Overview

overview

10

Static

static

6

999e957651...e9.apk

android-9-x86

10

999e957651...e9.apk

android-10-x64

10

999e957651...e9.apk

android-11-x64

10

duzori.apk

android-9-x86

duzori.apk

android-10-x64

10

duzori.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    999e95765111215c6c91cc230a8a775f9b542f8d8d52f24f4ad402e949b46ce9.apk

  • Size

    8.3MB

  • Sample

    250217-eespmsyqgr

  • MD5

    a74d54f5da626eee43934d48bc1854e9

  • SHA1

    ec9ffaec84db40506c1aa994bd40c0779169adc3

  • SHA256

    999e95765111215c6c91cc230a8a775f9b542f8d8d52f24f4ad402e949b46ce9

  • SHA512

    ecb2d2896a41d9a7b1d11cbb9bb76937bb0e96c3af31666eb917900f24d05fc6afff208ec3eb31bc737c43c5093f7c0155f71374b1824bc11cc2036a27fb20c8

  • SSDEEP

    196608:HI7++j03CqGQPmpb4FWke/YvtX3p7K8xbyyXmmuz4s6f:a++wcQOpsHvJ3RK8pyyXmm0A

Score
10/10
antidotandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      999e95765111215c6c91cc230a8a775f9b542f8d8d52f24f4ad402e949b46ce9.apk

    • Size

      8.3MB

    • MD5

      a74d54f5da626eee43934d48bc1854e9

    • SHA1

      ec9ffaec84db40506c1aa994bd40c0779169adc3

    • SHA256

      999e95765111215c6c91cc230a8a775f9b542f8d8d52f24f4ad402e949b46ce9

    • SHA512

      ecb2d2896a41d9a7b1d11cbb9bb76937bb0e96c3af31666eb917900f24d05fc6afff208ec3eb31bc737c43c5093f7c0155f71374b1824bc11cc2036a27fb20c8

    • SSDEEP

      196608:HI7++j03CqGQPmpb4FWke/YvtX3p7K8xbyyXmmuz4s6f:a++wcQOpsHvJ3RK8pyyXmm0A

    Score
    10/10
    antidotbankerdiscoveryevasionexecutioninfostealerpersistencetrojancollectioncredential_accessdefense_evasionimpact

    • Antidot

      Antidot is an Android banking trojan first seen in May 2024.

      bankertrojaninfostealerantidot

    • Antidot family

      antidot

    • Antidot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Checks the application is allowed to request package installs through the package installer

      Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

      defense_evasion

    • Queries the mobile country code (MCC)

      discovery
    behavioral1behavioral2behavioral3

    • Target

      duzori

    • Size

      9.4MB

    • MD5

      da2d1d6c5a81221935f04ce2d904a77f

    • SHA1

      fabd1ec881561e90e33ea5fdeda9236af94c2aed

    • SHA256

      79cb25b0068eeed73747c0393af759e69920b1de37538d4b43cf21dca6780a71

    • SHA512

      46fff3694b21a9fc934115b4fcc885912d9dcb15f7e4fe13fd704cf38c1a530bf440c3e5f6c44c892b312cb4d69d6ae335420743de0d62ce8b945b95f82091a2

    • SSDEEP

      98304:wxajZByg+0JWIj/nfqHI3JClflnj4IfkQaklTxMXsQe3iTxP7FB29zxFb1ek6zej:wx613JMdnjhMTklN6TBFBIzb5ek6zej

    Score
    10/10
    antidotbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

    • Antidot

      Antidot is an Android banking trojan first seen in May 2024.

      bankertrojaninfostealerantidot

    • Antidot family

      antidot

    • Antidot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries the mobile country code (MCC)

      discovery

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion

    • Requests modifying system settings.

      defense_evasion
    behavioral4behavioral5behavioral6

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Subvert Trust Controls

1
T1632

Code Signing Policy Modification

1
T1632.001

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Tasks