Massive Phishing Campaign Target India Banks' Clients Elibomi SHA256 0eda2c0b96aa1e482760d47c25b8bcd033f1ad028885e8b276878b429b6c80f9 Elibomi malware AndroidOS_Elibomi 1240870ae35a18d53287b89f300cafec31e6c2a4962faba4c467c587b24d445b Elibomi malware AndroidOS_Elibomi 12b47e5b7f6cc7371c7a243ae0d58cf7b7391e0a471a4365d03b7db9e45a5dd8 Elibomi malware AndroidOS_Elibomi 1e7df4ba8b45253bae2f419e831089a9cc776032d6c7175d45fc3db45687b19d Additional payload installed by Elibomi AndroidOS_Elibomi 289469ac20602f3acfc528b34f9b085c08697b69c745891f14f66d39b41dea0b Elibomi malware AndroidOS_Elibomi 40b469c6e7176101abb3d114c689fe0b3cc244292bcbc0658174337596caf1a9 Elibomi malware AndroidOS_Elibomi 5c9dd64dd4ee534d4d9e2faa1b43eabc04336530a7ec81d2579fa33f27bf1356 Elibomi malware AndroidOS_Elibomi 7d3d5f16ae9c4d9efd33714731bbea8e0188b5021e3845ceef1b48f9b23b8bb0 Elibomi malware AndroidOS_Elibomi 7e4e88db5aa46a5fa7d9eb4ec17c9451dd53a4bd68cae59d0b5da3e1e93a373c Elibomi malware AndroidOS_Elibomi 87325f5be4c9d736ac5538d5a8f0c35e4724728e9cccf9f2f5b3115e223b4922 Additional payload installed by Elibomi AndroidOS_Elibomi a389911dcba6afa54a1977657a17292ec1a8e3f49ee3726600725f4200ca7960 Elibomi malware AndroidOS_Elibomi a444b4264d141e5dfb4547b87f36444ae85e54b51e73e6814a63d4ca30a0673e Elibomi malware AndroidOS_Elibomi b91f82459d599afc32c12a371588fdeb3c709fe402f7ae383c3828338f6028d3 Additional payload installed by Elibomi AndroidOS_Elibomi d4b7e0a6a8f86b52214e584f75291cc5f6b77e0b790170b0fad13b2fbbfef7af Elibomi malware AndroidOS_Elibomi d832cd08d46db8af42ca7136401da8dd751d6e5be9339e0b040d0e0d134bc7d8 Elibomi malware AndroidOS_Elibomi df863dcb5f08e11bb3776f2a72aff7e691738621a8d989495ff4876cc9efa770 Elibomi malware AndroidOS_Elibomi URLs/Domains 192.227.196.185 Backend server 198.12.107.13 Backend server 3.108.190.204 Backend server http://192.227.196.185/647922207/y9zd44e.php Phishing link http://192.227.196.185/804194164/e3nr.php Phishing link hxxp://192.227.196.172/185221368/30ayx2.php Phishing link http://198.12.107.13/iaserver.php Command and control (C&C) link http://198.12.107.13/Play/Play.apk Download link of additional payload http://198.12.107.13/si/teamApp.apk Download link of additional payload http://gia.3utilities.com/iaserver.php Command and control (C&C) link FakeReward SHA256 22198aac550c74a2bb11b065ac76790c98b2856027c39199e408c5b2bcc7659a FakeReward variant request notification permission AndroidOS_FakeReward 237f30949ebf7c67a58a7a38c2464db28b722cd1f0f7aae45c469bd9db8b22c8 FakeReward variant request notification permission AndroidOS_FakeReward 2da210623178f90801e53394db43809bd23674063c53bf341ef5d94ebde61131 FakeReward variant request notification permission AndroidOS_FakeReward 330087f5646ce4699f531c4108d0973d7151bb51834498f8bc1b5d818ccd47c9 FakeReward variant request notification permission AndroidOS_FakeReward 4c7f5d329a3071707e84f73a3b79d06cadd30ec5edfb200145aa87675dda7895 FakeReward variant request notification permission AndroidOS_FakeReward 537b620b8e1d33e301925509cdcb357ab0a6d1626c83765f4eb1aaac1378eb6f FakeReward variant request notification permission AndroidOS_FakeReward 6c2a554c334c05f6df5eb0ba988bbaf72bb8780d30f8e6487926f2bb6cacecbc FakeReward variant request notification permission AndroidOS_FakeReward 7c0f5cd3ea9130e5c8e636ceafb4d5f7c302eb6e790f4a6e0dfcf1c897f5f973 FakeReward variant request notification permission AndroidOS_FakeReward 831dc2af83102fc6b982c7f141354e5d0a37ba1116be22cc80b4580c4007fc90 FakeReward variant request notification permission