Overview

overview

10

Static

static

6

522ecc4fea...0e.apk

android-13-x64

10

522ecc4fea...0e.apk

android-9-x86

10

buzijebe.apk

android-13-x64

10

buzijebe.apk

android-9-x86

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e

  • Size

    7.6MB

  • Sample

    250322-a27pvsxr16

  • MD5

    8bd73012c635927e05a209cebcedad37

  • SHA1

    5f6e68eea4ef68420876730bd93572778e1fa52d

  • SHA256

    522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e

  • SHA512

    d820d0fe7a10454da060316ba29725c6418004a9067d4f99c1df7ee2b58d94125d5ee03c42bc1bc3543f58b1d9e494b7d5fd223921febaed4781e1920ca0d36a

  • SSDEEP

    196608:vkhZribESEI+uFcqOPUujsawfAn05Lu0wwP7n:hbEnuFadjsWsLu0zT

Score
10/10
antidotandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e

    • Size

      7.6MB

    • MD5

      8bd73012c635927e05a209cebcedad37

    • SHA1

      5f6e68eea4ef68420876730bd93572778e1fa52d

    • SHA256

      522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e

    • SHA512

      d820d0fe7a10454da060316ba29725c6418004a9067d4f99c1df7ee2b58d94125d5ee03c42bc1bc3543f58b1d9e494b7d5fd223921febaed4781e1920ca0d36a

    • SSDEEP

      196608:vkhZribESEI+uFcqOPUujsawfAn05Lu0wwP7n:hbEnuFadjsWsLu0zT

    Score
    10/10
    antidotbankercollectioncredential_accessdefense_evasionevasionexecutionimpactinfostealerpersistencetrojandiscovery

    • Antidot

      Antidot is an Android banking trojan first seen in May 2024.

      bankertrojaninfostealerantidot

    • Antidot family

      antidot

    • Antidot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Checks the application is allowed to request package installs through the package installer

      Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

      defense_evasion

    • Queries the mobile country code (MCC)

      discovery
    behavioral1behavioral2

    • Target

      buzijebe

    • Size

      7.4MB

    • MD5

      c42140c0a8148c57758f458163ace169

    • SHA1

      077f9b9a58aff46be9f3a5fa01b0e2b6c59d1124

    • SHA256

      8203f6c3e5a40e8fa19e54f8d235083e2de56efbf8f8f31e14af3c893c721843

    • SHA512

      477e58295e6773e831b985a33397576b324cf738d8d965a612b1e54e047df045c6fac2b1c6065928e195a047d3c97391e7f39af3f1cffcf0cf2eada006d91d80

    • SSDEEP

      98304:Qo/Kr68ddHh0yyRLirBcQBU3uCWe+2ieSyeTgnrSs2A5uDa/vGX5RzDlb:iddHh3YLtYErSsPQEvK5RNb

    Score
    10/10
    antidotbankercollectioncredential_accessdefense_evasionevasionexecutionimpactinfostealerpersistencetrojandiscovery

    • Antidot

      Antidot is an Android banking trojan first seen in May 2024.

      bankertrojaninfostealerantidot

    • Antidot family

      antidot

    • Antidot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries the mobile country code (MCC)

      discovery

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion

    • Requests modifying system settings.

      defense_evasion
    behavioral3behavioral4

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Subvert Trust Controls

1
T1632

Code Signing Policy Modification

1
T1632.001

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Tasks