antidot | 84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a

Analysis

max time kernel
29s
max time network
37s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
09/02/2025, 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a.apk
Size

9.4MB
MD5

24f5c73f3b6b11a16b8f3baec8b31cd2
SHA1

b661d37d7b0158496358110f398c9f0b0cfff038
SHA256

84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a
SHA512

a813f7fc59a14cf9cd6b5d03e85b1bc0a892cf4417a8590e581113377aeae94a73bb015d90ed48d488b34f1efac197b56410fdff1514643480076cad438ff0d5
SSDEEP

196608:C4ok0P0wxlIF7TSyxxOHKNx3ajHE9Jig4RQ+KT46a2P:1TL9VOq3nig4R2T4Q

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4243-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.moruruja.auto/app_village/ypxZ.json	4243	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.moruruja.auto/app_village/ypxZ.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.moruruja.auto/app_village/oat/x86/ypxZ.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.moruruja.auto/app_village/ypxZ.json	4217	com.moruruja.auto

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.moruruja.auto

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.moruruja.auto

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.moruruja.auto

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.moruruja.auto

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.moruruja.auto

com.moruruja.auto
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4217
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.moruruja.auto/app_village/ypxZ.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.moruruja.auto/app_village/oat/x86/ypxZ.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4243

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.moruruja.auto/app_village/ypxZ.json

Filesize
694KB

MD5
3ffd03c9755119ce6ad2ea671022bb37

SHA1
795aac07a8b4e1e457bb2335340c6a4f03d8141a

SHA256
452d4d577f6f2a0f06f3f0af5ece95a29fd2f677718f984f415c5e82a79f1d06

SHA512
b8687cf955c005999b7204e804f4f96a21720a2c437e2fcb8a764915732ea9c5eff513310641f0ae9f070d97e7111e540e218516ced95f4ee9d4f2c5693f9ef1

Download Submit
/data/data/com.moruruja.auto/app_village/ypxZ.json

Filesize
694KB

MD5
d02ee36208180469f17c8b63392d7a63

SHA1
d8355ebd343fa8051858f2eee92702b63e9367f8

SHA256
4a10f55fe98e1f5c38f152363b1e6db9ad2fd2d5a3384a528c07da3d19d80f70

SHA512
62f57cd63933be851666b4fab0bf63ae431a10e745cf2120fd3817705737beb698801e430f0f40c9be0a16501ad4f305c30f267dff485b9eada9904a85b68463

Download Submit
/data/data/com.moruruja.auto/files/profileInstalled

Filesize
24B

MD5
9378b49d01de35d90b29862a36d0c8d1

SHA1
a4466ec22122fec9b9b1c53f7484c875e4b54c5d

SHA256
7427e5d27e35908fdd9ebf45789ad16ef4a2f3cfdab01b996c59467c1fe0123b

SHA512
18a86986aef9d80696dddac0f3840ba5a711b36d20a18839eda298ace91ca0fd94c4ef45b2eb68ffc2fc6751175d006919fb7b41a5b5e1be916f9128a2b41d5a

Download Submit
/data/data/com.moruruja.auto/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
40ebbe3bd6c4d155ce993bc68abe192a

SHA1
6460d2bf33c8f3214ea17eabfbb8003c6ab054e9

SHA256
42808c6f019adbbb9de772c6513b5d2e521cc9f70c34d4096877332bcfcd5e01

SHA512
31c8ddeaf1ae23ad41714a2c31299616c608a5ffb5c90aa574a10987cfc91bf7f02c2a1cf6562a5c713a74916d257bed4d22922e76aa137cd1e8691e3a8b5c9c

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb

Filesize
104KB

MD5
a2d38f7f5c024db8457861f3e9295443

SHA1
9f1e233246ad6ad56422f4bb24daa3553501b5f9

SHA256
d3c92016f5d197cfbc0c66e0e96124ec7de11beb63d3f70e518e1a3ece47c932

SHA512
fe8e4ed99af6c03b3ee4751aa5149aff41cf7d1d020d7cd47600c583d8f00cd1558191d9e27a716c175fb3a2814eedbc7d6ca85eb901617ccc84d93b6dc75800