AndroidOS_FakeReward 891030fbbe378cfbfb2e23e27f2cdec2a99315e91b3422f5aecdf5a9ad4501c2 FakeReward variant request notification permission AndroidOS_FakeReward 8e2d631d0341947d801bbbe2b0056cefe80d68aeacf1bcf7ecaacb6523bf0d01 FakeReward variant request notification permission AndroidOS_FakeReward 97b5818fc166c59640035dde0c3ce2e7f8eed19e1debfb4ff62bc9f36a85d930 FakeReward variant request notification permission AndroidOS_FakeReward ad0ec0e93f5c5a4b07c260a2774a52d5b611723376b2a8a81146ba9c3316215b FakeReward variant request notification permission AndroidOS_FakeReward b28b792b6a093481722dde813de98d163de325bbcc84c70a568499367d9a9418 FakeReward variant request notification permission AndroidOS_FakeReward d12fbfe958db90affe0a6a50f223b3e946989b8968098261204f03265387e895 FakeReward variant request notification permission AndroidOS_FakeReward e18cfff13f4737bfa8ff9e0f457546eab04c34ecf1229a298982af1a87c23ae9 FakeReward variant request notification permission AndroidOS_FakeReward ebb90d0b457fd17195cea560b28c4b68b1d7ecdb7173296238d973399a33e1e4 FakeReward variant request notification permission AndroidOS_FakeReward 0b8bb3271973bf5f0f6b4f85c7ffba4b50c50972aa60fdffb0c59dd75f445df1 FakeReward variant request SMS permission AndroidOS_FakeReward 1060c168605adffe74399fd0242cdcff29e7b97d72b4d8c24f514c0ae8d41432 FakeReward variant request SMS permission AndroidOS_FakeReward 17e695a60870c9d5bb3da7eb26d0a9c911d5fc3625664d6b0e184bd6f7167ae7 FakeReward variant request SMS permission AndroidOS_FakeReward 46869c0b61b6f5784f57a668a5df3a1814d02529a5989c32180fde55d47b1d1a FakeReward variant request SMS permission AndroidOS_FakeReward 532737f23a08cbd6eb852acacda1f82a4b090ff6d5a91633075e6af1d1514148 FakeReward variant request SMS permission AndroidOS_FakeReward 9961fa6f105132651c166f1d5e9747a9af9f85456d2820c30eaffa5bd58db17b FakeReward variant request SMS permission AndroidOS_FakeReward a3d7ee003d5495c5bab8c976eba7cdb5a80333f9e045edea1f436407f5df3f77 FakeReward variant request SMS permission AndroidOS_FakeReward e263bdb312ad48d3ed0c42c1d452a2400c5659c6632ab33243f59635c1be3327 FakeReward variant request SMS permission AndroidOS_FakeReward ec1f488dc37efaff016897aefb4a2cf34585661210d72119643aa9cb67feafa5 FakeReward variant request SMS permission AndroidOS_FakeReward AxBanker SHA256 2fba77eef31939ccb47d147d70bf117460e3fa98b3baf35e0b1a9ee81b6acb6b AxBanker malware AndroidOS_AxBanker 34cdc6ef199b4c50ee80eb0efce13a63a9a0e6bee9c23610456e913bf78272a8 AxBanker malware AndroidOS_AxBanker 43a925bb5208e1fc34d22fb4a961129906051361afa4a292db874e92cea07404 AxBanker malware AndroidOS_AxBanker 653a1f007670b284384239aa88a2c1d4342b8c1a86539d602681ec514c80231d AxBanker malware AndroidOS_AxBanker 66c572dd6b68a1abc48241f6d7308fbc42b18470e1d8989190f515a6f621f0a1 AxBanker malware AndroidOS_AxBanker 87614191b8bed607084b5cc21764356036a892e1082a2160cef8483df61fb190 AxBanker malware AndroidOS_AxBanker cf1c74e2e31d81c7019aa8e8497847e6c0bf4352da47da659eb7fea6195a0cca AxBanker malware AndroidOS_AxBanker e5f85b2d40bb05c0bf9fc22eb04d98ca28bd4b5fcfa84d8dfebf5b5f2e453811 AxBanker malware AndroidOS_AxBanker IcRAT SHA256 8325398d82c110e9219cfbd963c915b7753f108ddd109ceefc47e8c7ef978fe9 IcRAT malware AndroidOS_Icrat.HRX IcSpy SHA256 24fc61f6184426018bfe9124c68c753339c6cc6c7c507fe5304c42f247963b88 IcSpy malware AndroidOS_ICSpy.HRX a524a10921d5ee8ceae81dff2c0278a11643c23129e5df95a1372110933a50e5 IcSpy malware AndroidOS_ICSpy.HRX f050abd03d3a58bb4f5b85cd831ccd176f3fa46d12deee35c541f6af3e491a34 IcSpy malware AndroidOS_ICSpy.HRX