Analysis
-
max time kernel
149s -
max time network
154s -
platform
android-13_x64 -
resource
android-33-x64-arm64-20240910-en -
resource tags
arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system -
submitted
20-12-2024 07:27
Static task
static1
Behavioral task
behavioral1
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral4
Sample
8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral5
Sample
bayadoje.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral6
Sample
bayadoje.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
bayadoje.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral8
Sample
bayadoje.apk
Resource
android-x86-arm-20240910-en
General
-
Target
bayadoje.apk
-
Size
7.6MB
-
MD5
baf3c550534acd7dce3795cb7176d738
-
SHA1
2f99a11bedeaa8357b75414e0797d8cfb337aa7d
-
SHA256
129240b79c82258e10643b16f0947b2ccbb88e6fea642176a85f8d21d94a2ab6
-
SHA512
c3180ee141d9080aa97c38936dfb9bb164a8151912f2b9594275566eb8f107dfbd8bd167e8e2472a7a53562f34b5f3be88ccc501efe37ae404c4b8ddfa346f34
-
SSDEEP
98304:so/Krg4JmdxU1g9hZB0/HRCQoR9cKzqtKsRm2ieSyeTgnrSs2a+5nWKCYFWY:sJmdxU1IN0J6zqNBYErSs2a+xH
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
resource yara_rule behavioral7/memory/4468-0.dex family_antidot -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.kofisahoke.access/app_unaware/Mu.json 4468 com.kofisahoke.access -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.kofisahoke.access -
Requests uninstalling the application. 1 TTPs 1 IoCs
description ioc Process Intent action android.intent.action.DELETE com.kofisahoke.access -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.kofisahoke.access -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.kofisahoke.access -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.kofisahoke.access
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
948KB
MD5ecc6d6a9a8f8d60c9f6a2806ad244142
SHA171c977dd3d4636fc54621fefaa0ea93865d23c17
SHA2562150b3bae123782e01c06a7b449f5b1f6aa4475efa4205546efd35a1908b867b
SHA512a140c0e5aaea771bc269639af9fe25c04d69954e6a02942fc6d6277590018b65a99820bff65c692513c06105798ca05b5c625b23f1cdfc96d41f34eab8fd9a48
-
Filesize
948KB
MD5649b032a2e5ba2989a825f13c899dcb2
SHA1c85ed2b78dac1fcac281d88d37805065096ccb3e
SHA256b89bbafed6409577b07257c0c044a2e6aeb33eaeac0dd69d02b8159b381ab464
SHA512ca2734109574ac148726d11fea2e1c491d220ba115337aec468054356f0076527c9cc3e09e3be28fa21826e5031714cb3a02cc4ad2042b9c7b5618f9e25d5197
-
Filesize
36KB
MD5ec623d47e9c877e6e252c4b026f5c237
SHA1a18ca80405565d778c1141119e4ffcf835fda747
SHA256fe36fa07594d6f6c1aad0f1151df17380a96b33b328dab700ae86e93ac1113f6
SHA512c082f860adca2325d780474ee3fd9aaf6639be3c29395206dfc510d4e9c5cb87629d041547e74ad44462704da53412afdbb090fe0ccfb59bae4c2d75d9eba10c
-
Filesize
