Analysis
-
max time kernel
149s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
20-12-2024 07:27
Static task
static1
Behavioral task
behavioral1
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral4
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral5
Sample
bayadoje.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral6
Sample
bayadoje.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
bayadoje.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral8
Sample
bayadoje.apk
Resource
android-x86-arm-20240910-en
General
-
Target
bayadoje.apk
-
Size
7.6MB
-
MD5
baf3c550534acd7dce3795cb7176d738
-
SHA1
2f99a11bedeaa8357b75414e0797d8cfb337aa7d
-
SHA256
129240b79c82258e10643b16f0947b2ccbb88e6fea642176a85f8d21d94a2ab6
-
SHA512
c3180ee141d9080aa97c38936dfb9bb164a8151912f2b9594275566eb8f107dfbd8bd167e8e2472a7a53562f34b5f3be88ccc501efe37ae404c4b8ddfa346f34
-
SSDEEP
98304:so/Krg4JmdxU1g9hZB0/HRCQoR9cKzqtKsRm2ieSyeTgnrSs2a+5nWKCYFWY:sJmdxU1IN0J6zqNBYErSs2a+xH
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
resource yara_rule behavioral6/memory/4471-0.dex family_antidot -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.kofisahoke.access/app_unaware/Mu.json 4471 com.kofisahoke.access -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.kofisahoke.access -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.kofisahoke.access -
Requests uninstalling the application. 1 TTPs 1 IoCs
description ioc Process Intent action android.intent.action.DELETE com.kofisahoke.access -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.kofisahoke.access -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.kofisahoke.access -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.kofisahoke.access
Processes
-
com.kofisahoke.access1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests enabling of the accessibility settings.
- Requests uninstalling the application.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4471
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
948KB
MD5ecc6d6a9a8f8d60c9f6a2806ad244142
SHA171c977dd3d4636fc54621fefaa0ea93865d23c17
SHA2562150b3bae123782e01c06a7b449f5b1f6aa4475efa4205546efd35a1908b867b
SHA512a140c0e5aaea771bc269639af9fe25c04d69954e6a02942fc6d6277590018b65a99820bff65c692513c06105798ca05b5c625b23f1cdfc96d41f34eab8fd9a48
-
Filesize
948KB
MD5649b032a2e5ba2989a825f13c899dcb2
SHA1c85ed2b78dac1fcac281d88d37805065096ccb3e
SHA256b89bbafed6409577b07257c0c044a2e6aeb33eaeac0dd69d02b8159b381ab464
SHA512ca2734109574ac148726d11fea2e1c491d220ba115337aec468054356f0076527c9cc3e09e3be28fa21826e5031714cb3a02cc4ad2042b9c7b5618f9e25d5197
-
Filesize
3KB
MD50cc772ea30bb571a49533ec77eb00789
SHA15a7c2109ef38acbcb0068e3fe50d6ead96967350
SHA2561b86d789ff303d22c3f8ec49a442f0f4f5d0cc6e1981ec838f647185f86c0a2c
SHA5129bab31570005bf4f1cdb1e87a4d93c8eb9038f4a6e2038a0a250f2887c72b00f0b581751d9b0ae0835ac0d60bb35719ebd67472b3402a6fdb48a211d7c8ab3fd
-
Filesize
8B
MD556df8208aa4c3cf21e2e76b2a4a61271
SHA1dd1c54a8f34da8cddb0db74f5db069725ac598f3
SHA256c93f883a202b5996b5972d83e7734186220fe8aa470b7f768e5d0e206e7a2a4a
SHA51256f22dfd46ec8caa0898f09d52a59a30d9580e289beb3ee77d33537f847bc5f2424c4217cfb0d157a8397db6c35e4b85c836184d7c5f6b61349fd080717b2cbb
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD58679fb2c31a81abd323a003f8061f957
SHA18c6bb5e515a86849f6cc7f2583404d52df35c1a0
SHA2568062019837da87ed936ac581a8358f00ddb7e36860962699269138e32829d40b
SHA5120600b4baaf774376a2e6e24d8c0f0136d23aadaeeac969fc3da8c62ea8997a718705bd39108c44d4522f6da6c3545b9d6819deb5810d3d70e362299d18498ee2
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
350KB
MD52faa6d69cba66cbfb72722fa7a92e999
SHA182f065be0c2ffd8b5a193389d3671ee51ee8d651
SHA256016121f85344e6363892297f819b9b4cbb0b8e5800724853c7490497f4956292
SHA5121bdd212d392dd3653547e2772082451adcde3f9f6997cec3f2ad25b6b15bcaa5f5c0a4e7131a52720e1a742a55e4224a77cd7237a75c4fe40775139badebbf9d
-
Filesize
16KB
MD55ec9fd43e8c37e7f1638327c066025ea
SHA1ddd543b229fe0cbc8f4ba0a6caf3f51b0efa966d
SHA2560a0f7c2ee0110822b4e5aa90c86022914f823a22a924cf5a3d6b74791a822c36
SHA51271709047ea4b613d7335a9818f2708b5c2f09a9829fe04038205da29b2a1037c7af6a9bd3aabb8db5d8d989c288d913831d150f67cac9c874c586a7c89f527f3
-
Filesize
116KB
MD5843383767dfeb6d1b60ca4a355bd56d9
SHA14c88ca10cebc8a619b0831fb127c78d1f21604d5
SHA256faeb74cdff26507ff759837d9e2ff96ce4fada03151c9b5b996d13f8b2ada6c6
SHA512cce8c2d30b80f26f9648999d84b2a78c856c046845e470295cf1aa819bc905f054a29fb437c1b8d9eddcbf9ad370a3b69739621383d961b0a6eecbf708ef4118
-
Filesize
1KB
MD5b857651d0451ea6fa6230d53541cbf7e
SHA1e7b53f3973ccf560f6ecf5c4daaeb508e262603f
SHA2565b9255ec3ee186fc0a5c1fd636f3c57feeb8e5418823778d145a01d16831f79b
SHA5124a98c9b07f6c5f26d4610737e3d50b58623cd089fbdeda65d8c16c7827b667a1eaeeb8b82751b8829c59836f870317b89d77b504f1002c711119ffe8c999d9ad
-
Filesize
190B
MD59df8b35b628c48778b235161dceecf35
SHA10d2b8507ebf0c04d8a312d632604d6b222dab18d
SHA2560be45c9969236645efce7e5b0e357729ac682eb859e1dd21d997d51e97574852
SHA512883a71ce0074549359a85acd3469d21f1fe9dc8b1fbdce94ac844b30fe6a996c9df19760ab5302e87c5885beb5eafc10f363c69c3e226689741463967141c1be
-
Filesize
2.0MB
MD593a2f2cec2f35cf80741cbd0cdfe992d
SHA1057cbdc968d110c278adf0695a4cb258d6c8d3ef
SHA256a07a5e5dff06e2ad058d50f17e9a1fb475af0cb16e6b90565ba7d61220838d5a
SHA5120c2a4e54559ba05f8965ccebf33284a041454f81ede8ba43ecec013438ca8a2b64befa551a3123a8fa160342bb2cdd0aba67e194f6ae0c98d780bd21b3b45fc6