Analysis
-
max time kernel
55s -
max time network
135s -
platform
android_x64 -
resource
android-x64-arm64-20240624-es -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-eslocale:es-esos:android-11-x64system -
submitted
27/11/2024, 10:41
Static task
static1
Behavioral task
behavioral1
Sample
1f0e2b0a9ede1f1b99764e79b49f9ec8f709da7b0ac501ce3505b7db9fe25caa.apk
Resource
android-x64-20240624-es
Behavioral task
behavioral2
Sample
1f0e2b0a9ede1f1b99764e79b49f9ec8f709da7b0ac501ce3505b7db9fe25caa.apk
Resource
android-x64-arm64-20240624-es
Behavioral task
behavioral3
Sample
1f0e2b0a9ede1f1b99764e79b49f9ec8f709da7b0ac501ce3505b7db9fe25caa.apk
Resource
android-33-x64-arm64-20240624-es
Behavioral task
behavioral4
Sample
1f0e2b0a9ede1f1b99764e79b49f9ec8f709da7b0ac501ce3505b7db9fe25caa.apk
Resource
android-x86-arm-20240624-es
Behavioral task
behavioral5
Sample
dexizuzi.apk
Resource
android-x64-20240624-es
Behavioral task
behavioral6
Sample
dexizuzi.apk
Resource
android-x64-arm64-20240624-es
Behavioral task
behavioral7
Sample
dexizuzi.apk
Resource
android-33-x64-arm64-20240624-es
Behavioral task
behavioral8
Sample
dexizuzi.apk
Resource
android-x86-arm-20240624-es
General
-
Target
1f0e2b0a9ede1f1b99764e79b49f9ec8f709da7b0ac501ce3505b7db9fe25caa.apk
-
Size
10.2MB
-
MD5
4982e66fcc1ad470d0a93022b3c7dcc0
-
SHA1
07f382fb173f77be877de9f77fc92b52ba8b270a
-
SHA256
1f0e2b0a9ede1f1b99764e79b49f9ec8f709da7b0ac501ce3505b7db9fe25caa
-
SHA512
03a418077f362133c4631aa7f170973b724d1d56ac07fd1d3e5db17d4c23abe56182680de9c309ad92c33bc421aa0875da107a4aec386ab1bcd4a2cacb1e69fa
-
SSDEEP
196608:0oopuBYsGq7W4tjN2OfH8I1jWMMh7QNNjDNcAGoVQGlRlo1TvWM:MHOW4tjN2M1jkFgjD2+VQonoBvWM
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
resource yara_rule behavioral2/memory/4610-0.dex family_antidot -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.redewabobo.ASCII/app_afraid/YHfPRq.json 4610 com.redewabobo.ASCII -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.redewabobo.ASCII -
Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
description ioc Process Framework service call android.content.pm.IPackageManager.canRequestPackageInstalls com.redewabobo.ASCII -
Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.MANAGE_UNKNOWN_APP_SOURCES com.redewabobo.ASCII -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.redewabobo.ASCII -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.redewabobo.ASCII -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.redewabobo.ASCII
Processes
-
com.redewabobo.ASCII1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Requests allowing to install additional applications from unknown sources.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4610
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
609KB
MD56d4147d5dc237d47e6047e7c9e143a1f
SHA188a3ca6e99ed83b181ac91925ce79a2bf64e29d3
SHA256a6127a9f0f4f6b4b8e926a67ed03fa06223a5244c1429e71ff4b600d761f89aa
