Analysis
-
max time kernel
149s -
max time network
133s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
26/01/2025, 11:42
General
-
Target
HotSexGame.apk
-
Size
9.4MB
-
MD5
24f5c73f3b6b11a16b8f3baec8b31cd2
-
SHA1
b661d37d7b0158496358110f398c9f0b0cfff038
-
SHA256
84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a
-
SHA512
a813f7fc59a14cf9cd6b5d03e85b1bc0a892cf4417a8590e581113377aeae94a73bb015d90ed48d488b34f1efac197b56410fdff1514643480076cad438ff0d5
-
SSDEEP
196608:C4ok0P0wxlIF7TSyxxOHKNx3ajHE9Jig4RQ+KT46a2P:1TL9VOq3nig4R2T4Q
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.moruruja.auto1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5aa4885eb73d71e7b03987b4606dadc17
SHA1bda029e6acec43bdea162f28bc1821a20ff59614
SHA25682c01cd3ac1365a4735ed93e415afe77d1346626cb78f612809d8629f71f8d26
SHA5121514f61778b5d389f7b0f56e65067565ccb3b74e37f541d7770ac49c79b65a092f10c65d31965e81c9b9d2f6f349e5d1fab0f2d6ba65f05318e53c55a7631879
-
Filesize
694KB
MD53ffd03c9755119ce6ad2ea671022bb37
SHA1795aac07a8b4e1e457bb2335340c6a4f03d8141a
SHA256452d4d577f6f2a0f06f3f0af5ece95a29fd2f677718f984f415c5e82a79f1d06
SHA512b8687cf955c005999b7204e804f4f96a21720a2c437e2fcb8a764915732ea9c5eff513310641f0ae9f070d97e7111e540e218516ced95f4ee9d4f2c5693f9ef1
-
Filesize
694KB
MD5d02ee36208180469f17c8b63392d7a63
SHA1d8355ebd343fa8051858f2eee92702b63e9367f8
SHA2564a10f55fe98e1f5c38f152363b1e6db9ad2fd2d5a3384a528c07da3d19d80f70
SHA51262f57cd63933be851666b4fab0bf63ae431a10e745cf2120fd3817705737beb698801e430f0f40c9be0a16501ad4f305c30f267dff485b9eada9904a85b68463
-
Filesize
8B
MD57245f5ac176c470343806ce17a1d5f17
SHA1cc654a5d06649f9f3a6225652a865926e9b6f058
SHA256c5e63dd30301f01cd6a652abb14d3d36abe8287278a229fd54cc33572340d120
SHA5122f90479f1947bb6b2fae9d23d0cc2c81906c5695dadcd952280615d4ec979f6bfb57c4a1c5933db3eb8f9cff92fff6d5996664c2ae053acb48eb04a7c9879816
-
Filesize
172KB
MD572e35ed94b738266a5661852964b7b3e
SHA1501e67e9ca55e390e5047d3d6bd8378891cf0b1c
SHA2565383965d1846c74030cb1aae9492e821e764a9373656134c3b9cb445cbb3dfbe
SHA5126bf4f2a4cb1ebf653a7309ce28f6e5391f97fcf23ab51235235d9c0da36eb2ec2a3b6f04124811d6ec5ba44345ab35dd2302612856ee638ccbdac93a450b5963
-
Filesize
512B
MD5d1c16eac1a49b608d5e138b210ebbb65
SHA1cb228eecf03fc160ca08efa5cd813654366b96f2
SHA256aaec5292cf31172a3a52b34121b5e9a7311982847f130248e197d246b7dc2c17
SHA512bed95aa3a09824600a28c69b52349da258b03aa1963dfc3b58bfcff535df68499e9ff6eeb1f40b56d159a4bebd6e2a9cfad935da1a363e7c3520156a8ca8c920
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
422KB
MD555858d563e163cf2446bd34ea16d1b42
SHA1b5f0e6c86c307aad542453637fa4609653bbad25
SHA2569d565bd4f545dcd08d723bf0f9bc93412c0f8aec3c3530578bf4946db3f0424e
SHA51217a5ea42a946f96cf4808e6837d51641e4ccc287ad67429769209b2b1331d46111e724f8a1db7aad5659f9762d30e2f8532dc55afc3d9b2e1a05a159c53ff46d
-
Filesize
16KB
MD581e83ab1507482ca96e061395a60a802
SHA1456ca4ca213225ed9030ce12f83c6cf776a6558d
SHA2565ce5e3bb36f300c30aca18d58eb7a60453dbedafd08c06799332fc548aa3df1e
SHA512caa53ab517cb59aeba6dcc5f4e23f7030d9834ad0ed93beac63f9034f92598bb91a5666c6e5f898ad3363c7cb8a406e60518d062ed1d6fe6d8b8d04beecc550d
-
Filesize
116KB
MD526025105e870ff3c2bc5921f9fb66bd8
SHA14cf70d4aab043ebc61eada69de08ac4f26ef676a
SHA256850fc3a324b8dc162f2e028174edaf1b2125fb3c1f163722c6cf51e6e41e55ee
SHA5122b4728056cbb977d1d947bf2a76a23bb33ed9307f28a6b530b39924a9ba827c9a6448f31e4572d418deebef7b561f8fa84f75bdb1998402bf752cce340a7e351
-
Filesize
992B
MD5de4a6af2d10a9ae38ac8251b54713540
SHA13b4aa7445ce57172e929a08074008282a8655875
SHA256962a89cf863fb8b658b677edf0a7e4c4f699a1ea2d12d4d480500e302e1755c4
SHA512ebdca9380ed19594e1e0f3234491ff18eea8ab0ee37c1fb8f05dc4d06b9d4e83034f0bf92a067cea85b126c5eebfeae6fd60fd77fa0b0a7c3f402560daf9314a
-
Filesize
191B
MD5a0b0517c77be023e24b037a9ef840e4a
SHA13453557cf32728952cd1670ee19a2949855d072a
SHA256a0c1aa825cd00671857943282ff240bc71c903d17034abc1c4ffcdf8f67125a8
SHA512dc482a72689004a59499d596b67efd06402ff0bedf9f30b01220a275b201c23ed73ca130d886364100bb4165dd6dc7c056d994dc309e7ee170def216fe107bd3
-
Filesize
1.5MB
MD5252125b0260e050b06940f455d065e87
SHA1e5a3d7b0f22a79307364909bc9e23e639f46a076
SHA2561bc94ca7ef2d5b1e55ff19b720b9c2d768620b8b24cb742b4be51010c341674c
SHA5120ad75cc42e217c5ad1fe089b6a4fdec58e8e9e8f0cdb80b5b49c00a9e0560663dab8744db0b8e3d227680a11b2084e0ffd9aefb3d0f32e307053b941152e4e57