Analysis
-
max time kernel
149s -
max time network
146s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
27/01/2025, 04:23
General
-
Target
84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a.apk
-
Size
9.4MB
-
MD5
24f5c73f3b6b11a16b8f3baec8b31cd2
-
SHA1
b661d37d7b0158496358110f398c9f0b0cfff038
-
SHA256
84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a
-
SHA512
a813f7fc59a14cf9cd6b5d03e85b1bc0a892cf4417a8590e581113377aeae94a73bb015d90ed48d488b34f1efac197b56410fdff1514643480076cad438ff0d5
-
SSDEEP
196608:C4ok0P0wxlIF7TSyxxOHKNx3ajHE9Jig4RQ+KT46a2P:1TL9VOq3nig4R2T4Q
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.moruruja.auto1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD57e059ac06b76a4a705a31796c89856c7
SHA145343cb7439ad83ef56e3f073aed667a4c01ed01
SHA256be9240df3c4df7a76542525f2401e23a693a4c5b39628ce48b7a96d65829a5fc
SHA512a2b3c35fd7c87c1aba366e601e7acf056f28d3899eafcbbfc3b95b3d64d132553365733a8a61d4cb79296781f7c2fc3386c4ce80a2450a97576d8ee9aa71b01f
-
Filesize
2KB
MD5d9164e965419354758367832f08a4c5a
SHA1152815514d5f4d5b25bf466010e1559313a02dac
SHA25674c27f5dd51470747210bdfc703607ea5bb172bc5c04ab953b3b4c2e02c2e5df
SHA5129603a3e07caee9f7093a7f95fde5eac5f848065fe0a28b859a6375b3acdec6af544d7e2b0b87106ef2cbb0475aa5a7f216ce6d7087fbda029f3ba6f385f45c1c
-
Filesize
694KB
MD53ffd03c9755119ce6ad2ea671022bb37
SHA1795aac07a8b4e1e457bb2335340c6a4f03d8141a
SHA256452d4d577f6f2a0f06f3f0af5ece95a29fd2f677718f984f415c5e82a79f1d06
SHA512b8687cf955c005999b7204e804f4f96a21720a2c437e2fcb8a764915732ea9c5eff513310641f0ae9f070d97e7111e540e218516ced95f4ee9d4f2c5693f9ef1
-
Filesize
694KB
MD5d02ee36208180469f17c8b63392d7a63
SHA1d8355ebd343fa8051858f2eee92702b63e9367f8
SHA2564a10f55fe98e1f5c38f152363b1e6db9ad2fd2d5a3384a528c07da3d19d80f70
SHA51262f57cd63933be851666b4fab0bf63ae431a10e745cf2120fd3817705737beb698801e430f0f40c9be0a16501ad4f305c30f267dff485b9eada9904a85b68463
-
Filesize
24B
MD5baf0e7b8ae26c8aa4a3a4a9021642d8a
SHA1484911546841b06dc24f646d7e7bbce82f31db4e
SHA2565cbebf21cd3a5bc2185535be3b308f4d83bb77b9e7a28a3d42359a07fb2bf8d2
SHA51293fc8cdaf6e3cbe27cdef975bde67ff393e977ac41eab778e619e9fa255e573d0114dd311396fab25fade17cab060de4acd217cb368ce1cb4ce76c50e4a7d52e
-
Filesize
8B
MD567cdd2ed665e27ab2ee595fcf146a8ce
SHA1853127d15f84904aa5b0cb3b04e5c4fcba07a4ba
SHA256c53664a85614f8c69a06f8672888b9d13cd67e8821dc8befd850a02eaafea9d5
SHA51285f21432b27758697130ad71dfa3b8eccaf5f45d25a98ddc79edce3974ea8ff20856b39227b49b70ecc419207e0d7d1c70c2655a737ac1d458380f8e0616a350
