General

  • Target

    8fd64a79bb82be391831246f087f61e6b7efa91b1088de671b5a0505d74596f4

  • Size

    6.9MB

  • Sample

    250322-ay91tatygt

  • MD5

    08288e2f6635941c7dcf44ca1fc72b5d

  • SHA1

    ace53ea605e8deebe778d8da7f38212807a30b5c

  • SHA256

    8fd64a79bb82be391831246f087f61e6b7efa91b1088de671b5a0505d74596f4

  • SHA512

    4fba748e64dcafe2740fb9fb132f5c66846b26e88650376d5e368b7dd26599c772f3e2c27aa44d26e37d97d28245f8f66dafe635508a95732016002982238d3f

  • SSDEEP

    98304:+o/Kr+167klRoI4fslzEBzyHPxkZrSf/cd96hg+hbj2ieSyeTgnrSsnT:D67klRpaCnHP+ZWf/O96hg+QYErSsT

Malware Config

Targets

    • Target

      8fd64a79bb82be391831246f087f61e6b7efa91b1088de671b5a0505d74596f4

    • Size

      6.9MB

    • MD5

      08288e2f6635941c7dcf44ca1fc72b5d

    • SHA1

      ace53ea605e8deebe778d8da7f38212807a30b5c

    • SHA256

      8fd64a79bb82be391831246f087f61e6b7efa91b1088de671b5a0505d74596f4

    • SHA512

      4fba748e64dcafe2740fb9fb132f5c66846b26e88650376d5e368b7dd26599c772f3e2c27aa44d26e37d97d28245f8f66dafe635508a95732016002982238d3f

    • SSDEEP

      98304:+o/Kr+167klRoI4fslzEBzyHPxkZrSf/cd96hg+hbj2ieSyeTgnrSsnT:D67klRpaCnHP+ZWf/O96hg+QYErSsT

    • Antidot

      Antidot is an Android banking trojan first seen in May 2024.

    • Antidot family

    • Antidot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Requests modifying system settings.

MITRE ATT&CK Mobile v15

Tasks