Analysis
-
max time kernel
15s -
max time network
30s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
21/03/2025, 22:49
General
-
Target
wibemuse.apk
-
Size
10.4MB
-
MD5
8e03e90022214eda8f01ce735d8fe972
-
SHA1
0a5fb8dba68751a01aaa113f92b2db9225dd24a2
-
SHA256
5acb5ebdd0e4c8fbafb44a88e66e741f1c94a72e3f07f5adc454687010634848
-
SHA512
40f1415f69ef72ba6ec53745c2192cea7a82e4d1c028cdf0b636af163a0246a3d201d67ddb60f8552733239ebac82673bac179de179cc78656b9d9cef1e2fde8
-
SSDEEP
196608:mB12mtwTYrqOBcjvLDxLB5WLDDKfYErSssdkpxHaNhJ/Ds:mBxmOBcjvLDxL2DKFrSuVaNbs
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.belasaba.guard1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
945KB
MD5211771a5071821646415d372d9df992b
SHA188cc9303bfc9f1c4684d9052a82f6887a9e32d31
SHA25605b15fb490d264ffb6708d3ca6c95b5eddf1a5cdbbf58c8320dddf549db49cd0
SHA5129b1b89dc1dfc810b4e3d05d384971c614c4ff0e020cb7d5a85da46efc88655d8592bdb18cc8bd5a91073fd456969c63ec55c5f7d1528737bec000eb67fbd7dd5
-
Filesize
945KB
MD56083abc4cd5e5452335f2d97cbdca967
SHA11995692c5fe9a01fdb4c9dfef8b4cd4fe8276a90
SHA256394bfc698a39070118f178e3c11e24d78c0f4ec3e6a3e02f32929402933482c5
SHA512f067518fa5d5d4ff8a9e253e32e16664d52ba09e4aeeaac5410fc09d5ccd4e2443ce35112e72fd49e900171b43c9d90b8cc696223f76ea6858be4fd547bfc1dc
-
Filesize
24B
MD520397beadf9bb5aae0047b4274153742
SHA185cfa7503cfeb231082d2fc5a7dcdcfcec206c77
SHA256bc747cab1a35c0e92f6381d739649f3470497a66837b5da01a1ff759046304d7
SHA512ef3a43d80527c7443e689ebb7f8dbdad9dcc7d4c6ae8075891bc015a02ed39af937148646c96fc11cee56de6ae97bc3d3621ab80859b822d64f466d768c10556
-
Filesize
8B
MD50e4515365e2a4bc849379493a1efbf95
SHA13c298bd0ba1bec86958c21cb643c67af86747dd0
SHA256bdd28666eb12cb7cd4dfee5858629aaccc98a3c35c333f81560647ba8c9df98f
SHA51285eee06222aa9c64902467dda2c7ec8a7a680f52874e10913ee8979be0cfcd5feaa35a908fbd3c27790debdb095806805586a06a5c2b5e14d6556f2ac7b91b12
-
Filesize
104KB
MD548796f6d7ca6df39542e3db596ad155f
SHA199c8d5db5511ef0e845649f079a2171d3511c1b5
SHA2565b181f1cc1704de951f164cc77ae6db0582178bf67debc4698d2e16c5f1ab7ef
SHA5122bae109e66491f0824a386d7b6b3f64afde197bb3adbc7aa33bebbbbd60b186296b31668260dc26a4e71b4e9030b40dd6f6d2be04234cabaa1921bfd6485fadd
-
Filesize
512B
MD5ab58dd510e76857f05456b31a9e397b4
SHA12d3805e095bf9bdb7a1b122f3b83d1266593df92
SHA25688b82cc1c72026ebecd0d99dc7a6b36572deb485f628850de4bf9c46bb21ce6e
SHA5121bd72f4071c4b119a7a7373b07a964c67ca1bda7668df58a1b6e14126ecb79975c8cf71d75a546d052eba2d6b5b9a448879301df3c9b4ee40d7ea03ea6d94660
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
406KB
MD59f590c2de2b880974fa56ae90a197334
SHA1ed60ae1d0e0505c6fe1728ee6f2987f92407d341
SHA2569b0d538f5a1cd7156df81c9183d0fa2625074becb30749497749d838c4f20349
SHA51254e2a5c23525fdef2aa4c3a165f0986a82feae2e15a9e11e21b07c90add9106f37397b9be805a9fb9d64ac463654ddd9e9cdebc8bc1f0a1d269997d535a375be
-
Filesize
16KB
MD5e1fc53bd6d604242baa96e89522662ad
SHA13e272489d9ae72e2a2266fb786a652ed8a79bc6c
SHA256a6126a31869e543c18ab1ab066721ee36d9988688fb87018f893ea4a97f21c3b
SHA5126f3248dbc593b628c8fc5fffdfcec85c46683c15fe1a80dfc3155cf849eadbc6287751f6500c38e7cd7c820dd99f455e56a4cecfd131bfc29e30ec609873fd7e
-
Filesize
116KB
MD55c4677a74cfe150411cc973e4de47f33
SHA1a40ae3bb574461b5e2d183d5d52a084d952ec281
SHA256d969ef5a1cdfd4d1d6fb6ca4617289368110c1fa373d825a67402f5cddb53e44
SHA512e6e7b5285de8f9a46b2acf16546792152f02e19afcb80e73ea993eea4d25dc0472ca25da367effc38bedfb1be53cb5fa3043c9c2cd6dc2710f15f6a87b5b4aa8
-
Filesize
1KB
MD555020e8f639d39ea05fd432ff0e490ec
SHA1e363b94d622814c2ad9296ef518cf73b9aa0d526
SHA25634d8f04da6b2a8e397efe6ea01f1f466b716c1c6f14770a86f0493d96226ee5b
SHA512109ba08189331c1cc172eca777b17b7b51465abb4b5c2bda371b4de11261e8be64321066c459b866c1437d637bd06596f2e860051daecc316995810173f9e593
-
Filesize
2.0MB
MD514729c3618a03cf849b664361086962b
SHA15d2065692e55e6340826b4670e93743fe4ebf49f
SHA256bdaa4680b58d117f7cb4e4ed89a61119e0cacd5c6bd375af912d2bac4c83fc14
SHA5120cb89089293565ce3b89476395be51cfc4103f69aa76671e7f3af4e1abc705d437dd4dfcd81d60c94b3ed4ddfe8c3296dfe7a6972267934a7a1109b9d81f4afb