Analysis
-
max time kernel
145s -
max time network
161s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
-
submitted
03/02/2025, 08:56
General
-
Target
lebezewa.apk
-
Size
9.7MB
-
MD5
0772b1116df1586b419acfbff9f8d96c
-
SHA1
827f307ebf5f3abaedc31645b5ec43203cbef72b
-
SHA256
85f24e29fc5f68f2a3a456fd749e887958758821e6f6512fbaee2f54b6bfc0e5
-
SHA512
95199611de6c507b54bf7bc162c5e8cc5543a215c08d7cc04ec1ab4ddfce50da66a24e5a58e4d43cba5eec0af3f0469bef81b54ee342fa24434ac9a5fa2cee1d
-
SSDEEP
98304:Fo/KrqB9EBvkB9ph9JyArVO2jmN9hSjGUI+YJqob5POoeT0wUar+qe+7eS3N8H2J:e9EBva9HyhAiqOA09qb7Rt
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Requests uninstalling the application. 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.fagulave.data1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests uninstalling the application.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
944KB
MD53c3dce925bca4251fcc017ef525599a9
SHA17bbbf0f840bab1b7dbd4e5968273322a307c6769
SHA256b3c1b868e9080b12bb73b5ae8b6015afdb7947a0327472c831cddf888441afa5
SHA5128e9f91d9a6ff24316be3778d2ed34d2fec7690679de851aff26387029f8001d7460df4d82cdea00fa448dbf31e17a275fa76997acd6656ae22b715532d97b173
-
Filesize
944KB
MD518271f23882b6c16875056c505e5e168
SHA17db2c8f0cd909f8ac1b5951dee454e93cfa5d2f6
SHA25640d8161b62c9ec1d6b3673c9eaa7ef796efdcc032c010422d9bdf2942a543264
SHA512c0a884dfb31ef67c758ec6987882f672b950353fa9b9228d5231ad4e4ce50f0e92414a94021620c09bac3ea39e3f7420974a8cac363491879b77bcf1ad05c044
-
Filesize
8B
MD5271cff205c6296b5dab09cac4054d5c7
SHA11a0a16b607eef8dcff53823faf3fa1c2bcf6cc09
SHA256946f5d4d6f562e9f7b073831130eb625f1438ab4e250825f423c5b8e11371a37
SHA512a3e536eb998a4c42b6c128fd2ef8c772d5f5fcada9ac55cb16b5a801058521e761a42b75e7fa5db54eb38e7250256df7dda04c53fbe1e5f300f99e6effaad860
-
Filesize
104KB
MD5ebce776541f7e7b41b5d9c9ca7d23c5a
SHA199d1ac68d63b1c30628ff1a6a00a81db22f73062
SHA2562e3f29664648053f36f53602f7c1db5a8c764fc4682890aa07f3218e624a162b
SHA5129cb7201e65930b5e9444adf9acb41780626630b55421f86b2896441db4a7741ae7b15f87950b6fc9764cf331e90ca46ff53b6d9c0b5637dbdcf5c04ed6ee310f
-
Filesize
512B
MD5cfbd133a0751fd18a37de6ea24b33a4d
SHA17388ddeb42dfb6e302efc9b1ba92b84f5ec80220
SHA25641af5da07aabfd0899042723fbafa5bae614aa1015a81d98f66e0efcedb774c2
SHA5128c54e5ddce9fc272466cc9d38dbca310a7e0d96c089944ab89f46c6512d19d94f1af5cbf18cca49ef3d12c2da1eddfd4ede5c9957e7f8e8460ffdc7daf37fc25
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
406KB
MD5af0988d5cf4e352791e414fd9b180658
SHA18b3cb5c192877e3372253fec2530d8c1b2e9a30e
SHA25694c9ab7054b809313923233b0ee6637d8c3ded86fa91258f36d7e50fc76e1957
SHA5120a2603cf42cd5ee8bb8fb8ca231577d6a0965d291dbdfa7db0b7842e88d06507a14987740937670414310a89efe2d2f3326f1f88e71a74caa51cd5dd15665515
-
Filesize
16KB
MD5dd87f88fa4fc1aba2f1a807e14284681
SHA19cdb7c3cc90f238c5c86d520332b554fafd31d5f
SHA2569ab2452d51dad731d1efd875c19139f41086d9d550f5019d12bd06209fe0c13e
SHA5129347ef21378df25153410729e1cbbc2a1ca3b042e770c1fad1b02064b165b8d3e422351bc50afebc91c51764007fcce32c67827d022a47f0be8441c57bbeb448
-
Filesize
116KB
MD5d07ff42d68f762cbeabf5439bc22d37f
SHA1fe9aad1f084623337fb61ba0f8c9a03b733ab00e
SHA256240d2abfbbf785dc875487b05f7b11af62f75f2351825f50a9511c44df0e905b
SHA51236897bc314024bcaf78ecdb923336bfdd4867cb28a58a53ba8f06e259f23dc92ac6760fe51806596e20265c6879b97e8a711b7043412e81994bd3a1a743d85cf
-
Filesize
1KB
MD59f88180dd99bf63e87c27877ee8d90c4
SHA1bf9befefb8895d416fbf7cee2c545bd93ecd23df
SHA25669d9a9b85b46126cf8d83489f0e39234895e15811c2ea1fd43e424fda0d68bf4
SHA5120d49a33bee14c38f6904bf37f90577b24a8f3a3584be18a2f6ed07ea94f909d15e9ef834995713f4281e79345e2cc9e05aab8380db2a803533434f8ca855d20d
-
Filesize
2.0MB
MD56c9ecd07c7b836a605735aaa2b471d33
SHA1df899e99b62feb0fba0a60975246320e314a713e
SHA2562a9236dfef0be510cdb9b69b933ab69d723bd34fc063b00483dd57c7f0d84c1c
SHA512afe3733c2742b272266dbf505ad5d0998c88aca0b1ba1dc38105effd94387569332429a109930aa1d225fd26d0311621d94bb23addd21a62745a5a5a4b127ad8