antidot | 999e95765111215c6c91cc230a8a775f9b542f8d8d52f24f4ad402e949b46ce9 | Triage

Sharing

General

Target

Install-Pro.apk
Size

8.3MB
Sample

250216-pw3w2syjht
MD5

a74d54f5da626eee43934d48bc1854e9
SHA1

ec9ffaec84db40506c1aa994bd40c0779169adc3
SHA256

999e95765111215c6c91cc230a8a775f9b542f8d8d52f24f4ad402e949b46ce9
SHA512

ecb2d2896a41d9a7b1d11cbb9bb76937bb0e96c3af31666eb917900f24d05fc6afff208ec3eb31bc737c43c5093f7c0155f71374b1824bc11cc2036a27fb20c8
SSDEEP

196608:HI7++j03CqGQPmpb4FWke/YvtX3p7K8xbyyXmmuz4s6f:a++wcQOpsHvJ3RK8pyyXmm0A

Score

10^/10

antidot android banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Targets

- Target
  
  Install-Pro.apk
- Size
  
  8.3MB
- MD5
  
  a74d54f5da626eee43934d48bc1854e9
- SHA1
  
  ec9ffaec84db40506c1aa994bd40c0779169adc3
- SHA256
  
  999e95765111215c6c91cc230a8a775f9b542f8d8d52f24f4ad402e949b46ce9
- SHA512
  
  ecb2d2896a41d9a7b1d11cbb9bb76937bb0e96c3af31666eb917900f24d05fc6afff208ec3eb31bc737c43c5093f7c0155f71374b1824bc11cc2036a27fb20c8
- SSDEEP
  
  196608:HI7++j03CqGQPmpb4FWke/YvtX3p7K8xbyyXmmuz4s6f:a++wcQOpsHvJ3RK8pyyXmm0A
Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot family
  antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Checks the application is allowed to request package installs through the package installer
  Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
  defense_evasion
- Requests allowing to install additional applications from unknown sources.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Subvert Trust Controls

Code Signing Policy Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

System Information Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

antidotbankercollectioncredential_accessdefense_evasionevasionexecutionimpactinfostealerpersistencetrojan

behavioral2

antidotbankercollectioncredential_accessdefense_evasionevasionexecutionimpactinfostealerpersistencetrojan