Analysis
-
max time kernel
293s -
max time network
310s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
24/01/2025, 08:21
General
-
Target
suniji.apk
-
Size
9.9MB
-
MD5
c42fa3877f0f4d6d3d9df649f76bbb3b
-
SHA1
b00a54807507294dffcaeb6ff6d7c0b5673a0f4c
-
SHA256
44eda4365a537ac954a43de4617cbef793ecff5672b51cd0ef272c5674c63a26
-
SHA512
9403a03f574f51bd45d341fe14a96bc260cb7946e838a5495cdcdd75df166594add5716bac5efeb6b9a5556627d62040f9385ddaf52e61091bca591f5857cd5e
-
SSDEEP
98304:to/Kr4cdb6fC4CuQRmKKuu1/0d5ysPmKgA1Zk4UqQbgRr5ysPmKgAWPbQA9eb16l:Ldb6fC7ueuM6UpDIxBYErSszEyxP
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Requests uninstalling the application. 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.nebukudo.fill1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests uninstalling the application.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
950KB
MD5d910608f06c5139dd6ae873c47645709
SHA112bf9ebdb413f7f2285c45da22fadfee0e42adb0
SHA256cc3ddf0df4f54e04c44f796ebeacd9c6b6e76b1112ac0213ea22a9e451c8d91a
SHA5121c17e1e3fd587eb255c324c30b40c95dd45d444fd751a52e0fd0f1a65bf5d0c851201eb864c3685076f03dd9d9214c6d095d8b767659d6cf18bb18b9ddd8124c
-
Filesize
950KB
MD59b83abbff529840727e3bcfa059a10eb
SHA152df50fd7fb596461d6024ee0ee589ad3b3d3a75
SHA2566ef9f1111d60210065771798a2c965408050e37ac01566aa73ea0ecf00040da6
SHA5121358a0d5032b8de4eb3a8501bb0a87309e7c5fea633f46bb0ad1a49e4bfaadab089e7ef3ead90b9d5abaea4cfef9219a6e49188e4db04029f60eb36ffaa2be82
-
Filesize
8B
MD5fe8d30749ca4c66471ed8243c69d287f
SHA1f66c04c0a4222457b42be9c29b5cefa8e81bd1e0
SHA256ce9ccfdb86f8003a93baaaa73c8b1c40d30dd0c34737ebab0c34684069f97289
SHA512551cf88df399a2ca4eac96db36a4aa01c1a31626521c688cdd59b2eb21b35191ca5443960e24e45fc3c04b03aa43e0c47dfd4925ceef6263d18430675f0161c3
-
Filesize
104KB
MD5a16ee192fdb20d1a0aaeba10f2bbfbb9
SHA14dddce1f5a6ac289f22347cd31452f1adc3fe5aa
SHA256b1b0a81a2ce43d54c7c72982aaccf6b76346bbc53df667e7c9cfcd99750b9254
SHA5123f95b4bfff6651a072cb652eb29ccef10c3112b77b46837df1c7e94c7430840080717d324de8b5ab1f33c57d1263948eac3f6d11394654facaf891f74a54c586
-
Filesize
512B
MD55cbd71eefc2ca050b679cc51f525d4d5
SHA12dddf48c3c92a2ff679a551189d6b3cf0c37c109
SHA2564f07194a430ecc3f05aac94b68491e82cf682dbc7d70289181ea44070f7982d6
SHA5128546efd6b37b70a3761e8e789c8337b501d440e0abb5b336493b3c75f3f79e419dec18745c0b163c573081be17897af8f9df8c2334f29fc7958e098a001827da
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
406KB
MD561944d1e6f97ffe47cc1e024dee1a63a
SHA12e1637b41e1f77cd91987e0cfa6d7343771d224c
SHA2566cbda2013e305b41db5e600570d742de540a197a42887fde1946608da4548f4d
SHA512df1a773be8a89f4a43261f4fca601b1a307de72885070ffabb32c6302187bb1638d8942441ecb9253d9a3cc75bf92b8f88e89306af1eab8fe57b57caa975d598
-
Filesize
16KB
MD5fdbba410df4ef6ec849783f134011756
SHA1f2782fc87d347574b45a56a841274e7a221b017e
SHA2566f6e0904b591dde8d93983beb006ef7eaa6777ae617a6a4015fec287a6c4d7c2
SHA512c12ff602de9e35c9f57254a4ec60935f72d69ac6c348d7b008a4a4177d4d7c083e45c2cf57ab7e0d5432fd982d41263055db17870ca5af48928a32209a400d98
-
Filesize
116KB
MD52e2d7bce8051a9eadd7426fffeaa0937
SHA1652459956621991e1914f0f30a0816aa5d6b1b3e
SHA2565ac8fcfb134ef7706c7d2d8c9b2656790443b918227ccd0113894a0a8021e734
SHA5120d86b75bdd884e9ffcc9543c712e6cdf808f6009ee1591ce0cfc34a7ffa15ee363ef9c0a4ff0fd91c58c1d16306dd122a11bdf6debde9fcde6f7f2fc02d70877
-
Filesize
1KB
MD5ab4b2fec6807baa0c5b1bdd59d249541
SHA1f5fad7fa61440dcffb7cfc504d7614d22de16825
SHA256cfeefcd850769a9e676e5cf7a97341127fbfcf2c816e91aa0a8389a3a117c997
SHA51261fe1ee99432619a88860bdaefad7d2a5848d380f1c7972426ef712513aa4562fdecb955b2feced10ad705660fc550c3855d0c3426a6c698946170066bc88bab
-
Filesize
2.0MB
MD5b6c46c54201c0afd5d6e25bb428e6037
SHA197a933068a8383e6c7d56c46d3f4e95851c04eaa
SHA256eff887675210225c4545bcb2349d23e1e7a1d5aed2c11821cdbaaccc8fb3a141
SHA51220542c41984e589c6684519758255ecae34b125ba47a0e7b7b517d8e7cc0450741eb38ee1eb21df3453699ba2911045cc0d006c8c1dd6e3d0b1be10d01e91c39