Overview

overview

10

Static

static

6

207a4f9076...a1.apk

android-9-x86

10

207a4f9076...a1.apk

android-10-x64

10

207a4f9076...a1.apk

android-11-x64

10

gubuza.apk

android-9-x86

10

gubuza.apk

android-10-x64

10

gubuza.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21/03/2025, 23:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gubuza.apk

  • Size

    7.9MB

  • MD5

    f90d4de771dcc141e100f811ad918f56

  • SHA1

    f3def8d2ec874c94e2eebc3ec707ee4e3ef1efa1

  • SHA256

    e35b6b6faa11919f72dd9ea82fc74acd07451da43902c7b137296aa7b4f308d2

  • SHA512

    743c07d5ea09cf716dd281a4fec6c2a82f65cba6fd1b3c68f48e841105904811da6a2ae8ef6714497249e6ca85d2a15afff655f4ce1715dbc00a4c6a0b8c4714

  • SSDEEP

    98304:71o/Kr5S91kNhqTKr1aB3eUCtofx+sJfhexflKfN2ieSyeTgnrSsa6:I91kNhw+1e7x1Jpexf0UYErSs/

Score
10/10
antidotbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutioninfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.migadesoni.flash
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4376
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.migadesoni.flash/app_rose/FctGwTs.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.migadesoni.flash/app_rose/oat/x86/FctGwTs.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4401

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.migadesoni.flash/app_rose/FctGwTs.json
    Filesize

    947KB

    MD5

    fa879b2f24acbcc304f6fdd6ccefa08b

    SHA1

    252b7372eef87b0a5849ea504997723a5db4607e

    SHA256

    40cb9837345ef04c974d4f7b7c4c88181a1e1394b7579433ed55776a192abeb7

    SHA512

    9511a08baa4a93d17e7e8f2dee18b1979a93fbc8ada07d85bacf3679dad94d8241c5e9090fcc8e47919aa8a13fd116688139f466899596575ef995d2895fd002

    Download Submit

  • /data/data/com.migadesoni.flash/app_rose/FctGwTs.json
    Filesize

    947KB

    MD5

    e5c64205d7b12e3efa3813cabea19b6d

    SHA1

    52b2ab984e2e23e366371149481b0eb4997f93d0

    SHA256

    ebdb530e2f492c160c01b6b5058fe1ea92333edf57dbccda0c8ef3ef4525a3df

    SHA512

    848b37e89bd1b3731379d7337456dd9a378f9e92b8c3a6fcafe0397ad5064c52eee8e0e371bd46cbafe9201aae305d781c617cb8240b7445046666821d41eb28

    Download Submit

  • /data/data/com.migadesoni.flash/app_rose/oat/FctGwTs.json.cur.prof
    Filesize

    3KB

    MD5

    26314ce8f22daf7fb8fef8e2ba563a7b

    SHA1

    a90d96b9b27945ca7856e4d84188222b5735ab98

    SHA256

    5f569b074cca572cc6e91041749ccf6e80854e2b1539fcad468b928f22b386f2

    SHA512

    90fa35c744c06942b308256ba4da6f0e6a622f94ae6017b79c0a85f66c9ef17c3054cef2364343c188d5141e4c088d28107d3943cb1b6313133726590e1cd742

    Download Submit

  • /data/data/com.migadesoni.flash/files/profileInstalled
    Filesize

    24B

    MD5

    bda3b73d4c407b4381c66874dfe7bcda

    SHA1

    b60476eea7dfe9727932f562525bb20f4dca4857

    SHA256

    46f127808d366850fb402d348e9a42741940c60afcae332a9f4ceee12d699e56

    SHA512

    c0c6312c87cf895a422a0965710fb0a2be618ba897685770fb8bc225dd670162ff053fe1ff6dbe3a3f624c2e8459a0453e13ce6ef84331702b50dd9ade95ef44

    Download Submit

  • /data/data/com.migadesoni.flash/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    a2959c13f3f174424b1e5038b4da9996

    SHA1

    59ddc7ec8f83982df8ef3d9b501cf9c306c5cf4f

    SHA256

    966283d1e27607cafb67f49a7c80f6d72ad1b0debcf723d695ebf3f33ab63d3b

    SHA512

    3db5b51aa410a325e7a8b8ee1ff6606f5d9fcf23f0d73ea577655f53369aedb9fc081861eb3699a1045646addb082b0f5d36b8bd9af41d86b885bc5fd793447b

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb
    Filesize

    104KB

    MD5

    09fef1b646278601dfe47273bd56663d

    SHA1

    2539f4f24d440e980c7f8d7434bb33ff634abb12

    SHA256

    d35be0cd74132a8071ec876f9544ac7e02db394dcc3d63d57ecec8eff6f9e2b2

    SHA512

    bb77326357193d8a73ecce305d055840d7cf47f0759c129bdbe05eea1c76ebd9e1514a6fb5c9c8d54a8c6a9a5e4dae51393ee539ebfad939f2b9a46f6d54cec1

