can access external storage.1 |
| mobile | T1630 | Indicator Removal on Host | - |
| mobile | T1630.001 | Uninstall Malicious Application | Escobar can uninstall itself and other applications.1 |
| mobile | T1417 | Input Capture | - |
| mobile | T1417.001 | Keylogging | Escobar can collect application keylogs.1 |
| mobile | T1417.002 | GUI Input Capture | Escobar can collect credentials using phishing overlays.1 |
| mobile | T1430 | Location Tracking | Escobar can request coarse and fine location permissions to track the device.1 |
| mobile | T1461 | Lockscreen Bypass | Escobar can request the DISABLE_KEYGUARD permission to disable the device lock screen password.1 |
| mobile | T1636 | Protected User Data | - |
| mobile | T1636.002 | Call Log | Escobar can access the device’s call log.1 |
| mobile | T1636.004 | SMS Messages | Escobar can read SMS messages on the device.1 |
| mobile | T1663 | Remote Access Software | Escobar can use VNC to remotely control an infected device.1 |
| mobile | T1582 | SMS Control | Escobar can modify, send, and delete SMS messages.1 |
| mobile | T1409 | Stored Application Data | Escobar can request the GET_ACCOUNTS permission to get the list of accounts on the device, and can collect media files.1 |
| mobile | T1512 | Video Capture | Escobar can take photos using the device cameras.1 |