antidot

General

Target

qcojes.apk
Size

8.5MB
Sample

240926-ssk4lsxcrc
MD5

df2e25512953821661b4ab8a5688a9c8
SHA1

7f60852fef126e5fd8e71266a65ed153b6094d40
SHA256

58911b7dbc485fb5e8bc3967de002ab5cb898023223d7a41e5dd7e1a074e40b1
SHA512

a9d57579442311c693af3c4c5fecb4ef8cd4d68c2ddbb4a6734eb892ba6e5cca58fa4468f07a47da7433d2329a75d948696a652341fb05be30e4a448eb61c127
SSDEEP

196608:G1mTS0d6slb4lDlPUfTDfu/cggd0CRCYSIB2euR2kSdr4l:G8d6slb4lJPuTDfu/cICR9B21R2P4l

Score

10^/10

Malware Config

Targets

- Target
  
  qcojes.apk
- Size
  
  8.5MB
- MD5
  
  df2e25512953821661b4ab8a5688a9c8
- SHA1
  
  7f60852fef126e5fd8e71266a65ed153b6094d40
- SHA256
  
  58911b7dbc485fb5e8bc3967de002ab5cb898023223d7a41e5dd7e1a074e40b1
- SHA512
  
  a9d57579442311c693af3c4c5fecb4ef8cd4d68c2ddbb4a6734eb892ba6e5cca58fa4468f07a47da7433d2329a75d948696a652341fb05be30e4a448eb61c127
- SSDEEP
  
  196608:G1mTS0d6slb4lDlPUfTDfu/cggd0CRCYSIB2euR2kSdr4l:G8d6slb4lJPuTDfu/cICR9B21R2P4l
Score

10^/10

antidot banker collection credential_access evasion execution impact infostealer persistence trojan discovery
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Checks the application is allowed to request package installs through the package installer
  Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
  evasion
- Queries the mobile country code (MCC)
  discovery
- Requests allowing to install additional applications from unknown sources.
  evasion
behavioral1 behavioral2 behavioral3
- Target
  
  dogexuzo
- Size
  
  9.7MB
- MD5
  
  ed1dd47ee8ea4b6bb0d06837c5e96d70
- SHA1
  
  1bce41dfb97da1cd4cd51026df78d33c78bb66be
- SHA256
  
  5c6d278d5791748650065233697419a744a1d12f50960dd56b9f86b59dd052c7
- SHA512
  
  df139dffe6aea4d05a03ba1bd7e9352f02f1e6914c427219a209d6fbc7150bc757ab8aa41c4ee2f3542f2c3c99183b5e6947145652dee9b7e078649035aac4eb
- SSDEEP
  
  98304:Fmv/Hh3MT/Jfr+c/byhZMzYWV2ieSyeTgnrSsVo/KrL1QeWLn4H:Fmvfh3c/JfrZbyhZrWEYErSslQeon4H
Score

10^/10

antidot banker collection credential_access discovery evasion execution impact infostealer persistence trojan
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Reads the content of the SMS messages.
  collection
- Queries the mobile country code (MCC)
  discovery
- Requests enabling of the accessibility settings.
- Requests uninstalling the application.
  evasion
behavioral4 behavioral5 behavioral6