Analysis
-
max time kernel
53s -
max time network
59s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
21/03/2025, 22:43
General
-
Target
f5915fbb5dd28ee1eb99cf27b956503d9c639e978071a619a2ac01f08d513e66.apk
-
Size
6.8MB
-
MD5
239498ff472538e7a8380bae9a54e042
-
SHA1
10a43c613da9cb1ce25318e07fcca5f9a5f78d8d
-
SHA256
f5915fbb5dd28ee1eb99cf27b956503d9c639e978071a619a2ac01f08d513e66
-
SHA512
842cd77f5b6501966595e7fae26079fb708bd44beec478fa416e21f53fb24b10240fbc2f03313e194c198a0c7efe287dd3628af760c29823a446d23a285033d7
-
SSDEEP
98304:CWo/Krt4dtUD3v0nO2sIlLaYkgBv3d9knwAzIFO2ieSyeTgnrSsp:4dtUD3sO2sIlNVZdqnHzYYErSsp
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.fosaka.bite1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
949KB
MD5a55075759466446db1623b2d6dff45ce
SHA13fa678773d37688ecbd1dc73d90bf1ca1b5021a5
SHA256dade89d41375c99828dffa0be88b098fdd287f41c77e9caee79dd12792270eda
SHA5123d28b0e65cd5b484eef699365ff9d32acc99429b2758f184b44d0e8c657ebfd50d24ce10a69e7cbcf82c93bdfef28a81aaac42102c7266a2635233b1be12bf29
-
Filesize
949KB
MD58a041708e9aba85f32775a4832a1378a
SHA18b42a32f1bc8ecbd28c9c5c1877ae63ac9a4460a
SHA2569cac13f8d7c6b8a6208775f5980d656cebc94d605b47b7fbebcd6a60c78c71a3
SHA5124e4924b643d8fcbf46c90de70ffb14a7147d6fc2503767ab593a8b13cacbff7a9055901048a403afe5f9c50c98ffd6d374bfbd4c069c1f7a4fce57e8da36d77e
-
Filesize
3KB
MD53669c7ddb6733a1624c7741a4d745c64
SHA163fa12011c912324f418a14b003953acd300f317
SHA256fb837c0c70f733756ee2886777b209163d6e74fd7d1207be79004890eaf5b140
SHA512db00596177e356f66ad4ec1e3981e58985f35ab70f2dbe058041feb07c3286bc956a3740b5edff52fc2fa87c0af6428bfe4efcbf255a4adb6f10a2ad81bfa5ca
-
Filesize
24B
MD5e26c61c9b0f1c9593ecb3222d9b9a2d5
SHA116f6022f8d6473493dc2c15f83e739b94f1aba22
SHA2566848f943ed44306902aeb6dcd2f92c5726fc6e77bd7e3a325d171b698e159c25
SHA5121ae3d8aa2ad20fdfcc9760ce6ca4af024e73a649f1deaa38192a394c836fd9cd8077d02a4cc6342c9992855a83b0e771e8dbe0e2ac0e8a7d00fb971182e6ef38
-
Filesize
8B
MD516aad6d6866a65dd37bec1899419caaa
SHA100632f775c955177b3838c4860915853aaf43979
SHA256b5ab94537a2f02c49745af02aecf7aefaf8a57404622caaa9c7e942b0ca1f146
SHA5125ae0ba9b85432b2756ed9571bc9faabeff961394615e14a16cb612cc75413b7a88b2c16ee3fa761ea80093ce4d09b6a774023fb7d280f3b142c0c49601461c42
-
Filesize
104KB
MD5fce67a6b4287dc3dcddc362ac83d9fbd
SHA15c88a16190cecaae81fd5c065bdd946e2875d686
SHA256ce93410e171db7bcdcb949d77ed270075262f012cc433397af1f8bb6f159d4b2
SHA5127d93c0e2083a9b9e77d99e88c2061f84f01538c01fcad9713e6e29a982b286be7b2727b5d477af1324f4ccaf069b450230138cb7687ee4e682133c11aec225e2
-
Filesize
512B
MD5038d89696386c4a01e8cc78d64cb7f76
SHA1f809a54d8c7cc2f59b1777bbcec37f5ed7c67b2f
SHA256841879aa3a3c681db962305de95e0a177e8ef618d8f30a03a047f8d6b6f42fd5
SHA51254c70c07eb96608cff5242c51ca78a816e9532cd8b2197d219cdf4cb73484fb1e331a478af5a53018cbf6de6c1c48998c41675e45a6176293f6b8f5bb8e23a2d
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
442KB
MD5a62837cb5ba690fac18b56ec80e7aaea
SHA116a0be03be7998d19e528873eb42184191cdf1a8
SHA256baaa3ba9b82479874627ff967393a4a033a349475ff16be513ea454349d8ed6e
SHA512e84959bdb06728789cede98bc7f05fab42897ce1e832e1bd45634d5a11f927ac9953239b12cd6e0f7d371ecb0f0737aac1b0c007184326546fd94853bf4b60ce
-
Filesize
16KB
MD5c6cd781c9a5c4a8b89dd2b543815c756
SHA19ec2ef5080f4636aaf77c0076ee8b76ad4006ad9
SHA256acfa52be2835a6a6ac97959d3582f7339c20bfb371b16974e75c080f9de652b8
SHA512404e75bca4c327f1f36388bcbf2efa77cee0f0f22692412b05e33df2f2bf7d5458b0d03f059b08ce3b92314b4b237f26144f276741e6a47f0004d03c9a489d17
-
Filesize
116KB
MD5acca0e13826f5ec542348969627f84ca
SHA1ce7410cfc958f24b595c794851f1145f41500516
SHA256167eda7861e5db050a95dfaa7ed799a69696b45a501230a3ca524311ec778f39
SHA512751d8709074e6981947190681fb520a800db52d4413881e3e770045f2688a44db9e8be0d37473cb64e1a70be45fc0a0cb79c391a2e329889bcd2c3d1944504bb
-
Filesize
1KB
MD5cef76ce29d5978a30c58f84dd60d361c
SHA1dae657510f6af061c736e884d03668a22887e405
SHA256ecce5b4013dd076db188773b49a015ffe66d7c3ef454aac3e44e527c7d43b31e
SHA512149a7c27cc92277c4e988381a484be68d4f19b34c495363736359abe6b01cf5176affcf99a5e9895a4d79b768766b36f1f0cb2d1c954e3f8fa4e886ba9226774
-
Filesize
25B
MD5b9d9e0f8902d129e1aeebff0ae7b725b
SHA1cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781
SHA25625a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91
SHA512f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6
-
Filesize
2.0MB
MD5c5410d3ed9b751b15a4bcd301fd60678
SHA1b175be2343d29f985555a651b8f4c0c61fd21a34
SHA25669b1f107bfc464aa8e1744b477e11f819378dc55769f870028ce65700eaf5a6d
SHA512e67344f2cd621d78a66b42fc7c1ad176c6860087bfdabcfe7134b937f341a1bd74b0a8b8212f4e4a3e4c8910dc99967ed5ab9437ff162fdf2d6100129022d133