antidot

General

Target

Update.zip
Size

11.6MB
Sample

250404-k397gswms5
MD5

1e996cfb7d6ea0cf04ff3a6a51a74b41
SHA1

f10e7fa0963092bc8158af4a022c281cf161e5ea
SHA256

b039eb4e742a77a99452781f9de0aafd51bcfad6dcfea745e88200d0dd1ab69a
SHA512

a8c6a56ee80a2e8e5dc73cbeb1418430133039dc5a385c8388fea2669b7e1879be40981c896f46b52d8961c3da4ea1201d0956e9ecac0f52a8f147362cf4dce5
SSDEEP

196608:MaCJuUOsY23cRw0EN2jXhdlnF9+m0h96de9iYZJl2qMoE/eQi7wA7jy:MLPOsYQkwDN2jX1nFYvsMJZT2JoELFC2

Score

10^/10

Malware Config

Targets

- Target
  
  Update.apk
- Size
  
  17.1MB
- MD5
  
  d44caa02e4fa7e2992b327abb4242791
- SHA1
  
  2ec56ee9ad5fe44a3407ff977c6d0b5dfe4704e6
- SHA256
  
  3de709dadce6084258b4928145e5da404affeeedad19426f93a2741d6fd6dcf4
- SHA512
  
  46b0c1d1a118bbfe621a1f95d2186259db9f3d458adbfdd07686961559d88b37252b1d71fdd4d9aad6e6f6e2b120c906fd52dc04612ae6e1de17fe9d356af57a
- SSDEEP
  
  393216:n/6/FU/4HPKDDeXtn7rqqn8W41YRdcz27+rDrfn7S3Zd:n/6924yDiXZr18W41YRvwDrfmZd
Score

10^/10

antidot banker defense_evasion discovery evasion execution infostealer persistence trojan collection credential_access impact
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot family
  antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Checks the application is allowed to request package installs through the package installer
  Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
  defense_evasion
- Queries the mobile country code (MCC)
  discovery
- Requests allowing to install additional applications from unknown sources.
  defense_evasion
behavioral1 behavioral2 behavioral3
- Target
  
  vibufagafa
- Size
  
  9.9MB
- MD5
  
  6f6aa0edc0e3e93700384a88a519aee2
- SHA1
  
  6dbf7f2185e3bc368f07a9009f9322f2e85c3181
- SHA256
  
  54819e64834851d97c6dfd6c48e4c2b65d5bded096eef41ebb4eb478f082842f
- SHA512
  
  20377ebedeaf463fdb9b4aae4d8b9e230fbbce0707d52491436e0f8a2955087e73f7b1190197c84b3e31c6bdd559c018f5755315f55e89a8e1c3820e65457bed
- SSDEEP
  
  196608:4ctSV521/8flAkCaqtrdDDeXtUu7rqLen1GxW89oY1Y4:0U/4HPKDDeXtn7rqqn8W41Y4
Score

10^/10

antidot banker collection credential_access defense_evasion discovery evasion execution impact infostealer persistence trojan
- Antidot
  Antidot is an Android banking trojan first seen in May 2024.
  banker trojan infostealer antidot
- Antidot family
  antidot
- Antidot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Requests uninstalling the application.
  defense_evasion
behavioral4 behavioral5 behavioral6