antidot | 7a77ec98d9117cb74bc0e8122e6dc738a03e14a5d2d3a5e5ce14685b34f32b8c | Triage

Resubmissions

10/03/2025, 15:59

250310-tfh9xszqy6 10

10/03/2025, 15:54

250310-tce34azzfx 10

10/03/2025, 15:43

250310-s55c1szybt 10

10/03/2025, 15:26

250310-svfa5szthx 10

09/03/2025, 10:13

250309-l9dbrszwds 10

09/03/2025, 10:10

250309-l7g7yazwcw 10

Sharing

General

Target

fake-virus.apk
Size

8.2MB
Sample

250310-tfh9xszqy6
MD5

e2c4959d4484edd616c056c17de2d037
SHA1

cbf01cde604b32b2096746dcc2101cfff27de569
SHA256

7a77ec98d9117cb74bc0e8122e6dc738a03e14a5d2d3a5e5ce14685b34f32b8c
SHA512

4ae17163878f91dbcc8bb02c7866ba5e965dc4d8c3fdd52d8f4b74954570d7ec8f917581edde0b400f05f9ec5598a2c0144c3a99adac6a1623972289e026a936
SSDEEP

196608:arf3nyG0P3oOMzCu+jXEvL2jsO/itHmsDgn07M/sXVZjSjbZ1:abXjqRMOBXg6/GHmsDg0MEXVJc

Score

10^/10

antidot android banker defense_evasion discovery execution persistence

Malware Config

Targets

- Target
  
  fake-virus.apk
- Size
  
  8.2MB
- MD5
  
  e2c4959d4484edd616c056c17de2d037
- SHA1
  
  cbf01cde604b32b2096746dcc2101cfff27de569
- SHA256
  
  7a77ec98d9117cb74bc0e8122e6dc738a03e14a5d2d3a5e5ce14685b34f32b8c
- SHA512
  
  4ae17163878f91dbcc8bb02c7866ba5e965dc4d8c3fdd52d8f4b74954570d7ec8f917581edde0b400f05f9ec5598a2c0144c3a99adac6a1623972289e026a936
- SSDEEP
  
  196608:arf3nyG0P3oOMzCu+jXEvL2jsO/itHmsDgn07M/sXVZjSjbZ1:abXjqRMOBXg6/GHmsDg0MEXVJc
Score

8^/10

banker defense_evasion discovery execution persistence
- Checks if the Android device is rooted.
  defense_evasion
- Checks known Qemu files.
  Checks for known Qemu files that exist on Android virtual device images.
  defense_evasion
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  defense_evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Queries information about active data network
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
- Checks the presence of a debugger
  defense_evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Process Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankerdefense_evasiondiscoveryexecutionpersistence