antidot | a6f6e6fb44626f8e609b3ccb6cbf73318baf01d08ef84720706b205f2864b116 | Triage

Resubmissions

12-06-2024 08:16

240612-j6cvqavhpc 10

28-05-2024 23:19

240528-3a8r3age6v 8

28-05-2024 23:18

240528-3ase3sge5s 6

20-05-2024 20:07

240520-yv4lmafb48 8

20-05-2024 15:26

240520-svdgjsgb5t 8

Sharing

General

Target

file.apk
Size

2.7MB
Sample

240612-j6cvqavhpc
MD5

ac79187fd3024fb9cb5d1a872461503c
SHA1

c48240ce763e07b690e4fe79d6dfe69eeeebf8bd
SHA256

a6f6e6fb44626f8e609b3ccb6cbf73318baf01d08ef84720706b205f2864b116
SHA512

7f86e193359aab2d5970e7a3346bd98a96d35bea8074dc889d30eac3a3010181bd0c6a768b44895a717635a7ffc7e8cd4c3d8d95a80c9b09c2c137358c0603ae
SSDEEP

49152:U4CJQ42CbqPuuPx0ZH349hOVyPbs2faMrtm87ptAPfMW9pZU23V/1rF:U/OIuJ0RQhOVyg2ic7+HU23h1x

Score

10^/10

antidot android collection credential_access evasion execution impact persistence

Malware Config

Targets

- Target
  
  file.apk
- Size
  
  2.7MB
- MD5
  
  ac79187fd3024fb9cb5d1a872461503c
- SHA1
  
  c48240ce763e07b690e4fe79d6dfe69eeeebf8bd
- SHA256
  
  a6f6e6fb44626f8e609b3ccb6cbf73318baf01d08ef84720706b205f2864b116
- SHA512
  
  7f86e193359aab2d5970e7a3346bd98a96d35bea8074dc889d30eac3a3010181bd0c6a768b44895a717635a7ffc7e8cd4c3d8d95a80c9b09c2c137358c0603ae
- SSDEEP
  
  49152:U4CJQ42CbqPuuPx0ZH349hOVyPbs2faMrtm87ptAPfMW9pZU23V/1rF:U/OIuJ0RQhOVyg2ic7+HU23h1x
Score

8^/10

evasion execution impact persistence collection credential_access
- Checks if the Android device is rooted.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Checks the presence of a debugger
  evasion
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Information Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

evasionexecutionimpactpersistence

behavioral2

evasionexecutionimpactpersistence

behavioral3

collectioncredential_accessevasionexecutionimpactpersistence

behavioral4

evasionexecutionimpactpersistence