Analysis
-
max time kernel
149s -
max time network
156s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-es -
resource tags
-
submitted
27/11/2024, 10:41
General
-
Target
dexizuzi.apk
-
Size
11.2MB
-
MD5
4d2d8be66cefc3008f2ea85ea4f933d3
-
SHA1
f492eddbdd49930308ddf8424c629d515fe2d29d
-
SHA256
86f8ca31bddccc5c65cc6de18a9e8801e65e7e6169b6734bc1bfe4cea0fd9071
-
SHA512
671fe2bd7c25b0a7755ee8fb24a5ac0de92559271608245a8e80d9b051a0a07dc4ec8e75ec727301dfce6b6d5606d3ecae46684a117fba0dfd965871f79dc884
-
SSDEEP
196608:LowNHsXbyO9yeieCROoarJ4xNK1YErSsl:LgbCeieCglVgKHrSw
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Requests enabling of the accessibility settings. 1 IoCs
-
Requests uninstalling the application. 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.kokevugopa.backup1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests enabling of the accessibility settings.
- Requests uninstalling the application.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
945KB
MD589d3aa39d5633f0cfa22b048a9634b87
SHA1d970800618282248195d94f7c49ba78410aa8832
SHA2565bd6add73e8898a8ab316357e6cc4a8cb98d05ef314f1576de0f3e227852045f
SHA5127a7923f258e61c0c619b8731fe6d2bde5237b732cb09c28d8af9aa759f431c12e8207008bbeef72894df9222be044801c7b683ca4d266beab9915adc04767a28
-
Filesize
945KB
MD56cfbb48353b6d9b96774e4f142d66d24
SHA1dc296970a251a4fc9413c6f03f23e433bbcd6c23
SHA25669b4eacd73f0fb5b52bd6ed6e8fa6bea4f20f3449c371e87330a504ba954b1f0
SHA512651e5f569fbbf82fedcf7c7f4fa5ed20c5b133ac6bb710818c6dd0de0185142f8c1b1e914e4961ab55deec600da33a097a57290adcc61f7d1432715d872b1711
-
Filesize
36KB
MD5dd36f22178ad58514ced17eab7d8b8ab
SHA1949f6d6947aabe22875613efd673fb761b5f112a
SHA2564221756438d80081dfc6e8499fbd5c04e0ff7df3c787225cda1a8658e73a75c9
SHA5126f14bfe1b7017baecf22dce9866266b640d08b1a53ff1ccb804e3c387fd4a48258f618f84f067021913bec59954fd0bac4ffa66e2df4f9be6753581e759b386a
-
Filesize
24B
MD58fe0d823e33986d0b71d01088a1b52fe
SHA16ae0c1e0cb9f580f4f2edf056cc6702306984946
SHA25600874d24bc2cff64f90af59256baf2d70a00227c4a3b6d14cba926a116d41d98
SHA5120a2a031daa07e9394fbae4f995c95ef3070d4a24f1413e09702aaff13a32dedcc771018ae7237ac49cd27e5b149e4f886db92d84310fbb52a5d8e3acf0056078
-
Filesize
8B
MD51665355e97308f5332768fc9500ccf22
SHA131a0b88ca4e540fdb5a731d1779be52d742ef478
SHA256fbdb6ec2b93d0cdf279d81354d056c3c88222f89d1303c445b896dfcb753d268
SHA512dd8805388f0834b5eb36e36bfa61eec3ceeb5b57966e3738cc3dd5ad403df284121680108ce14b8f3b33946587ad12114935c02f39ec2d7da630dbd50cb3fc81
-
Filesize
104KB
MD555f9e3d4b69a6ea436bf2bb13c39677f
SHA10d1eac6c34ab64af5704f3174dbbd48926b9ac39
SHA2560fcf97512edd96bca16d2628b3cc391413db271e59ffecd60b2f7dcf84e92880
SHA5127761dd131feb29e93527d8eecff01235f6b06b711201400b9d576dd5af174da8587649e7d665234ae327ab431e031c6ca367ebc8dc5e1e3f250f4a7be7a51d61
-
Filesize
512B
MD5f82c156d3041f506629a4734bb94f328
SHA1275ece352dea8764ab1f0bb3cd99033c696f3e22
SHA256574a556643da87e6cc816f40cc32267f4d408c23d4d695a4fe2b3027de30e0ce
SHA512ef5848eacc75ee37231a3eb53ece166ae8eeeef88a4e125fdbcab3ca49978a61b968ea85c38ac033a854308a695ad0a027097a06d6ea422be77936b9a9c17d8a
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
116KB
MD54c833f9df24c4c1844fb7a2ef8d4785c
SHA12bcf9078670a5321f52c26744982c73d3d546c89
SHA2565e7fe1f05f4caf337e984dbfa2063d5cbf64df8e082a19443e789a286bc615f0
SHA51282ada0745df885dfc6ea39aa28f49360d4abfdd5100794ec6650c4d4298333305f94c39afbd476b7ab3d41be3712c18e82dcf60f4c71cf79855e631ae91cbb45
-
Filesize
414KB
MD5b1253a799c87ad7d56c868a54ed13f1f
SHA1843e1491356a01dd7254fbf61e8f54271a32f6c1
SHA25600c7b394ad7bda936ab75b5f9c0342f348e2510c538167ff9cf7842e89a605a5
SHA512c276c4e6ee43c2f4a2a8590f56656ac68e8d818d7ed6661ade823f6d2ca5e3616a0688783c98fa6d2f037acd92ff3f78d15bca30a61aaae17a1ca127bbd81b10
-
Filesize
16KB
MD5bd6e783442c0d55a57d1885c93172495
SHA13b4fd7dac6ecee8b567c1b31e4b872860debb7e5
SHA2564b248e0b7d5f25dca425f323961795fad34574fd1b0d0e9be2f14334b84984aa
SHA5124f7b32f725b5db3ef95bfa33a90e86395a2ddc9f38210d9e88d9ac2d5422574b7e7087ef45d342c254f2c954d33275f0967dc7dee05fdc0af64d8927d36f8d42
-
Filesize
1KB
MD52f8bf65aef04d57d6536d2b555e14296
SHA16d1ef93155bc6ce3f58608925c5c0b87e07ccd7a
SHA256a72ca68014679e121f3e2edea4e9455ee198ba5519d4f8dd59512908e679ed2d
SHA51281263766f0f377c49f413a02fba0b394d923b6d155eb0a1e0207bd8588316a9e72b7de779d4453887944b2d4f06606d39ae12284f5bc5960da1fefa81d5b5598
-
Filesize
2.0MB
MD5cc1b3bc580852eef88b69702c457cf00
SHA16f55e9bd7ff350de3539ad443f12e022f1380e1f
SHA25650de312cc6850fe9cfc6d4ee6b85281b3441fa833be072cfce2d1d9aa4972784
SHA51248684c11a5daafecaa274fe443a680a4c8d575c2dc6572e13273cec7aa7d41bce5882e99053cac0f42175258a4000f7edabb1140f589624c3ba8d7e19eacea33