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
5fb84a1b4adecacbec42deaa34260ac1

SHA1
f04f3d7de19abde363d1608053c677ce9f857150

SHA256
ee98f4c6c6d1ba399e5cf8db38e8f10e8a3eaaabb17fda3f1876a7eda943ec7c

SHA512
4d1dfacf5cc0454fd011426c571cf9421047fb1b1025bf8dcfe2edf01262abec5c81ca4c4d0d6e3042d0d896928efb2cfd09b64d5c24541d204f0365d562a461

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
59f66928179969f14e2bdb2f46e17448

SHA1
2cfa20f77d111741dd5f5e853af1d4e95b484c35

SHA256
7e653dd55a2ea0a3136d5f343f8ac15a65c1583171502a1f72163915d935c1d5

SHA512
5f922ba7072ad56a1ff195f913319e3518c712210d1696d58ea18f9feddc0032299bfeea7a7cc61aa6833d0da7b87022b8239f2232ef7c52177614359be8cda9

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
27b680992cf093df30cab60788e537b4

SHA1
2cfa1e7c8ffefef022ae77f55f92b4ffa9bf540e

SHA256
89bd2773be7885817e5ab34118b688c2b3de77f5fb3731daba874f9d40503749

SHA512
694adc81b36142d87eba1ca3c4b2d56400fd66b508323c8b98590930bde670ee5814f2d351037dae445cd55905e2057fa3fd702409a08d9ec6e761dae6f87b7f

Download Submit
/data/data/com.moruruja.auto/no_backup/androidx.work.workdb-wal

Filesize
410KB

MD5
646e329d3dd0e32e1a118919b8ef9a1b

SHA1
ff1b06e2fff795addfd45ce049770cb082084cea

SHA256
b5e72f14da95b4d9144aff005d018612b01910f0b209bd607f71d006b9305ea7

SHA512
a5a561e548ce868d23f0dff83e6483f3ec4e83f18d69a4ea3ca6cd7b12428e64aec792d2a8192dc23a4d24965e566541bc586e88423dba84951000371d93feb8

Download Submit
/data/misc/profiles/cur/0/com.moruruja.auto/primary.prof

Filesize
992B

MD5
de4a6af2d10a9ae38ac8251b54713540

SHA1
3b4aa7445ce57172e929a08074008282a8655875

SHA256
962a89cf863fb8b658b677edf0a7e4c4f699a1ea2d12d4d480500e302e1755c4

SHA512
ebdca9380ed19594e1e0f3234491ff18eea8ab0ee37c1fb8f05dc4d06b9d4e83034f0bf92a067cea85b126c5eebfeae6fd60fd77fa0b0a7c3f402560daf9314a

Download Submit
/data/user/0/com.moruruja.auto/app_village/ypxZ.json

Filesize
1.5MB

MD5
4ae7deb271ea091e6337c1c90b8eb2e5

SHA1
f59dbfd3453e759d6bac70e79c7a269c41b70763

SHA256
789ad7aa688fb9bf0e6e2fc2a22cf5f67e69867f150df067a60ab7402e7d4b61

SHA512
59315c41c0d3b4d63a190e9d82b9fe3ad37f608b737c6c830c3e1ca0335740245aab6d7bd857878a02d8e6c5af32bb84d6e4587d62f15d716865de2862500dc8

Download Submit
/data/user/0/com.moruruja.auto/app_village/ypxZ.json

Filesize
1.5MB

MD5
252125b0260e050b06940f455d065e87

SHA1
e5a3d7b0f22a79307364909bc9e23e639f46a076

SHA256
1bc94ca7ef2d5b1e55ff19b720b9c2d768620b8b24cb742b4be51010c341674c

SHA512
0ad75cc42e217c5ad1fe089b6a4fdec58e8e9e8f0cdb80b5b49c00a9e0560663dab8744db0b8e3d227680a11b2084e0ffd9aefb3d0f32e307053b941152e4e57

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads