Overview

overview

10

Static

static

6

c87e9f6e8d...12.apk

android-10-x64

10

c87e9f6e8d...12.apk

android-11-x64

10

c87e9f6e8d...12.apk

android-13-x64

10

c87e9f6e8d...12.apk

android-9-x86

10

mizexe.apk

android-10-x64

10

mizexe.apk

android-11-x64

10

mizexe.apk

android-13-x64

10

mizexe.apk

android-9-x86

Analysis

  • max time kernel
    63s
  • max time network
    160s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    29-11-2024 12:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c87e9f6e8d1a099e015bffa68ed157792cb0c6de562ccbf20607f30772adb512.apk

  • Size

    8.3MB

  • MD5

    bf5284bde7432eed1d3235e8f8c8a552

  • SHA1

    a7435be13d888dfa67a093a8896288effc5c4e3d

  • SHA256

    c87e9f6e8d1a099e015bffa68ed157792cb0c6de562ccbf20607f30772adb512

  • SHA512

    bed6124909fe7c3c668c929174ab932dcb3e576639d594442cffad833e6f53d14bee645a3e0e7dc9d69887249e54e961330956b3c4247307d0ad03f91356fcca

  • SSDEEP

    196608:vIU9mDrvGCm0GcqeVU7/HOUe5iO0VIKp0cpUJ8:l0+CseVU7Wb5iRVI1cf

Score
10/10
antidotbankercollectioncredential_accessevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

    Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

    evasion
  • Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.cebugoyi.boot
    1⤵
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Checks the application is allowed to request package installs through the package installer
    • Requests allowing to install additional applications from unknown sources.
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4455

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.cebugoyi.boot/app_security/qYqbtti.json
    Filesize

    640KB

    MD5

    080271ce7feb60cae959fd4d7deff760

    SHA1

    c998597ff824b12616176ed54accb799d8a3ab61

    SHA256

    09cafd41f55569d1479180e82f5fc49edc4753b433f1966e29f7741ef5a1e678

    SHA512

    76479896532a7f44fb23b2dc8ef809c7d534b579e6dddc84a9023c441b505d326c80a402925bc0b10db562af11827635cfda50129a45603abb067e90db6a9723

    Download Submit

  • /data/data/com.cebugoyi.boot/app_security/qYqbtti.json
    Filesize

    640KB

    MD5

    5b66d9d1f5c2a9685a266a1e90a08ae4

    SHA1

    0f466553e006602563fbea49628dc6e1ef16d393

    SHA256

    5ad06bc979c18c250d45bb10d76a109aa07dacbf6165f999b384466313fd62e7

    SHA512

    3c6e47c5caaf6b50bb02572b6eb7d7417286b822abdebef15a87f4bd4907dab571e74a33b41dc0bb401a6804837fbd76ac9e939a9f21a60ae818c45d11926dfe

    Download Submit

  • /data/data/com.cebugoyi.boot/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    124195c037f245c84b51e756f28932ce

    SHA1

    c5104c4d5de9782bd03904474bff424398dc9686

    SHA256

    2dd5fdbf9647ae16f4b59d0187e43ebd28c960740d93a402110d9d8d793f6cdb

    SHA512

    71676ae7ced5baf10bfcf47119269bfe9089201fff7fb32869ae9a501354c3f7227727941a2071fc6f1a5e6c8a7f5eb458f264d90d3c59ccfddde099dd142fb5

    Download Submit

  • /data/data/com.cebugoyi.boot/no_backup/androidx.work.workdb
    Filesize

    112KB

    MD5

    b1f3879bf6aaa13f1341d11274d2fb6b

    SHA1

    9d743309498aa618d2bf26ce8a8d61db04786533

    SHA256

    1a7eb7de68fb808d9d23bec52df7c691ce6f86de3ffba9be3f8e855502097cd3

    SHA512

    2f844bbf01fe859de21b82a0b90cce5991c4c162f36ed6796a42ec4a07fa2b1e0aa9cc0943a534e2cc5de3870d6c988f72989c5ed8f8c734095b0701a0eecce8

