Analysis
-
max time kernel
29s -
max time network
39s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
09/02/2025, 16:06
General
-
Target
84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a.apk
-
Size
9.4MB
-
MD5
24f5c73f3b6b11a16b8f3baec8b31cd2
-
SHA1
b661d37d7b0158496358110f398c9f0b0cfff038
-
SHA256
84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a
-
SHA512
a813f7fc59a14cf9cd6b5d03e85b1bc0a892cf4417a8590e581113377aeae94a73bb015d90ed48d488b34f1efac197b56410fdff1514643480076cad438ff0d5
-
SSDEEP
196608:C4ok0P0wxlIF7TSyxxOHKNx3ajHE9Jig4RQ+KT46a2P:1TL9VOq3nig4R2T4Q
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.moruruja.auto1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
694KB
MD53ffd03c9755119ce6ad2ea671022bb37
SHA1795aac07a8b4e1e457bb2335340c6a4f03d8141a
SHA256452d4d577f6f2a0f06f3f0af5ece95a29fd2f677718f984f415c5e82a79f1d06
SHA512b8687cf955c005999b7204e804f4f96a21720a2c437e2fcb8a764915732ea9c5eff513310641f0ae9f070d97e7111e540e218516ced95f4ee9d4f2c5693f9ef1
-
Filesize
694KB
MD5d02ee36208180469f17c8b63392d7a63
SHA1d8355ebd343fa8051858f2eee92702b63e9367f8
SHA2564a10f55fe98e1f5c38f152363b1e6db9ad2fd2d5a3384a528c07da3d19d80f70
SHA51262f57cd63933be851666b4fab0bf63ae431a10e745cf2120fd3817705737beb698801e430f0f40c9be0a16501ad4f305c30f267dff485b9eada9904a85b68463
-
Filesize
8B
MD504485bb0d833f1b3f04eb9a679d4bb10
SHA122930fbb9fbb1f0644aca10612c8ba6c7fd35123
SHA2568646770849679967cf10e9070b0d403e0d113562630036bbe199dab7b405c9b0
SHA512f0bad29a463e72558a0d6aa350ad3996db3fa903640d6f94957979bdf85d01a7fee7aabe1aaa94f7b53612936faad1bc1a6c5e8b08a9d7c4ccca452552b9f5b5
-
Filesize
104KB
MD52da22b5e30c3eee2b974ea71172c7f6d
SHA1bbc0bbf2f4fc7db0059fb0139610943c34621b3e
SHA256581b2ef5aa97add0bf16ec477584faf71ea5d6384685c3caf6d05001c60d62e0
SHA512f42ed3155f11abb1584756124ec8fa12fcd4ea35b3b1bf375a1a3df7f8f8fd33664fc9e0e90f81203757cc4ffc10dc90f10edf211897d873ffc11790989c308f
-
Filesize
512B
MD5b11c8925405b54095d08095079e3c6ac
SHA1b19a4d2ca0be92776f4d45e19f4526f83a27b95e
SHA256679b0ed89de8ca3a5d6e39b36afe4941f3c48451cdb5fe32e6223a974c7ed7e9
SHA512d8eb74515d633ac09d7c4a13e21be5aa36689bfeaeee93b963fb60fa2e2a37df6210352143c49e7692328d97e03f2aff911f2cb3617f8547ede9a17b9b25f501
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
422KB
MD50c716d0da6b81afdaa0c6d6ca7d5f5bd
SHA1e9ba1e90f28dcd3e3989ab0509adc8ab0c9addf9
SHA25631b6aa9e02f4aa45d9f6ea683901fec06b9c854ff23338327e567e9cd4dfdb0e
SHA51295a903fb7f5824b0fd5ce105cab225daffd264bc485ba4ff9100c02db9838baa0e1b30f31d7dadb65084a485727853bc47d8f8cc693f2d61471ad4f4a3f5b6d2
-
Filesize
16KB
MD55b84bdba5cfbd8f4828e458f1a2847d3
SHA15968c66e610f032453be760065780fcbcbd0db68
SHA25659fc2fe3a4c4924c2b1eaa1b43e9965e6ecc4294078344079d8c8bf12d33341b
SHA5121c4886e989576b552f8a63a088dfe0cbf9e07b31be1725dd835ef35f9860a1c264216e8d757866a6670aa688dae09cdbebf4efc6dc5afffb69538514904109ca
-
Filesize
116KB
MD5fd69b9573e591fa10b4a058de2d93beb
SHA1c6a8d5883d1408bf9438ed079d814f812d986401
SHA2567d31a39342aae1e362a8336e4bb70ef80290937a3d8db128cad4cafe678e7ef4
SHA5121d7f64e3906fe57da1bda7b655413fddf5cf95098110a441b961f4d613983ce2ec186b63ad7a479b8e0dc56b7f711facf06c12fd10e60c2d79ea88a21727b234
-
Filesize
992B
MD5de4a6af2d10a9ae38ac8251b54713540
SHA13b4aa7445ce57172e929a08074008282a8655875
SHA256962a89cf863fb8b658b677edf0a7e4c4f699a1ea2d12d4d480500e302e1755c4
SHA512ebdca9380ed19594e1e0f3234491ff18eea8ab0ee37c1fb8f05dc4d06b9d4e83034f0bf92a067cea85b126c5eebfeae6fd60fd77fa0b0a7c3f402560daf9314a
-
Filesize
1.5MB
MD5252125b0260e050b06940f455d065e87
SHA1e5a3d7b0f22a79307364909bc9e23e639f46a076
SHA2561bc94ca7ef2d5b1e55ff19b720b9c2d768620b8b24cb742b4be51010c341674c
SHA5120ad75cc42e217c5ad1fe089b6a4fdec58e8e9e8f0cdb80b5b49c00a9e0560663dab8744db0b8e3d227680a11b2084e0ffd9aefb3d0f32e307053b941152e4e57