24B
MD5b9ce0572ac4557a505d2edfe687018d3
SHA119755bbf58dd3b7dc9cdb2b10cf2e3b26c3bfef5
SHA256aa46a7deb8b201b45b0fd09b74036f753135ad4bb2c81bb7e9c6629b110e30e5
SHA51270c7a218f5bf19a57a464926ae9ca6602ca0963b608c64dab0b6a40c9adc5c2a2b022352a6bb9bcb9a5e680796c71ecc6ac49f14cd91718d42f19a2fd9542e04
-
Filesize
8B
MD5941bebffd1574fd67aa8457d040a074a
SHA1c841e11a2edc06b71f262f850fbc0b345854abc0
SHA2562c14e366e1801b33a089106f1e7740ed2957d56d7c0a6be2524b4bf1bf6bb8de
SHA512cad26f48b40a5cbeafbcf999a7f5c7360a2b7c233b77f3f0339469dbf5029377d0f19839821bc1534af84eb3871b4a48ec3adfea561013656e9dd016b3935421
-
Filesize
104KB
MD545e327669bae623f9624e1c52b792771
SHA1f887eb299ee6373bcd3d69c1425383e44cc00e9d
SHA25699ef64c6c207d937535ca4457bae4369dea7d14d2adaa9b1fcf6002d4afc983e
SHA512d0dd2ff812837f55814e3b4c17d550874469643a938de84e54a98ca628ea0fab3d0a75fea6f81f94521f0c04dbfef241357e03eea42c5102328d5cf982fb328e
-
Filesize
512B
MD54029177e1fe8e78abf85f0a0ab0b2acc
SHA1f9832d3657f5aa7fd6648b80e44dfeaa70818900
SHA256455140eb7b975ca4966b34f9763eb755be5def9c3b96d9d912db1020910b6409
SHA5127a439f6e3e7b97722651d637c664dfe819aebb19baab253df79befb64b68e68be6dd0baf74bf8b438f5ad05f596b5005d78c3c6a3bd8e490db7650c7e80b6b09
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
116KB
MD545d280b5f5901e3e5805bc0fc1c8b1ec
SHA1c8c004c5bf4a742d50c1b3db0533430bffef6eae
SHA2563837b00ac2fe9c832628b352f4a121ea8b4ea1c3ca116acd9364e00906b0f6bf
SHA51252d02c8f02b62a9c14df325f3161bb9a618aab0b9ccca0919d43121343ce4c058b1e3312e5bc8c9dc50c264f128d145bff1e8195ca30c1423e0c13333a51db3b
-
Filesize
402KB
MD5d39fd6850063c3fef1d0e1a3a6c049b5
SHA1393dbdfeeed77b932fc44609cd1237412f9bd244
SHA256d335ddc5f9fcfb7bca708accca3ab946bfb3a7508f587b005aa53ed8109b9501
SHA512a38133b4fc5671c07e71a1cbe3a5d12a20cd65f4da1a41a801b4c5b9fa5ca3604498de1a3e11ade3d1cc0a0b59932eda0c6f2b9c65b876b6aef3643f00264c05
-
Filesize
16KB
MD57da1798a103a4c0b275cd4c06362f208
SHA1f77d0fb43bbcf248e62d367c8c0969868230c05a
SHA2566154c914d48098df8b12801aaa6477cffcc6c9e28f02b0da80287fa3e66f93c4
SHA5129b293c0554cd66b6ed5a5ac6bdaa1cbd2beca82194c81e9ef3518f69592f74a3a55c6defbdba8661897fa24b0ce0ca77141468f845ccb943221e93359df17c96
-
Filesize
1KB
MD53a8e6e8cc1fa2a0dd153567ff1dc74e4
SHA16d141fbe4d4bbca2ad3c7969a5fc0e4e3eea8b0b
SHA2565574c15b32a157ebfd2343dc1da97ea271e281813c31b50b5a109a79e3d22772
SHA512c2e52cd18457638bd99c05c4d0fda2b240b41663bddd294ef0ec4ecc175451d6f31f8b7b74f11ccd14c181b16f3a5f3748d0c2f34c4f940e2b8cd6a05501d46e
-
Filesize
2.0MB
MD593a2f2cec2f35cf80741cbd0cdfe992d
SHA1057cbdc968d110c278adf0695a4cb258d6c8d3ef
SHA256a07a5e5dff06e2ad058d50f17e9a1fb475af0cb16e6b90565ba7d61220838d5a
SHA5120c2a4e54559ba05f8965ccebf33284a041454f81ede8ba43ecec013438ca8a2b64befa551a3123a8fa160342bb2cdd0aba67e194f6ae0c98d780bd21b3b45fc6