General
-
Target
1f0e2b0a9ede1f1b99764e79b49f9ec8f709da7b0ac501ce3505b7db9fe25caa.apk
-
Size
10.2MB
-
Sample
241127-mq5scaznf1
-
MD5
4982e66fcc1ad470d0a93022b3c7dcc0
-
SHA1
07f382fb173f77be877de9f77fc92b52ba8b270a
-
SHA256
1f0e2b0a9ede1f1b99764e79b49f9ec8f709da7b0ac501ce3505b7db9fe25caa
-
SHA512
03a418077f362133c4631aa7f170973b724d1d56ac07fd1d3e5db17d4c23abe56182680de9c309ad92c33bc421aa0875da107a4aec386ab1bcd4a2cacb1e69fa
-
SSDEEP
196608:0oopuBYsGq7W4tjN2OfH8I1jWMMh7QNNjDNcAGoVQGlRlo1TvWM:MHOW4tjN2M1jkFgjD2+VQonoBvWM
Malware Config
Targets
-
-
Target
1f0e2b0a9ede1f1b99764e79b49f9ec8f709da7b0ac501ce3505b7db9fe25caa.apk
-
Size
10.2MB
-
MD5
4982e66fcc1ad470d0a93022b3c7dcc0
-
SHA1
07f382fb173f77be877de9f77fc92b52ba8b270a
-
SHA256
1f0e2b0a9ede1f1b99764e79b49f9ec8f709da7b0ac501ce3505b7db9fe25caa
-
SHA512
03a418077f362133c4631aa7f170973b724d1d56ac07fd1d3e5db17d4c23abe56182680de9c309ad92c33bc421aa0875da107a4aec386ab1bcd4a2cacb1e69fa
-
SSDEEP
196608:0oopuBYsGq7W4tjN2OfH8I1jWMMh7QNNjDNcAGoVQGlRlo1TvWM:MHOW4tjN2M1jkFgjD2+VQonoBvWM
Score10/10-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Checks the application is allowed to request package installs through the package installer
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
-
Queries the mobile country code (MCC)
-
Requests allowing to install additional applications from unknown sources.
-
-
-
Target
dexizuzi
-
Size
11.2MB
-
MD5
4d2d8be66cefc3008f2ea85ea4f933d3
-
SHA1
f492eddbdd49930308ddf8424c629d515fe2d29d
-
SHA256
86f8ca31bddccc5c65cc6de18a9e8801e65e7e6169b6734bc1bfe4cea0fd9071
-
SHA512
671fe2bd7c25b0a7755ee8fb24a5ac0de92559271608245a8e80d9b051a0a07dc4ec8e75ec727301dfce6b6d5606d3ecae46684a117fba0dfd965871f79dc884
-
SSDEEP
196608:LowNHsXbyO9yeieCROoarJ4xNK1YErSsl:LgbCeieCglVgKHrSw
Score10/10-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Reads the contacts stored on the device.
-
Reads the content of the SMS messages.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Requests enabling of the accessibility settings.
-
Requests uninstalling the application.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Indicator Removal on Host
1Uninstall Malicious Application
1Input Injection
1Subvert Trust Controls
2Code Signing Policy Modification
2Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1