antidot

Sharing

General

Target

999e95765111215c6c91cc230a8a775f9b542f8d8d52f24f4ad402e949b46ce9.apk
Size

8.3MB
Sample

250220-f177wsyqy7
MD5

a74d54f5da626eee43934d48bc1854e9
SHA1

ec9ffaec84db40506c1aa994bd40c0779169adc3
SHA256

999e95765111215c6c91cc230a8a775f9b542f8d8d52f24f4ad402e949b46ce9
SHA512

ecb2d2896a41d9a7b1d11cbb9bb76937bb0e96c3af31666eb917900f24d05fc6afff208ec3eb31bc737c43c5093f7c0155f71374b1824bc11cc2036a27fb20c8
SSDEEP

196608:HI7++j03CqGQPmpb4FWke/YvtX3p7K8xbyyXmmuz4s6f:a++wcQOpsHvJ3RK8pyyXmm0A

Score

10^/10

Malware Config

Targets

- Target
  
  999e95765111215c6c91cc230a8a775f9b542f8d8d52f24f4ad402e949b46ce9.apk
- Size
  
  8.3MB
- MD5
  
  a74d54f5da626eee43934d48bc1854e9
- SHA1
  
  ec9ffaec84db40506c1aa994bd40c0779169adc3
- SHA256
  
  999e95765111215c6c91cc230a8a775f9b542f8d8d52f24f4ad402e949b46ce9
- SHA512
  
  ecb2d2896a41d9a7b1d11cbb9bb76937bb0e96c3af31666eb917900f24d05fc6afff208ec3eb31bc737c43c5093f7c0155f71374b1824bc11cc2036a27fb20c8
- SSDEEP
  
  196608:HI7++j03CqGQPmpb4FWke/YvtX3p7K8xbyyXmmuz4s6f:a++wcQOpsHvJ3RK8pyyXmm0A
Score

10^/10

antidot banker collection credential_access defense_evasion discovery evasion execution impact infostealer persistence trojan
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot family
  antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Checks the application is allowed to request package installs through the package installer
  Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
  defense_evasion
- Queries the mobile country code (MCC)
  discovery
- Requests allowing to install additional applications from unknown sources.
  defense_evasion
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  duzori
- Size
  
  9.4MB
- MD5
  
  da2d1d6c5a81221935f04ce2d904a77f
- SHA1
  
  fabd1ec881561e90e33ea5fdeda9236af94c2aed
- SHA256
  
  79cb25b0068eeed73747c0393af759e69920b1de37538d4b43cf21dca6780a71
- SHA512
  
  46fff3694b21a9fc934115b4fcc885912d9dcb15f7e4fe13fd704cf38c1a530bf440c3e5f6c44c892b312cb4d69d6ae335420743de0d62ce8b945b95f82091a2
- SSDEEP
  
  98304:wxajZByg+0JWIj/nfqHI3JClflnj4IfkQaklTxMXsQe3iTxP7FB29zxFb1ek6zej:wx613JMdnjhMTklN6TBFBIzb5ek6zej
Score

10^/10

antidot banker collection credential_access defense_evasion discovery evasion execution impact infostealer persistence trojan
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot family
  antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries the mobile country code (MCC)
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
- Requests modifying system settings.
  defense_evasion
behavioral5 behavioral6 behavioral7 behavioral8