General
-
Target
a5c27285f6430c0b0550fdc6040795e772246458e33aed4c0dc263dbcf4c1133
-
Size
9.5MB
-
Sample
250321-3yqw6attcw
-
MD5
024e9e7e1c50c32b84a48a5e4d0db0fe
-
SHA1
7e699eb65a644a076aca47f55d76d747efb3fc2a
-
SHA256
a5c27285f6430c0b0550fdc6040795e772246458e33aed4c0dc263dbcf4c1133
-
SHA512
d5bd18194edae257c31a0913c3e6f4e9295de64a09df96a9857f24d68960fc7008968782f9a43853259e6b728cac88d2f410292e1acee219a89b09d3586e3ad3
-
SSDEEP
196608:s9WPt+jBDpRqOOvyBs1zNn48YErSsFhoq:DqvqOdszNn4irSseq
Malware Config
Targets
-
-
Target
a5c27285f6430c0b0550fdc6040795e772246458e33aed4c0dc263dbcf4c1133
-
Size
9.5MB
-
MD5
024e9e7e1c50c32b84a48a5e4d0db0fe
-
SHA1
7e699eb65a644a076aca47f55d76d747efb3fc2a
-
SHA256
a5c27285f6430c0b0550fdc6040795e772246458e33aed4c0dc263dbcf4c1133
-
SHA512
d5bd18194edae257c31a0913c3e6f4e9295de64a09df96a9857f24d68960fc7008968782f9a43853259e6b728cac88d2f410292e1acee219a89b09d3586e3ad3
-
SSDEEP
196608:s9WPt+jBDpRqOOvyBs1zNn48YErSsFhoq:DqvqOdszNn4irSseq
Score10/10-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Requests modifying system settings.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1