Analysis Overview
SHA256
a2d9bf1c2a8eaa3e324c93bc4182d7a40b5b95534062341e6b6c02f8c3d661a9
Threat Level: Known bad
The file a2d9bf1c2a8eaa3e324c93bc4182d7a40b5b95534062341e6b6c02f8c3d661a9.bin was found to be: Known bad.
Malicious Activity Summary
Antidot payload
Antidot family
Loads dropped Dex/Jar
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-07-10 22:05
Signatures
Antidot family
Antidot payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-10 22:05
Reported
2024-07-10 22:16
Platform
android-x86-arm-20240624-en
Max time kernel
3s
Max time network
136s
Command Line
Signatures
Processes
rs.adsregex
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
Files
/data/data/rs.adsregex/dpt-libs/x86/libdpt.so
| MD5 | 122ef29cd1aac46fa82c41cd40ef61e0 |
| SHA1 | a659f4793db895dbeb598ef9dfab2f1bb17b3497 |
| SHA256 | 8bd3133b9b04e1932adc1dbc84b4b4ee75ae26b42aade3cdeca611fa85da109a |
| SHA512 | 5ce85f3a7dca8dcabad94e9af789ca1978bc5dfae2a8393f54b264c536c7fae2efce644bc42b848c3bc6d40a25cba75acea14c46dde9e5ad32e8ec4e8d3d8e5a |
/data/data/rs.adsregex/code_cache/i11111i111.zip
| MD5 | 58126170af87307181c176fdcdb6499a |
| SHA1 | 05def5c224a12a6b64cd250397f7dfab00174f9f |
| SHA256 | 459d973ff1baf8c8124e9a179cba43d82161745a38c60776d35c9113b440ccf2 |
| SHA512 | 07cab1f740ca33baf1ffd0000868ea0f4189c3d63d7c15b37d54dfed2d69cb591768f5de5c3115768ea94237c10a1249f95fcbdcafe7600bf9d0b778da8984d1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-10 22:05
Reported
2024-07-10 22:16
Platform
android-x64-20240624-en
Max time kernel
3s
Max time network
156s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/rs.adsregex/code_cache/i11111i111.zip | N/A | N/A |
| N/A | /data/user/0/rs.adsregex/code_cache/i11111i111.zip!classes2.dex | N/A | N/A |
Processes
rs.adsregex
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 172.217.169.46:443 | tcp | |
| GB | 172.217.169.74:443 | tcp |
Files
/data/data/rs.adsregex/dpt-libs/x86_64/libdpt.so
| MD5 | 14a36e2eea3edcb7a7b9f00668c86dde |
| SHA1 | 25b0cf4f6423d29402a533517fc6b1277f10d7b1 |
| SHA256 | 8f87c1fdcdadeafa04c11bc390675c2e293cddf8df09971854f637e19651070a |
| SHA512 | 695ebeb763361f19e1f6a561d88dd3b23e1c8284513e4a01e83a4876f92365c9653039595319f493450c2d75e04e9ff75ba5eeaab50c55363958b1ed279ef8d2 |
/data/data/rs.adsregex/code_cache/i11111i111.zip
| MD5 | 58126170af87307181c176fdcdb6499a |
| SHA1 | 05def5c224a12a6b64cd250397f7dfab00174f9f |
| SHA256 | 459d973ff1baf8c8124e9a179cba43d82161745a38c60776d35c9113b440ccf2 |
| SHA512 | 07cab1f740ca33baf1ffd0000868ea0f4189c3d63d7c15b37d54dfed2d69cb591768f5de5c3115768ea94237c10a1249f95fcbdcafe7600bf9d0b778da8984d1 |
/data/user/0/rs.adsregex/code_cache/i11111i111.zip
| MD5 | bf8e3906efde15a2584c6f1aef990652 |
| SHA1 | 48fe4ff301934df9e2fe47e92d6b4b5ad28bfa4b |
| SHA256 | 60ef522353a5654305a7709dec341fe643bda55a325f16583a9e25c731cf6b7a |
