Analysis
-
max time kernel
149s -
max time network
153s -
platform
android-13_x64 -
resource
android-33-x64-arm64-20240910-en -
resource tags
arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system -
submitted
20-12-2024 07:27
Static task
static1
Behavioral task
behavioral1
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral4
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral5
Sample
bayadoje.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral6
Sample
bayadoje.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
bayadoje.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral8
Sample
bayadoje.apk
Resource
android-x86-arm-20240910-en
General
-
Target
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
-
Size
7.1MB
-
MD5
2ee1c7272b7efc3155f00066226643c2
-
SHA1
86fcca0d8e4778ce3bbda033dbb8e6ae1558b5e1
-
SHA256
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c
-
SHA512
b6ba882ee7cfd1735779d9438c0c3d0660d726a1e0ec8f392dbe316f162efe3b5bfb06a9caa866624df988cfd9c91ad1c2f3cac8a51dc6edb51c4a9cfd72e128
-
SSDEEP
196608:RUITvGePB7u5D6jc/WT9ZfGmw1Inj4KB8c8akpPq2s:5TvVkDD/KGmhZB8ekVq2s
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
resource yara_rule behavioral3/memory/4507-0.dex family_antidot -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.mocereti.fill/app_immense/MdIfb.json 4507 com.mocereti.fill -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.mocereti.fill -
Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
description ioc Process Framework service call android.content.pm.IPackageManager.canRequestPackageInstalls com.mocereti.fill -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.mocereti.fill -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.mocereti.fill -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.mocereti.fill
Processes
-
com.mocereti.fill1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4507
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
647KB
MD59080ca780268b1ee82128c85ab15992d
SHA18bb3c2f182766a24e00165a0c2c914fc908061d3
SHA25636ed39f8f6f10c12d1e75864b3f1a86ac04090e72e055668b94db57cfc131d94
SHA5121b22981c3dc7d268d923e0b5a9279997211bd3026382cca374ece9db26fa3c8dd4dc798fee89a6bfb55315fa5e6fc0562f91cf12ff68c64ecb29de95ae6410aa
-
Filesize
647KB
MD565665fc5d83e79c8e4a9598a0918efce
SHA1ac791de882b6503b494fa51f162c34ef7d53fd47
SHA25628b07087989fd0439b4653c94f1cf2e4afcfa94845a7e96b3aeacfc3c95ddeb6
SHA512852c00f3212f722db4bedf1b23c6c0a05824057ac5145323331fdbf579d9a267fc7d3b321e5605dc1483ca334115e8d521975f72e3774f4467e48e3ac6f10973
-
Filesize
1KB
MD5ebfa0327ecd40bc64470d0d32865e03f
SHA138e8f7d8693288e1d16d9e7f71a49d6402fa4e99
SHA2560e888970a12e6bac893d22c8746d820a3a64213155e66272d6e796876ac9a9fe
SHA512afaabf6514cfb9e52a99c7fec1b141cb6e6aaefd828de3d575c093b268d47bb3bb5040dc721dc683ae3d89eaa454546b8ffce984bb2ea0932908fc57e2c74c71
-
Filesize
29KB
MD547f6f9745201e6b3915d1dac58e5d520
SHA109dac46d23f6577bc1f917af2ea786fe98d7a45f
SHA256024dada2b9b380353cd45a1073a1dd16017165ec328e3105972f4dfec296bdf7
SHA51233cccf35a07ac7f4b4c5cab7898ee485d2922ede40240dd785d728df02370af8c322c81ca54a7fc07e287d56d1ecbe230a75e61772fe5947419f87d4030be3aa
