antidot

General

Target

new_chrome_v8.4.35.apk
Size

16.8MB
Sample

250323-jfv9datvbt
MD5

4d7c8b05b2af242297137a70f9f6216d
SHA1

b2cd4d335ac946bdac5b02a215f649f35c57464c
SHA256

e893374ee1f3e1a7ccabab85d2f47c64d7cf0781f64f5e0bb7a96368327919a9
SHA512

2f6a50a9362ce29a617b078eed0c660a096a6e2d633dc3aaff144316ca6065f6a2971161168ca4a1d82d1fd93e222238804e371a706948ae8bf1bf8bbe30ce5d
SSDEEP

393216:HcowMPJkvcCCthgGKztNk+s/kUIOgWRfWnDv45v62D6:H3HkVGytqLkU6WRfB5vlu

Score

10^/10

Malware Config

Targets

- Target
  
  new_chrome_v8.4.35.apk
- Size
  
  16.8MB
- MD5
  
  4d7c8b05b2af242297137a70f9f6216d
- SHA1
  
  b2cd4d335ac946bdac5b02a215f649f35c57464c
- SHA256
  
  e893374ee1f3e1a7ccabab85d2f47c64d7cf0781f64f5e0bb7a96368327919a9
- SHA512
  
  2f6a50a9362ce29a617b078eed0c660a096a6e2d633dc3aaff144316ca6065f6a2971161168ca4a1d82d1fd93e222238804e371a706948ae8bf1bf8bbe30ce5d
- SSDEEP
  
  393216:HcowMPJkvcCCthgGKztNk+s/kUIOgWRfWnDv45v62D6:H3HkVGytqLkU6WRfB5vlu
Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan collection credential_access defense_evasion impact
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot family
  antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Checks the application is allowed to request package installs through the package installer
  Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
  defense_evasion
- Queries the mobile country code (MCC)
  discovery
behavioral1 behavioral2 behavioral3
- Target
  
  jixofobu
- Size
  
  9.6MB
- MD5
  
  7f4cd817e65363a0d9e47a2c89d53d96
- SHA1
  
  59560a4005b338883a77e920bdf1eaae6bbdb04d
- SHA256
  
  f9f89b6f4b104cfa5f764d1c607ff35799146dd65a5b8634fcaec3eca84ea39a
- SHA512
  
  f5cba2f7c0f7b02143906834fa3a7769507b126ea13867b63dec829dbc6ee0ab2099acc3df96b04d04a8e8c3e8479b565f4521f91af1b173869f14f3f3c51e02
- SSDEEP
  
  196608:ZZrwI0owMqyEt6FGvcmVjCwGeH5H17j8gGK+6tNkidKlWFGkWDW+N3:ZcowMPJkvcCCthgGKztNk+s/kU3
Score

10^/10

antidot banker collection credential_access discovery evasion execution impact infostealer persistence trojan defense_evasion
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot family
  antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
- Requests modifying system settings.
  defense_evasion
behavioral4 behavioral5 behavioral6