antidot | 58911b7dbc485fb5e8bc3967de002ab5cb898023223d7a41e5dd7e1a074e40b1 | Triage

Resubmissions

11/12/2024, 08:06

241211-jzhsdstqaz 10

19/11/2024, 09:36

241119-lkyamsymcq 10

Sharing

General

Target

qcojes.apk
Size

8.5MB
Sample

241211-jzhsdstqaz
MD5

df2e25512953821661b4ab8a5688a9c8
SHA1

7f60852fef126e5fd8e71266a65ed153b6094d40
SHA256

58911b7dbc485fb5e8bc3967de002ab5cb898023223d7a41e5dd7e1a074e40b1
SHA512

a9d57579442311c693af3c4c5fecb4ef8cd4d68c2ddbb4a6734eb892ba6e5cca58fa4468f07a47da7433d2329a75d948696a652341fb05be30e4a448eb61c127
SSDEEP

196608:G1mTS0d6slb4lDlPUfTDfu/cggd0CRCYSIB2euR2kSdr4l:G8d6slb4lJPuTDfu/cICR9B21R2P4l

Score

10^/10

antidot android banker collection credential_access discovery evasion execution impact infostealer persistence trojan

Malware Config

Targets

- Target
  
  qcojes.apk
- Size
  
  8.5MB
- MD5
  
  df2e25512953821661b4ab8a5688a9c8
- SHA1
  
  7f60852fef126e5fd8e71266a65ed153b6094d40
- SHA256
  
  58911b7dbc485fb5e8bc3967de002ab5cb898023223d7a41e5dd7e1a074e40b1
- SHA512
  
  a9d57579442311c693af3c4c5fecb4ef8cd4d68c2ddbb4a6734eb892ba6e5cca58fa4468f07a47da7433d2329a75d948696a652341fb05be30e4a448eb61c127
- SSDEEP
  
  196608:G1mTS0d6slb4lDlPUfTDfu/cggd0CRCYSIB2euR2kSdr4l:G8d6slb4lJPuTDfu/cICR9B21R2P4l
Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan collection credential_access impact
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot family
  antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Checks the application is allowed to request package installs through the package installer
  Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
  evasion
- Queries the mobile country code (MCC)
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Subvert Trust Controls

Code Signing Policy Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

antidotbankerdiscoveryevasionexecutioninfostealerpersistencetrojan

behavioral2

antidotbankercollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistencetrojan

behavioral3

antidotbankercollectioncredential_accessevasionexecutionimpactinfostealerpersistencetrojan