General
-
Target
c87e9f6e8d1a099e015bffa68ed157792cb0c6de562ccbf20607f30772adb512.apk
-
Size
8.3MB
-
Sample
241129-pd2ahavkf1
-
MD5
bf5284bde7432eed1d3235e8f8c8a552
-
SHA1
a7435be13d888dfa67a093a8896288effc5c4e3d
-
SHA256
c87e9f6e8d1a099e015bffa68ed157792cb0c6de562ccbf20607f30772adb512
-
SHA512
bed6124909fe7c3c668c929174ab932dcb3e576639d594442cffad833e6f53d14bee645a3e0e7dc9d69887249e54e961330956b3c4247307d0ad03f91356fcca
-
SSDEEP
196608:vIU9mDrvGCm0GcqeVU7/HOUe5iO0VIKp0cpUJ8:l0+CseVU7Wb5iRVI1cf
Malware Config
Targets
-
-
Target
c87e9f6e8d1a099e015bffa68ed157792cb0c6de562ccbf20607f30772adb512.apk
-
Size
8.3MB
-
MD5
bf5284bde7432eed1d3235e8f8c8a552
-
SHA1
a7435be13d888dfa67a093a8896288effc5c4e3d
-
SHA256
c87e9f6e8d1a099e015bffa68ed157792cb0c6de562ccbf20607f30772adb512
-
SHA512
bed6124909fe7c3c668c929174ab932dcb3e576639d594442cffad833e6f53d14bee645a3e0e7dc9d69887249e54e961330956b3c4247307d0ad03f91356fcca
-
SSDEEP
196608:vIU9mDrvGCm0GcqeVU7/HOUe5iO0VIKp0cpUJ8:l0+CseVU7Wb5iRVI1cf
Score10/10-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Checks the application is allowed to request package installs through the package installer
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
-
Queries the mobile country code (MCC)
-
Requests allowing to install additional applications from unknown sources.
-
-
-
Target
mizexe
-
Size
6.8MB
-
MD5
736e623e2e85ec7b1360e9df07ab2fb8
-
SHA1
4825b020d9a719fe275088f39642e0290d0d6b3f
-
SHA256
6136a6ff061aa378e346bd61a6b90a992c61a5844f7fa47a2678dc262be50a2a
-
SHA512
e9a529525f2c183d1a89b3060e5b52d76ba18c37ba5a9782f28eb41e718fec744df9df3620c9dec95cc8b390a568e290e58a3a036a33baaeb42f4558affb5867
-
SSDEEP
98304:2wo/Krsr6OxRnQ0OiBofffd8hbaWBvl2ieSyeTgnrSsGlosFj1ORv:2P6OxRnJ9b2YErSsOos1kt
Score10/10-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Reads the contacts stored on the device.
-
Reads the content of the SMS messages.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Requests enabling of the accessibility settings.
-
Requests modifying system settings.
-
Requests uninstalling the application.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Indicator Removal on Host
1Uninstall Malicious Application
1Input Injection
1Subvert Trust Controls
2Code Signing Policy Modification
2Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1