Overview

overview

10

Static

static

6

207a4f9076...a1.apk

android-13-x64

10

207a4f9076...a1.apk

android-9-x86

10

gubuza.apk

android-13-x64

10

gubuza.apk

android-9-x86

10

Analysis

  • max time kernel
    27s
  • max time network
    31s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    21/03/2025, 23:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gubuza.apk

  • Size

    7.9MB

  • MD5

    f90d4de771dcc141e100f811ad918f56

  • SHA1

    f3def8d2ec874c94e2eebc3ec707ee4e3ef1efa1

  • SHA256

    e35b6b6faa11919f72dd9ea82fc74acd07451da43902c7b137296aa7b4f308d2

  • SHA512

    743c07d5ea09cf716dd281a4fec6c2a82f65cba6fd1b3c68f48e841105904811da6a2ae8ef6714497249e6ca85d2a15afff655f4ce1715dbc00a4c6a0b8c4714

  • SSDEEP

    98304:71o/Kr5S91kNhqTKr1aB3eUCtofx+sJfhexflKfN2ieSyeTgnrSsa6:I91kNhw+1e7x1Jpexf0UYErSs/

Score
10/10
antidotbankercollectioncredential_accessdefense_evasionevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Requests modifying system settings. 1 IoCs
    defense_evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.migadesoni.flash
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4509

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.migadesoni.flash/app_rose/FctGwTs.json
    Filesize

    947KB

    MD5

    fa879b2f24acbcc304f6fdd6ccefa08b

    SHA1

    252b7372eef87b0a5849ea504997723a5db4607e

    SHA256

    40cb9837345ef04c974d4f7b7c4c88181a1e1394b7579433ed55776a192abeb7

    SHA512

    9511a08baa4a93d17e7e8f2dee18b1979a93fbc8ada07d85bacf3679dad94d8241c5e9090fcc8e47919aa8a13fd116688139f466899596575ef995d2895fd002

    Download Submit

  • /data/data/com.migadesoni.flash/app_rose/FctGwTs.json
    Filesize

    947KB

    MD5

    e5c64205d7b12e3efa3813cabea19b6d

    SHA1

    52b2ab984e2e23e366371149481b0eb4997f93d0

    SHA256

    ebdb530e2f492c160c01b6b5058fe1ea92333edf57dbccda0c8ef3ef4525a3df

    SHA512

    848b37e89bd1b3731379d7337456dd9a378f9e92b8c3a6fcafe0397ad5064c52eee8e0e371bd46cbafe9201aae305d781c617cb8240b7445046666821d41eb28

    Download Submit

  • /data/data/com.migadesoni.flash/app_rose/oat/x86_64/FctGwTs.vdex
    Filesize

    36KB

    MD5

    16272caaffc4abf73ae65837093e86fb

    SHA1

    9e27b905fb49fac7899d7f7ef2f9fce8cdb67f91

    SHA256

    c75c11daa8415743834f8c72ce83507a428c069b13a8dfa63489b9f149593873

    SHA512

    9f728b7781fe400139d185ee0b68fc180366efeed99f05effde56718888a62bc0ca5f39e3d80685f69282a4413d4173394474070d3a36720fefd27a2b561f0be

    Download Submit

  • /data/data/com.migadesoni.flash/files/profileInstalled
    Filesize

    24B

    MD5

    f087092e0b7876a178027e2213135c3c

    SHA1

    3e9d0080ab168110661264e18346b12d07cc9d2c

    SHA256

    ef125780a9bbad5ab5416bd2e74690d6b5a5a39a71d74e96c479c77e535b1e91

    SHA512

    f322fb759f1553dba1757cc2a97f2e6ba18d74336122209ec0e40fe79dc93f134b53700e4de6c5944a096ad21f500f7b0c43df3f78b41481034602a6861f7e23

    Download Submit

  • /data/data/com.migadesoni.flash/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    5c76214e435225ba97d6b4ca9bf9c61e

    SHA1

    29c0f67c02b3118bfe24ec09edbd8850b70e6ef1

    SHA256

    3189c905eb9d771324f12f10029cc3ecb2e60e642a1fb5ce8e3ea553067165f7

    SHA512

    e3e86de9a6f255a04204d8608e03811f849602211fc94de03bbcf5d1e62320d08ec026dba17a1c085a24ab501eeab74b6827ba2846219944311131623edb093f

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb
    Filesize

    104KB

    MD5

    bf11f00c7992128d282cc940afef0cfb

    SHA1

    261404c7720fa055a3cf86686a8e23814c31af58

    SHA256

    016f8529863d9357362b0e14c01c09e93feeafd6dda5f654908345ae2af7c157

    SHA512

    c5704d96c1a027b969177481c8cc1e31ae3703a028e5c740d2afc253c2c1eab6762fce72cf9902f006a0fe1dac10971a3dcb45654579753bbea12fda03a5c868

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    7ee2398f202dec0341b888610311a4c0

    SHA1

    6491bc0f652ffdcf03997f6b907dede92d424948

    SHA256

    e78a04000c474a16b8e6261ad241d1e0417e3b17c84379c14f297abab00b03ab

    SHA512

    697ab76eb299d78ebb2630665d3cafc7b1882fb37e7598c81184619f614607446425376883d30e2421d5233fbd5a8df7a0149e92a4555e1401c0a9ba0da7d4bb

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    abb363d1c19133aff89ea45ff7603ec1

    SHA1

    da46ace53ca8137580d33770ae96bac6b6ed08bb

    SHA256

    fd83bb9429bc3dc3ce342a1410251b9c7d4d0ccc586459557cc9479e76a3e8bd

    SHA512

    8c856cd6b90beab21d085168821bb76da5a497e40ce63ccfd335bf645aad27a8a6eaa0e952d6d342b974f0d47f95a0d2cbecea13d593c4bc070c3f31d3954548

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-wal
    Filesize

    434KB

    MD5

    1d3cff2c6c8f6c4da09619062f4ee3a9

    SHA1

    ef0995fcf09f023f61031cf7ccabcdfd8b2fb393

    SHA256

    c3a3b51d171ad7275297d0552dbb5a14476560b3e5ea083159d917e6aec21fe6

    SHA512

    c46b2d93597c3315c3bccd9c0000bfaabc7b0fc01c2967df5498269feb45794b5ef2b4dd00baf199ece8a93419acfd9df9102be1f2841b72bb86f4ea8339fd2b

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    1691fecb6a612530f193ec1e61f92b46

    SHA1

    87a0714a467395269ef0b4cf35534c99b0f77a68

    SHA256

    a5863e829aba7d71740cad01a51ac9fe3d2f647532948f30ca6787f40463b003

    SHA512

    93520a7055cfe4280afee0ad8bf6d34767e17d7a06949f73570c2ec9ab1ad4ba85d0f471cdf1199243f9a0032e38b732c60b03910e234d1fc500bcaee346bb72

    Download Submit

  • /data/misc/profiles/cur/0/com.migadesoni.flash/primary.prof
    Filesize

    1KB

    MD5

    e1a65894743e31bb5c528a4ae4399b6b

    SHA1

    f39805d5bfe799b73664b470b7207f64eb3483fd

    SHA256

    e49c123ce2d7a7ad90d689c60d36d1966eff15eeceeadd4afdc00e44fce69c22

    SHA512

    0c46805a3873ca3542ff3f4938a1d3002331695c2a6351362ace1f307335a9624a1dd275613ab0c937fc3c5a0e8de56383e10b63fae0f1ed0fcc16e60b17e67c

    Download Submit

  • /data/user/0/com.migadesoni.flash/app_rose/FctGwTs.json
    Filesize

    2.0MB

    MD5

    09f1b6d4c8231a009e9f9a1f4ae21344

    SHA1

    8cee3e6e6f8f4b5aebd22d4eee254d52df826a60

    SHA256

    30a7079c84ac70df21f93441a1835e1d18c27d4a2cdb69a26fe404c31bdf3918

    SHA512

    4e363b1db3766ecc1e9943ea371e77996cba88d9ab803267e7839fe18c01898ebf0483b8bb1e5cfe4af1f8906d7ad3294c9270e4663d181c4e30a51cd9a90728

    Download Submit