Analysis
-
max time kernel
149s -
max time network
147s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
20-12-2024 07:27
Static task
static1
Behavioral task
behavioral1
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral4
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral5
Sample
bayadoje.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral6
Sample
bayadoje.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
bayadoje.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral8
Sample
bayadoje.apk
Resource
android-x86-arm-20240910-en
General
-
Target
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
-
Size
7.1MB
-
MD5
2ee1c7272b7efc3155f00066226643c2
-
SHA1
86fcca0d8e4778ce3bbda033dbb8e6ae1558b5e1
-
SHA256
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c
-
SHA512
b6ba882ee7cfd1735779d9438c0c3d0660d726a1e0ec8f392dbe316f162efe3b5bfb06a9caa866624df988cfd9c91ad1c2f3cac8a51dc6edb51c4a9cfd72e128
-
SSDEEP
196608:RUITvGePB7u5D6jc/WT9ZfGmw1Inj4KB8c8akpPq2s:5TvVkDD/KGmhZB8ekVq2s
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
resource yara_rule behavioral1/memory/4977-0.dex family_antidot -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.mocereti.fill/app_immense/MdIfb.json 4977 com.mocereti.fill -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.mocereti.fill -
Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
description ioc Process Framework service call android.content.pm.IPackageManager.canRequestPackageInstalls com.mocereti.fill -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.mocereti.fill -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.mocereti.fill -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.mocereti.fill -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.mocereti.fill -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.mocereti.fill
Processes
-
com.mocereti.fill1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4977
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
647KB
MD59080ca780268b1ee82128c85ab15992d
SHA18bb3c2f182766a24e00165a0c2c914fc908061d3
SHA25636ed39f8f6f10c12d1e75864b3f1a86ac04090e72e055668b94db57cfc131d94
SHA5121b22981c3dc7d268d923e0b5a9279997211bd3026382cca374ece9db26fa3c8dd4dc798fee89a6bfb55315fa5e6fc0562f91cf12ff68c64ecb29de95ae6410aa
-
Filesize
647KB
MD565665fc5d83e79c8e4a9598a0918efce
SHA1ac791de882b6503b494fa51f162c34ef7d53fd47
SHA25628b07087989fd0439b4653c94f1cf2e4afcfa94845a7e96b3aeacfc3c95ddeb6
SHA512852c00f3212f722db4bedf1b23c6c0a05824057ac5145323331fdbf579d9a267fc7d3b321e5605dc1483ca334115e8d521975f72e3774f4467e48e3ac6f10973
-
Filesize
2KB
MD50796c5b20345589abfdc5f490ca4ae46
SHA13733ba51d6e64620d31664933341a2884811b3fc
SHA25676cb31c8801e8a7e128635735c38c8c8c73bc165cec6e585401a60661a1a6485
SHA512217bf4610427173972519654f4b4e76b322548affe7cc9f2f92187c2bc56e535fc35180943cbdb11a8ca9f4928f71b58af7d2df6db04fb820dad7a4f609df9d7
-
Filesize
2KB
MD5fef14f723e1e70525a6eb89e50413ff5
SHA1a9230e85e8fb77e9ee55c371aa2f87149f0576fb
SHA2569deaaa0c444a0c6a902815447ba08b9ecd1b14a840831e6a6050222eb1db0fd1
SHA51223b9e892a0815207e4e44c1f1f3680ea7c40e73927b3c5c3982da527289d1cfabb41410bec07e32472f1321a0e4273ab9a7e12523d306dd81b7bfb661555aee4
