Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

176c15abd8...18.apk

android-9-x86

176c15abd8...18.apk

android-10-x64

10

176c15abd8...18.apk

android-11-x64

10

sitiriviyapi.apk

android-9-x86

sitiriviyapi.apk

android-10-x64

10

sitiriviyapi.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    176c15abd8129000e3aca8533e284861787a531e33ea0880de5653769ebaa218

  • Size

    8.2MB

  • Sample

    250321-vf5nlatsht

  • MD5

    55b16a8cc81fca626083e08630c79f73

  • SHA1

    cc4446fc2563a72f3a1174ae950a8de27f7a72c9

  • SHA256

    176c15abd8129000e3aca8533e284861787a531e33ea0880de5653769ebaa218

  • SHA512

    c909ccacfee40f677ed89407248832e53fdb0c135e5dda375201b45782fdf357d411fbe5f1609926edb3283c46c16a3905479a68fe3589e9a8ea59ac78564a14

  • SSDEEP

    98304:IT3Azfy9xAcCJla+YmAtgOJvIK2RRb8OpRTqiaWG9Mt8sraryz9Hhuww/IC/vS+G:pfEqJoLftgO1Qj98Nz+zzuwi/q+96iK

Score
10/10
antidotandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      176c15abd8129000e3aca8533e284861787a531e33ea0880de5653769ebaa218

    • Size

      8.2MB

    • MD5

      55b16a8cc81fca626083e08630c79f73

    • SHA1

      cc4446fc2563a72f3a1174ae950a8de27f7a72c9

    • SHA256

      176c15abd8129000e3aca8533e284861787a531e33ea0880de5653769ebaa218

    • SHA512

      c909ccacfee40f677ed89407248832e53fdb0c135e5dda375201b45782fdf357d411fbe5f1609926edb3283c46c16a3905479a68fe3589e9a8ea59ac78564a14

    • SSDEEP

      98304:IT3Azfy9xAcCJla+YmAtgOJvIK2RRb8OpRTqiaWG9Mt8sraryz9Hhuww/IC/vS+G:pfEqJoLftgO1Qj98Nz+zzuwi/q+96iK

    Score
    10/10
    antidotbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

    • Antidot

      Antidot is an Android banking trojan first seen in May 2024.

      bankertrojaninfostealerantidot

    • Antidot family

      antidot

    • Antidot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Checks the application is allowed to request package installs through the package installer

      Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

      defense_evasion

    • Queries the mobile country code (MCC)

      discovery
    behavioral1behavioral2behavioral3

    • Target

      sitiriviyapi

    • Size

      6.9MB

    • MD5

      37b18d5c27edaf96d3d23f0dc6db55e3

    • SHA1

      c1c9d6f407eeb159ec90c1601d5486375aa9314e

    • SHA256

      65e49b30e5a3ed351a2e9fd2ec40ced992136a19451a2af6322c7955f64458af

    • SHA512

      070b2349ef41ffe17788b801d18296fc74308003e86fbc392884b9631f3dd359a1e03098326776f5966b04cf35411f079893a27b2b5de50c934c3f0a5624b79a

    • SSDEEP

      98304:sD7Gt0stmNCpTrVJBQ8vDo/KrZLeRxGm/ttVJyCw7OR9:U3ApFJ1eRxGm/ttV47O3

    Score
    10/10
    antidotbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

    • Antidot

      Antidot is an Android banking trojan first seen in May 2024.

      bankertrojaninfostealerantidot

    • Antidot family

      antidot

    • Antidot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Reads the contacts stored on the device.

      collection

    • Reads the content of the SMS messages.

      collection

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Requests uninstalling the application.

      defense_evasion
    behavioral4behavioral5behavioral6

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Indicator Removal on Host

1
T1630

Uninstall Malicious Application

1
T1630.001

Input Injection

1
T1516

Subvert Trust Controls

1
T1632

Code Signing Policy Modification

1
T1632.001

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

2
T1636

Contact List

1
T1636.003

SMS Messages

1
T1636.004

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Tasks