Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

400743ebcb...63.apk

android-9-x86

10

400743ebcb...63.apk

android-10-x64

10

400743ebcb...63.apk

android-11-x64

10

Analysis

  • max time kernel
    26s
  • max time network
    162s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    19/03/2025, 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    400743ebcbb56f4f00a7339cff9b769e1c53788e7276803753dc4eb9f8af5563.apk

  • Size

    2.7MB

  • MD5

    55d2c5ba2c8b7b9f60ade9873c9930a2

  • SHA1

    9b84ad59e396a134f429eab29c29eefef71e1860

  • SHA256

    400743ebcbb56f4f00a7339cff9b769e1c53788e7276803753dc4eb9f8af5563

  • SHA512

    422c5c54958f273bacef679d463db04f23c890c2ab0a5bebc491068fdf08aee813bd1992cb79118191394b4093e900fab7ff152721365952f0b732dcac5b98e4

  • SSDEEP

    49152:dTtAv5xDCr6U2LaaB6YBuXParrVp4g3oSZUv1SRdcJ73wz6srK0HaCi/yJ5ITQGE:dTtg5La3MDGtSRW73oRPXCyJ5ITQGdW

Score
10/10
antidotbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • dev.decryptapks.downloader.qwertymods
    1⤵
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5201

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/dev.decryptapks.downloader.qwertymods/app_ded/Okq59z9z7Ywm7o6NTTt9KlMczCaunDnH.dex
    Filesize

    1.7MB

    MD5

    6cfa2ce4e3329ec470c094110b2bbd50

    SHA1

    ca5341cc8bb1b52e42c9569b4d3c8897dbd93f1c

    SHA256

    46eaf8c41981a560d1590bab5a2b4c4cdf11c5f4ec0e0faf07023244262a0be7

    SHA512

    f19e181e1aac80cf47dac0f819e25c97547c4145361a1dec9a82a405fd78e34aa1858d3c3b193b44cd512066b4e836673801901456e1dcc498d15be4e3450296

    Download Submit

  • /data/data/dev.decryptapks.downloader.qwertymods/app_ded/rV6alVBXmNA2b9IHulHkz5FA8dioKwDa.dex
    Filesize

    96KB

    MD5

    6c9e4d1af5d241e76116e05b07e8e0e3

    SHA1

    4a33d452e68e310e36e9ceeb2c7f355b97d82f7d

    SHA256

    58816ebafa9d2f8893a646e41dc7006612e3abed88f73b022e951d367775d5d3

    SHA512

    10ec6e2ae11a6db830ae2d2ced1f91e9a18b7ad6b8a67171418888b1bbaeea1492ef04fd15333b75a06d4bf9aa93b1aa2261f5533f2c368b4942ad98d214389f

    Download Submit

  • /data/data/dev.decryptapks.downloader.qwertymods/files/profileInstalled
    Filesize

    24B

    MD5

    a9c9cc1d6d6b2d1eee7ee64be21fe67e

    SHA1

    89c5dd31be0150577f59c24ea09854d244c4d3ae

    SHA256

    6087515e371b72adb61d3ad3518f694241b10794defb9c20e527901a4e556003

    SHA512

    2e6b356b4e1e12ada19e342427e23364a395b7d567546f84ed218e09bfab70b3fcc43531e042aed4a99cde722049c60d0c206f285f53e7c9a1ddc566c179b9f6

    Download Submit