-
Filesize
24B
MD5856e626de2f2bd145d49898a0087cf10
SHA1bc2a00d02c100bd0a48bfe45b70809657aae4a2d
SHA256acc226cb7414b6bf3728fd95d228d9ba9d59f411fe6e7471d9363e20b1778cfc
SHA51280a8769d42755cdc8cd282f3f75329daa78165a1c664726bec8bad4c737a3b75a7fd0dffc70b3097628eb54c33b704d695db8d811eb5ac1ab045dd74631790b8
-
Filesize
8B
MD59b29647f9bbbc4507a2c2e999811fc5a
SHA1d0430f8fd698270b239d997b1e6cae95ba54357d
SHA25698236fc6b30b07fd6a7627b1a6a38ec1b4573a1b194e11d8df86d7a0e54e9867
SHA512a666abdb4b1d8d15c220d0e3042f341642e6eef11d4aa44ff203565d1e72bf78ede541e1c5523dc14f87907a85cdfc3105fb10d07a345d6b3626ecd2344d425e
-
Filesize
168KB
MD5bb2d69948a8a87c5f4e43f485ec43928
SHA1457fc9598d5523c2a25e1fb7ec74791ca1a015f7
SHA256e755cbde8c21f30396f484b9022515f56b03e3781a27751d788a2e68c5ccda38
SHA5126a6abef0408bb97f9d9f5258276fd356b72324074802041c88558706d9b3b97a21996e0c0529a1995fb4732fc5430424da289529a2af7f568bef0dad6eed118d
-
Filesize
512B
MD5db8dce1b2447c5cdae2162505c8b0271
SHA157766ac92dd839a4a4442d133026c0c296c516a0
SHA25609d1040a88ba8d33f4f66ea9d1399511fb650b876239ae8d83a021faa494b69a
SHA51210a8a37bf2c99e654de1d1327863aa72552c5c06559456915476d6679caee75038e575bd66898ab7bcb7815aea111a0d361a358549c6fba10fec089f3606c14a
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
116KB
MD57132d57545921b539d0b6543ba8a905a
SHA10b0931417e650573e59fdab7174609c61943f66c
SHA25696c337168ef7169b28aa2efd5d5c283cd69fbed25d7f18338c0d06a094c1f26a
SHA512e5d1b21ee59c32f2b9d3cdab39130339cc709b26634bb5ac5868a7b7b647a340dcb1334140e320ea92e09755107d8cc36a9f174b909062aac4bb80e836b2d889
-
Filesize
426KB
MD5d7b2b03bdfff97dc5c94bce26468761d
SHA1e3657cf23220e150dcc12f6b48029ac509e5ec1f
SHA25673a206e802c97ba0420cfd373ee92fcfc23040ab181efa7c6858b3432adad695
SHA512cc5d1654b7538d1b26c11c0561191853eb1b5860f277f7ea5eeab5421da9f1cf3e3c27de7de735d6717931da074a999e81ade160e99d462bd03b0ba6a2c98703
-
Filesize
16KB
MD53d2875468bda207e09c79d6c4e75712a
SHA1d8a6ecb386c12c1b66bf10e32894e65c9ca19e83
SHA256a90ee9e3743b08d851360d45fe37c7cc09f1dfebdba35e7c95a23657f6a7d394
SHA512a74142279166b97e3d84174962b70462967097425db44a03e4c899911a185a530c6ebcd4853310f8980d0abe55ff2b9a8b22d9e2260fad677709dc25667b0570
-
Filesize
1KB
MD5b8840362daf4195a9b6c02d0083afb35
SHA148ac97c4ddf769875f9f7796a192748db189b134
SHA2560b1d84c347bfdf1337d3fe8c597b34319ea9f499122fccc615afcbb210a4164d
SHA51243194e44785be1817c1d61f8db871923b298dbc2a9749846afe933d1125085200898e7c3195ef872faa23f7121d26ad4aabee721ef03821a36a29cd88e4a8e60
-
Filesize
254B
MD5e3bb08ed8997094431a8e9740781159e
SHA17e46c85a9bfb8160ea452f934aca6681edae0ff4
SHA25611fbff9034a8c9fb6dc668ba999bb35b75f08250725833fa42c0440d278802e0
SHA512a005a673ba1ecc3b32ab1df814df3550cc0c9459eb001d7d3448d4093e6bff4219eb79d20cb31607a59a86bb8fe6abbbe3e558eba38b1faddc8c6feec40fb774
-
Filesize
1.4MB
MD5ff2a5bc76bd956c9621454e9829ad34a
SHA13e41bd7ed5c73e133f753a89800d324d760e74b0
SHA25692ba383ed156984ebcdb8c06e29b16b290b26abe0f226a5325775a0eaee7c63c
SHA51235d9df3b1c912c9f0feec823d8722884adbed93275283c87990c793859af1dfb831f9386f03e0a736b290e30734d6961a18c8428144df6a0982c2d2c4054db47