Analysis
-
max time kernel
149s -
max time network
132s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
24/01/2025, 16:04
General
-
Target
kovobopipe.apk
-
Size
8.7MB
-
MD5
02af81325aaddd54feb7f0e8fc84ee7b
-
SHA1
3161e43ca8dd405de2df79eb03edc601b52a7ec4
-
SHA256
e8bad4b9a036d34bd196b09ad1ed225a94b46e6b7d41ccd250281208ed87b040
-
SHA512
8f194cae88c8759545bc1456166478e66b5f23492652088de9504b6b2612e4d0227e1133f7a21cd8301a158b80718a32206c86ab120de10a80bd680f6f74c807
-
SSDEEP
98304:so/Kr2VeTADQyKmLqUoDp3j8qkG07zjaY5YZBPxeV2BUsCYsTh2ieSyeTgnrSs+:BeTADQX0at80vZMPfn0YErSs+
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Requests uninstalling the application. 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.nemuwebexe.address1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries the mobile country code (MCC)
- Requests uninstalling the application.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.nemuwebexe.address/app_chair/kwusiN.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.nemuwebexe.address/app_chair/oat/x86/kwusiN.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Indicator Removal on Host
1Uninstall Malicious Application
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
949KB
MD5254b588682b5c750660b91ab03f26869
SHA12efb70710eb70785ea48713b4ca03b1d481faf6d
SHA25685725d73debea23a1ebc06799b4235c45cb1d001b9ca3254cd9a89c4911517d7
SHA512f688c55c96cb1c5d231ba7aedf04d5998b8c2f521c2bcecd7acef9cba51e01017429d9d5a98f22b51538d4ea43d7836a3094b7a12a815bf122a4d46f233dd743
-
Filesize
949KB
MD5dbff78014cc2cefe06032c4537b6fbd5
SHA1ca02f8c265bc2a67215f0bbe42cdfb0ecab65375
SHA256025523db1f46f1868210882652d7ee70bc0bbe53e7a1150476f2cd8a5394afcf
SHA512ad6a9e3f5092db9bcfa88ad2fb8f152d8656ea0d680e7e677883be17945f33b71db19bdb2a2f1409b6ac7984921689008c8f812555b2b495b39f6b74c46632e3
-
Filesize
2KB
MD572c4514613056b32eca9df4467f23c27
SHA169e79e52e3c48c54d608d6783d3743eae30c6f2d
SHA2569b6b188a1b15c58eb817674f24cd381f4d0badf2650e4275f797087b377f465f
SHA512b405447cc295d33f160a3779a2168ac5f92113027362fe6c15e688707d1067b5280ad156d9e42cad0664744484ccf3d0bd17a7451310d291e7b4deed94555e42
-
Filesize
2KB
MD54c55076503b34389df90cbee231cbbb1
SHA1c7e6867672b52594e9aacf29c68578a4e78ab0b2
SHA256944511bdfea4ba1fadc8ffd0438b07e4db72b8dc190199d10cfa04ab4f5a659d
SHA5126cad4f06579156ccaecbb6f80358cbe9bf740823f19853fc7f97f5d6a6f2246eaf75e0e297d585b762d283c2c92b379927ea33af6b63c3c8385474909aa1f8e9
-
Filesize
3KB
MD55b3f300d8041ea660618436488165088
SHA13bc436a7e009677477674054051bfa596a950201
SHA256b230bd06ffbfe277f5d6d9989202292e7f5b4b1ca90f77c3425c46e134a5cbee
SHA5127e3a7a7a7ef7b1584e688e1d7e155b703b22e4ac0339cb30a6c660e04702dde37a2152e24937d34b518b94b6e024c181490a1daf8ced4f5cd26e91aef5e44f62
-
Filesize
24B
MD5d0256d8a521a0283de87c84366224972
SHA1cdcd0202dd2aec5b24ca2915120170c527c4ffee
SHA256a0d309393a6d43047724755215a65ff52dfa95ddf7dcdafbf4563c6660c572b3
SHA5121bbcfd7e7c4a5a3ce851356d122375ebc534dc16915efaeaa4453291bf3e96dbdf63059c0f9576ae6be1e3f7c030fa1248bd65d3852856b069fc31618ee7be64
-
Filesize
8B
