antidot

General

Target

Update_130.1.6723.108.apk
Size

8.6MB
Sample

250204-rsl58szqck
MD5

591bd3375176c120e46620897117230f
SHA1

17bb2aed71ce0f1bba8d1d288c695d2b2266b016
SHA256

14a0995d3a1008d8027a90a2696ef4452225c0411693b4e82e45cd50b1781cda
SHA512

bb4dca37d6eca6282be01a79a073f9d06f4602397a07459efae6d8583daac549e7b74772ce279edbc483451c86741ffb8e168e81378dcc28adc6a931edfd1cc0
SSDEEP

196608:kMJlMUPUPu0H2v8LBhGrmJmn8ihzrfcJsyu5tW587NB5F2qwWbIm+KaeTx:EUPUmqc8lMiJmn8ihz6/u5tlvbqfu

Score

10^/10

Malware Config

Targets

- Target
  
  Update_130.1.6723.108.apk
- Size
  
  8.6MB
- MD5
  
  591bd3375176c120e46620897117230f
- SHA1
  
  17bb2aed71ce0f1bba8d1d288c695d2b2266b016
- SHA256
  
  14a0995d3a1008d8027a90a2696ef4452225c0411693b4e82e45cd50b1781cda
- SHA512
  
  bb4dca37d6eca6282be01a79a073f9d06f4602397a07459efae6d8583daac549e7b74772ce279edbc483451c86741ffb8e168e81378dcc28adc6a931edfd1cc0
- SSDEEP
  
  196608:kMJlMUPUPu0H2v8LBhGrmJmn8ihzrfcJsyu5tW587NB5F2qwWbIm+KaeTx:EUPUmqc8lMiJmn8ihz6/u5tlvbqfu
Score

10^/10

antidot banker defense_evasion discovery evasion execution infostealer persistence trojan collection credential_access impact
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot family
  antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Checks the application is allowed to request package installs through the package installer
  Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
  defense_evasion
- Queries the mobile country code (MCC)
  discovery
- Requests allowing to install additional applications from unknown sources.
  defense_evasion
behavioral1 behavioral2 behavioral3
- Target
  
  jidofe
- Size
  
  9.3MB
- MD5
  
  bb52b4b78af8fb0d90cd8cbbe64b51b4
- SHA1
  
  3647b7df4ca5de696a455ef768b65d1af0b2a5d4
- SHA256
  
  a8fb72748e0f1ed547d0d63991b8a46c254ca644bf5caf88eba680b1f0b23b50
- SHA512
  
  ccc5756e7c95c0485745be5d1eb484a171b983a7984dc7d77e40e4d730ff5ebc375649a9f2970d7a809c9929820428b2400b1d8b03eefd52e753dee009eb05ef
- SSDEEP
  
  196608:s6OnhxCYN6Dv93pJiTj4Nv3gyeYeMNeUhC:axN6Dv9BNfC
Score

10^/10

antidot banker defense_evasion discovery evasion execution infostealer persistence trojan collection credential_access impact
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot family
  antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries the mobile country code (MCC)
  discovery
- Requests uninstalling the application.
  defense_evasion
behavioral4 behavioral5 behavioral6