General
-
Target
PrioritySupplySystem.v3.apk
-
Size
9.0MB
-
Sample
250208-fzrthsyngk
-
MD5
86baf6edee547f4c4d7b87ad9330f028
-
SHA1
8d7a9f6562589bd773fee03d712ec150dd43a6bc
-
SHA256
e187cc809373b2a7d3f0a8c26a348cc75e1b80f8e42aada74461ea1dc1cc86b6
-
SHA512
0d41135d0b3d37ed4ecfb49ab1cf8703584e3affa294ae7b23fb23886839a0dff95346b087937c56da0deb0f39160a609d12a8f7b70e9633a6eca6699a7697de
-
SSDEEP
196608:TLstobPpq49JdeAXihFL8m+P4LNMMkQrRjjea:ctYBP9uFm4hMYoa
Malware Config
Targets
-
-
Target
PrioritySupplySystem.v3.apk
-
Size
9.0MB
-
MD5
86baf6edee547f4c4d7b87ad9330f028
-
SHA1
8d7a9f6562589bd773fee03d712ec150dd43a6bc
-
SHA256
e187cc809373b2a7d3f0a8c26a348cc75e1b80f8e42aada74461ea1dc1cc86b6
-
SHA512
0d41135d0b3d37ed4ecfb49ab1cf8703584e3affa294ae7b23fb23886839a0dff95346b087937c56da0deb0f39160a609d12a8f7b70e9633a6eca6699a7697de
-
SSDEEP
196608:TLstobPpq49JdeAXihFL8m+P4LNMMkQrRjjea:ctYBP9uFm4hMYoa
Score10/10-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Checks the application is allowed to request package installs through the package installer
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
-
Queries the mobile country code (MCC)
-
Requests allowing to install additional applications from unknown sources.
-
-
-
Target
moguyamenefe
-
Size
11.3MB
-
MD5
81b12f17f69f5c784715ff80a89d815d
-
SHA1
433f70540a8fb170617f7ef46515ebfb9e90aa79
-
SHA256
1dd16e269ed78ee0edd857c81cd9ef7e485a3232c3a1afeafe47d71f5ff4ff86
-
SHA512
99abe6909dc34dafac1be014d2f993799149f15f5e06cb4116c4d53553d8dd4fe078ce67da7374a1a53fd33bb3a65d708d2233105622000f2f30b9e27544736e
-
SSDEEP
196608:mLxA3N32hmQRfGbjFtRG4OaMRK1pLyQI4Or:mqQRfGbjFtRG4OaMRK9I4m
Score10/10-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Reads the contacts stored on the device.
-
Reads the content of the SMS messages.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Requests uninstalling the application.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Indicator Removal on Host
1Uninstall Malicious Application
1Input Injection
1Subvert Trust Controls
2Code Signing Policy Modification
2Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1