Overview

overview

10

Static

static

6

207a4f9076...a1.apk

android-9-x86

10

207a4f9076...a1.apk

android-10-x64

10

207a4f9076...a1.apk

android-11-x64

10

gubuza.apk

android-9-x86

10

gubuza.apk

android-10-x64

10

gubuza.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    21/03/2025, 23:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gubuza.apk

  • Size

    7.9MB

  • MD5

    f90d4de771dcc141e100f811ad918f56

  • SHA1

    f3def8d2ec874c94e2eebc3ec707ee4e3ef1efa1

  • SHA256

    e35b6b6faa11919f72dd9ea82fc74acd07451da43902c7b137296aa7b4f308d2

  • SHA512

    743c07d5ea09cf716dd281a4fec6c2a82f65cba6fd1b3c68f48e841105904811da6a2ae8ef6714497249e6ca85d2a15afff655f4ce1715dbc00a4c6a0b8c4714

  • SSDEEP

    98304:71o/Kr5S91kNhqTKr1aB3eUCtofx+sJfhexflKfN2ieSyeTgnrSsa6:I91kNhw+1e7x1Jpexf0UYErSs/

Score
10/10
antidotbankercollectioncredential_accessdefense_evasionevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Requests modifying system settings. 1 IoCs
    defense_evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.migadesoni.flash
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4774

Network

  • flag-au
    DNS
    www.youtube.com
    Remote address:
    1.1.1.1:53
    Request
    www.youtube.com
    IN A
    Response
    www.youtube.com
    IN CNAME
    youtube-ui.l.google.com
    youtube-ui.l.google.com
    IN A
    172.217.16.238
    youtube-ui.l.google.com
    IN A
    216.58.212.238
    youtube-ui.l.google.com
    IN A
    142.250.187.238
    youtube-ui.l.google.com
    IN A
    142.250.180.14
    youtube-ui.l.google.com
    IN A
    216.58.212.206
    youtube-ui.l.google.com
    IN A
    142.250.200.46
    youtube-ui.l.google.com
    IN A
    142.250.200.14
    youtube-ui.l.google.com
    IN A
    142.250.187.206
    youtube-ui.l.google.com
    IN A
    216.58.204.78
    youtube-ui.l.google.com
    IN A
    172.217.169.14
    youtube-ui.l.google.com
    IN A
    172.217.169.78
    youtube-ui.l.google.com
    IN A
    142.250.178.14
    youtube-ui.l.google.com
    IN A
    142.250.179.238
    youtube-ui.l.google.com
    IN A
    216.58.201.110
  • flag-au
    DNS
    www.youtube.com
    Remote address:
    1.1.1.1:53
    Request
    www.youtube.com
    IN A
  • flag-au
    DNS
    motorspeedhfuier.com
    Remote address:
    1.1.1.1:53
    Request
    motorspeedhfuier.com
    IN A
    Response
    motorspeedhfuier.com
    IN A
    89.116.48.242
  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.179.238
  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    216.58.213.14
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.9kB
     10
    8
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 172.217.16.238:443
    www.youtube.com
    tls
    2.1kB
     8.3kB
     18
    14
  • 172.217.16.238:443
    www.youtube.com
    tls
    1.8kB
     1.1kB
     9
    5
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 216.58.204.78:443
    www.youtube.com
    https
    1.5kB
     40 B
     2
    1
  • 216.58.213.14:443
    android.apis.google.com
    tls
    4.3kB
     7.5kB
     17
    13
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.2kB
     4.3kB
     11
    9
  • 142.250.179.238:443
    android.apis.google.com
    tls
    2.7kB
     5.9kB
     13
    11
  • 216.239.34.223:443
    tls, https
    128 B
     40 B
     2
    1
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.3kB
     9
    8
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.3kB
     9
    8
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.3kB
     10
    8
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     9
    6
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     9
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.3kB
     9
    8
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.3kB
     10
    8
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 142.250.179.226:443
    520 B
     10
  • 172.217.16.226:443
    520 B
     10
  • 216.58.204.70:443
    520 B
     10
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     9
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     9
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     9
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.3kB
     10
    8
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     9
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.3kB
     10
    8
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.3kB
     10
    8
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 142.250.187.193:443
    tls
    135 B
     40 B
     2
    1
  • 216.58.204.65:443
    tls
    519 B
     7
  • 216.239.34.223:443
    tls, https
    128 B
     40 B
     2
    1
  • 89.116.48.242:8952
    motorspeedhfuier.com
    tls
    1.1kB
     4.2kB
     10
    7
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    www.youtube.com
    dns
    122 B
     319 B
     2
    1

