Overview

overview

10

Static

static

6

09018457e7...33.apk

android-13-x64

10

09018457e7...33.apk

android-9-x86

10

risezikixo.apk

android-13-x64

10

risezikixo.apk

android-9-x86

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09018457e7366d2b54ae1ce19ad5ea61ac0f58464d6858c41b358f0a37cf3233

  • Size

    8.1MB

  • Sample

    250322-aqsfsstxct

  • MD5

    ce089137681025986be62b70339bbacd

  • SHA1

    e81dc0f6b2df641c3d58e54c77a20438fb14b24c

  • SHA256

    09018457e7366d2b54ae1ce19ad5ea61ac0f58464d6858c41b358f0a37cf3233

  • SHA512

    3cfd5642eb535fe7148c073d6d67b62f0afbd043f1d00508495816c84645c7fd29393113d0384737f148ade65fa1ea00683b8698ae46ad8b4cfe6c9aa5bb0240

  • SSDEEP

    196608:tp8YoZUkjZlU5u8ZLpqIFuAn3oE3TUbHcSjIsGscvdX:/oZTFA3dbu0ZUYUrBa

Score
10/10
antidotandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      09018457e7366d2b54ae1ce19ad5ea61ac0f58464d6858c41b358f0a37cf3233

    • Size

      8.1MB

    • MD5

      ce089137681025986be62b70339bbacd

    • SHA1

      e81dc0f6b2df641c3d58e54c77a20438fb14b24c

    • SHA256

      09018457e7366d2b54ae1ce19ad5ea61ac0f58464d6858c41b358f0a37cf3233

    • SHA512

      3cfd5642eb535fe7148c073d6d67b62f0afbd043f1d00508495816c84645c7fd29393113d0384737f148ade65fa1ea00683b8698ae46ad8b4cfe6c9aa5bb0240

    • SSDEEP

      196608:tp8YoZUkjZlU5u8ZLpqIFuAn3oE3TUbHcSjIsGscvdX:/oZTFA3dbu0ZUYUrBa

    Score
    10/10
    antidotbankercollectioncredential_accessdefense_evasionevasionexecutionimpactinfostealerpersistencetrojandiscovery

    • Antidot

      Antidot is an Android banking trojan first seen in May 2024.

      bankertrojaninfostealerantidot

    • Antidot family

      antidot

    • Antidot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Checks the application is allowed to request package installs through the package installer

      Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

      defense_evasion

    • Queries the mobile country code (MCC)

      discovery
    behavioral1behavioral2

    • Target

      risezikixo

    • Size

      7.6MB

    • MD5

      4a4754d54b066ec39f69a8c4d5f6684b

    • SHA1

      6f12b8f89943ad99c1a7fd872070b28a44783d6e

    • SHA256

      aba358b9c43696eb01fd4ad64db6d55b2e3bf192a05e8a2b658fc43e0d74c2e1

    • SHA512

      6d17d8ffc9c9a20a73739ae5c967ef4644c1e314f8952ee5234de38cae9495ea7f6d9caebc770ddbf3a86c6179fca69891606ef5cf7709ee89e41cea269ba7b8

    • SSDEEP

      98304:SlO3ZBo9NyKP90roRSIC2zf2xCjtP2pLfqH7k3Gqh3BQJgozGaLBP6xwPC5s4Quq:xmmDC1Lk3GqhxQ6Lt2yaLWZdsa+

    Score
    10/10
    antidotbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

    • Antidot

      Antidot is an Android banking trojan first seen in May 2024.

      bankertrojaninfostealerantidot

    • Antidot family

      antidot

    • Antidot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion

    • Requests modifying system settings.

      defense_evasion
    behavioral3behavioral4

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Subvert Trust Controls

1
T1632

Code Signing Policy Modification

1
T1632.001

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Tasks