Analysis
-
max time kernel
149s -
max time network
152s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
-
submitted
21/03/2025, 23:51
General
-
Target
207a4f9076aa04435c532f8d62ff134859abdca31bc0f11fc31aa4f8146ef9a1.apk
-
Size
9.4MB
-
MD5
584af941017f437f35e4c0d457c22c0a
-
SHA1
b84b59337eda585de666038d9f1a051440e2018f
-
SHA256
207a4f9076aa04435c532f8d62ff134859abdca31bc0f11fc31aa4f8146ef9a1
-
SHA512
38526099969861bfb8a87728e17bf929aea606af79357cd172931734f1cf24afc9e15322d00611ce25b241acb412921c5ad87d13965fd134e2ea16ba8df523c7
-
SSDEEP
196608:Ns+q4ar9v0IaVbJTcPZq/oMziAsyTPE29w87PA:lq46wVbpcPEJzi07E0To
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.xunewuzo.constant1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
609KB
MD5a4265e4273b80945a1067171908372ed
SHA1a0a75068b29cb24eb5f11f2e0bad68bc5cef0d5a
SHA2568351f77534974d0958e4185e9359b2fcd3d56d90e01b8865b4d144d884267b3b
SHA512447157c4c699dcf1a8ce8ef19198ef13b910208b720989e2a2a9a2a110c5a3d5eb9b04c5b9717467429231b5c48452c81548b384cbc4a43e9806d4eb3d72f499
-
Filesize
609KB
MD565aac637e04286bdb9f4c489fb51cffa
SHA11552eddd28f7707edae696ee4f7ca2f733eb1d2f
SHA256b5bcb58d2fd5b1feb25b58dce17038c672a365fa17908e5627a376002b0d6434
SHA5122c43dc7e5e96119ba252dfcd734641367fb5f1f58f6c894deec2d290f5af6c5932ce5c34c142313cfa50eaae6625ed8228db64fab5c5c1523d0b4b033072a336
-
Filesize
8B
MD5533845ff6b3662b0128d1ec8b671603a
SHA1ef6e439f7ba7f9e292eedcbb3f6b8c39636c5805
SHA256b890faf590ed29a3372328ab614aa662626dc5a6aa6e35712474470d83226fc6
SHA512568985ddd90d18fba51563fb7db206f6006c7fe2d00d21c8f0f49b98264c5e4dedc2fef3a54337dce9a7dd75ba90a307b6030e25696862d000ff766059fb1c55
-
Filesize
184KB
MD573db79abf67e0737b5aac9b423d58b6d
SHA1fac89f5594c90dda3fa3b5e65a8e0c32f0fbfac4
SHA2563207a292d41bf2eec62fcbfb1ba19651578e922d01eb80963e0ffc03b20aaaa0
SHA51206ee2746d0f2017c80eb99419538885f200bc5776f3d9afd02bd78a87b91ae17b678d1887ce41b4848bf3a036c2e73beaca1e9b3e14d6c15035bc3ed22b26a11
-
Filesize
512B
MD53885712892d8a6d067e70ebf757baa22
SHA1b19241fac5651b40739701fd9eda591e36b24c84
SHA256305b8b44cb7e084f894f2216613faba0a97f23b31547bbf933f0f5fecacf384f
SHA512fd80ee5d68418b2d73e1308560445b4835c1a0908b042ee25f444c6a9af20fbb2ba3e40ed643a6000823743c9c3a8e0ac75cb1246a80e807fbb3f8a617b15fa5
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
426KB
MD5c87fccfb613d41cd946a3a8e56a3f094
SHA1084de0513e2a67afe2c82a6f10fdb10f27108f80
SHA256d6e5b192d88e4b303e8a8058c307f71a15ddd98c45c21718e5a641b31291c450
SHA51278ef3626a63d9c0aacef63082938c88c68bef92fc02b6b99197dc93a50390bf6bc9f7adfa741085f0eefe6f2800db98c258ac624ddad3f4737a913ed9d67f4eb
-
Filesize
16KB
MD50109bd5ed162398ea0589fe3869c4f07
SHA199f1da7deb7246c908c7d6cd05217c56336f4cf6
SHA2560198f57ff513339e5359cfb4a4c742cbc2daf3c7077a5f29f2810e6f6b735940
SHA51219db3a3102f9f1802c3e8154ffd618523859cab426b2bbbcb5c895741e4756f583abd30b2122cf8cedbffd4a5dcde210ca2ea48fb5e2fb41d5e87bb69ecd00b2
-
Filesize
116KB
MD5c3ece1c6dec68e5778ef4e9f6c8dd9e8
SHA18ba0338ecd088004a9437d73fa3a42057de03bad
SHA256cff547185df053fdc0351c709ee9303bd67a1ea2904246ad35ac762f5cfa78c4
SHA512dca1dbb3473d2f6b969eaa2ec3ec2d6d35fc759a1d9cf4d849f50193bc178d7ccd6c8e8e9cece8a2203d6055a5efb96235707b86b4321c676b85a12273346d29
-
Filesize
985B
MD528579e52c6c8a3c1b58a8353095ba787
SHA1ebe531043cd315d1fa33f05e54611a5ef46626b2
SHA25692e0d8652e1878ff31e1e711442393a9637555dd71bd2e9263d48d769028ccc3
SHA512812ac839358e0be826452de8c64c1d4a1cbec7aeafdd78b4bd385127019c2519d17a54e60917920e6d833da45fb1897cc424d003612a3eff0ff13469cf2903fd
-
Filesize
1.3MB
MD51a95ce3282b03d5794fc39d38bac781f
SHA157a00c556b4a13b41dc212622652116d4974072f
SHA2563926e26b0c6b87a7e5cf9d8c8337d1205a2fa3f6f6870d74376996a3b9de798c
SHA512b5f40cc64adef556f64be055e4f88371539144fa9ea5e924041c0e5f56d97ae9f91c32561a481bcae1b8859a7f90d01fb83c2d70754f22733478644427dba50d