SHA512f2c4ef369841d60d92e3030c64c495712bd0300d1a82f4d86af44e4f888b216fbea5ac6d082d61413798094ed4fed6ad3e802f2d06b388d7e3fe1753c7d0b469
-
Filesize
609KB
MD5d29ff5767cac5e17ea2ad5110aa71597
SHA162ad19dbe39d41afae9f78e423eb182da8a89c85
SHA25670a1ede06d781289b40d4980a35041d9e58504e5a4d55209360469ba70491cf3
SHA512f8dd1eb911e8f591131d162d38dc2a29b24f87f0e052de2005abfb43a2560c0641ee48c2b587739a4a469322847ecf6c7ec8e2a88aa3af8ec654868443e1b1f1
-
Filesize
8B
MD5a172cf2fffa310f2adeda3ef06fad18b
SHA1ab8c649b0fb4a82fd5e4143bcb7d31c35aeb1763
SHA2565857d2745dd1a77c70aa6cd5916d62c2a05ade35e6e447ddf61142a0d5401a0a
SHA512d60d076efb08fb025c959841a57b13f3f21c98aa15f42603d326c91c08157143f5ed7b9629dd8cf55ac93eb113eaa8bfea339b0e274da14184c234fba27222e9
-
Filesize
112KB
MD5e1997a5626854c7b22198bc8b3f46b5d
SHA1f4c6a4242c8dc657a35744e6d3940323ac8b7b53
SHA2568cf53abc9310146899195164430438890f03ad56047be0e1a74c5e661940aa0d
SHA512119c493e224a4c8b0131fe0435147af24d2a567aae233485bdfccbdcbc211cf7f0d5965d03f8c01e779d4a199cd5e448067769d38114eb69759ee7cb49783c9d
-
Filesize
512B
MD5147b1a3f59b465d4cf899fe84062c33c
SHA1119fc1a6b9b404370bafbb0874a2250e76dfca0a
SHA2564611e636600f5ec00a9501881e45887de0e7ca2225558899922df42f8eddfabc
SHA5129e1762aa9869ae975e420aa583f54a2d6813bdabd066d6f5ff66e4264aadaa7278f48bbada1a50f1a6aaf6fcc10554d472bc8b53d15b5998777669544e6dc41d
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
414KB
MD53536fe1b6dd3ca42ea0e97024dcb490d
SHA1c913de36c0d222da16b3ff0047b7eb9356e83a3c
SHA256377ddeba5339800ebf876b2342f9c60cec94c6a3f0e5c8e26e173b660225f59d
SHA5120e2d3fa15afc54e886c351a4a4a0cbb18ebb5dead002a38267a5f6368ecad23f02cd3ac834c8b1bc6e61184fda3be0e5fe6596be8e0bda0faef9861524f846af
-
Filesize
16KB
MD5b562bdc675e066227bf97a7ade45c2b2
SHA19ae92f55f0a3adf6a4e88b9212a586f795157e90
SHA256cc8ec29969fb6a608926b9e2ac394e49ce97dc5a0907ae395628c95c25df6a33
SHA5129ecd83f3d8d04fb9d9f739be262a3a81f3b1bb91ef871affb7724030104c61a907f0efa6cc7d20a2aad8960fbd8745c4f8b5e60b367a7cddd404ab1e9d0c60c1
-
Filesize
116KB
MD52621a48f72ac9854e79ad4602470692e
SHA1207d70ff3e6f8b81424876435519deac1e25305e
SHA256381e300236ecfe0f973500b3f0a6c5e8f336c775539cc6c1ff83e18cbee53205
SHA512a7efb19a99aad9c4d30d37fbde683874aeef805f10e798fcadda602eaf963ba5f47162b4d7922b4f6ff44070cfc23b9b4cdb9fdad333ea7b64efcb24f0718e03
-
Filesize
992B
MD5f9fb0ef0764e987c965397688b5e58ad
SHA15b2c1dad6b5f1a301948924fcdf8b574dae57a4c
SHA256531ba96667421fe63883c0f7cba6ccb49ff301192bc9467224f7be0fcee74181
SHA5122a6e6637e2cbd978314f773a91613779bfdccd3b7bfd270f6eadd3b698969ac6cd8ea553d8eb7d3df4cbe905fdf61f5f745602173023cdf9795b10edb32e31e0
-
Filesize
1.3MB
MD5c32af470fb777428515b5c01369fd81f
SHA172e65e062280b2a13b4792630119392bfd451860
SHA2568c110fecd6d2f3d6b22ec6885d03199e64bba8e79d6d0acc8ad16f6cfb4a05a5
SHA512bb40e7eac8d0861a060a37632ce6d679503972309cf510267ede98e7d9e0b14b252bd222300db3ed1e696e69d6f47c852129f8d52eff29fb34319cefc1dbb500