General
-
Target
7214d315b6d9c582e6f06769c890515c6c8340d3f1bfebc57f8a2977f021691a
-
Size
9.9MB
-
Sample
250322-apb3estxas
-
MD5
0b3acfb4a4d609fdfcaea52f71418a17
-
SHA1
356490fdb6d169787c9515c02e0699fe48d54196
-
SHA256
7214d315b6d9c582e6f06769c890515c6c8340d3f1bfebc57f8a2977f021691a
-
SHA512
abe971fbcb5fe88d4a12ab200326f4850b61af919c1430510de4c233c6a3aa31bf5cfc40e099849cdbffab5ee6c5d2363e4f37890b00ba9ba185d603633f1458
-
SSDEEP
196608:9dLrZ7+n1A4GXJai7EvApOUGICoxYErSsik8uf:1yRsJai7EvApXGGjrSm8uf
Malware Config
Targets
-
-
Target
7214d315b6d9c582e6f06769c890515c6c8340d3f1bfebc57f8a2977f021691a
-
Size
9.9MB
-
MD5
0b3acfb4a4d609fdfcaea52f71418a17
-
SHA1
356490fdb6d169787c9515c02e0699fe48d54196
-
SHA256
7214d315b6d9c582e6f06769c890515c6c8340d3f1bfebc57f8a2977f021691a
-
SHA512
abe971fbcb5fe88d4a12ab200326f4850b61af919c1430510de4c233c6a3aa31bf5cfc40e099849cdbffab5ee6c5d2363e4f37890b00ba9ba185d603633f1458
-
SSDEEP
196608:9dLrZ7+n1A4GXJai7EvApOUGICoxYErSsik8uf:1yRsJai7EvApXGGjrSm8uf
Score10/10-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Requests modifying system settings.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1