antidot

General

Target

84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a.apk
Size

9.4MB
Sample

250209-tkegjawpbw
MD5

24f5c73f3b6b11a16b8f3baec8b31cd2
SHA1

b661d37d7b0158496358110f398c9f0b0cfff038
SHA256

84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a
SHA512

a813f7fc59a14cf9cd6b5d03e85b1bc0a892cf4417a8590e581113377aeae94a73bb015d90ed48d488b34f1efac197b56410fdff1514643480076cad438ff0d5
SSDEEP

196608:C4ok0P0wxlIF7TSyxxOHKNx3ajHE9Jig4RQ+KT46a2P:1TL9VOq3nig4R2T4Q

Score

10^/10

Malware Config

Targets

- Target
  
  84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a.apk
- Size
  
  9.4MB
- MD5
  
  24f5c73f3b6b11a16b8f3baec8b31cd2
- SHA1
  
  b661d37d7b0158496358110f398c9f0b0cfff038
- SHA256
  
  84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a
- SHA512
  
  a813f7fc59a14cf9cd6b5d03e85b1bc0a892cf4417a8590e581113377aeae94a73bb015d90ed48d488b34f1efac197b56410fdff1514643480076cad438ff0d5
- SSDEEP
  
  196608:C4ok0P0wxlIF7TSyxxOHKNx3ajHE9Jig4RQ+KT46a2P:1TL9VOq3nig4R2T4Q
Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan collection credential_access defense_evasion impact
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot family
  antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Checks the application is allowed to request package installs through the package installer
  Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
  defense_evasion
- Queries the mobile country code (MCC)
  discovery
behavioral1 behavioral2 behavioral3
- Target
  
  dixeda
- Size
  
  10.3MB
- MD5
  
  8a9243247c1dfa0b249fae01f49b69a7
- SHA1
  
  c54366269d767717029e642081e63d2f1d9c630d
- SHA256
  
  c38e6e24e5a311958664492cdf5af99f8eadad21cb8aae07360a27cc044b293c
- SHA512
  
  a75c912eedc64c213d9c45a04af13e8c61eb6236616edca7e30c1dfa4dee42f6d405182a2027e0ffa821daf33d517f4693dea2eb349fdef7686f3d0a894c56d1
- SSDEEP
  
  196608:u9ecLSEPZI5mKfyGNUc/FXIvQwrKOYErSs2:MtaxfyGNUc/FYvQwrprSR
Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan collection credential_access impact defense_evasion
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot family
  antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the mobile country code (MCC)
  discovery
- Requests uninstalling the application.
  defense_evasion
behavioral4 behavioral5 behavioral6