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    f8b3b77ad25e13631cf088bff07ac236

    SHA1

    25c0c4161d23d7bb67364daf8fa358057a345419

    SHA256

    b9a6492f57ccdea3094e9c86741fa517fe51756c08e412c45abeb79c042f50e8

    SHA512

    243afe0205d4bc57162aae16174bf735ebd50f170e74aeed7a99473c394bb3d1a04e7d21569b3c2428c9afddc48e0e6f993fc8d45f1be9b31b20f2408e46630f

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    bfff33f9dda9719c66b4d5d92a85540e

    SHA1

    76a400c501680288b1317e2eecef2719015487e9

    SHA256

    60d7aed5ff1eaa476e9c0e4a8bca7899d6007ec9a82272a21b27f0cfc7ccad38

    SHA512

    be608560c53b56ec263776aadcaad21ef07814e384f52afe17af8c5f126a16f5da85f16fc80f77d64d5f79bf1f224219c919f552fc2937d37fa83f3437dba175

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    58e68f1bb1b3954d117aed21c877b224

    SHA1

    c04b3c257d5fe210faa29e7812eee6ede5deb6d7

    SHA256

    3b811e43e25253df70e249e8d8105b164f4e5982c929b2077e6a3a9f22d1ab0a

    SHA512

    e3bfb839f5b7cf3504d9ede5ad19211688769640280611ef1df58fdccd30b1b12d9629ba5706d5299d0018821dbbc3e20feb9ab2601fed0550ab447be9b5f14d

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-wal
    Filesize

    434KB

    MD5

    18c7b301f70eac5a46994eafbf78f532

    SHA1

    2b7f1460e67228c3bcd04fe1e4beaa8ace67bb62

    SHA256

    e1d31a350b78dd7ecce01e46004f3b69b018dae54e92747282a7a91e304cd8ef

    SHA512

    c39d945c67d7b99f9fa70c2ba6b2154ab574d4b1d0e5722b1651edc616887b99eb6e009c00cbfe8d0fe4fdaae5b22513b9aee463c0d03ffc211b542aee3d1f72

    Download Submit

  • /data/misc/profiles/cur/0/com.migadesoni.flash/primary.prof
    Filesize

    1KB

    MD5

    d7a6934f5661a867ded3903bfd81d470

    SHA1

    2efa92fb7cf5d2b9b9ee1f41a98f8cd6756fc774

    SHA256

    b20c6a122f5dca0eac4ca09c28e2f8b3dedd285033a3e3ea7afab8021d94a5b8

    SHA512

    0ab947697eb21060c1be39b776623d5daab92c828662f59e3ef8067cf7c18bf4c2beeaa33b7fd254a6babdad3431631d5b4ae381b6b8647a85fb75b3f6b62968

    Download Submit

  • /data/misc/profiles/cur/0/com.migadesoni.flash/primary.prof
    Filesize

    179B

    MD5

    98ef5891abef6885422556c46eb5d891

    SHA1

    01291cd11955af7357326dddd3d214dd5dd4caec

    SHA256

    3ed2fef9a1bd563a4020d9581fca8f7000b69482f52ab4f9af1200251b76a202

    SHA512

    2f47792db2f304666a1b4b005ed80f3cf62703cd63a3fbc5ab60ff1a7ec6865dbc9da61f47783c18d4e98e3c9031c5a4e7c7bca233d78d980e456bc27795d077

    Download Submit

  • /data/user/0/com.migadesoni.flash/app_rose/FctGwTs.json
    Filesize

    2.0MB

    MD5

    4a10a1c17a51ccb52f6c6bdded7317b8

    SHA1

    688d489f5dd28935aa9701e2e9ffd32bcd36c90c

    SHA256

    757145bb58eb325c3b1a81ef7b3a3911114b62f6de7c13fca08573107055ca5e

    SHA512

    3645b685864b19e0bd8153a4a490e4a30749905e4bf72c208bb8ecb9f3cf0f56289e276207aea8388d6f1edc500b33e402eaf1ad719a7ff3002712a6ae536720

    Download Submit

  • /data/user/0/com.migadesoni.flash/app_rose/FctGwTs.json
    Filesize

    2.0MB

    MD5

    09f1b6d4c8231a009e9f9a1f4ae21344

    SHA1

    8cee3e6e6f8f4b5aebd22d4eee254d52df826a60

    SHA256

    30a7079c84ac70df21f93441a1835e1d18c27d4a2cdb69a26fe404c31bdf3918

    SHA512

    4e363b1db3766ecc1e9943ea371e77996cba88d9ab803267e7839fe18c01898ebf0483b8bb1e5cfe4af1f8906d7ad3294c9270e4663d181c4e30a51cd9a90728

    Download Submit