Analysis
-
max time kernel
299s -
max time network
299s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
20/02/2025, 05:21
General
-
Target
duzori.apk
-
Size
9.4MB
-
MD5
da2d1d6c5a81221935f04ce2d904a77f
-
SHA1
fabd1ec881561e90e33ea5fdeda9236af94c2aed
-
SHA256
79cb25b0068eeed73747c0393af759e69920b1de37538d4b43cf21dca6780a71
-
SHA512
46fff3694b21a9fc934115b4fcc885912d9dcb15f7e4fe13fd704cf38c1a530bf440c3e5f6c44c892b312cb4d69d6ae335420743de0d62ce8b945b95f82091a2
-
SSDEEP
98304:wxajZByg+0JWIj/nfqHI3JClflnj4IfkQaklTxMXsQe3iTxP7FB29zxFb1ek6zej:wx613JMdnjhMTklN6TBFBIzb5ek6zej
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.toreya.dev1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD571912a37743fe5090d3831e417490df2
SHA1dec11f90aa4d8e688e7630f11aa7d6f7bfdf8686
SHA256392bd8317249dbc54b67e095105c554512722403f553700d851cffedc776ffb9
SHA5122dc44bf8258d88d3fd3d6994cce36055c585a36fc1ca26854f5eace5fe25e0583387a5855a0cdbad7658b26b6e11a68307193b7f889618455d818434a3969c1f
-
Filesize
992KB
MD5a282a5456a20049dd0a7e78f86926e93
SHA126eee9d0714030e50b1b0b336c4e9b8d5a222d5c
SHA256006192ccf43386c1fcfe09534cb3fa024d9ccf8ef314e3a872cebb330e730175
SHA5129c5f9e7e474bc03555985ee2dc72e8cfc6b236c0d713b81b059471c8162b930f1c9ee398a67f774f6cc8a6d927e4c1e2994a6cf3af3291da25a3db1a63ff1e08
-
Filesize
992KB
MD5e0c27154bdd74cd037b3b9f62414b46d
SHA10290832d4b3c7800429b0c7125661889c8933e42
SHA256334b5008c117f89088543bebe7bd279623731c569b95f7ffdfd82288b818ab3b
SHA512e497f0eae5873daef562e601ebdb702e56cb45bc19bb83a01cdc704c224d966f2ec0b5d642cbaa75fcf63e8fb74de32be09ce9548bfa86fcb495dc73aacaf49f
-
Filesize
24B
MD54540b33e09e6b44b4ffac23102546be6
SHA1f55a9c7ce72c0ed5046e74444e161981216f961a
SHA25680c93372feeb381234b802bf8fd9b8a09e04497413a181321c8962cb6df0d397
SHA5120f26a6cd062cac2f5a242d4470453544d5423be7f379d85546ee97b2a07ceeb4018aae2491c26d5b979ac08926aef933f0693f0ce2ed122506c93cf8e953cccf
-
Filesize
8B
MD5060d72a4095780953f632e08b84c87e6
SHA11b532e0138982f95d1a0674e7bae32a5962d278d
SHA25645668d078e497644589528c6522f06ab08da6d91c5e43dc6177b7beeabe6e09e
SHA5126744ea9aa0b543c023b482aad2d6e021510fbc422bee87aa7fb877df0c47663df6887f827d82ad391cda4b1e5a8c64934875837fa856c1af8c51b0ec44eb41e6
-
Filesize
104KB
MD50d7f85327ac3edc16bc750327dfbf018
SHA11f3ca925905fb03fc77193c75749a6728d1018a9
SHA25607297c52aef3aeb1d5c046255987e92f3f39738058a208ccb08988cc9928a6e6
SHA512df8ca3d37e9b10a1f89ffd387ca2637a42a7dceee67a8d4adf7e17075522ff61668d55272113fe32ee9ddcb211c5b54da8bfc0f2c86be481abcfaa950ae089bd
-
Filesize
512B
MD56010ad3a263733ab6bb9f74ffdbd3351
SHA1653f63f882c754931d993fd6bbe87b6eb199073a
SHA256d5d0878b785409cc34ac9baaac5e7f71dc15f425e0f01bc25faea5ef6ea15c55
SHA51288f993853044a0c60b77ade7fa9655d85f2abe58bde19a261a23f1f0a7163111763a47599f0c9863d69e1059aad5635b5d307469f9cfa77c5fdc4f0feee4e051
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
442KB
MD5ba9f1222b29f9875b84b37b69840f331
SHA1b6b53293045b2ac3e9624b53a783f41fbe492720
SHA2566dbda0201c869faacc72553bd89856befc2d9bf3c5464909d3c1d3026d90752c
SHA512b08590fe187efba78a02217823df0d3552407d7e1210050448f12f461bdaf8a7c15e59cd576e788a5d603622efb0741dd1141669093a94ac1baa2c322b2dead6
-
Filesize
16KB
MD5a896c631d13336aa4b51bbdf76438ff9
SHA12f97b1b788edcad60f869661e2303379dab2869e
SHA2569ad0f28f642305633786a4fefa355c3f1ac0d7ee297863659eed07d0ec830342
SHA512096b313be8a7bad8b0a1615b92e4f0b0ed609b563ffa9dae9ef7b857902b4a429b560dcb269a52e03a78dbb55438a67f20905ef85c472f8d6a51a6bb872f7942
-
Filesize
116KB
MD5567daad5cfae56cf46de9266bc3906f2
SHA1909b387c9e196b3dd60cecb711f836f04d60be31
SHA2560c318bb06a300cd1981d6f8e54d58f8fddecb883615dcb6a40b0849548a0695f
SHA51215c0bb69546d02d722063e641a9c9268e1c61d021bd1d1022aaf52b43dd6b9bfd7340355e9464a272b434484278998f8a265706c859aa53027768ded399d52fd
-
Filesize
1KB
MD500925271562f856c5358146dad8ab803
SHA1b864fb3bbac983b4a974ac562f0d465c4563a314
SHA25642e644a20676979c04ab8308d20993d10ea343418310b7fc06a11fe4b21a29a9
SHA5129e6a7de965da8a43eba481629a34f9ad74adf13eb5f96af11ae61a2a96500e098870a8e53038d39610d69b24c6156eff53ee415efe2bb23ec7d7f239c6abf581
-
Filesize
25B
MD5b9d9e0f8902d129e1aeebff0ae7b725b
SHA1cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781
SHA25625a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91
SHA512f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6
-
Filesize
2.3MB
MD55792498d339f89d827adff7f854d5d53
SHA1777372d63b198a91ea82c32ec935b93b402850fb
SHA256c75843bf15535c58c017f7a6445917899ed5445c1bc615e81637eefced2b9ef3
SHA512d0d193b8fcd1f28d6e00f5b5de89db75b244b232823d3a9c564e6c1bc17febf41a2c6b1922f2cd4b1d07b84bb6b6cf6cdd4f58c72c42ed9e5d0a98a8c29e3ee0