Overview

overview

10

Static

static

6

8919f2c84b...7c.apk

android-13-x64

10

8919f2c84b...7c.apk

android-9-x86

10

bayadoje.apk

android-13-x64

10

bayadoje.apk

android-9-x86

10

Resubmissions

21/12/2024, 23:02

241221-21ca4ssqhy 10

20/12/2024, 07:27

241220-jalsratphm 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk

  • Size

    7.1MB

  • Sample

    241221-21ca4ssqhy

  • MD5

    2ee1c7272b7efc3155f00066226643c2

  • SHA1

    86fcca0d8e4778ce3bbda033dbb8e6ae1558b5e1

  • SHA256

    8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c

  • SHA512

    b6ba882ee7cfd1735779d9438c0c3d0660d726a1e0ec8f392dbe316f162efe3b5bfb06a9caa866624df988cfd9c91ad1c2f3cac8a51dc6edb51c4a9cfd72e128

  • SSDEEP

    196608:RUITvGePB7u5D6jc/WT9ZfGmw1Inj4KB8c8akpPq2s:5TvVkDD/KGmhZB8ekVq2s

Score
10/10
antidotandroidbankercollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk

    • Size

      7.1MB

    • MD5

      2ee1c7272b7efc3155f00066226643c2

    • SHA1

      86fcca0d8e4778ce3bbda033dbb8e6ae1558b5e1

    • SHA256

      8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c

    • SHA512

      b6ba882ee7cfd1735779d9438c0c3d0660d726a1e0ec8f392dbe316f162efe3b5bfb06a9caa866624df988cfd9c91ad1c2f3cac8a51dc6edb51c4a9cfd72e128

    • SSDEEP

      196608:RUITvGePB7u5D6jc/WT9ZfGmw1Inj4KB8c8akpPq2s:5TvVkDD/KGmhZB8ekVq2s

    Score
    10/10
    antidotbankercollectioncredential_accessevasionexecutionimpactinfostealerpersistencetrojandiscovery

    • Antidot

      Antidot is an Android banking trojan first seen in May 2024.

      bankertrojaninfostealerantidot

    • Antidot family

      antidot

    • Antidot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Checks the application is allowed to request package installs through the package installer

      Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

      evasion

    • Queries the mobile country code (MCC)

      discovery

    • Requests allowing to install additional applications from unknown sources.

      evasion
    behavioral1behavioral2

    • Target

      bayadoje

    • Size

      7.6MB

    • MD5

      baf3c550534acd7dce3795cb7176d738

    • SHA1

      2f99a11bedeaa8357b75414e0797d8cfb337aa7d

    • SHA256

      129240b79c82258e10643b16f0947b2ccbb88e6fea642176a85f8d21d94a2ab6

    • SHA512

      c3180ee141d9080aa97c38936dfb9bb164a8151912f2b9594275566eb8f107dfbd8bd167e8e2472a7a53562f34b5f3be88ccc501efe37ae404c4b8ddfa346f34

    • SSDEEP

      98304:so/Krg4JmdxU1g9hZB0/HRCQoR9cKzqtKsRm2ieSyeTgnrSs2a+5nWKCYFWY:sJmdxU1IN0J6zqNBYErSs2a+xH

    Score
    10/10
    antidotbankercollectioncredential_accessevasionexecutionimpactinfostealerpersistencetrojandiscovery

    • Antidot

      Antidot is an Android banking trojan first seen in May 2024.

      bankertrojaninfostealerantidot

    • Antidot family

      antidot

    • Antidot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries the mobile country code (MCC)

      discovery

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Requests modifying system settings.

      evasion

    • Requests uninstalling the application.

      evasion
    behavioral3behavioral4

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Indicator Removal on Host

1
T1630

Uninstall Malicious Application

1
T1630.001

Input Injection

1
T1516

Subvert Trust Controls

2
T1632

Code Signing Policy Modification

2
T1632.001

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Tasks