antidot | 84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a

Analysis

max time kernel
149s
max time network
138s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
26/01/2025, 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HotSexGame.apk
Size

9.4MB
MD5

24f5c73f3b6b11a16b8f3baec8b31cd2
SHA1

b661d37d7b0158496358110f398c9f0b0cfff038
SHA256

84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a
SHA512

a813f7fc59a14cf9cd6b5d03e85b1bc0a892cf4417a8590e581113377aeae94a73bb015d90ed48d488b34f1efac197b56410fdff1514643480076cad438ff0d5
SSDEEP

196608:C4ok0P0wxlIF7TSyxxOHKNx3ajHE9Jig4RQ+KT46a2P:1TL9VOq3nig4R2T4Q

Score

10^/10

antidot banker collection credential_access defense_evasion discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral2/memory/4961-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.moruruja.auto/app_village/ypxZ.json	4961	com.moruruja.auto

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.moruruja.auto

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.moruruja.auto

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.moruruja.auto

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.moruruja.auto

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.moruruja.auto

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.moruruja.auto

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.moruruja.auto

com.moruruja.auto
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4961

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.moruruja.auto/app_village/oat/ypxZ.json.cur.prof

Filesize
2KB

MD5
294610a0e740aac00e1d5a9555e2bc18

SHA1
4b2b1c17e68542efeadaee435c86722b321fce41

SHA256
cf5c06af6cf66c0b93870d478ccaf26e76afeefec2f64f2e76b4e580c4e221bb

SHA512
1e4ef2fd486d88060a205f13080bf30897b03aefe6ce366a79eeea9a070d7c671d346877ef1d8caa5234b88429f5eba539ab99b9a7ee9bdfaba6b29ebfc1750c

Download Submit
/data/data/com.moruruja.auto/app_village/oat/ypxZ.json.cur.prof

Filesize
2KB

MD5
99eaec7252023553c02ba095b355869b

SHA1
0f8ff71592811308984b911baaf4833a05d13a7c

SHA256
bac56582af1726420c2d155c41af5eef6046c6d08248700a43a5ccc582789b17

SHA512
5900b29df35c9da09024e2f0890d491362bb4ce2d2690abe8daff7810948de1289745351f926bac94ea1c6547e953ed16ce3abdea031a1203f6b20ef2b4f3a11

Download Submit
/data/data/com.moruruja.auto/app_village/ypxZ.json

Filesize
694KB

MD5
3ffd03c9755119ce6ad2ea671022bb37

SHA1
795aac07a8b4e1e457bb2335340c6a4f03d8141a

SHA256
452d4d577f6f2a0f06f3f0af5ece95a29fd2f677718f984f415c5e82a79f1d06

SHA512
b8687cf955c005999b7204e804f4f96a21720a2c437e2fcb8a764915732ea9c5eff513310641f0ae9f070d97e7111e540e218516ced95f4ee9d4f2c5693f9ef1

Download Submit
/data/data/com.moruruja.auto/app_village/ypxZ.json

Filesize
694KB

MD5
d02ee36208180469f17c8b63392d7a63

SHA1
d8355ebd343fa8051858f2eee92702b63e9367f8

SHA256
4a10f55fe98e1f5c38f152363b1e6db9ad2fd2d5a3384a528c07da3d19d80f70

SHA512
62f57cd63933be851666b4fab0bf63ae431a10e745cf2120fd3817705737beb698801e430f0f40c9be0a16501ad4f305c30f267dff485b9eada9904a85b68463

Download Submit
/data/data/com.moruruja.auto/files/profileInstalled

Filesize
24B

MD5
65ebf3f1a5e8f96c742d68392dd2058c

SHA1
31db2de290a58a0d4955caae38ffdea2bfc0ee8c

SHA256
d7782165c139d18ba1009993ef5d355b01b85f6c211853a17a1e2b9d8b8fe737

SHA512
620a19539e43dcea592a7d86984013a3405f4bfa371c59620bc7d83dff6ee5f47e5983a6fca94d45b55cfec058dd488113071f56045e61a8aac02f75e6cd5d94

Download Submit
/data/data/com.moruruja.auto/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
13bd14b5adbf474a12c874c1d3b88caf

SHA1
ead546ecfa33c2993a8da0742333cc4c062839f4

SHA256
a04a1512a1fd1ae4ac5726a21931c91e126bbf0eeb067979e8fb3cee4254c78e

SHA512
e09e0ac9fe2446943e1d88594e3333c6194f7b6b22e0969082957fddad3cd9c2584822a62631266e0f6a80683705a028f48c80fe8a6040656d7e8caed21ede00

