Analysis
-
max time kernel
53s -
max time network
142s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
20-12-2024 07:27
Static task
static1
Behavioral task
behavioral1
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral4
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral5
Sample
bayadoje.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral6
Sample
bayadoje.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
bayadoje.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral8
Sample
bayadoje.apk
Resource
android-x86-arm-20240910-en
General
-
Target
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
-
Size
7.1MB
-
MD5
2ee1c7272b7efc3155f00066226643c2
-
SHA1
86fcca0d8e4778ce3bbda033dbb8e6ae1558b5e1
-
SHA256
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c
-
SHA512
b6ba882ee7cfd1735779d9438c0c3d0660d726a1e0ec8f392dbe316f162efe3b5bfb06a9caa866624df988cfd9c91ad1c2f3cac8a51dc6edb51c4a9cfd72e128
-
SSDEEP
196608:RUITvGePB7u5D6jc/WT9ZfGmw1Inj4KB8c8akpPq2s:5TvVkDD/KGmhZB8ekVq2s
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
resource yara_rule behavioral2/memory/4487-0.dex family_antidot -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.mocereti.fill/app_immense/MdIfb.json 4487 com.mocereti.fill -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.mocereti.fill -
Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
description ioc Process Framework service call android.content.pm.IPackageManager.canRequestPackageInstalls com.mocereti.fill -
Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.MANAGE_UNKNOWN_APP_SOURCES com.mocereti.fill -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.mocereti.fill -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.mocereti.fill -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.mocereti.fill
Processes
-
com.mocereti.fill1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Requests allowing to install additional applications from unknown sources.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4487
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
647KB
MD59080ca780268b1ee82128c85ab15992d
SHA18bb3c2f182766a24e00165a0c2c914fc908061d3
SHA25636ed39f8f6f10c12d1e75864b3f1a86ac04090e72e055668b94db57cfc131d94
SHA5121b22981c3dc7d268d923e0b5a9279997211bd3026382cca374ece9db26fa3c8dd4dc798fee89a6bfb55315fa5e6fc0562f91cf12ff68c64ecb29de95ae6410aa
-
Filesize
647KB
MD565665fc5d83e79c8e4a9598a0918efce
SHA1ac791de882b6503b494fa51f162c34ef7d53fd47
SHA25628b07087989fd0439b4653c94f1cf2e4afcfa94845a7e96b3aeacfc3c95ddeb6
SHA512852c00f3212f722db4bedf1b23c6c0a05824057ac5145323331fdbf579d9a267fc7d3b321e5605dc1483ca334115e8d521975f72e3774f4467e48e3ac6f10973
-
Filesize
8B
MD5ca03c3dc7889f809ee9591ae93860857
SHA164aaa4c1284b468281b6f5c7409edeb0b1d4076c
SHA256e882a49a535c9b0b29a6734d3479c6852f35adc7f8cbb77554f80cd5b5ec2079
SHA512ce5a12fb5677e6ad2fa55d59bb637a6ebc6b9332d0e9082f92b52acb09b906018bd5608304e53eab8b61c79be81204c6de31e3bb53778c99485aef5e6c334746
-
Filesize
112KB
MD5c273235eae0c6a1557dab5d6685a8267
SHA1c651e2c420bf8bd6b75a45780c1ec525341e7f58
SHA256c0039d7c461a021ef894d546aeb3e9d69056b6b337b2404db6768641471e6421
SHA512e82ef33781fda8f55fb73041527b18f8ddd04146c1e14b53beff1800f109bca3a7282b5cbd358809f0c75dde7061583c35b0224f2bac29cbe33581a5f7d88ae2
-
Filesize
512B
MD597b5ab140d559543dc08702f1b3467b8
SHA1580ea55bf8e7d215a849885d34626125215b371c
SHA2565f9df14c625d6357d06da37026d612e9e55356f0f554297c5f2e38cb2bfb5d9e
SHA512ab63f3478d9641ed37e90c9e08604ca46e35dfd7ecba32307fa550e12282a97fa4e3b566cb462726f11ccdd2db8cf1ebd33faf63e35593cf6a3d231c3dd2f34b
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
422KB
MD56f62d778ecdb4f17564876d242960d3e
SHA1edf4474534d78ffa8849e2b05fdd00eb6482b9b4
SHA256d3548f79933759f48534507741febe9aadba05e44153af16b78e558cdc102a4b
SHA51257a7cbc965fa0ea82b22817ebe721554078e6c7dfafc91f68dcf19da2cfea2fa62d71516075865107029c57098b50506814fe109e5c5502116d9e998c632bec4
-
Filesize
16KB
MD5d938d7f6dbcbe3a09ff77a022e713f64
SHA14f8c8a7695af25f005481967c6359e2212bec7d7
SHA256c2e69f03fa522c389d67d2f4d99055b06ef3184b5693a042c01933da743c06cb
SHA512a5e7d794a7b343eb97a55985f0a258346c9fddfa3f3e449a1f4a48608d55097673c00e4c09a6d17f72a19c684f84ad439c3089dda669297323bbbb053ce29987
-
Filesize
116KB
MD5a8e0c91d5b70034d0eb54226ded5097a
SHA1aaeb4e7597764dea8aacc3836e25ce15683a1979
SHA2568e12c096bbe3089a1bf20a78af376ae1709277568d43133bb511b24e0ad482ad
SHA5127df3c0e975e9ba50402e198d1f20a95e41fb3a0975775ab6b65f7af93cfbf0ab0e8bc28116628921187bf780b2332f7b7ef79a7cdd187e5e8a0914d0824eb654
-
Filesize
1008B
MD5183e6648d5b0a33984e42a402dd1dd92
SHA1364b98afd052eeec4813093ff2613c82b1d61509
SHA256140f8b5a089bec63de2b716250644ab42b581002851be3c1dffa8c9408ae45db
SHA512d4ba69c870a95a3b10ac14d1889abe22fed31c14903c00b864bf0c09b34384e82d5ad25412463563a64e29c1ee71237997af9fa0e2c0d221ccc5a9693edf0b48
-
Filesize
1.4MB
MD5ff2a5bc76bd956c9621454e9829ad34a
SHA13e41bd7ed5c73e133f753a89800d324d760e74b0
SHA25692ba383ed156984ebcdb8c06e29b16b290b26abe0f226a5325775a0eaee7c63c
SHA51235d9df3b1c912c9f0feec823d8722884adbed93275283c87990c793859af1dfb831f9386f03e0a736b290e30734d6961a18c8428144df6a0982c2d2c4054db47