-
Filesize
156KB
MD5c6a4ca9146d6d3800d414f2842ef731e
SHA143346fea3f1cc531c42fd782c9117bf33fe85cf0
SHA256a032089df8c88506061e418b0a02f22fa60c1dcc026395fc599b1d1b38a34161
SHA512fa71cc279b2e0a134549c0c3aef85f62c02077809c1199582aca316dcbfa79434497021c0c96e5f954159e519eb3ad31b6936a2c13d3832f4165bc128d0babcf
-
Filesize
512B
MD50d13f55a8092366244b64a6a1b3dbfdd
SHA17f7b34626bd357b5fd594919945350737157e58d
SHA256008ca2b52935c38ece8c6a400c9f68c12b63d76a8a1433d8bd3edea6b1dbb765
SHA51207b88559cdd6612e2ef5403e8563a4c1556de270f5a1044968e97edfac00349f1e0c83e452b2aacec4b0342c9670d4fdb5002c08932218d50ee5a650055a3550
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
426KB
MD59d8b3f11b6c4de6405c47bd19eb11e38
SHA16d992f00dd2c4184882eb380367f01509d039f69
SHA256dcab6478a97c4c4423ed54cffdae593b48325405d02a42e7f239d776b8c04718
SHA51258a6653731e22f78f981ebc23057aa145b119243ee068ab643a4c96a533b1b67857853c005546a81fc61701310cefebe45a436320752203c7df64094b037338b
-
Filesize
16KB
MD5b503143cede6bbba8ed04b3e3ccf15ed
SHA1fbe9b4d67e5cb9b0c546326812e30854c18b2297
SHA256d6b18b80906bba7523d8a0b1faeb66cbac799f219998a1899638b8ac1f4daf7c
SHA51270780a82763bca76a8936eb9b569cd5eea824aa00ee44049fc65c43320345c434338aea84afa74041502add1bc6ec6948dd17eaeef2fb263e7226fb08e01995e
-
Filesize
116KB
MD5f79cdb4e2267febb33978f2effbcc5bd
SHA163ad7470d396a462ef6b4cca60469b497c3de9ca
SHA25676c682af5ccbfd6e44a8107166ea4eb8a973acfa003333bcde0b5eda0c9dd259
SHA51243975db70676d413adf549b386f914cd172a1635745e39e9c0d21a6428ec2c0ee8aaf2f5bd6de9dc5b0dc9a5567d724229d1178142528b2faee28f0c675f2085
-
Filesize
992B
MD5de4a6af2d10a9ae38ac8251b54713540
SHA13b4aa7445ce57172e929a08074008282a8655875
SHA256962a89cf863fb8b658b677edf0a7e4c4f699a1ea2d12d4d480500e302e1755c4
SHA512ebdca9380ed19594e1e0f3234491ff18eea8ab0ee37c1fb8f05dc4d06b9d4e83034f0bf92a067cea85b126c5eebfeae6fd60fd77fa0b0a7c3f402560daf9314a
-
Filesize
190B
MD576643980756c6bf641728f2058453ca5
SHA1e28b41b6ec20269ebe1df461c67f1327324072d4
SHA256d08ff88ce00e42e2b66c557ec3082e352ee900a1cf01d53a570b087eaf2a19c2
SHA5121b74b1088d303d5f84826b88427a1737db4ce5dde6437438121c211a70ae83def70e27499cca9c6b595fa4cad6adb591844fd927bf41841a9d14f5d026b5156f
-
Filesize
1.5MB
MD5252125b0260e050b06940f455d065e87
SHA1e5a3d7b0f22a79307364909bc9e23e639f46a076
SHA2561bc94ca7ef2d5b1e55ff19b720b9c2d768620b8b24cb742b4be51010c341674c
SHA5120ad75cc42e217c5ad1fe089b6a4fdec58e8e9e8f0cdb80b5b49c00a9e0560663dab8744db0b8e3d227680a11b2084e0ffd9aefb3d0f32e307053b941152e4e57