antidot | 9e010345c827e0b37ca14b42f371c0fc1a98d1d5f94015df3c0105a6e0a1d787 | Triage

Sharing

General

Target

Install Pro.apk
Size

8.0MB
Sample

250124-te38psxpbk
MD5

fa02951bd5e0f0a662cf739b84a99ec3
SHA1

7b172ae5f07b9c4e2b896a454d89fe46704ddab8
SHA256

9e010345c827e0b37ca14b42f371c0fc1a98d1d5f94015df3c0105a6e0a1d787
SHA512

9a99f6692f814f83becff95f797264f19ebd862b1c4b2481b65515bc9fe440b45f6f1fc6056a2906cd06e8f795f0c61daaa4333584d2735fb72c0790b34453ac
SSDEEP

196608:bYL5S4NfXGhTuZFlICl/JISinxlrzuFF+QIklWwp:MSI2duZfTTISQFTqlWk

Score

10^/10

antidot android banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Targets

- Target
  
  Install Pro.apk
- Size
  
  8.0MB
- MD5
  
  fa02951bd5e0f0a662cf739b84a99ec3
- SHA1
  
  7b172ae5f07b9c4e2b896a454d89fe46704ddab8
- SHA256
  
  9e010345c827e0b37ca14b42f371c0fc1a98d1d5f94015df3c0105a6e0a1d787
- SHA512
  
  9a99f6692f814f83becff95f797264f19ebd862b1c4b2481b65515bc9fe440b45f6f1fc6056a2906cd06e8f795f0c61daaa4333584d2735fb72c0790b34453ac
- SSDEEP
  
  196608:bYL5S4NfXGhTuZFlICl/JISinxlrzuFF+QIklWwp:MSI2duZfTTISQFTqlWk
Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot family
  antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Checks the application is allowed to request package installs through the package installer
  Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
  defense_evasion
- Requests allowing to install additional applications from unknown sources.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Subvert Trust Controls

Code Signing Policy Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

System Information Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

antidotbankercollectioncredential_accessdefense_evasionevasionexecutionimpactinfostealerpersistencetrojan

behavioral2

antidotbankercollectioncredential_accessdefense_evasionevasionexecutionimpactinfostealerpersistencetrojan