General

  • Target

    81a390f63cb70395ee3fe9d1111bfb23.bin

  • Size

    10.8MB

  • MD5

    882926acf150937548af462b6fd1f87f

  • SHA1

    fe7e2f28e58dd47dbe9c606ebad9a414a6d32a61

  • SHA256

    c5b445e1c2b7f3813c37f6047fb83734b1230e59e70e16c693fafec9e61b41b9

  • SHA512

    a4f28d83bc53320771af3a1a59cf7f72bb73fae853f3a164a83078f26bbc56e980484569dc032137fe50d200ba1dbeef78d6a19f611fde58acc0d07e32ef2926

  • SSDEEP

    196608:a53KfqMpYhf08+svvchCh+zfJ8nQPn1NyFYjvPlSgnzmUfNezQiP6wvcM464:aKqQY508nXchChsmQPn1Nya7Ptvf8puH

Score
10/10

Malware Config

Signatures

  • Antidot family
  • Antidot payload 1 IoCs
  • Requests dangerous framework permissions 4 IoCs

Files

  • 81a390f63cb70395ee3fe9d1111bfb23.bin
    .zip

    Password: infected

  • af26d6133f5729cfb029d129ca8bab77e9d7bb2903565ba2389f657e7d1e2a91.apk
    .apk android arch:arm64 arch:arm arch:x86 arch:x64

    Password: infected

    io.github.huskydg.magisk

    com.topjohnwu.magisk.ui.MainActivity


  • stub.apk
    .apk android

    Password: infected

    io.github.huskydg.magisk

    x.COMPONENT_PLACEHOLDER_2