Analysis
-
max time kernel
149s -
max time network
133s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
27/01/2025, 04:23
General
-
Target
84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a.apk
-
Size
9.4MB
-
MD5
24f5c73f3b6b11a16b8f3baec8b31cd2
-
SHA1
b661d37d7b0158496358110f398c9f0b0cfff038
-
SHA256
84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a
-
SHA512
a813f7fc59a14cf9cd6b5d03e85b1bc0a892cf4417a8590e581113377aeae94a73bb015d90ed48d488b34f1efac197b56410fdff1514643480076cad438ff0d5
-
SSDEEP
196608:C4ok0P0wxlIF7TSyxxOHKNx3ajHE9Jig4RQ+KT46a2P:1TL9VOq3nig4R2T4Q
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.moruruja.auto1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD51103556551c9811428dc7127c2929fa5
SHA1ba09f1f74236292eb0ef6f0b57f653af1d6bbe39
SHA25673458ff4ecc01bfc8eef126fa6f163a71dda7036f6fb76688de9b3553d6ca576
SHA512688d34c118ee5fc6f269d2a1cbe5c65cbaa8f7d55572ed4665d41c2c9bacac689043e2ff8d4e376d20d5e4f1b39aae79a7736f0e7539fa22d488149773dc2f57
-
Filesize
694KB
MD53ffd03c9755119ce6ad2ea671022bb37
SHA1795aac07a8b4e1e457bb2335340c6a4f03d8141a
SHA256452d4d577f6f2a0f06f3f0af5ece95a29fd2f677718f984f415c5e82a79f1d06
SHA512b8687cf955c005999b7204e804f4f96a21720a2c437e2fcb8a764915732ea9c5eff513310641f0ae9f070d97e7111e540e218516ced95f4ee9d4f2c5693f9ef1
-
Filesize
694KB
MD5d02ee36208180469f17c8b63392d7a63
SHA1d8355ebd343fa8051858f2eee92702b63e9367f8
SHA2564a10f55fe98e1f5c38f152363b1e6db9ad2fd2d5a3384a528c07da3d19d80f70
SHA51262f57cd63933be851666b4fab0bf63ae431a10e745cf2120fd3817705737beb698801e430f0f40c9be0a16501ad4f305c30f267dff485b9eada9904a85b68463
-
Filesize
8B
MD55aec5eb62d14cd26290220ed53564170
SHA1f7a76f118b7c16bced826c26017e38c31e947250
SHA256db1d82732dac3578c07c3ba595b6127b4d3d56960d997a8fac37a2167dbc8295
SHA51281c8a6dd8943b4d294baac36a35bef784c3970641c4f9e2cef9bb6c68a24f7e055ed6685e4e1fd98b45dfe50f63f1b56d616ca0465b55a3b771768f7e0ec3136
-
Filesize
172KB
MD523f1de386fa730c23b3a2f34c31af148
SHA1db8cf86dd841725865dae3289ca2f7a73e9c2f28
SHA256fda8c195e6325e899523c952e2edc09eeab925119e807838b4391084a14c9fda
SHA51226a8a65aaf52656d495acdaf3313106090d258ef3ccac8c915439cc75a8d0ae85bf648d6c8cd151a0a5919f5cac5db9f620f975cf4495f199d2f6cd688815caf
-
Filesize
512B
MD5c225370fbe570932d4ed1829b2721da0
SHA19a1def709c28b61c9be420c3a5d3e3346fe0f685
SHA2565db1bb2c04f4207b0c0ef63415e2e3c3e2d9094301a2cf82f217534675597a41
SHA5123389973749aa38e99bae77aea8e09006c5cd55cc34426e92fe1cc1000114bcf643cfadb9a659b076caf89c599152ce4e1d8f41ac9ef905e9f53be2ff192688af
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
422KB
MD5e89e972fc98cece8d2e72592c802bbef
SHA1e8bbe13d4a2d8100c4dfe63e40898e32f351738d
SHA256c3f7d9c326e2cc7b83654c5d9d1f0f1e7883e90ff9bfb0161b1dd5d2401a54ce
SHA512b9dbb211a35a80e7917afad47abede1047985174c9e8b86f0dd1916c5f944a71d13f496c859c0906a33091f8acc227be8292d24b79b3b1a45c8ad45df08b8d45
-
Filesize
16KB
MD53af261237371cb98adb4752b20b215bd
SHA17f7d18211b6cc5d7040585dccd0f7ff921e4ab98
SHA25680bce446073e85516bbdb0d2e7f37fefe1464041be9b226bb760602b14e40e6f
SHA51272313b555dbb1ad8d21f45e148ce07cd5d0105e161ca6cdea7cf9008dacc835249ec419b765c519a7024d4a5a0c2ce861608fd62ab78f4a2a879680ed5490626
-
Filesize
116KB
MD5613c95989f5a1a50cb60cc820668c0a6
SHA1d149cec5ec71e7588fd04d0911202a2f18f3e6cc
SHA25684245c6ad42e97a80f2fdc1c502ef110a87493ca0a7745a413d6f179bbbda06c
SHA51224e15d01240b33379b326aeb9018e42ce5b3efaff43df86197b1c88199f25bb34464c0c7ba8e6aa243fc95ad1066eed2e904c1ddb9dae9e82088714923bac9b2
-
Filesize
992B
MD5de4a6af2d10a9ae38ac8251b54713540
SHA13b4aa7445ce57172e929a08074008282a8655875
SHA256962a89cf863fb8b658b677edf0a7e4c4f699a1ea2d12d4d480500e302e1755c4
SHA512ebdca9380ed19594e1e0f3234491ff18eea8ab0ee37c1fb8f05dc4d06b9d4e83034f0bf92a067cea85b126c5eebfeae6fd60fd77fa0b0a7c3f402560daf9314a
-
Filesize
191B
MD5a0b0517c77be023e24b037a9ef840e4a
SHA13453557cf32728952cd1670ee19a2949855d072a
SHA256a0c1aa825cd00671857943282ff240bc71c903d17034abc1c4ffcdf8f67125a8
SHA512dc482a72689004a59499d596b67efd06402ff0bedf9f30b01220a275b201c23ed73ca130d886364100bb4165dd6dc7c056d994dc309e7ee170def216fe107bd3
-
Filesize
1.5MB
MD5252125b0260e050b06940f455d065e87
SHA1e5a3d7b0f22a79307364909bc9e23e639f46a076
SHA2561bc94ca7ef2d5b1e55ff19b720b9c2d768620b8b24cb742b4be51010c341674c
SHA5120ad75cc42e217c5ad1fe089b6a4fdec58e8e9e8f0cdb80b5b49c00a9e0560663dab8744db0b8e3d227680a11b2084e0ffd9aefb3d0f32e307053b941152e4e57