Analysis
-
max time kernel
149s -
max time network
153s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
20-12-2024 07:27
Static task
static1
Behavioral task
behavioral1
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral4
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral5
Sample
bayadoje.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral6
Sample
bayadoje.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
bayadoje.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral8
Sample
bayadoje.apk
Resource
android-x86-arm-20240910-en
General
-
Target
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
-
Size
7.1MB
-
MD5
2ee1c7272b7efc3155f00066226643c2
-
SHA1
86fcca0d8e4778ce3bbda033dbb8e6ae1558b5e1
-
SHA256
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c
-
SHA512
b6ba882ee7cfd1735779d9438c0c3d0660d726a1e0ec8f392dbe316f162efe3b5bfb06a9caa866624df988cfd9c91ad1c2f3cac8a51dc6edb51c4a9cfd72e128
-
SSDEEP
196608:RUITvGePB7u5D6jc/WT9ZfGmw1Inj4KB8c8akpPq2s:5TvVkDD/KGmhZB8ekVq2s
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
resource yara_rule behavioral4/memory/4356-0.dex family_antidot -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.mocereti.fill/app_immense/MdIfb.json 4356 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mocereti.fill/app_immense/MdIfb.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.mocereti.fill/app_immense/oat/x86/MdIfb.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.mocereti.fill/app_immense/MdIfb.json 4330 com.mocereti.fill -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.mocereti.fill -
Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.MANAGE_UNKNOWN_APP_SOURCES com.mocereti.fill -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.mocereti.fill -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.mocereti.fill -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.mocereti.fill -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.mocereti.fill
Processes
-
com.mocereti.fill1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Requests allowing to install additional applications from unknown sources.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4330 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mocereti.fill/app_immense/MdIfb.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.mocereti.fill/app_immense/oat/x86/MdIfb.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4356
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
647KB
MD59080ca780268b1ee82128c85ab15992d
SHA18bb3c2f182766a24e00165a0c2c914fc908061d3
SHA25636ed39f8f6f10c12d1e75864b3f1a86ac04090e72e055668b94db57cfc131d94
SHA5121b22981c3dc7d268d923e0b5a9279997211bd3026382cca374ece9db26fa3c8dd4dc798fee89a6bfb55315fa5e6fc0562f91cf12ff68c64ecb29de95ae6410aa
-
Filesize
647KB
MD565665fc5d83e79c8e4a9598a0918efce
SHA1ac791de882b6503b494fa51f162c34ef7d53fd47
SHA25628b07087989fd0439b4653c94f1cf2e4afcfa94845a7e96b3aeacfc3c95ddeb6
SHA512852c00f3212f722db4bedf1b23c6c0a05824057ac5145323331fdbf579d9a267fc7d3b321e5605dc1483ca334115e8d521975f72e3774f4467e48e3ac6f10973
-
Filesize
2KB
MD55c97e41b8aad7a4e2abb06c843be4e73
SHA14b3ed6e4382aede808fde15d2c9d5cefbdb63246
SHA256233c23541c84aa0d18146562d52b7d3073366d30e8e02a9dde68a3aabc911bf5
SHA51225439f0dfc459d193a55fa07f70f5c4d49c591adb2b69772931827a541f9021fb84366b79bfd1de5ba1716a5be3d52c52738bc36198f911dae8a66c993c68314
-
Filesize
2KB
MD514202de965c3eebd0862b49fa5c740e6
SHA147ff47f8dba2f9223125ae7f89dc1526aa3a9715
SHA2565a92d94174faa5e4127c01f2b348439471feeab9f4a59ba8184d36909833f314