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb

Filesize
156KB

MD5
2e14a2da9dbaa782987336bda1723376

SHA1
3e8589f47a9ff8084d1744bcc23163eb55f7a374

SHA256
b76a98cb800f857e25c70db023fac7f2ea60d7a39cf8e9355bd91298d7f19f3f

SHA512
3206ad0c63b2bb0209f7dcbd24dd495fb06c89e580d55fa837ed6e6e70e7799c7fbd52b04c9a07d5326ffcc6935b35e6d05fd3171c655f72edd7e81fbdc3412a

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
e237cea66d6f02815dff0d47bca54006

SHA1
6a1868d2b3cddd7249b0d8290f2834f92a971b95

SHA256
654533dcb289015a00a9d33cbcf93a007cd1d762db406372be4bf89375ab5667

SHA512
2a5a68101c6a1a40b22d536b6f54c8b3077e81d4a68fd5c8cb2544efb414e2c819ad752e474321bb3f7f4624ed2cdb03f98fc804654ac7dd93b97bff032d2892

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb-wal

Filesize
418KB

MD5
90c27eaa64069cfb2c9db278bcd6c6a1

SHA1
d94582825e47299d79e65214033409bd4e733259

SHA256
5acdd279fa3c7c745305d5aa1de56d4b89e5ce9a409b1cad113908def82a483c

SHA512
eb6bf1477b62f0fb0b8e0457eb3b981840b5e531560718e0415dc8e2a9de511b1cb8437468fd6a42d135df6a973d68358007d704d1dc70ee28ba6092f50926ff

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
e110a43c64fc15896f852a19767fc67f

SHA1
5e31e837c23a2dbec0a66cee24ed5b93f578d20b

SHA256
2d7dff00f7706194c8da9de8ada2cad1702baa7a04a35719aa319d72beebb6ab

SHA512
1c8fe1088bccf04bc90e4881e978275cfe7cff0f4dfc3b5eae05ddfcf034d8e455fab22de340b959b1733cb647fbbe9b18ca8d140520e0b83ad46df368c29f42

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
cdc86d82096489fdbcf2800854c0b64e

SHA1
7ac433b2eccae534020fd05839484b44e79c0d05

SHA256
7f46bfd85820738fbe4d012ceed623d8e1d5e0596a6fbd10e736f01cbdac9407

SHA512
c8ce9b1d2c7f8a7de5e756274e54d240c3cb6433479ca41f8ab245e67a93ec1aa8c92aeb171bcd8a02fb04af3b6ed0b1128b162b5f477c2806a8a43d96b57283

Download Submit
/data/misc/profiles/cur/0/com.moruruja.auto/primary.prof

Filesize
992B

MD5
de4a6af2d10a9ae38ac8251b54713540

SHA1
3b4aa7445ce57172e929a08074008282a8655875

SHA256
962a89cf863fb8b658b677edf0a7e4c4f699a1ea2d12d4d480500e302e1755c4

SHA512
ebdca9380ed19594e1e0f3234491ff18eea8ab0ee37c1fb8f05dc4d06b9d4e83034f0bf92a067cea85b126c5eebfeae6fd60fd77fa0b0a7c3f402560daf9314a

Download Submit
/data/misc/profiles/cur/0/com.moruruja.auto/primary.prof

Filesize
190B

MD5
76643980756c6bf641728f2058453ca5

SHA1
e28b41b6ec20269ebe1df461c67f1327324072d4

SHA256
d08ff88ce00e42e2b66c557ec3082e352ee900a1cf01d53a570b087eaf2a19c2

SHA512
1b74b1088d303d5f84826b88427a1737db4ce5dde6437438121c211a70ae83def70e27499cca9c6b595fa4cad6adb591844fd927bf41841a9d14f5d026b5156f

Download Submit
/data/user/0/com.moruruja.auto/app_village/ypxZ.json

Filesize
1.5MB

MD5
252125b0260e050b06940f455d065e87

SHA1
e5a3d7b0f22a79307364909bc9e23e639f46a076

SHA256
1bc94ca7ef2d5b1e55ff19b720b9c2d768620b8b24cb742b4be51010c341674c

SHA512
0ad75cc42e217c5ad1fe089b6a4fdec58e8e9e8f0cdb80b5b49c00a9e0560663dab8744db0b8e3d227680a11b2084e0ffd9aefb3d0f32e307053b941152e4e57

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads