Analysis
-
max time kernel
147s -
max time network
159s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
17/02/2025, 03:51
General
-
Target
duzori.apk
-
Size
9.4MB
-
MD5
da2d1d6c5a81221935f04ce2d904a77f
-
SHA1
fabd1ec881561e90e33ea5fdeda9236af94c2aed
-
SHA256
79cb25b0068eeed73747c0393af759e69920b1de37538d4b43cf21dca6780a71
-
SHA512
46fff3694b21a9fc934115b4fcc885912d9dcb15f7e4fe13fd704cf38c1a530bf440c3e5f6c44c892b312cb4d69d6ae335420743de0d62ce8b945b95f82091a2
-
SSDEEP
98304:wxajZByg+0JWIj/nfqHI3JClflnj4IfkQaklTxMXsQe3iTxP7FB29zxFb1ek6zej:wx613JMdnjhMTklN6TBFBIzb5ek6zej
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.toreya.dev1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD59c9e52c9d7da0e825bb15a91e1319391
SHA1f67f5f09bae5d941addb12e3ce78dd77993b5b60
SHA25633659a14dca060d44f1f4595345bcc01b1650e42deb38194b6510b3fbccc9fa4
SHA51217a8f851a65213b8ea7bcb99043625ba376d6e6372fd30dd20b9b13801fbda145a7860a21663e12e4e8280a47dda01edab231cc4fdc555a203f53e709b9689d8
-
Filesize
992KB
MD5a282a5456a20049dd0a7e78f86926e93
SHA126eee9d0714030e50b1b0b336c4e9b8d5a222d5c
SHA256006192ccf43386c1fcfe09534cb3fa024d9ccf8ef314e3a872cebb330e730175
SHA5129c5f9e7e474bc03555985ee2dc72e8cfc6b236c0d713b81b059471c8162b930f1c9ee398a67f774f6cc8a6d927e4c1e2994a6cf3af3291da25a3db1a63ff1e08
-
Filesize
992KB
MD5e0c27154bdd74cd037b3b9f62414b46d
SHA10290832d4b3c7800429b0c7125661889c8933e42
SHA256334b5008c117f89088543bebe7bd279623731c569b95f7ffdfd82288b818ab3b
SHA512e497f0eae5873daef562e601ebdb702e56cb45bc19bb83a01cdc704c224d966f2ec0b5d642cbaa75fcf63e8fb74de32be09ce9548bfa86fcb495dc73aacaf49f
-
Filesize
24B
MD5e8d4c70082118fa2a6bc669b00945691
SHA1b9a1614945bcd084a84ac715f2b450649861574c
SHA256aa0ff2d1f8924baa8b7393bb1e9ddafa4e6dcca87baca798734d21c52e546105
SHA5126e97444d899a706d44eda3462842fed084b6c0d4b91a08404c32a48713a1992355693056820226c539065a471cfa8b2e5727a8c465305fc8f3e367c30eabaea3
-
Filesize
8B
MD50241040c8e53d03be3205572d5c90777
SHA130dca1d2354408ab4acb6332f6eab941ec55196b
SHA256d32725c4a9f65d6af839800e83b936b6b709613652893dc3395842aa047c55b3
SHA512c4d4ec87401c068e3f283b7c49347666ac5525552f71ede13602ae8aa264e0966038f8a6febd663f1b394c36b6bfd1aaea7aa0e22d1cea365225d9b10daeb4b4
-
Filesize
104KB
MD51868b462d2765c132938b9e64c3f8cc3
SHA19427e71bca8b4648d604d5ab1bb4c8a31a987f7a
SHA256d0b03bea534e51a6a477f143cc2c426f170a178741efc83719ebcd40723b464f
SHA5120d39abb02cea83099a099d5c26548d9e575d36888584f660adedf2ea8b174309637c97e1ee0bc1358c299ee52caf8667b7cf11058548bdc6729799c46ccb1ce5
-
Filesize
512B
MD59032c9e1d57007a88b9717b31bbcabb1
SHA12d058e287211dd916134c06cbb67922d13f0eb65
SHA256e1f5e0f3acae685c084e4a4e0695b38100a27305d87e1ff624ced5865031f8b0
SHA512c01402100b9289ef67844c509683957c4c6b50a01e331105fbd5e78b508bc0497afa7bd7409b87c6a2b9ed7244aca526db7b4a187d5987dce8ce71977dad13f4
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
446KB
MD5bfbd8332a33af57ed319c4cd40588a35
SHA1dcea3eb450c6ff130ab5d6e6974ed8b6eca00711
SHA256e2ac09a416bc3bc25c295e1dedce5bf6dbbd489a90c719c7f3495bf744aea75d
SHA512a45c89704ba2cb1623478760024e800ad9909ffdfe903b872f5546b4707c24e931f0b9357602bf7ca78106e67145b71f50d557c30fcb586317e74545e0145140
-
Filesize
16KB
MD5f3b2e48731318f2033175de62b5a98f6
SHA18306f59e089c04c9a1ea8a6e3398cdfc82d74dd3
SHA25681486e004881477dc674d333de36d9f26dc99e3c45d0d5c6c10ce3e9f247c1ef
SHA512f7285173c50c4115d1cd8f744f8b6e869d12e2a23b734d4fc0f83043a0f66ba55d48f1dc77de4a37fe4cc0822fbdac750f6741da7fda128e1768ed560d7220c1
-
Filesize
116KB
MD58fcc4d0871867315a1c5e5b326f35ac1
SHA1f52fc92524fab8da3ed1494f56ce5f28bbd08f13
SHA2564480f6143ba0a3bc5ed6e4510d9175375b851f42529c5801e385ea2805f4ba2f
SHA51243074c0bce638e837ca90942a93b8c3d2eea944d77cbdcd97e5fc30d922fccf360b103f8b5308c2ee9b92390dfcd383b0fb273fe42802e2dd43c999c8a5ad76c
-
Filesize
1KB
MD500925271562f856c5358146dad8ab803
SHA1b864fb3bbac983b4a974ac562f0d465c4563a314
SHA25642e644a20676979c04ab8308d20993d10ea343418310b7fc06a11fe4b21a29a9
SHA5129e6a7de965da8a43eba481629a34f9ad74adf13eb5f96af11ae61a2a96500e098870a8e53038d39610d69b24c6156eff53ee415efe2bb23ec7d7f239c6abf581
-
Filesize
216B
MD562aa9f54889a6b4c3c83bc7350d12213
SHA15dc88201c61e20b9b3d8af5ae79abbf11b96f22b
SHA2567a47106a0eeb24f5b45ad41a6b3c1a982cc1c85afdfc5c6e83ccf9fafa4685fa
SHA512f205f9552b3e2c0a8c70f0ff16204ba4725398ce6f610d68ffacf6a3caca7f1ca8cfa36d1acccbfa8cd048ce55edd287c5da705ccadb8ec9bbb4536a12b42df6
-
Filesize
2.3MB
MD55792498d339f89d827adff7f854d5d53
SHA1777372d63b198a91ea82c32ec935b93b402850fb
SHA256c75843bf15535c58c017f7a6445917899ed5445c1bc615e81637eefced2b9ef3
SHA512d0d193b8fcd1f28d6e00f5b5de89db75b244b232823d3a9c564e6c1bc17febf41a2c6b1922f2cd4b1d07b84bb6b6cf6cdd4f58c72c42ed9e5d0a98a8c29e3ee0