SHA5129f09cb432b4fe7d8b9f1b139dfd44cdc0f4192cd6135ed2e5115c76844d4e203e104102a7be4300af2faf5d79d1ac5db9222c2c0910d500d919b878d2975b426
-
Filesize
24B
MD5ddbdd9fcb4cdb7685497aeb0ae0e95a7
SHA10d853936342899a0c2e57a550827fdabda0e264b
SHA2569ba219948f851c8d9d1a7406d42b242284e3dd43dc7aaef531aa4a16582b9f36
SHA5120cea1ae7d2aff5713fdfbfd574b25d5da90304080ec2e2b223cf5e78155353fba0d3e883511af3dba8330219618ac204fb62c640ba0a716af31ceca76693ae9d
-
Filesize
8B
MD536f14865ef440be0e8c5f30f32e05c78
SHA1bace8cc2e21604833bcf172aab537615d411bcad
SHA256ca016352d332fcc937121b7d64eb68d5067c8da52745aea0dabb570b4757e57b
SHA51212ede93d96fc7f0e2189e03c1cc2cbbd03327a04b25adc52fb0b73d2a82e3b87bbb40031bb9427487c4fa2fd5a0d6758393545f269bb3ffc98bad8735f16c19f
-
Filesize
160KB
MD546cb7a1b5b061784c4ac6c73c742731f
SHA1c33d25f90c2e43a09d3fb008613284c51d97c5b4
SHA2562e67cdcd0d746e04047d8c06c79e668f0298fa26c573e8a1ab1a7c6c419fcf96
SHA51262dbe215d006f229c040efd15d75833a390df25f14d33da12354ef17711c94b978786d328da1b88dcba3918d1119f7c47edbd91e78602710e37f0679c3fdb31b
-
Filesize
512B
MD570579816a45428734769a3ffe4e7d453
SHA182b622bd4669d41b33fd520530faa155af79e316
SHA2560d67db318c0c43d4c45f7d9de846d9f7407aaf42e3ec54b22124d2257e04dd7a
SHA512b0013182c8d056ead78abc9c0804fe42405f6bf02df42f99dee7d2c46330bdf11200b002e1bcb12ddd4ca22ad12e4269161b04cd245ed9545aa94db0bbe17e4f
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD5529b7d14970f0557785f4151aa5273a5
SHA1867372a3f2fedfd19295e056622376a9af7b24f8
SHA25647f79b25e7d99c29d015cb376763d745c166d7936caf2602f7fe14e3528146a2
SHA512c64007edef962f8bf59d366b95dd1d5bb8af8e2a92a0ba47a3ccf64b3f4d954e5ffe3e83ebf6dffa746753032bc2476a95f401908ea01b33fc7fe51abd6e09f6
-
Filesize
116KB
MD510305884c12785ff8ae87e5c98b3d35d
SHA1e8063b81618566d919dd7261ce78503363339c30
SHA256fee4862537c0750c042070befb33ecdc9ef7e1c903019fac8c8c6b408ca92227
SHA512e4250790a8abbb0ba2baee31ff4ff9087464f0214629df70e094f914ab9ac1aeb182984bd4c0173761bdde0f9ecfcc23d947e92782a8b89d14c5042d88ecee0c
-
Filesize
426KB
MD58961a8f6702804b22fc62e4573653d75
SHA143dfdc2e23752b5023dde6d334ad94fc0d579051
SHA256c5bd55454e588937569fbeb6d9219ef65778f1345b715893ace8258c4c4fb3b3
SHA512978aba7874c3174b43dd7c06b9131ce343e51f9ea77a885b416a4a60dfcd3f5c8aded897e03b3f86226067b2248f0508c218a50a93aa4b3f9c5dd456cb53da52
-
Filesize
1008B
MD5183e6648d5b0a33984e42a402dd1dd92
SHA1364b98afd052eeec4813093ff2613c82b1d61509
SHA256140f8b5a089bec63de2b716250644ab42b581002851be3c1dffa8c9408ae45db
SHA512d4ba69c870a95a3b10ac14d1889abe22fed31c14903c00b864bf0c09b34384e82d5ad25412463563a64e29c1ee71237997af9fa0e2c0d221ccc5a9693edf0b48
-
Filesize
183B
MD5d2ad0c020d41f891dda41c09db650e12
SHA17657136a9c2a2aad830958b67519c94053773678
SHA256504940c5b0ecb6eae1a3339e004d8717c5e50b8d5ec37972d35c853f986d92ab
SHA512a126216cc64d1612b7133634ddf972a1c635aa62283e60616766dc718ce822dff5d1a1092def8b396f32f529507a71e8f260d055c12ce5e7987d9e709dff36ff
-
Filesize
1.4MB
MD57b75b01b4ca746608ebd1bf25fc0c474
SHA1884d12e9dc86283031a6344e59b474ac8ee1c172
SHA256d62ff678e20355994765eda98a27feb443fbb841d3b7c0d22c4d78b407cdf2bb
SHA512bf388d83867323388cdffa3f45aea3cb64f4958a40a4545b7214fb1217828bae2ea46a8d70ad5a526312835bd4ba37ffa53b6c0b7de6e28fd9dc3b59a4679974
-
Filesize
1.4MB
MD5ff2a5bc76bd956c9621454e9829ad34a
SHA13e41bd7ed5c73e133f753a89800d324d760e74b0
SHA25692ba383ed156984ebcdb8c06e29b16b290b26abe0f226a5325775a0eaee7c63c
SHA51235d9df3b1c912c9f0feec823d8722884adbed93275283c87990c793859af1dfb831f9386f03e0a736b290e30734d6961a18c8428144df6a0982c2d2c4054db47