General

  • Target

    207a4f9076aa04435c532f8d62ff134859abdca31bc0f11fc31aa4f8146ef9a1

  • Size

    9.4MB

  • Sample

    250321-3wbz8axlz7

  • MD5

    584af941017f437f35e4c0d457c22c0a

  • SHA1

    b84b59337eda585de666038d9f1a051440e2018f

  • SHA256

    207a4f9076aa04435c532f8d62ff134859abdca31bc0f11fc31aa4f8146ef9a1

  • SHA512

    38526099969861bfb8a87728e17bf929aea606af79357cd172931734f1cf24afc9e15322d00611ce25b241acb412921c5ad87d13965fd134e2ea16ba8df523c7

  • SSDEEP

    196608:Ns+q4ar9v0IaVbJTcPZq/oMziAsyTPE29w87PA:lq46wVbpcPEJzi07E0To

Malware Config

Targets

    • Target

      207a4f9076aa04435c532f8d62ff134859abdca31bc0f11fc31aa4f8146ef9a1

    • Size

      9.4MB

    • MD5

      584af941017f437f35e4c0d457c22c0a

    • SHA1

      b84b59337eda585de666038d9f1a051440e2018f

    • SHA256

      207a4f9076aa04435c532f8d62ff134859abdca31bc0f11fc31aa4f8146ef9a1

    • SHA512

      38526099969861bfb8a87728e17bf929aea606af79357cd172931734f1cf24afc9e15322d00611ce25b241acb412921c5ad87d13965fd134e2ea16ba8df523c7

    • SSDEEP

      196608:Ns+q4ar9v0IaVbJTcPZq/oMziAsyTPE29w87PA:lq46wVbpcPEJzi07E0To

    • Antidot

      Antidot is an Android banking trojan first seen in May 2024.

    • Antidot family

    • Antidot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Checks the application is allowed to request package installs through the package installer

      Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

    • Queries the mobile country code (MCC)

    • Target

      gubuza

    • Size

      7.9MB

    • MD5

      f90d4de771dcc141e100f811ad918f56

    • SHA1

      f3def8d2ec874c94e2eebc3ec707ee4e3ef1efa1

    • SHA256

      e35b6b6faa11919f72dd9ea82fc74acd07451da43902c7b137296aa7b4f308d2

    • SHA512

      743c07d5ea09cf716dd281a4fec6c2a82f65cba6fd1b3c68f48e841105904811da6a2ae8ef6714497249e6ca85d2a15afff655f4ce1715dbc00a4c6a0b8c4714

    • SSDEEP

      98304:71o/Kr5S91kNhqTKr1aB3eUCtofx+sJfhexflKfN2ieSyeTgnrSsa6:I91kNhw+1e7x1Jpexf0UYErSs/

    • Antidot

      Antidot is an Android banking trojan first seen in May 2024.

    • Antidot family

    • Antidot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Requests modifying system settings.

MITRE ATT&CK Mobile v15

Tasks