Analysis
-
max time kernel
149s -
max time network
155s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
-
submitted
26/01/2025, 11:20
General
-
Target
HotSexGame.apk
-
Size
9.4MB
-
MD5
24f5c73f3b6b11a16b8f3baec8b31cd2
-
SHA1
b661d37d7b0158496358110f398c9f0b0cfff038
-
SHA256
84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a
-
SHA512
a813f7fc59a14cf9cd6b5d03e85b1bc0a892cf4417a8590e581113377aeae94a73bb015d90ed48d488b34f1efac197b56410fdff1514643480076cad438ff0d5
-
SSDEEP
196608:C4ok0P0wxlIF7TSyxxOHKNx3ajHE9Jig4RQ+KT46a2P:1TL9VOq3nig4R2T4Q
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.moruruja.auto1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
29KB
MD50881e2bf16999e59cab630cbcdf91921
SHA1886242421ab43efc4b71a3a73b6e0dac9be1fa50
SHA256a3f9e687cf1078ad6918aca3606105ab6854ed32e2af96338a24f987cdcbf198
SHA51254ee366b7c6d4e72c2fd555393761adb5e27c3824110ba2d537a4bd7ff34649158b6c79de01294bb966e8f85cedd7be4311a26f728e8381b6763aba0d234522b
-
Filesize
1KB
MD5da1458ddd97eda94b91760ce286e5d5f
SHA10b6d71fea2b92f93d73132a192035af4763cf186
SHA256398fa982da40405c61166ad91216392de6b7b87d973530a685f6a15328384a4e
SHA512c1452ae2210005c8b2ef7258bc74500b89d2c0dcf76a54e35768532dd46fdc6a7c248594f906471a0800ea87aabd5b708058dac7da1814397b8a2cf24bde38d8
-
Filesize
694KB
MD53ffd03c9755119ce6ad2ea671022bb37
SHA1795aac07a8b4e1e457bb2335340c6a4f03d8141a
SHA256452d4d577f6f2a0f06f3f0af5ece95a29fd2f677718f984f415c5e82a79f1d06
SHA512b8687cf955c005999b7204e804f4f96a21720a2c437e2fcb8a764915732ea9c5eff513310641f0ae9f070d97e7111e540e218516ced95f4ee9d4f2c5693f9ef1
-
Filesize
694KB
MD5d02ee36208180469f17c8b63392d7a63
SHA1d8355ebd343fa8051858f2eee92702b63e9367f8
SHA2564a10f55fe98e1f5c38f152363b1e6db9ad2fd2d5a3384a528c07da3d19d80f70
SHA51262f57cd63933be851666b4fab0bf63ae431a10e745cf2120fd3817705737beb698801e430f0f40c9be0a16501ad4f305c30f267dff485b9eada9904a85b68463
-
Filesize
24B
MD57f5a9ac0649daec6cb3d8f5c14842c87
SHA15d2c01390c09988aeb2776b25ba578c66644e5ca
SHA256459d47d79307afd7a4ce1a9144309a52a86b9790ab357b80b012654dd60d8e7d
SHA512c2400c76270c80f9b40e475bb1931272bed45d9f739e5611922445b05f921f1a8075b0a3880bedee111a7080ecfc15e16b8d1a2a286521633e568a6f85ca8b77
-
Filesize
8B
MD5cc831adef3a865a6a5ad3b91085b5beb
SHA1e6bd1c462a054f10cdbe3ad6a5901c2da6e00d9e
SHA256246cb1bf448956de247da3946be15cffffd17a9bf2098748284a0301d18c3f2e
SHA512401009c4e65120e0520b4bbe2ef0bfc75a2f6306d74d29df40e6ceb1236528da9d90f1154d09777dabf54b9e55ef1b30f1105d6818d816bba0d6d6160aa9b9ed
