Resubmissions

21-12-2024 23:02

241221-21ca4ssqhy 10

20-12-2024 07:27

241220-jalsratphm 10

Analysis

  • max time kernel
    72s
  • max time network
    74s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    21-12-2024 23:02

General

  • Target

    8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c.apk

  • Size

    7.1MB

  • MD5

    2ee1c7272b7efc3155f00066226643c2

  • SHA1

    86fcca0d8e4778ce3bbda033dbb8e6ae1558b5e1

  • SHA256

    8919f2c84bccb75b94393010ea857a4d28754354cbaf7043f49d47ff89318f7c

  • SHA512

    b6ba882ee7cfd1735779d9438c0c3d0660d726a1e0ec8f392dbe316f162efe3b5bfb06a9caa866624df988cfd9c91ad1c2f3cac8a51dc6edb51c4a9cfd72e128

  • SSDEEP

    196608:RUITvGePB7u5D6jc/WT9ZfGmw1Inj4KB8c8akpPq2s:5TvVkDD/KGmhZB8ekVq2s

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

  • Antidot family
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.mocereti.fill
    1⤵
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    • Requests allowing to install additional applications from unknown sources.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4254
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mocereti.fill/app_immense/MdIfb.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.mocereti.fill/app_immense/oat/x86/MdIfb.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4279

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.mocereti.fill/app_immense/MdIfb.json

    Filesize

    647KB

    MD5

    9080ca780268b1ee82128c85ab15992d

    SHA1

    8bb3c2f182766a24e00165a0c2c914fc908061d3

    SHA256

    36ed39f8f6f10c12d1e75864b3f1a86ac04090e72e055668b94db57cfc131d94

    SHA512

    1b22981c3dc7d268d923e0b5a9279997211bd3026382cca374ece9db26fa3c8dd4dc798fee89a6bfb55315fa5e6fc0562f91cf12ff68c64ecb29de95ae6410aa

  • /data/data/com.mocereti.fill/app_immense/MdIfb.json

    Filesize

    647KB

    MD5

    65665fc5d83e79c8e4a9598a0918efce

    SHA1

    ac791de882b6503b494fa51f162c34ef7d53fd47

    SHA256

    28b07087989fd0439b4653c94f1cf2e4afcfa94845a7e96b3aeacfc3c95ddeb6

    SHA512

    852c00f3212f722db4bedf1b23c6c0a05824057ac5145323331fdbf579d9a267fc7d3b321e5605dc1483ca334115e8d521975f72e3774f4467e48e3ac6f10973

  • /data/data/com.mocereti.fill/app_immense/oat/MdIfb.json.cur.prof

    Filesize

    1KB

    MD5

    5e0f5e96cbcf3a1ce11e8439e9b77810

    SHA1

    1c9570e01d40fbf7042fa08736953b0961b2ef7b

    SHA256

    662b8d67640fff186ee2f4acee11a67619e85837a209e93c0662f2423be9fed5

    SHA512

    77911b76cb183b4b48f6e6106316a604474a837d6475ebad1d5b1e59593aaaa2a9d01296d54600276a6ccca686c856c6501418804366ee079254383a80fe2b60

  • /data/data/com.mocereti.fill/files/profileInstalled

    Filesize

    24B

    MD5

    6de3c72e7309701662911db6911d3f6d

    SHA1

    f618ce5c9fd43df7260ccff55e7794964bff3081

    SHA256

    a319f4a75c7a2aad7cb97428f096138df64acc3f59806a9dbee64b9650cb58f2

    SHA512

    dea48ce5b867c08040fa67562af04e78d177514915479347ffaa397454ca3dcb14371e0b352f3eae04815edb5e597fed142de547f7b2b329e2aa9355a428982e

  • /data/data/com.mocereti.fill/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

    Filesize

    8B

    MD5

    9860bb3f76c2309a666cb39f5b7e3676

    SHA1

    17d465f9463e892f992bd7dadaa24fd45fa85c82

    SHA256

    fc98f41dcfb0e36ee5c1ffd885aa2af907b0e045ff313304b16a1a3ebe689a58

    SHA512

    cfae426fa4ce31455c14ffe8de97556bf4865492c7691519a8e674cff33b2daf42935f24798d7d669d205d30d76e467053074b9100052cc54af29acf73b79768

  • /data/data/com.mocereti.fill/no_backup/androidx.work.workdb

    Filesize

    112KB

    MD5

    912b3d7553c540e7493498ab269bd0d6

    SHA1

    d1d78a418e473259439a239ba1b3b72763acfc2f

    SHA256

    2188bc2bc4e1ac121d6f001e5fc6cb6b895eadfa15309d7d86085d74b2af781a

    SHA512

    8582aebcdd5e3f28fa4261aebb607026bc9dd81429b692d03535e3eaded76fbf8da6b25819018610da8466cf87ced0f393f9d2b578a01bbf62ee13a842f8b28f