    Download Submit

  • /data/data/com.cebugoyi.boot/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    4aeadb5ee3665e91b4f272e12db957f4

    SHA1

    ef4e3131af4efe72595fa33ac7705ce06051bff9

    SHA256

    7837c5e941ab221f3c8c68483883d2866d2a15a6030246bc750bf67ee7b96379

    SHA512

    3f2f8d817d493140254f055e9c865492a477f7cc081f0fadf0f60ba9ec032c8d98f0e98490f82501b6eef11638e86073a0662a67ea85c94339e939a6ad481cd7

    Download Submit

  • /data/data/com.cebugoyi.boot/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.cebugoyi.boot/no_backup/androidx.work.workdb-wal
    Filesize

    414KB

    MD5

    b98a53c3dbf6ef54b890209b796c723f

    SHA1

    4f5212772b11684dd617e13ab24cfd62a006d2e2

    SHA256

    7151757dcb881763cfb38febfe01d5cf1b75d7f2027ee17c951f13d8e368f254

    SHA512

    20ccfc9b89b967ccfd7ffc36d4fc539ca0f14084e47d2aa368001f75095b3883d28480b1e95786556c6d737d9ae9d9142c31097cd670019bf665f9c57b3d62ce

    Download Submit

  • /data/data/com.cebugoyi.boot/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    fe8bc1ef761061f78fe9c21980a11e8b

    SHA1

    cb30dfdca06418ca23063a6ab334d91f20a23f2a

    SHA256

    3c01832358664b3ce7b8766f6a2579e5ef098690103bbba5c1b3abc42ab64679

    SHA512

    2b79a4b4ac433156eb1bc631c9d84eb0484ce3ebb82be76b96c7dc74c07efe710cc82aa01f332ef215f626d5b5b24d1ba2aa7ce9b1b9fb77f33855238d036cd9

    Download Submit

  • /data/data/com.cebugoyi.boot/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    ffc41577ae549a6059271adba71f728c

    SHA1

    c0d3b9dfe3087fe2fad90a0cbe41b72c65c89510

    SHA256

    078c0292bf9bf0d93b9dc0f20ade567edc17e459c783926dbb181e1f04d613d1

    SHA512

    0a042808d4107e52e6e48eb7b6682dab5ecf0702eee9e3e8abd75bb6da01b46b2fdc610bcb0d1e39be36bb821f8aa04ce316dff65237935af05a69929af2edec

    Download Submit

  • /data/misc/profiles/cur/0/com.cebugoyi.boot/primary.prof
    Filesize

    999B

    MD5

    40daad7d244cefa8aceb8a8626083a5d

    SHA1

    a4e0363eefe23810f504d91c21208844610a8c0a

    SHA256

    39ce994e24fdbdd727e4456c32dc1c4242f9a2441125c8806efd34b7d7c4b09b

    SHA512

    bdfbd1b56f88e583aa02b17740e36697c9b2167bdabd7f51470fdf0fa4ee6c83c349f0e1b9a31982d91d6a02b45efe8beb5f319c91eefbc651b32f049a716e50

    Download Submit

  • /data/user/0/com.cebugoyi.boot/app_security/qYqbtti.json
    Filesize

    1.4MB

    MD5

    63fe37a8e582054fe3a02be377b86386

    SHA1

    adecc8c1c1a3e194bf33263aaf6dd46ebf19575f

    SHA256

    134a686b6041351fb4911124112977e8d0531c40e3803e5a4557745afa62f7be

    SHA512

    6f3ebb038d464c6e960777d31c4cb8d974be79db58ca0123bb99ffed09d0eea67f183023579a738bbd4621a3837bc4fc019d5ba5ba4796901f9a7b70e61c5a6b

    Download Submit