antidot | 9c40abafc377697c0a21701cadd4ee6152309d5b0bacaf7e8d1afff1e56cfefc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9c40abafc377697c0a21701cadd4ee6152309d5b0bacaf7e8d1afff1e56cfefc.bin
Size

3.0MB
Sample

240827-11lzwatgmd
MD5

740b7178c520c43ce32767ca24b2f808
SHA1

714a1329ba73f8cc46a4ee93cdec00a106b9cd59
SHA256

9c40abafc377697c0a21701cadd4ee6152309d5b0bacaf7e8d1afff1e56cfefc
SHA512

abbd1c2290c00817316f4c117b54e860b4b6ea5e3014413958566cb4f65ce7613a5f7f60a641a04e54d8fd3f24983612e644f34207816d08ea6fb71d085cf735
SSDEEP

49152:WmBGkez3NeB0kNlsxb8pfemWDTzgXZUc3GbPgV:WfrN7oFeWZUc3GjgV

Score

10^/10

antidot android banker collection credential_access discovery evasion execution persistence

Malware Config

Targets

- Target
  
  9c40abafc377697c0a21701cadd4ee6152309d5b0bacaf7e8d1afff1e56cfefc.bin
- Size
  
  3.0MB
- MD5
  
  740b7178c520c43ce32767ca24b2f808
- SHA1
  
  714a1329ba73f8cc46a4ee93cdec00a106b9cd59
- SHA256
  
  9c40abafc377697c0a21701cadd4ee6152309d5b0bacaf7e8d1afff1e56cfefc
- SHA512
  
  abbd1c2290c00817316f4c117b54e860b4b6ea5e3014413958566cb4f65ce7613a5f7f60a641a04e54d8fd3f24983612e644f34207816d08ea6fb71d085cf735
- SSDEEP
  
  49152:WmBGkez3NeB0kNlsxb8pfemWDTzgXZUc3GbPgV:WfrN7oFeWZUc3GjgV
Score

7^/10

banker collection credential_access discovery evasion execution persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Requests uninstalling the application.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Impair Defenses

Prevent Application Removal

Indicator Removal on Host

Uninstall Malicious Application

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

behavioral2

bankerdiscoveryexecutionpersistence

behavioral3

bankerdiscoveryevasionexecutionpersistence