  • /data/data/com.mocereti.fill/no_backup/androidx.work.workdb-journal

    Filesize

    512B

    MD5

    69594731e14d99d364b25f4d564314d6

    SHA1

    3f907bbbb0d5ed2fb59852ef8aceef30c40ac6c9

    SHA256

    4742cada475f00dc3cdfce95434ece1ee875a4f2ad970ecea8ae8b98de4d04f4

    SHA512

    d82a41029259690d4fe7ba286c4431b00abdb7dc50f8e36bd97f424912ba66f2b55dff63a03d13e96737de74e37908c82bb8caf5072fc210ff871bf8bd3ec3ac

  • /data/data/com.mocereti.fill/no_backup/androidx.work.workdb-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.mocereti.fill/no_backup/androidx.work.workdb-wal

    Filesize

    16KB

    MD5

    79cf3bfb60e4dd9c12fa9a52e79c12b5

    SHA1

    595c33a200b04508ebdfbd7906944e71a5e8182a

    SHA256

    a9251560dfbbe8531abb9397e8b7420aa6caa8acf1f49cc09ac9bb5025dfde0f

    SHA512

    2d7ceb7407666cd2c2b2a7ea5d495b7825f61beeb09127f72b5a610715aefb266efd53c6983a212e05ddec1fdda95fcbfab3dd0ef5cf0c7ef7eaaeb36676038f

  • /data/data/com.mocereti.fill/no_backup/androidx.work.workdb-wal

    Filesize

    116KB

    MD5

    301b4bf7faa7c7f7b1820feb471392fd

    SHA1

    3335a7b89249d1757457400e2665ec4b8fdc71c1

    SHA256

    967703206883ae85a9e1680641b168a9a6c7a429b46c62d548b4e689aef53899

    SHA512

    6ab83e7f8ad1010a086c3b251f06007c5100bdcad6339ed35275c96d2cd9d5d3bc0db7f47c89e0250d980a0e3bf887b70923b1d8c1af462d21e4629b44a89f1c

  • /data/data/com.mocereti.fill/no_backup/androidx.work.workdb-wal

    Filesize

    422KB

    MD5

    2c4c86fdf6cbb6b1f7655064ddea2079

    SHA1

    43821a2130b05a3ddd2e8a8000b770758c15836b

    SHA256

    845c3a8d565445bf51f1792b12872d601dda586e341895a32be812f9006309bb

    SHA512

    19485cc5e19e7e77ce4a83aa2df2084c71874f87a7b49502dbeeccb45e304c55aef931d409f7f8facf1eb94b7a5a5f8e6ce7314796020913d0a5e2081681c3e7

  • /data/misc/profiles/cur/0/com.mocereti.fill/primary.prof

    Filesize

    1008B

    MD5

    183e6648d5b0a33984e42a402dd1dd92

    SHA1

    364b98afd052eeec4813093ff2613c82b1d61509

    SHA256

    140f8b5a089bec63de2b716250644ab42b581002851be3c1dffa8c9408ae45db

    SHA512

    d4ba69c870a95a3b10ac14d1889abe22fed31c14903c00b864bf0c09b34384e82d5ad25412463563a64e29c1ee71237997af9fa0e2c0d221ccc5a9693edf0b48

  • /data/misc/profiles/cur/0/com.mocereti.fill/primary.prof

    Filesize

    183B

    MD5

    d2ad0c020d41f891dda41c09db650e12

    SHA1

    7657136a9c2a2aad830958b67519c94053773678

    SHA256

    504940c5b0ecb6eae1a3339e004d8717c5e50b8d5ec37972d35c853f986d92ab

    SHA512

    a126216cc64d1612b7133634ddf972a1c635aa62283e60616766dc718ce822dff5d1a1092def8b396f32f529507a71e8f260d055c12ce5e7987d9e709dff36ff

  • /data/user/0/com.mocereti.fill/app_immense/MdIfb.json

    Filesize

    1.4MB

    MD5

    7b75b01b4ca746608ebd1bf25fc0c474

    SHA1

    884d12e9dc86283031a6344e59b474ac8ee1c172

    SHA256

    d62ff678e20355994765eda98a27feb443fbb841d3b7c0d22c4d78b407cdf2bb

    SHA512

    bf388d83867323388cdffa3f45aea3cb64f4958a40a4545b7214fb1217828bae2ea46a8d70ad5a526312835bd4ba37ffa53b6c0b7de6e28fd9dc3b59a4679974

  • /data/user/0/com.mocereti.fill/app_immense/MdIfb.json

    Filesize

    1.4MB

    MD5

    ff2a5bc76bd956c9621454e9829ad34a

    SHA1

    3e41bd7ed5c73e133f753a89800d324d760e74b0

    SHA256

    92ba383ed156984ebcdb8c06e29b16b290b26abe0f226a5325775a0eaee7c63c

    SHA512

    35d9df3b1c912c9f0feec823d8722884adbed93275283c87990c793859af1dfb831f9386f03e0a736b290e30734d6961a18c8428144df6a0982c2d2c4054db47