Analysis
-
max time kernel
149s -
max time network
134s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
16/02/2025, 12:46
General
-
Target
duzori.apk
-
Size
9.4MB
-
MD5
da2d1d6c5a81221935f04ce2d904a77f
-
SHA1
fabd1ec881561e90e33ea5fdeda9236af94c2aed
-
SHA256
79cb25b0068eeed73747c0393af759e69920b1de37538d4b43cf21dca6780a71
-
SHA512
46fff3694b21a9fc934115b4fcc885912d9dcb15f7e4fe13fd704cf38c1a530bf440c3e5f6c44c892b312cb4d69d6ae335420743de0d62ce8b945b95f82091a2
-
SSDEEP
98304:wxajZByg+0JWIj/nfqHI3JClflnj4IfkQaklTxMXsQe3iTxP7FB29zxFb1ek6zej:wx613JMdnjhMTklN6TBFBIzb5ek6zej
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Requests uninstalling the application. 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.toreya.dev1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests uninstalling the application.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
992KB
MD5a282a5456a20049dd0a7e78f86926e93
SHA126eee9d0714030e50b1b0b336c4e9b8d5a222d5c
SHA256006192ccf43386c1fcfe09534cb3fa024d9ccf8ef314e3a872cebb330e730175
SHA5129c5f9e7e474bc03555985ee2dc72e8cfc6b236c0d713b81b059471c8162b930f1c9ee398a67f774f6cc8a6d927e4c1e2994a6cf3af3291da25a3db1a63ff1e08
-
Filesize
992KB
MD5e0c27154bdd74cd037b3b9f62414b46d
SHA10290832d4b3c7800429b0c7125661889c8933e42
SHA256334b5008c117f89088543bebe7bd279623731c569b95f7ffdfd82288b818ab3b
SHA512e497f0eae5873daef562e601ebdb702e56cb45bc19bb83a01cdc704c224d966f2ec0b5d642cbaa75fcf63e8fb74de32be09ce9548bfa86fcb495dc73aacaf49f
-
Filesize
8B
MD534953c98b4e0e7e838a76c69e56265d4
SHA1a7cc8168a0ada5d92f08fef1226b8a82f5b8950d
SHA256462d2f52956299cfa78456a80697f63cefefa7f16bc316fc772715c1282ccb5d
SHA51232afc3b9f76101f8794c66cec61bfeaaa31e6ccf410c8b5edf0ee1aa1cc1789a98214e3074b7daec127255c1bdd6319e89afdfec733d226621d1833bf83740a2
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD5b5a097a87b4cc3a2cfa6d7ba6eef5aad
SHA126422d6dda05c5aa4f55f317171128d415f177b9
SHA25698b18d287fa1d8bcb43736662745fea63279eb1697067a88f49fe0d09b0264b2
SHA5120a329d0e7082a7711af9c14be478be3f0c122a23f0e3e24d755361ac6da88139ae5e05758c5a2ee91b69a5f0f56889898d82797da8591ec94f38bb49082bdb9b
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
350KB
MD5aec03f458afef2092c61e0d182099ee8
SHA19f8a4700c6f24d1d0d16dd65daeffc177ba70c35
SHA2566d09dff8033de67b2404a4567096972faf0afa0a9c9f337ef96110aa3b90d2a9
SHA5124f1da2334262df6177a8a9a0eabe127dbd4b0b141a3e8ef1e9d07e5893dc45c3d4d52894543b47c7708a4a0a572da0d9cdf4ffa28214698d070be00d02197aca
-
Filesize
16KB
MD538b93ea5d7183609fbfbff2b45cab6c5
SHA13611e127a015b03b001b512fa8b91401c06ca9b6
SHA25652392a6a5e3bb0bc3f533ce9b7c627042579c49cdf6f83f66827a030c909b7cd
SHA51206881538669799eef84d15c34c94443ca0a9efc4fb074ae0af88d427dd3ed71f8c38abba5e45eff81d89d74c495fcea4943cc75f5a0ee35f3e7626301d9467b5
-
Filesize
116KB
MD5f7347016b98172e3b071aee594d0fb29
SHA17e5059e9785dc4360e25c920b4ba1b370c695ebf
SHA256c662cd30d593de9333ccf4bfe5f1f970533428429c92f7aa74e85024e4bfbad8
SHA512cb1ae0332ab3a7efc001e54a9f9039379d2ea1e6497f2759126f372dc7ae8c4c8083f6a71843d7210ad579f53041a4d623aece0b38bd0d892144afc4deef1436
-
Filesize
1KB
MD500925271562f856c5358146dad8ab803
SHA1b864fb3bbac983b4a974ac562f0d465c4563a314
SHA25642e644a20676979c04ab8308d20993d10ea343418310b7fc06a11fe4b21a29a9
SHA5129e6a7de965da8a43eba481629a34f9ad74adf13eb5f96af11ae61a2a96500e098870a8e53038d39610d69b24c6156eff53ee415efe2bb23ec7d7f239c6abf581
-
Filesize
2.3MB
MD55792498d339f89d827adff7f854d5d53
SHA1777372d63b198a91ea82c32ec935b93b402850fb
SHA256c75843bf15535c58c017f7a6445917899ed5445c1bc615e81637eefced2b9ef3
SHA512d0d193b8fcd1f28d6e00f5b5de89db75b244b232823d3a9c564e6c1bc17febf41a2c6b1922f2cd4b1d07b84bb6b6cf6cdd4f58c72c42ed9e5d0a98a8c29e3ee0