Analysis
-
max time kernel
149s -
max time network
151s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
21/03/2025, 23:51
General
-
Target
gubuza.apk
-
Size
7.9MB
-
MD5
f90d4de771dcc141e100f811ad918f56
-
SHA1
f3def8d2ec874c94e2eebc3ec707ee4e3ef1efa1
-
SHA256
e35b6b6faa11919f72dd9ea82fc74acd07451da43902c7b137296aa7b4f308d2
-
SHA512
743c07d5ea09cf716dd281a4fec6c2a82f65cba6fd1b3c68f48e841105904811da6a2ae8ef6714497249e6ca85d2a15afff655f4ce1715dbc00a4c6a0b8c4714
-
SSDEEP
98304:71o/Kr5S91kNhqTKr1aB3eUCtofx+sJfhexflKfN2ieSyeTgnrSsa6:I91kNhw+1e7x1Jpexf0UYErSs/
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.migadesoni.flash1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
947KB
MD5fa879b2f24acbcc304f6fdd6ccefa08b
SHA1252b7372eef87b0a5849ea504997723a5db4607e
SHA25640cb9837345ef04c974d4f7b7c4c88181a1e1394b7579433ed55776a192abeb7
SHA5129511a08baa4a93d17e7e8f2dee18b1979a93fbc8ada07d85bacf3679dad94d8241c5e9090fcc8e47919aa8a13fd116688139f466899596575ef995d2895fd002
-
Filesize
947KB
MD5e5c64205d7b12e3efa3813cabea19b6d
SHA152b2ab984e2e23e366371149481b0eb4997f93d0
SHA256ebdb530e2f492c160c01b6b5058fe1ea92333edf57dbccda0c8ef3ef4525a3df
SHA512848b37e89bd1b3731379d7337456dd9a378f9e92b8c3a6fcafe0397ad5064c52eee8e0e371bd46cbafe9201aae305d781c617cb8240b7445046666821d41eb28
-
Filesize
3KB
MD508f135e61feb7d34cfb4fffc0ee4fc0c
SHA129a85f0d1ebb9fbdf9810cf054ac3bac88b16658
SHA2560c98dab0b696113b0d1fbba4d4c88cf5b19ad8b6c71ffa83e52c4cf9c7d45062
SHA5120b5aa6e819307fa4ce8251bfbaac4c0869bbf46691707a1c6ecbd22d82c01077fb30268d02e2582a6de9ab048c16c6038d5385c99f54b5200f9cde2f421cebee
-
Filesize
24B
MD535bfc6a1fb659dcf434c56e7546ed84e
SHA128c7730eaec6a85f1901cd4d56e792b307fc8b48
SHA2562751cbdeb0f0f8be71b38963cb6e21f3a0bbfb93692cb4edc11e91877b80d3f4
SHA512bcca6851827f8269b5ef2073d45de3159d794c95903b1a545ec973d5475f89249adc729177df2bf9623dea2a470d65987b45f75f0b4e37a3f63394d75a1828f4
-
Filesize
8B
MD54d4fdbcedd0645ab5c7576bed3b0319f
SHA167c1372f38e0d6e619ce6784283ecab3d31fa993
SHA2566c6e25586b68f4bedfcc3162daff51eab35b7c9356ab31ad6baa0937c8f5b4d6
SHA5125111c74812c0ca7e35f4fbc032d5c2a34cfbdc06f13690382f9d30087f34a12ea93e9b04ce7cc9abf42eedd4c2f7150652ebc1dc61bceef685abd2d24c77d5d3
-
Filesize
104KB
MD5b9094a360f8fada8312d41d213ba4f88
SHA1d233067f42511e7fbcb86ea8f6b6a438b8b86a23
SHA256f7507ef861974ae7bba2e21d6631d556e6a2b86a8aab8f8e10af5cef97428b58
SHA5129739cb4eb61324f849128fc7e634742f55427d271731731a09906af7e0584b5f440bb2ddb20dab992928a328b4f9b0bb3f9354140d30435081f25305c076363e
-
Filesize
512B
MD56ffe1f10f600ade2e4c2d9228bb5c8e3
SHA1295e3d16dcc451bef50f653f07d8266af5d1a807
SHA256ba3e5fd0c1cab1e313d52f0cc174747acdf56f31e47aa0ea72f2e5b41ac65e14
SHA512d449f062af433a561e2bf0abf02b6b84143f4daf46dead777de580b76ec9f337b0f27130d7a467b6c3f9c02948a3ec3aa023c332d135ffe5496898772b7b311a
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
442KB
MD5b45b491390bb3a5637dd78b5ab3e359a
SHA19c2ed742e09f272d39149571e5ce58c95b850079
SHA2566fef3db448421a1750cb4e020673410cf96f57c925249c9738b2c9474b709c52
SHA512adebda5476dd28b6c115c6469fbff378bb9e6c5d965369b13b3d95cf4f0a68854ee96458b3ae6337bc5d94774871c0dfabf57f6440bc411e438e894cf99fc8be
-
Filesize
16KB
MD58be39f30e196fe1d9ddc02845df62c6f
SHA18512debf7b0897fc8c453b7bf4dcccbe257a0506
SHA2562ebea69b498be6189e4f79c4f349798e3e09e441f26bb4c8d9572392bc68f05d
SHA512ed3d3395a336daa8b73b121025c8da244f77c39188d6732376f33e12a29e2dffa6c135b32490229aa83df1243ce4ab5dfd8492e5917beddb004d0c3fac934ef9
-
Filesize
116KB
MD513b8ddeb66fa115569f76f7ac8b58046
SHA106808cfbccd654b79f1cb1467a1b66f59c0c8c29
SHA256b9a8e32726bea3d24e413ae0c5bd52506e481bde62544a142ef2e1a8a5e4e328
SHA51242ca83a587bdc1df32e880febdce9ac7e68d3cf6197dffbaf8a25d17e3377369df7d9ee614e80a2acc0f6d9a24da46a2ea3a1b49110b12f4b3411f8aa27a795f
-
Filesize
1KB
MD5d7a6934f5661a867ded3903bfd81d470
SHA12efa92fb7cf5d2b9b9ee1f41a98f8cd6756fc774
SHA256b20c6a122f5dca0eac4ca09c28e2f8b3dedd285033a3e3ea7afab8021d94a5b8
SHA5120ab947697eb21060c1be39b776623d5daab92c828662f59e3ef8067cf7c18bf4c2beeaa33b7fd254a6babdad3431631d5b4ae381b6b8647a85fb75b3f6b62968
-
Filesize
25B
MD5b9d9e0f8902d129e1aeebff0ae7b725b
SHA1cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781
SHA25625a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91
SHA512f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6
-
Filesize
2.0MB
MD509f1b6d4c8231a009e9f9a1f4ae21344
SHA18cee3e6e6f8f4b5aebd22d4eee254d52df826a60
SHA25630a7079c84ac70df21f93441a1835e1d18c27d4a2cdb69a26fe404c31bdf3918
SHA5124e363b1db3766ecc1e9943ea371e77996cba88d9ab803267e7839fe18c01898ebf0483b8bb1e5cfe4af1f8906d7ad3294c9270e4663d181c4e30a51cd9a90728