antidot | 259f81fb3538e5e0a40d2d9c7268306a60e0ee17f325103c9ce9f374a453cd60[.]bin

General

Target

259f81fb3538e5e0a40d2d9c7268306a60e0ee17f325103c9ce9f374a453cd60.bin
Size

5.0MB
MD5

30a397435de7e32817eaed0ec4df1022
SHA1

a8a4a6ad69a3f010c3bd469d59aaf4247e4ce728
SHA256

259f81fb3538e5e0a40d2d9c7268306a60e0ee17f325103c9ce9f374a453cd60
SHA512

266c260d8c81cca8d5b4208ffbac9e3e2b734cc7b155b11ab3a6fa7ee4f8497f2be3526d0df81db33ea701b26404577494907df2dfcb94d9730cbc4c4dacd633
SSDEEP

98304:+b3EfUpFqm6LY6cUZajT7dZBWkkZ0k5nyW8zNEsrx1Ollr2BF:+bUfVY6N+ykkZn0W8dmlr2v

Score

10^/10

antidot

Malware Config

Signatures

Antidot family
antidot
Antidot payload 1 IoCs

Processes:

resource yara_rule

sample family_antidot

resource	yara_rule
sample	family_antidot

Requests dangerous framework permissions 6 IoCs

Processes:

description	ioc
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS

Files

259f81fb3538e5e0a40d2d9c7268306a60e0ee17f325103c9ce9f374a453cd60.bin
.apk android

org.donaldhauz

org.donaldhauz.SplashActivity

Activities

org.donaldhauz.SplashActivity

android.intent.action.MAIN

org.donaldhauz.sms.ComposeSmsActivity

android.intent.action.SEND
android.intent.action.SENDTO

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.READ_PHONE_STATE
android.permission.READ_SMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RECEIVE_SMS
android.permission.WRITE_SMS
android.permission.SEND_SMS
android.permission.RECEIVE_LAUNCH_BROADCASTS
android.permission.FOREGROUND_SERVICE
android.permission.USE_BIOMETRIC
android.permission.USE_FINGERPRINT

Receivers

org.donaldhauz.sms.SmsReceiver

android.provider.Telephony.SMS_RECEIVED
android.provider.Telephony.SMS_DELIVER
android.intent.action.BOOT_COMPLETED

org.donaldhauz.sms.MmsReceiver

android.provider.Telephony.WAP_PUSH_DELIVER

Services

org.donaldhauz.sms.QuickSmsResponseService

android.intent.action.RESPOND_VIA_MESSAGE

Android Permissions

259f81fb3538e5e0a40d2d9c7268306a60e0ee17f325103c9ce9f374a453cd60.bin

Permissions

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.READ_CONTACTS

android.permission.WRITE_CONTACTS

android.permission.READ_PHONE_STATE

android.permission.READ_SMS

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.RECEIVE_SMS

android.permission.WRITE_SMS

android.permission.SEND_SMS

android.permission.RECEIVE_LAUNCH_BROADCASTS

android.permission.FOREGROUND_SERVICE

android.permission.USE_BIOMETRIC

android.permission.USE_FINGERPRINT

Sharing

General

Malware Config

Signatures

Files

org.donaldhauz

org.donaldhauz.SplashActivity

Activities

org.donaldhauz.SplashActivity

org.donaldhauz.sms.ComposeSmsActivity

Permissions

Receivers

org.donaldhauz.sms.SmsReceiver

org.donaldhauz.sms.MmsReceiver

Services

org.donaldhauz.sms.QuickSmsResponseService

Android Permissions

259f81fb3538e5e0a40d2d9c7268306a60e0ee17f325103c9ce9f374a453cd60.bin