MD52500a893426c235f2fe668e8a9ba5cda
SHA1fca846b8d0b517a0fa3a5e34c316f1f8520aeed2
SHA25608127936a8d5d096e730fbc19925dc38e409484fe0709e2e13db2f8392de0594
SHA512c8f7708f83a01ad92c9431ec665cb9ea8e3adb6fcfe8747f4e7c41244d02203d4277b9f9737617d27e9be5820d7a20ad48f8c14395fcdf1ad6bd88d987da0fe5
-
Filesize
104KB
MD5278d657ab8a3caba945cf1ca342c95ee
SHA1f34cec21acc3c94610de6f544cbfeefd84ded15a
SHA25669beb1efd724b4d23cdabf24763a293b2119e1840ba84419e26399c216a9efb8
SHA512bab08113eafbae51e7e6d24bf93ca0c82740ff0f0f6a14f564aadac32ae1cf6d96606fc0f89109a23d6c883f11eee780233b5b5c428d3ff70889245a5dc95a48
-
Filesize
512B
MD5ac4cac2cbcf0643e9fb52002adf7c3cd
SHA1d4405b43cbc83b20cbf9da7c622cb2436063a2d3
SHA256375b0f8d669695f59827b4f755d103265eab58fe6b8b7bd167009b424bd161b1
SHA51203b05527187d0b92355f999d721fbc32491f851debe84ecf6229bbfdff4b6bae40fbcc9ee3be4c8906994b34ccecdc7b772418583925c772cc76b7c2f0f7a2aa
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD584d4e132cf9a2235111ca3418bbbb88b
SHA1dd05b619c937bdd44eef875c57d2f6011da78f83
SHA25606ebeb2070257287558a54176daba35f9878ed4141194ba6a6155f27d529971c
SHA5124c65b78f5534163df97fdc257e52fdd65b7853bd25933d5472701b8690a9b556033b7fb0eaf8baa0882a487f7ca1eb5dcb3ba31c5104ace97c432c401eec6f80
-
Filesize
116KB
MD551d36b8af9390de457c79a9f9671a613
SHA19784169dbb83557326cbe83ca1ef1e3ffac6efeb
SHA256b13b15c3911c0d69520b61f1271dc04b27e30e2da9771f79c0f00046cf064759
SHA512bf2ccd39ba3fe7509d3eae8a713b2c43be541cedec04b85355db1e5d229e083728ee2ac2a14cc85756598c0cf94cb054151c817bf898dcd877915d04a1a41115
-
Filesize
438KB
MD5bd31e89a41b0c884abe39c34699ed94f
SHA18ab99228b805b83e209ba82d155544e28b45c9d3
SHA2562fa8b0bfdd6281b6e0d1d818b918b36ab6766c711a4ca8622adcc6569c0185f0
SHA512abc8f9913cdcfe994ffe8ce4719b48c264386b38b1b0d1583fa85dc3c0781716de24043773d28f166286fc0691f8758b5d028490d574aa0ee4c70a3643c7368d
-
Filesize
1KB
MD57eb5d81ed2323308d49d03673b9900b1
SHA10f90f803e36871d649140e50ecbc5da3f49c6d4f
SHA25691cc83617647094d051b6611da7a89a2d3c681b654daad736eaf55538dc90d97
SHA512e938e87a7edce750af151d57d40bb15181000bcf33ee8fcafaaf6c32cc19fc02da74ccbf025fc9a2f198f2ee1bfdd1f032aae6175268547ae88373aa24168bee
-
Filesize
178B
MD5947879686d96e19345da717c593618a4
SHA1109b107060a545f5915a582d680ec7b2b46ed773
SHA2568d9c92da9c2333179f158f34684b94bfad21c64740d95ebe4715d3d025d52d08
SHA512c3b87b7d22a4d3e69f78c9163745e7f294820bd2b7ad2c3b5b1fbcb8ff994e4f864597377734547f3027485561f71be5be06f555aca35f158da5436aa04590a1
-
Filesize
2.0MB
MD583512171d848bfae9560e8dd8f6737b3
SHA1271e960d769c4d479ee13fd861c445bfe32dc132
SHA25691f9d522600841dc71186ed73ffd62bc5247348b85153c6a1de1fdfb8ba794e6
SHA512eda3d276aa115315bfeeb7bc5db78f21fd31369f31122936b9c07740969b219bad70ac78094511947bad6b0cd3a1398e911c86fbd230c46e89461bb9b7591200
-
Filesize
2.0MB
MD5a3387bde9897ff87c15d2d12693f5fe0
SHA1e58b46892df1c51363a193ab3d732aba4b045463
SHA2563fb8284d341271ba0d1227dd41e87e07312cafb2c98d8b6b9666c7d17c77822d
SHA512457b30af651d6efc9636ea498bef9a7dc3d10added39927caaf238f5a86fd642a807457e7edbf2429732e3e1a46ea1696c255d90e7e66755ac2c8477ac03c74e