antidot | 84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a

Analysis

max time kernel
21s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
26/01/2025, 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HotSexGame.apk
Size

9.4MB
MD5

24f5c73f3b6b11a16b8f3baec8b31cd2
SHA1

b661d37d7b0158496358110f398c9f0b0cfff038
SHA256

84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a
SHA512

a813f7fc59a14cf9cd6b5d03e85b1bc0a892cf4417a8590e581113377aeae94a73bb015d90ed48d488b34f1efac197b56410fdff1514643480076cad438ff0d5
SSDEEP

196608:C4ok0P0wxlIF7TSyxxOHKNx3ajHE9Jig4RQ+KT46a2P:1TL9VOq3nig4R2T4Q

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4471-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.moruruja.auto/app_village/ypxZ.json	4471	com.moruruja.auto

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.moruruja.auto

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.moruruja.auto

Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Intent action	android.settings.MANAGE_UNKNOWN_APP_SOURCES	com.moruruja.auto

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.moruruja.auto

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.moruruja.auto

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.moruruja.auto

com.moruruja.auto
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Requests allowing to install additional applications from unknown sources.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4471

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.moruruja.auto/app_village/ypxZ.json

Filesize
694KB

MD5
3ffd03c9755119ce6ad2ea671022bb37

SHA1
795aac07a8b4e1e457bb2335340c6a4f03d8141a

SHA256
452d4d577f6f2a0f06f3f0af5ece95a29fd2f677718f984f415c5e82a79f1d06

SHA512
b8687cf955c005999b7204e804f4f96a21720a2c437e2fcb8a764915732ea9c5eff513310641f0ae9f070d97e7111e540e218516ced95f4ee9d4f2c5693f9ef1

Download Submit
/data/data/com.moruruja.auto/app_village/ypxZ.json

Filesize
694KB

MD5
d02ee36208180469f17c8b63392d7a63

SHA1
d8355ebd343fa8051858f2eee92702b63e9367f8

SHA256
4a10f55fe98e1f5c38f152363b1e6db9ad2fd2d5a3384a528c07da3d19d80f70

SHA512
62f57cd63933be851666b4fab0bf63ae431a10e745cf2120fd3817705737beb698801e430f0f40c9be0a16501ad4f305c30f267dff485b9eada9904a85b68463

Download Submit
/data/data/com.moruruja.auto/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
a815d9a34dade30da727db9b03af0629

SHA1
190038dd10c9c4854855f4aa1f8f222659af1764

SHA256
84d915ba0edac8bac514b98eefba97bd995a2b88740d790876d1a9e62de86d2e

SHA512
bad74c9d4efbfc04cf0f634b01edc0b6c894400ad1c850bfad5d20caccc609b5c9e5ba48b9e62c535d076304c14455c800a0bae77232d35f48fbb04327ce850b

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb

Filesize
104KB

MD5
d5493234305dbbdadbfa2bfb864b7514

SHA1
06d8fd66738313b9d0b4d40234c139e1282feb0b

SHA256
8a1222e74ae6ec54031bb1ed655ae60f8e74fb1098f30029f63c3f4d539fe013

SHA512
bc4b6e0c79f52c31d06151db9761f6ea88874d093a8ab8dc32a7f3ff731da0ad61d8d2f56222fc2ee04c9f803e6b8fa070971df38d7e2eb724e90d6d1586b7a3

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
19ecae5db009829d4a032900a385f9c5

SHA1
3ea527f53d9556fcd5686dd39843ff0c11b80917

SHA256
a0b84a902dfd0e92ac4de9387e0a0c5cbc5cbc1e6d20573edd7f77fdad2d0d58

SHA512
e64a4eec2c2a3929dbc36cf5fd7ceb2645695390369cdb352f54ec8ad19855c9b8321a77862d695dbf191f36fcfb1a4cb38194aae4db25fccd9e7790e2013987

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
8cb66392ef7158ad8392f85be9b10352

SHA1
09e2c6994dc39107a3264f42d903d08c79dac8b9

SHA256
17569d2d5df555aaf0a775b88f73ad512a67d1764b69020f3a8e77e6c49d1bfe

SHA512
0cc08c3a6979f252f600768b100e44fc0638525ba37415f79a308a394729f3ffaff72c9ea924b9bc53eae617e54afe3a3711a85f300ae471d02780a9c68c1f45

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
21276ba5002cf6f0a9c4d5f26981174b

SHA1
bf7c457e107f003dfdec432de11bf5dc5173084b

SHA256
a62b55abf5fcdc5e8ef566919fbe34c825947938841304c861a2fdb06ccbf3a4

SHA512
a59035b8d5aaea0db1e841d8fe1fbb967a4a814c2477fc5eb68f054fcb351495374b7392d875d0a050132f5e68dba8a66dbe25b26e2a6e12383052e4b3a8418d

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
01d04e43458aa7ebb5bb6b3a680b6cb1

SHA1
6bcd3a111e98d912668f2f1a928abc5a177b8e4e

SHA256
a01e2c152c1478897469867fed8382b5570b24bace11fe1fcd9c151b786f7518

SHA512
10c853f4aebd6fced1e56f577ae96232ce414c1d37a84b5bac4af31c14fe3361869d4c6fbc5c519dc57c1d11f5c1dfc182d22ed4ffdff2803181c36a3ad358bf

Download Submit
/data/misc/profiles/cur/0/com.moruruja.auto/primary.prof

Filesize
992B

MD5
de4a6af2d10a9ae38ac8251b54713540

SHA1
3b4aa7445ce57172e929a08074008282a8655875

SHA256
962a89cf863fb8b658b677edf0a7e4c4f699a1ea2d12d4d480500e302e1755c4

SHA512
ebdca9380ed19594e1e0f3234491ff18eea8ab0ee37c1fb8f05dc4d06b9d4e83034f0bf92a067cea85b126c5eebfeae6fd60fd77fa0b0a7c3f402560daf9314a

Download Submit
/data/user/0/com.moruruja.auto/app_village/ypxZ.json

Filesize
1.5MB

MD5
252125b0260e050b06940f455d065e87

SHA1
e5a3d7b0f22a79307364909bc9e23e639f46a076

SHA256
1bc94ca7ef2d5b1e55ff19b720b9c2d768620b8b24cb742b4be51010c341674c

SHA512
0ad75cc42e217c5ad1fe089b6a4fdec58e8e9e8f0cdb80b5b49c00a9e0560663dab8744db0b8e3d227680a11b2084e0ffd9aefb3d0f32e307053b941152e4e57

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads