Analysis
-
max time kernel
145s -
max time network
159s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
17/02/2025, 03:51
General
-
Target
duzori.apk
-
Size
9.4MB
-
MD5
da2d1d6c5a81221935f04ce2d904a77f
-
SHA1
fabd1ec881561e90e33ea5fdeda9236af94c2aed
-
SHA256
79cb25b0068eeed73747c0393af759e69920b1de37538d4b43cf21dca6780a71
-
SHA512
46fff3694b21a9fc934115b4fcc885912d9dcb15f7e4fe13fd704cf38c1a530bf440c3e5f6c44c892b312cb4d69d6ae335420743de0d62ce8b945b95f82091a2
-
SSDEEP
98304:wxajZByg+0JWIj/nfqHI3JClflnj4IfkQaklTxMXsQe3iTxP7FB29zxFb1ek6zej:wx613JMdnjhMTklN6TBFBIzb5ek6zej
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Requests modifying system settings. 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.toreya.dev1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Requests modifying system settings.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD599df1920bc0280e259cb27f6cdd1a767
SHA17317dbbecf2d8e430ef354e171401118f2d641af
SHA2567033bdf92989abedc65286a542baebba90760d7ceae445165d93109a4cf5cc02
SHA512e8f318e33a8b0eae07d93b5ca361168f857475ca1a7ddf041ac1b091bda3d7037cf8f4185347648a31dd3d7ec13eb43d04192d2eac82ca3c5c38790d22394d68
-
Filesize
992KB
MD5a282a5456a20049dd0a7e78f86926e93
SHA126eee9d0714030e50b1b0b336c4e9b8d5a222d5c
SHA256006192ccf43386c1fcfe09534cb3fa024d9ccf8ef314e3a872cebb330e730175
SHA5129c5f9e7e474bc03555985ee2dc72e8cfc6b236c0d713b81b059471c8162b930f1c9ee398a67f774f6cc8a6d927e4c1e2994a6cf3af3291da25a3db1a63ff1e08
-
Filesize
992KB
MD5e0c27154bdd74cd037b3b9f62414b46d
SHA10290832d4b3c7800429b0c7125661889c8933e42
SHA256334b5008c117f89088543bebe7bd279623731c569b95f7ffdfd82288b818ab3b
SHA512e497f0eae5873daef562e601ebdb702e56cb45bc19bb83a01cdc704c224d966f2ec0b5d642cbaa75fcf63e8fb74de32be09ce9548bfa86fcb495dc73aacaf49f
-
Filesize
8B
MD5e58927acecb79654b2e318a80e35eba2
SHA159a4df9fb35020d6e0649418cb3eeec7ab7a85d4
SHA25649da87cc4e30086d281e85f2f7299db62bc822c74c31e9f576cc04931ec62dd9
SHA512ede9df6045fabe9dd610814c8e17c80ee065a9e6f43ac808d17a1a9e4cca626cd8a00d37dc7be4fa0af10484de4dfd896e3ec3dd0350f9c452910305d53c97a5
-
Filesize
104KB
MD5935c80ef6653d8c1502700b8f514a855
SHA1a1aa24de3751f9c3d66b4713a3fa1f162f9c03d2
SHA256c5f63ee66bf63f490c907eee5ffe33ce3034efe0c18b819db691782c55a82261
SHA512a29d3956fe1731598e3a72cbd5ca9f49b5e1e2b39750ba8ae827b6e3073ed614d3e0fb01cdc288843ac42eaa6ef415e566506146f4e2aba3fc92932b3012fa10
-
Filesize
512B
MD5188604de2eca33929aa31563f6e42121
SHA1f0451a7c856d1823e6bcd42b1263f668e91d8f06
SHA256420bcb7b0875d0d445acde9261520b9673ff0c62ac4aba39b5a263ce8eaa112c
SHA512ba889511efa90d282e79a0f881f58fb5932ed7ad39285a63c99a0859fc126cbd5cfb69759dfa77d14cb15a9f2569db7b1287c710d8b322bf234c104faf1a2b0b
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
442KB
MD5bf146d5ca681196ac657a30e7760a6b7
SHA162a3283aa7ecd52b9cab2cda08f933bd79be7d93
SHA256fcd0ec21f5de78b0e466e38d81e63b6ea96c72770c68e70c98a1b45b94d0a99b
SHA5122f442d0a32ac7902930dd5a04596c5dc3b30bc1c216b970768dd38f0aaf0f4492bf45005295813383c347b9bff1c7b1206a94cf5a831efc76a4a75ef092df2eb
-
Filesize
16KB
MD5a1288645d001621852e389902bb4af8e
SHA1859f5dce94705b3437389d045621434c74f8b7f4
SHA256932b4062ded4825f5040f31b778720de349ec05c0a8305f5bd29fdad3472bbcb
SHA5127c937e588ff75ea4cac25988cf106ba5dc18aa43cb9a1939b302cecd59e6fed41b509167688b10642bd677acfd3637a3815e13a7c68093e5714c87c419500384
-
Filesize
116KB
MD546008028a116bad1e96bd64bf9a417d2
SHA150de99bd7ee1530f46ea01d65a54df9079d05e6d
SHA2569ec1dd803ab2a74e651c5b80f6906f832980072554b71fddbb84b09d97b738dd
SHA51252fb40737f663eb217aa4750c8c1246df3b603c2a365e71c8764dfa7bcdffbc54595762144f8fe8c35939133375d4d47e65642cd0d56827b9655935fec44dbb6
-
Filesize
1KB
MD500925271562f856c5358146dad8ab803
SHA1b864fb3bbac983b4a974ac562f0d465c4563a314
SHA25642e644a20676979c04ab8308d20993d10ea343418310b7fc06a11fe4b21a29a9
SHA5129e6a7de965da8a43eba481629a34f9ad74adf13eb5f96af11ae61a2a96500e098870a8e53038d39610d69b24c6156eff53ee415efe2bb23ec7d7f239c6abf581
-
Filesize
215B
MD59beef797519f9420e12abcba3cee7c2f
SHA17aa465cc42f9ea98d7a65571a38a775c0fa5e8fb
SHA2561917db1d5c759258f2aa46c7efb8290275bc948ba271d5ef90e44433956df78c
SHA512ca6b1a3a275b8d792bf37297cf8a776eede928bfe47cae0d823adac031cb87ec409a0284918f705a6e4c889391fb46e02323bc287f47cf775ca6d29ac80e289f
-
Filesize
2.3MB
MD55792498d339f89d827adff7f854d5d53
SHA1777372d63b198a91ea82c32ec935b93b402850fb
SHA256c75843bf15535c58c017f7a6445917899ed5445c1bc615e81637eefced2b9ef3
SHA512d0d193b8fcd1f28d6e00f5b5de89db75b244b232823d3a9c564e6c1bc17febf41a2c6b1922f2cd4b1d07b84bb6b6cf6cdd4f58c72c42ed9e5d0a98a8c29e3ee0