| SHA512 | 8c67bb09b896535807c35359d740012adc412cff920aff3fb80f5db2f7e33a795275d07377e60a5635fbd10322a500d20b93e9140de832c87e4ea01cc4d14c05 |
/data/user/0/rs.adsregex/code_cache/i11111i111.zip!classes2.dex
| MD5 | c15804d75ad84c1de89596a48950be14 |
| SHA1 | 571ed1b9dfc541b2b3929bfa5727b408cae2bb8e |
| SHA256 | 07072b1c20c4cf6785cba0ea43158365c46dc027e5fb0d43a27826fa1206e5e4 |
| SHA512 | 0612cc8aa98385477592de07c9c8cb5ad602d423a469c0c9cfc6341ff46aa2d4e84be5217bc087fc82f15dbdd2ccce1d72e37e3ff88a9405f4da21538e39e689 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-10 22:05
Reported
2024-07-10 22:17
Platform
android-x64-arm64-20240624-en
Max time kernel
4s
Max time network
132s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/rs.adsregex/code_cache/i11111i111.zip | N/A | N/A |
| N/A | /data/user/0/rs.adsregex/code_cache/i11111i111.zip!classes2.dex | N/A | N/A |
Processes
rs.adsregex
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.212.238:443 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp |
Files
/data/data/rs.adsregex/dpt-libs/x86_64/libdpt.so
| MD5 | 14a36e2eea3edcb7a7b9f00668c86dde |
| SHA1 | 25b0cf4f6423d29402a533517fc6b1277f10d7b1 |
| SHA256 | 8f87c1fdcdadeafa04c11bc390675c2e293cddf8df09971854f637e19651070a |
| SHA512 | 695ebeb763361f19e1f6a561d88dd3b23e1c8284513e4a01e83a4876f92365c9653039595319f493450c2d75e04e9ff75ba5eeaab50c55363958b1ed279ef8d2 |
/data/data/rs.adsregex/code_cache/i11111i111.zip
| MD5 | 58126170af87307181c176fdcdb6499a |
| SHA1 | 05def5c224a12a6b64cd250397f7dfab00174f9f |
| SHA256 | 459d973ff1baf8c8124e9a179cba43d82161745a38c60776d35c9113b440ccf2 |
| SHA512 | 07cab1f740ca33baf1ffd0000868ea0f4189c3d63d7c15b37d54dfed2d69cb591768f5de5c3115768ea94237c10a1249f95fcbdcafe7600bf9d0b778da8984d1 |
/data/user/0/rs.adsregex/code_cache/i11111i111.zip
| MD5 | bf8e3906efde15a2584c6f1aef990652 |
| SHA1 | 48fe4ff301934df9e2fe47e92d6b4b5ad28bfa4b |
| SHA256 | 60ef522353a5654305a7709dec341fe643bda55a325f16583a9e25c731cf6b7a |
| SHA512 | 8c67bb09b896535807c35359d740012adc412cff920aff3fb80f5db2f7e33a795275d07377e60a5635fbd10322a500d20b93e9140de832c87e4ea01cc4d14c05 |
/data/user/0/rs.adsregex/code_cache/i11111i111.zip!classes2.dex
| MD5 | c15804d75ad84c1de89596a48950be14 |
| SHA1 | 571ed1b9dfc541b2b3929bfa5727b408cae2bb8e |
| SHA256 | 07072b1c20c4cf6785cba0ea43158365c46dc027e5fb0d43a27826fa1206e5e4 |
| SHA512 | 0612cc8aa98385477592de07c9c8cb5ad602d423a469c0c9cfc6341ff46aa2d4e84be5217bc087fc82f15dbdd2ccce1d72e37e3ff88a9405f4da21538e39e689 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-10 22:05
Reported
2024-07-10 22:14
Platform
android-x86-arm-20240624-en
Max time network
3s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-07-10 22:05
Reported
2024-07-10 22:14
Platform
android-x64-20240624-en
Max time network
4s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-07-10 22:05
Reported
2024-07-10 22:14
Platform
android-x64-arm64-20240624-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |