antidot

General

Target

9e010345c827e0b37ca14b42f371c0fc1a98d1d5f94015df3c0105a6e0a1d787.apk
Size

8.0MB
Sample

250125-djccsasmgs
MD5

fa02951bd5e0f0a662cf739b84a99ec3
SHA1

7b172ae5f07b9c4e2b896a454d89fe46704ddab8
SHA256

9e010345c827e0b37ca14b42f371c0fc1a98d1d5f94015df3c0105a6e0a1d787
SHA512

9a99f6692f814f83becff95f797264f19ebd862b1c4b2481b65515bc9fe440b45f6f1fc6056a2906cd06e8f795f0c61daaa4333584d2735fb72c0790b34453ac
SSDEEP

196608:bYL5S4NfXGhTuZFlICl/JISinxlrzuFF+QIklWwp:MSI2duZfTTISQFTqlWk

Score

10^/10

Malware Config

Targets

- Target
  
  9e010345c827e0b37ca14b42f371c0fc1a98d1d5f94015df3c0105a6e0a1d787.apk
- Size
  
  8.0MB
- MD5
  
  fa02951bd5e0f0a662cf739b84a99ec3
- SHA1
  
  7b172ae5f07b9c4e2b896a454d89fe46704ddab8
- SHA256
  
  9e010345c827e0b37ca14b42f371c0fc1a98d1d5f94015df3c0105a6e0a1d787
- SHA512
  
  9a99f6692f814f83becff95f797264f19ebd862b1c4b2481b65515bc9fe440b45f6f1fc6056a2906cd06e8f795f0c61daaa4333584d2735fb72c0790b34453ac
- SSDEEP
  
  196608:bYL5S4NfXGhTuZFlICl/JISinxlrzuFF+QIklWwp:MSI2duZfTTISQFTqlWk
Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan collection credential_access defense_evasion impact
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot family
  antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Checks the application is allowed to request package installs through the package installer
  Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
  defense_evasion
- Queries the mobile country code (MCC)
  discovery
behavioral1 behavioral2 behavioral3
- Target
  
  kovobopipe
- Size
  
  8.7MB
- MD5
  
  02af81325aaddd54feb7f0e8fc84ee7b
- SHA1
  
  3161e43ca8dd405de2df79eb03edc601b52a7ec4
- SHA256
  
  e8bad4b9a036d34bd196b09ad1ed225a94b46e6b7d41ccd250281208ed87b040
- SHA512
  
  8f194cae88c8759545bc1456166478e66b5f23492652088de9504b6b2612e4d0227e1133f7a21cd8301a158b80718a32206c86ab120de10a80bd680f6f74c807
- SSDEEP
  
  98304:so/Kr2VeTADQyKmLqUoDp3j8qkG07zjaY5YZBPxeV2BUsCYsTh2ieSyeTgnrSs+:BeTADQX0at80vZMPfn0YErSs+
Score

10^/10

antidot banker defense_evasion discovery evasion execution infostealer persistence trojan collection credential_access impact
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot family
  antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries the mobile country code (MCC)
  discovery
- Requests uninstalling the application.
  defense_evasion
behavioral4 behavioral5 behavioral6