Analysis
-
max time kernel
149s -
max time network
152s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
28/01/2025, 14:58
General
-
Target
cidugiwopu.apk
-
Size
7.5MB
-
MD5
f1a79a60e42064905ed8f2946df68864
-
SHA1
0b92d6beb4576883c800e9a08d8844dbf506fa07
-
SHA256
813b9d8291088664b2dcdc41ca6cd6ac197b55f8a5e9cd5c17e3258b4be2f154
-
SHA512
0da1bb6035bf79e43fc3988088f06ca41c29b29c227c07492ec0a401f0349517ccc99a2e3769f3f2e5aed831ffeaf2c927745e26848fc30ce7e9ff911aa3753a
-
SSDEEP
98304:qo/Kr4msIbbyHB7TJWnt7brES1V6i2ieSyeTgnrSstv9qmkF495Q7x:qsIbbyH9TJWntfDslYErSsF9qm9e7x
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.kujijate.operating1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
946KB
MD59267c124bf773b1feb060dee59381d99
SHA12c8e57cbbb851cf234bfe9081784be712abff6b4
SHA256f1ee9711a60ea2fc7e9e241e4b7882c2fa3b758f5683e54e767a8a6df7c65256
SHA512c21fa23a7c3fa4a44bcda0276a72b97a195cc57c8ae517622fc90c69e2ec1e1f3c0dced7631b020b2a3ccbfeb69c5f9424213c03d9546523b007059850d601ff
-
Filesize
946KB
MD51457b689573bc93c647b523eddde0c4f
SHA1a6606e6291f564b5895ffedca2948de3899bb672
SHA256bd627e92fa456a6f6a1626636ca470d794fa93381d5adb4da6b7a24e1ff6e8dd
SHA512643fc9c210e2e430de809dc1106ad08b4aa5df59a279ffb46817b10167b4e1693aea741bf68a25d9a2391f59f583add3c4612dae4ea0430d1cac1640b7e9263d
-
Filesize
3KB
MD510e8a20c5038c5bd09d10fc5cbd879d9
SHA106fe6f889a25e2f55b60844816bdeb9695033e4b
SHA2561edac5a803d276f2bbcdd5ea46e08ec351836d6b8e8c4a7107ad133e71eb6da4
SHA5120b9d89b29027731be7cf0421a7f11cf9a676a31c675aa2784781542ee07b087dc91e3a275b2fbcab5f09e80cbd8c320be2b20dbdb8c6d1481199b1a20de8af69
-
Filesize
910KB
MD568cf30f1bb7ec9a3e91817fcf6cf0f83
SHA1f8a549d8cde01652982f500e656ec7d5b4c3a42b
SHA256384f0426549d859f1da0f55c7c1c75f27a4388ea16636e72d155e5a70a484212
SHA5127e9850dac3612c9b865edcfe11492a746c6a36f2af9a07b0aab6fd74841f42dec90419df287603d4fd9666f3301010efeb544687e97553b574d382f3a92c9ba0
-
Filesize
24B
MD55fc5c3bde94da4412981309f0990ec37
SHA1ffecb8152186c323371d2dc8f8cde6eb0b330bb3
SHA256d9f6e89c80632cb6c35a61c909c9f0cc597ac7dc710fb5c445852c40ad28e598
SHA512b16e65f068fcb3700ed82579864ff61737e15fe2962b90b4de8a5e9a5a3f30cbcb194fad5b6afa866737e6da34cf44f1a1c217580fae125040ab0a2fc34456c8
-
Filesize
8B
MD50cf7844ae47b96b8fcac21cd3962695b
SHA17044fb58b78c42c3936d3075936cead29e536608
SHA25619e5d01ee2f07fb20568caed4286986359a30e8838fa875d99d897c2c8032932
SHA512fbf2278f1e5445a272c5839daeac72057810cd540d1c60425114baf53f9d2b286db6b842b947b8ba87d65e7d3edd140b8cc21a650bb08a8725cd7cc4433318ff
-
Filesize
104KB
MD5e1353741585774d091c7dc959539ea3d
SHA1259bc9611af3e97f424b09c165944fa1d6bdbf92
SHA25623e622e07e4570d1a05da46ed07b2f78d9329b2eac8b7d3782dc0a587c2a43bf
SHA5129bc4b2cc8e46ff1e6081a2f0367720521f9bc7cf914acd7da8e3bcbdf6ce2e93782f70b2c926b77b9f120b2484e6af47ac79b9da435f97609726885a609b84c4
-
Filesize
512B
MD5e4dfb938ca26d76a65690390536db3dd
SHA1578addadd34ee2a86a7e2396c71e8e4a4fc920a5
SHA256bdb5a0caac84cb8afd15bfa9da1a0ce4b0e7be59ee1dedc8f3bb1d50dac4e2cc
SHA5120683d80971ff2030b774215806025ab90fe915431f8447bca5303bf6c15e7fe781538065f73ad73358cd9cfe598111d990147c2c947a127b446e5f19b37a71d1
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
442KB
MD50ae44afbbef799aee0665dce63380649
SHA1d4be39effbf94b2d34806d5117f69c981aa88043
SHA256a3eefc24e0b0c68fef2ff331626b05291f42450d8827e9c55c3131255d035f3c
SHA5128d760afe90e60cdcd3b37eb345dbe7eb94829a2ecb4f48f794a849c7c19dacd76e7d4e80f5a112735580dabe95c250590d9933fdb98d9ecd97632200f31235a4
-
Filesize
16KB
MD523ca4b524b00dd7181318c2467f34883
SHA1f2cce4e26728e1e32bdab15e479ea3fb84faf29d
SHA256dd6b2ba1358f5d7efa62c5f9b252d8bf8a722c50d7613721bf87080b5d148633
SHA512d2d92e19c5d22ea2d43dc409d9a67cc370cdcf8cd45296f75a3bdc28fcfeda0640f0927f018b0373037c1835eb382aa8c156c513a3a9a0c63c057ee10b6c8b01
-
Filesize
116KB
MD5d168cb3d5d45be5b2557498fa09e4625
SHA1b89acf606cfe276a04b3508dff332e132a084e40
SHA2567a3a32f88af3793777f011ebdbe20d457d4f411b592ff63af1b1d4c2c68b0116
SHA5124719a0a3e1f662a9d245f537b33ab838fc2ef0f2f7dab52e96095e886f3e93164d1536e3b8a29afd8035983b67a99046327aeb6b02ad7c465fcc1e3428f5b3c0
-
Filesize
1KB
MD59a230fe8f528405268a3b5209b4a7613
SHA16d3ce997ffd379d6728f76656c0b4e1d80e73e0e
SHA2564529017b2034d6eaed51171b214a22998e473ea15fa50ff3b43fbf72fa91e637
SHA51264699774faea8ad0afe6fa4125600765beaa4c471e5c78247f70acade8ed78335b868fd8bfef2a54ffec1d8855a1e945771792457194cf5a4c96637b9fe446dd
-
Filesize
25B
MD5b9d9e0f8902d129e1aeebff0ae7b725b
SHA1cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781
SHA25625a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91
SHA512f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6
-
Filesize
2.0MB
MD5ddfc98c00cbb47a2547989b28f559a08
SHA147d112ef12c4d25a122e457ccb778e787e434b93
SHA25641a62359f06348fca4f22a95dc310423bd2ea174ea2d532a02847698aa94ab90
SHA5128347e92fe9a58cfdadc8c0ec68340428c1b206e13778fe25f50cb5c26210f3ff640af4b760fa18137f8f4cddd84d484fc444866f3be60e8c5c06b9c0fced3f59