    DNS Request

    www.youtube.com

    DNS Request

    www.youtube.com

    DNS Response

    172.217.16.238
    216.58.212.238
    142.250.187.238
    142.250.180.14
    216.58.212.206
    142.250.200.46
    142.250.200.14
    142.250.187.206
    216.58.204.78
    172.217.169.14
    172.217.169.78
    142.250.178.14
    142.250.179.238
    216.58.201.110

  • 1.1.1.1:53
    motorspeedhfuier.com
    dns
    66 B
     82 B
     1
    1

    DNS Request

    motorspeedhfuier.com

    DNS Response

    89.116.48.242

  • 1.1.1.1:53
    android.apis.google.com
    dns
    138 B
     109 B
     2
    1

    DNS Request

    android.apis.google.com

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.179.238

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    216.58.213.14

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.migadesoni.flash/app_rose/FctGwTs.json
    Filesize

    947KB

    MD5

    fa879b2f24acbcc304f6fdd6ccefa08b

    SHA1

    252b7372eef87b0a5849ea504997723a5db4607e

    SHA256

    40cb9837345ef04c974d4f7b7c4c88181a1e1394b7579433ed55776a192abeb7

    SHA512

    9511a08baa4a93d17e7e8f2dee18b1979a93fbc8ada07d85bacf3679dad94d8241c5e9090fcc8e47919aa8a13fd116688139f466899596575ef995d2895fd002

    Download Submit

  • /data/data/com.migadesoni.flash/app_rose/FctGwTs.json
    Filesize

    947KB

    MD5

    e5c64205d7b12e3efa3813cabea19b6d

    SHA1

    52b2ab984e2e23e366371149481b0eb4997f93d0

    SHA256

    ebdb530e2f492c160c01b6b5058fe1ea92333edf57dbccda0c8ef3ef4525a3df

    SHA512

    848b37e89bd1b3731379d7337456dd9a378f9e92b8c3a6fcafe0397ad5064c52eee8e0e371bd46cbafe9201aae305d781c617cb8240b7445046666821d41eb28

    Download Submit

  • /data/data/com.migadesoni.flash/app_rose/oat/FctGwTs.json.cur.prof
    Filesize

    3KB

    MD5

    0db28dbfeb1729b93b84a2cbac7506ac

    SHA1

    60bfea7e0dc3c95d24b75badc1a431d5213a7873

    SHA256

    c7eb8ac193724481ebf6fd8835dae91825b15483db41b58aa5f1a67d2ec3c2f5

    SHA512

    382b6608942a15f10b63ebb7f57508717efad1914aa8e80a54810496d5c47941b1a17007aa35cafb50f6430e8028bd16ede0265ce40f950f5b5e2aa00e7255f5

    Download Submit

  • /data/data/com.migadesoni.flash/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    db7e531225b4449fc708d14a691f7e9a

    SHA1

    bf5b8022cc89aa99b5effa066403cb12d083cdaf

    SHA256

    391d41343e02fb7b400fffe6a2bf1b6288d758a6fd8685a5eb80332f2bb42c43

    SHA512

    fc4033ba3002f29ce33c6b882798c16b8653e71d9028ef2609cd50e5ecbc64d93af7cbc1187c67e211909f64b5135c102f14f76925bddf179a029094eddb6a89

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb
    Filesize

    104KB

    MD5

    35aa3cf99d5d61cf06021163a5bfbd9d

    SHA1

    9e3c8cfc802995f320d2ef955bfbdc5e9da57d21

    SHA256

    07a5e803c6b8ef327ae6fca73fcdbfeb8e75e89cffd454ea16f26234627a027c

    SHA512

    4c91f35137e79cdcc4748d1817b40351365caa587cc756f493511bbe262cada225d1cda4157708297629e6b066528215e4d528dea00f46c195ffbec6f6941e73

