Analysis
-
max time kernel
29s -
max time network
28s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
-
submitted
22/03/2025, 00:43
General
-
Target
buzijebe.apk
-
Size
7.4MB
-
MD5
c42140c0a8148c57758f458163ace169
-
SHA1
077f9b9a58aff46be9f3a5fa01b0e2b6c59d1124
-
SHA256
8203f6c3e5a40e8fa19e54f8d235083e2de56efbf8f8f31e14af3c893c721843
-
SHA512
477e58295e6773e831b985a33397576b324cf738d8d965a612b1e54e047df045c6fac2b1c6065928e195a047d3c97391e7f39af3f1cffcf0cf2eada006d91d80
-
SSDEEP
98304:Qo/Kr68ddHh0yyRLirBcQBU3uCWe+2ieSyeTgnrSs2A5uDa/vGX5RzDlb:iddHh3YLtYErSsPQEvK5RNb
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.dininujoxu.java1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dininujoxu.java/app_credit/KqJwjY.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.dininujoxu.java/app_credit/oat/x86/KqJwjY.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
945KB
MD5dc3dedece373e7967ed4e54d8812553b
SHA1348b491081ac30a4a1f080f1c6ed0ddad346f3c7
SHA2567a84605ddd46df57b1a52382378dd716e86ec71542d728a966830e553108d29b
SHA512e4ce924c94e2fff240c2f5c27cccbc6ca4946d6bf3da68eb46511dacec4e668c4ee66e693ba0b06bdd800688cb62ce121d239b5c98b456d994ec29f1b456e00e
-
Filesize
945KB
MD5839816a2a5097bc3903870943c1d5788
SHA18f5e232ba52a8ae92f4359e3331d17897968ec22
SHA2569b79ee512b0efc9bba466722babff8a26e2e334913555f100cfc6ad374b5df2d
SHA51239a07d2b7d53ce9a8d952fe446f94c5a23e001cc0fe7e58ac54933e41bb83d4958bd29d4ef7a5b5cc2d45a6b5582955acf1579769b869053eb90245c94547796
-
Filesize
24B
MD5231bab8dfa37f398bd0604c5b7bdf919
SHA18c68b2cd6396ca6fce25dce5a6c003b1c2f52364
SHA256fe9203eece7e578ca24c5b0624932c358efb4ba68cee421665678764a766da4a
SHA512ddb340fc6c3f29e4a66c2c3b52e3d0cc287ee5ec0c2bcb25026e8983cbdfe006574d9c9b71d7663ea5c92abe56b5f05a5865f851ee7bbc84c05bdf8ce50aee6f
-
Filesize
8B
MD530a78b00b3a35ba2f224e0716b243ba2
SHA1d129f4efd7dd9e66f2f25c1dd03db72734a71730
SHA256b5278ddce106abd196139951f3b300786bcb9a001c4fc42e330df638e654e7ea
SHA512500a56837f9f78967cfc8bdbbb3aa37141a7b7e3337f772de45447fca9496faec74c05591ef15ccf218de523d89702eff2abd01016764af11a4a9c63d59f9d5f
-
Filesize
104KB
MD52cfeaf35724fbc8df311ec0813bf1169
SHA13ca17307ecdd04181d08b6bda240a55d0e1f1ae4
SHA256932a2e05a9fc659082674bc957fef23734a34b1ecf418d55aa3ef527a70fce75
SHA512ad55f978c7dffb6149ef588c822ae5b1b248315eb1ccac7398d0ffb0e5b1e06fa79af6aa4ee88845bdbb314d3d87023ccfc4e1a19ae0e9eec83032ff0b94cccb
-
Filesize
512B
MD598d08928a24965c363d21786d0bc8695
SHA17166b84a95bbe308bdc65c80d3e1303aa2941d53
SHA2561065fb284b8efc49172303ef8ee10365d40121aaa5d0df5e015a65f7a7e847b5
SHA512d0adb888b3b5406a074e3639bf14f4412e3afb27f3d265a8a9a4a04fa5bfab378229b6ac6ef16b8d7b63e1826e5a57c1d2b63437692fdd49bb9f2167b0400458
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD5b157ff6a59b3271fe823e0666c875705
SHA15dda678fe0e9accfbee5187b7956171f0193a401
SHA256e548bbe43b6c6a1190eb118fc86bd81641d87c910c80147543561a7e299a157d
SHA512fe77b15177fa1478b335747a0e27c1efc6fd41fce8d044d048d301a27c58d21abd3af7e2ee19479d0bd63ebc5fc5672e4b2663cf415a902f410ef30f4a50f293
-
Filesize
116KB
MD5da99640187c824e681e8f9859d42fb12
SHA15083eef6c282eee85fde3bfca44bbf57432715b4
SHA2568291ae18838fcfcd267184e146522e1d3d69a54a978bf7893ebb2ddd131e0653
SHA512ece6d2209d85708654a678c1c7dc74c6325c38bcb5d4007b01a9795a035c82944aba8aa644661bb5f11f02dd85ddcd6fbe0d9f35391034c9a1f6ebc60915964a
-
Filesize
406KB
MD5c1dc20a9a7e0b8ba5dfa72c83cbc5526
SHA1b669911e6736d7b80448494ffa5d38af52ff17e1
SHA256a55fbd82a45b2e16e4a0ca79a2b06790790900141da50c62f52000c471b8209e
SHA512ef65f5c89ad70b1acb47d0b711c8c4dbc89ebcab580d0e972dc01effeb8793318dd456a930469c9d4d3572c12485168ba30a5c1a3220dd6864bf2ecafd70c6c2
-
Filesize
1KB
MD5d78de0bd970fc6ad104935c207dcd2d9
SHA1d4402135fb0d5f5b873bf15808768833b165941c
SHA256e2d08991644cbcc367aadd4b88a93a682b1b1035499424bb1f884045c2c7f283
SHA51299eff0e2f5c47e619c9fd579f6056259381d8a771b96fb24ba7dc6360c64433f9c294adf4a69166b61ffcb685b6a42db4bb77a4fa7462471e475b693565fa1c3
-
Filesize
2.0MB
MD598c01dd8cb3804a2e9855aa89b4dc0a4
SHA14eb7072e2d6effd34151a469616f3674f7a9cdf8
SHA256dd63d9c22d2a7a469600f4a2f9f1cfbf29c80681135b4b465f67f4b260396b3f
SHA5123554fcf3ecd7e9a43092e2f0b0f2ad3bc014c8796e58b806cad89506b6c0dd9dd90c8d801a54b94da85cb67a0c5f60ba18735fede1df0dc542e0f827d32c5375
-
Filesize
2.0MB
MD5039b2f6ea2a3ac6889109e03a4ba6ede
SHA196aa1b9cfa9c95a1f6a6f8dc3771d5955904419d
SHA2564565aac23e3b499f4e1e01d462f00f5dfe2ce1aa98c8c5cc1346e12c8be62999
SHA512d1596f0e45067dd52b80423297316fc1d92350b6adf2c90bf85d92713ce24ce5622aaa415945dd368168dd07884e062fb0567c2236410aea172c13f902b48f3f