General

  • Target

    Pornhub-v6.17.0-PREMIUM.apk

  • Size

    7.7MB

  • Sample

    241208-nq3hnaslhx

  • MD5

    7b22609ef84479360165e3080b800df8

  • SHA1

    5375395036cf32494b5773ef2c63210c98e40bc7

  • SHA256

    df4f4e2ee115d679002f9fdd40303a912406d63ca9ff822c613169cb4ccbb75c

  • SHA512

    96e25bcc6987f6027b769905250f30c57ac13b96aa74605aa98eda082e5985fcc3cf247181de133ff165bd1757d02b3667ce9d6aba8d4b472ef407341e421fa2

  • SSDEEP

    196608:K1+fwx4KTVonxvWmVTLvJAjMqked6vYIou1OecCvFgP6Y66uzm3s+p6f:5whGjs4ed64dC7Wu

Malware Config

Targets

    • Target

      Pornhub-v6.17.0-PREMIUM.apk

    • Size

      7.7MB

    • MD5

      7b22609ef84479360165e3080b800df8

    • SHA1

      5375395036cf32494b5773ef2c63210c98e40bc7

    • SHA256

      df4f4e2ee115d679002f9fdd40303a912406d63ca9ff822c613169cb4ccbb75c

    • SHA512

      96e25bcc6987f6027b769905250f30c57ac13b96aa74605aa98eda082e5985fcc3cf247181de133ff165bd1757d02b3667ce9d6aba8d4b472ef407341e421fa2

    • SSDEEP

      196608:K1+fwx4KTVonxvWmVTLvJAjMqked6vYIou1OecCvFgP6Y66uzm3s+p6f:5whGjs4ed64dC7Wu

    • Antidot

      Antidot is an Android banking trojan first seen in May 2024.

    • Antidot family

    • Antidot payload

    • Checks if the Android device is rooted.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Requests dangerous framework permissions

    • Checks the presence of a debugger

    • Target

      qfysz

    • Size

      4.5MB

    • MD5

      dfc66a31d71ac949c29565893c571fd7

    • SHA1

      2df8959930c8291fa6afdd27a2f8819c0b31b46a

    • SHA256

      0b67e9e472078eae6b145baf57458a4e2ae5169070fd23c5913e8f6465258045

    • SHA512

      8a25d7eddeaebb371062dd206c1d9aeb4d906049d3f88db83e556c72806a85a83e728ee1fd4152d91a0e456bc124ce2720c8d39302c68c7652a269ecea66b613

    • SSDEEP

      98304:UKBwVJJELexKob1eOvl2m2m/dHdBNUoTArFT4:UKQJJxko8OvB26u4

    • Checks if the Android device is rooted.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Checks the presence of a debugger

MITRE ATT&CK Mobile v15

Tasks