-
Filesize
156KB
MD5872364eb16189b30c7d47a7b8731ab09
SHA1618deec052d0b1180789ad4395c32db49f9c9f4c
SHA25692ff4841116426d62c1b698e91e9d403e0478298327bc4c1a7af06409399792f
SHA512e99577d3359cf92fc29958b45b3228b0bd442c39e73f90f6db288e57af9c6acd86230d5ce2bff202e7d89c6423dbd6f77d8cec08188d4b318185e2941b0cc249
-
Filesize
512B
MD520b7f79c0ace3cf1c0542ba3612483dc
SHA1351b50388c454356fee6e0aa8b503cec281b55df
SHA256264bea32758d3b014364eecef23632d7cd7fa39a4d2c9ff85e8f3b4bb06708fb
SHA512142f8e3552464e9385cf8a7783b7012b61ddbf493e7c103d310555e0e9ed1b60ae477e225f058b73c25b8f9e4c92f3a9af2f958815ced4a8e27991e5de415633
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
116KB
MD56d76ca133b637b8f6c92b2bea6776017
SHA1b9d6dc67c2c02ff2a104efba137e5d41ed692219
SHA2567cff8dcd5c32d5d59734fbe6c5ba912db803d76dc6d29e47fc237c4be32ae5ce
SHA512dfe071e25960c3ac14f2740e83fe001052d2fe8ddfa26df51da789c4607f4949c32a8d08b23d88500b2b9f86fe5ecb0ed6fb333cb6ebd2455febf8a6017c8478
-
Filesize
426KB
MD553af81c8362e22a03d4b7db2a548224f
SHA1258fd83607544e19aecb1333b4bae2b846db26cc
SHA256e6969f245e6ff950d15ce3d318251253fc4e2d04b87b17341ebe1f2fd7772c62
SHA5123532648c0d5243a7d87395a3b01715cb6a2784a155be89faf255468299e8b0554ee0e36b19760c13d2a2ddebca21e8655ccb4d8a603661ee0a23e0739b69734b
-
Filesize
16KB
MD53e9c5441dae530614087f134dd8eb687
SHA1ecef43507cbdc91b33c17b822be29ad30a8f96f2
SHA25671375deb6ef5a8f807dfe98b291fb291723992a82c9e5c1fadf73def1292ee17
SHA512aac331a2fa567b57ef7c68b5ee428fe1354b179014d2e921b7dda0c76fac661d6eb9594668bf973688e9b751e355c9840ddd8350004b3971fbc5dda38ed93ea4
-
Filesize
1KB
MD5ff1939467c81693da08b62cb0d8c6a93
SHA1d8328bc0b9a58ee0652becf1cb0b6521dab34b86
SHA25665a44c5d0985bd113dd63da1344709eb067a973f5a5d67b9a497d02d36836dbf
SHA512579f74de167e0e8a46a72a9000317725a8481080da2bcf4cdd9a76e9fa83a407ea927d61953fdeec543baa990f346152f02584e78fcb9b0019081f28472c2f71
-
Filesize
244B
MD5f9492d61c8862967304de9a02d363eba
SHA1a278b27c4220a2dea32f99ebd37e677ecbbef347
SHA256b546aaf15d518f153654adca01fedd2588e8caea3baec384f4c481f43ea58c4e
SHA51249edff7bd88356b9e42b02daf06f03cf5544b2708e5143ea79c1f123a68c089b93e654ba1dfba6760a40e128fe941a37682c03c90f740a69fc4828840a008edf
-
Filesize
1.5MB
MD5252125b0260e050b06940f455d065e87
SHA1e5a3d7b0f22a79307364909bc9e23e639f46a076
SHA2561bc94ca7ef2d5b1e55ff19b720b9c2d768620b8b24cb742b4be51010c341674c
SHA5120ad75cc42e217c5ad1fe089b6a4fdec58e8e9e8f0cdb80b5b49c00a9e0560663dab8744db0b8e3d227680a11b2084e0ffd9aefb3d0f32e307053b941152e4e57