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    ee088f429e96934b4d6db62c734fe897

    SHA1

    ba9dcaf0562fbdb01782da45331fdb6462a4818f

    SHA256

    ee48ac090488d5e6f552d854a904714bf0168ae08e1cb8cfdbc3acb57ee24647

    SHA512

    04fbce0860e435939e10f4e1c6c81d3a8d38f9877051b11d1d31a54b5fdf43f5217bac760219a475a6ab34605a0449042c8b67a12460bc9af615e846f531aecf

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-wal
    Filesize

    426KB

    MD5

    11fd1a4d830fbcafb0cbfaeb8edc882d

    SHA1

    73053dd0656dd3920c7cb6e0523d96fd971a1aaf

    SHA256

    0bb648194ba198aefbc0213118acf14726302d81ba7de64efb1c14e5b0d6bc93

    SHA512

    1e50690ed68a7900b2972bdcb4d0e0aa646a7d41c713e41183afce7c64f6f9a5054a2ecce568429b70d130802d4ca2aa956aad6cd24cd1672b5729df5e363f9a

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    bc49a54fdc06c06521237dca831b2de3

    SHA1

    d3987150bbba932c4f8cac0cfb65bd21ba333e9c

    SHA256

    047caa8990f44d13dfafbed48fcb57574cf4ac58bb55e81b10b8c4c0487f67e5

    SHA512

    c8d46fc85799e1ae76aad129e34d6b0a413cdc2c37f3b1586e7c61844f8ffb06b84b841e2bf790a5f765a89cae4b888f74af3ed15febef3f715e37e72a75f5db

    Download Submit

  • /data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    47a0794f357e74aac3e90e24f4524bea

    SHA1

    7d08c9ab75634cc971d68033dfdaaf694a5a4ba9

    SHA256

    58a2a261a53042d419b00e2e1bd63991520567f698029c18400be83d48d7316e

    SHA512

    06752ae3b38760bc2f135385fb35de3ed77a435d7a8958a44a8df947d77beed02ff1bd8650ef7ee938305d3ebebcdb07ebcaa4e3abdad368eb14fe6ba362ba44

    Download Submit

  • /data/misc/profiles/cur/0/com.migadesoni.flash/primary.prof
    Filesize

    1KB

    MD5

    d7a6934f5661a867ded3903bfd81d470

    SHA1

    2efa92fb7cf5d2b9b9ee1f41a98f8cd6756fc774

    SHA256

    b20c6a122f5dca0eac4ca09c28e2f8b3dedd285033a3e3ea7afab8021d94a5b8

    SHA512

    0ab947697eb21060c1be39b776623d5daab92c828662f59e3ef8067cf7c18bf4c2beeaa33b7fd254a6babdad3431631d5b4ae381b6b8647a85fb75b3f6b62968

    Download Submit

  • /data/misc/profiles/cur/0/com.migadesoni.flash/primary.prof
    Filesize

    181B

    MD5

    ca4633c1fe385f122e9fa992ea8c0cd5

    SHA1

    095b685872d1eb438130aa89fa6dde19ad11b01c

    SHA256

    a6c3a9677ac6c21811cf7cbde98c816884b15d5b32a7fbbe416ea2e2c548fb46

    SHA512

    7bf84108cf7e04df6c8969653796ed4335fd944d25a20e5d98e298bf87c665e77befe3e6e3bcb40cea2f2f015c96acd02eb8582b7e1724cbd73dea5b35cf3d8f

    Download Submit

  • /data/user/0/com.migadesoni.flash/app_rose/FctGwTs.json
    Filesize

    2.0MB

    MD5

    09f1b6d4c8231a009e9f9a1f4ae21344

    SHA1

    8cee3e6e6f8f4b5aebd22d4eee254d52df826a60

    SHA256

    30a7079c84ac70df21f93441a1835e1d18c27d4a2cdb69a26fe404c31bdf3918

    SHA512

    4e363b1db3766ecc1e9943ea371e77996cba88d9ab803267e7839fe18c01898ebf0483b8bb1e5cfe4af1f8906d7ad3294c9270e4663d181c4e30a51cd9a90728

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.