General

  • Target

    CRM.apk

  • Size

    6.8MB

  • Sample

    241204-kewdesvmaj

  • MD5

    62ea9a0b6bcf8f005748dd71c1af6372

  • SHA1

    c136cd43cb634ff692ddc8cc31f906986c83748e

  • SHA256

    c98aed544aed512f1f96d7dcb5068473f1a8359e9602b791df64a04edd0efa69

  • SHA512

    ffd3ef96f845142f2f54de04b67b2819fa46a75b4481d3dd04af7bd36e63bf35436d6a39babef960068b605f23c7d91bdcad872d9685323291d592a0d53f4709

  • SSDEEP

    196608:VfZOFQCEHjiUpwVSnLMtC8iByQKtZdiwCNup4c5:eFQCEufQoSByFraup3

Malware Config

Targets

    • Target

      CRM.apk

    • Size

      6.8MB

    • MD5

      62ea9a0b6bcf8f005748dd71c1af6372

    • SHA1

      c136cd43cb634ff692ddc8cc31f906986c83748e

    • SHA256

      c98aed544aed512f1f96d7dcb5068473f1a8359e9602b791df64a04edd0efa69

    • SHA512

      ffd3ef96f845142f2f54de04b67b2819fa46a75b4481d3dd04af7bd36e63bf35436d6a39babef960068b605f23c7d91bdcad872d9685323291d592a0d53f4709

    • SSDEEP

      196608:VfZOFQCEHjiUpwVSnLMtC8iByQKtZdiwCNup4c5:eFQCEufQoSByFraup3

    • Antidot

      Antidot is an Android banking trojan first seen in May 2024.

    • Antidot family

    • Antidot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Checks the application is allowed to request package installs through the package installer

      Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

    • Queries the mobile country code (MCC)

    • Target

      cugocevi

    • Size

      6.1MB

    • MD5

      84185dac99c265e47be6ba6a8ab6d22b

    • SHA1

      5afcac432c684d8e2ed916fb6b194e58ffbc393c

    • SHA256

      27288c9e94cb2ce71b3807beddca4258e1a13bcfba63d422eaad49af434bf5c7

    • SHA512

      f237c0f00dcd0f19d18e7e6274f7da276defba7a8bc5397b4d851f1eca3795930a5c206731200e0753b9ea5002024f9d1f14624ee9e64a5881ef779b8e1b9875

    • SSDEEP

      98304:Eo/KrsCeL8RCvKPP4mgsvWc8v2ieSyeTgnrSsdbK2krznVOBU4ucy91/Px:2eL8ReKomgsvW4YErSsElzVQU4S

    • Antidot

      Antidot is an Android banking trojan first seen in May 2024.

    • Antidot family

    • Antidot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries the mobile country code (MCC)

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Requests modifying system settings.

MITRE ATT&CK Mobile v15

Tasks