-
Filesize
24B
MD571b9874ef184bcc0ddf8568dad8fdd5e
SHA109e36dbba1f1bc4197212db9656502b6c6a4fdc2
SHA256a5e1854b10d987791c144e34914487fca96c46c31d42078a44b3fe794b9b8397
SHA5127184a91f80b256a473af6f010a70ab932b8cb0e478e94ec7b424fa9a1152955497bba456f3be10c8f28716fadc25a0daff6a3e7644e9c7ab69c29c4b774ce57f
-
Filesize
8B
MD5d3e9486f6662d3f7260448862d6ed66c
SHA130bd4b6d625b24594a99b1da056f9813bb198bd2
SHA2568d3af3f6f8e3cd32701ebaa3f3d2cbcf754c6b5df4e6a69e1dc5be9a2089dca2
SHA512d5a9d68beae6841d9440f6fe21ac30e32de05c0eee7a3cd01824cb658e04545c1f9695c141dff20ac4b55f31ca3a79a937ad2bf229c1ed3590e654b8925fc9c8
-
Filesize
140KB
MD5cffbc9bb7612fc7ed0b5de5de30641af
SHA1ca8945959813d6c8db9ab2a1a0b8047fee61b9fa
SHA256ffd757e0dcb0c8d97b625da409ab169770dc5250fcb57f592d7046712f87a81a
SHA512a5fe898dbe97bfa85427879c9dd3d782d8bb749a1f155ec70c2726e9ed2641d2351dac24b0d9600473dcd10c763873af8c2c25a549c512e5cdc180dd9b7a6ada
-
Filesize
512B
MD5b610b9a6c3d160c6b123249facc29425
SHA14f912173728eb513d5cce3dd913623f16cc13900
SHA25608bffe6209c4492075e990aa1f6bddb4dce84128998278d6d667eded670b9da3
SHA512df46df5f855d49789e52e7159f1b27c2c3ab8758f5e749022128bcf56b107d3dc70ea8f98d6c85ba5887e4714a5925a2e14f794074b3596ebbd0f7d8bedddc82
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
418KB
MD5df8df992d463452924f8c62bd0745f80
SHA10b2a32d56da0405cb56b5a02bcaa92231e44a290
SHA256c113dc59d3b3a63759e9121eb9879eb3c70273f2c01b667320bb35539de58990
SHA51291e2628603043165f3f1a6ced40cf23509e6bdae5e78550dbe572a0308aecb53ce9d4ba3481c7c324b7a543431ec8ffa5cf92e7eaeff375e5ceced5bd6f53dc3
-
Filesize
16KB
MD545376b2c59b9b8044caffe7dbf8b658e
SHA177e02ac88ecc3f2da40dddfe3a5812d8b172eb67
SHA2567a75e2adff5eabc48733dd7a5f4d735904767e4008c938b2430580a967b1018c
SHA5120b91c60fd87e0798e1e15ae3601e8d1bf5a01cdda6adb7b93d8c185b6a1e48c81aa73d6bb53fe5760b64d5e732391e49d8590ddffa201d7ed7e8827bcdb838b6
-
Filesize
116KB
MD5c777402f068615898ce3df43f0e92440
SHA1e0ce84a92ac9b1782581bf1df2005c0b18aa76b1
SHA2569be16803b5327da625e80636fe13a26b5bc531637941caf0faa60b1331633ff6
SHA512d2a333cd82f0367282ed3029dfd76a917b58c18d7b1d6737e0cff8f04359528833a0efc91e615437edfbf5db5f23799fcaf8ed223231f3f616ca8f9020116f84
-
Filesize
1008B
MD5183e6648d5b0a33984e42a402dd1dd92
SHA1364b98afd052eeec4813093ff2613c82b1d61509
SHA256140f8b5a089bec63de2b716250644ab42b581002851be3c1dffa8c9408ae45db
SHA512d4ba69c870a95a3b10ac14d1889abe22fed31c14903c00b864bf0c09b34384e82d5ad25412463563a64e29c1ee71237997af9fa0e2c0d221ccc5a9693edf0b48
-
Filesize
183B
MD5d2ad0c020d41f891dda41c09db650e12
SHA17657136a9c2a2aad830958b67519c94053773678
SHA256504940c5b0ecb6eae1a3339e004d8717c5e50b8d5ec37972d35c853f986d92ab
SHA512a126216cc64d1612b7133634ddf972a1c635aa62283e60616766dc718ce822dff5d1a1092def8b396f32f529507a71e8f260d055c12ce5e7987d9e709dff36ff
-
Filesize
1.4MB
MD5ff2a5bc76bd956c9621454e9829ad34a
SHA13e41bd7ed5c73e133f753a89800d324d760e74b0
SHA25692ba383ed156984ebcdb8c06e29b16b290b26abe0f226a5325775a0eaee7c63c
SHA51235d9df3b1c912c9f0feec823d8722884adbed93275283c87990c793859af1dfb831f9386f03e0a736b290e30734d6961a18c8428144df6a0982c2d2c4054db47