Analysis
-
max time kernel
146s -
max time network
150s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
22/03/2025, 00:46
General
-
Target
buzijebe.apk
-
Size
7.4MB
-
MD5
c42140c0a8148c57758f458163ace169
-
SHA1
077f9b9a58aff46be9f3a5fa01b0e2b6c59d1124
-
SHA256
8203f6c3e5a40e8fa19e54f8d235083e2de56efbf8f8f31e14af3c893c721843
-
SHA512
477e58295e6773e831b985a33397576b324cf738d8d965a612b1e54e047df045c6fac2b1c6065928e195a047d3c97391e7f39af3f1cffcf0cf2eada006d91d80
-
SSDEEP
98304:Qo/Kr68ddHh0yyRLirBcQBU3uCWe+2ieSyeTgnrSs2A5uDa/vGX5RzDlb:iddHh3YLtYErSsPQEvK5RNb
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.dininujoxu.java1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
945KB
MD5dc3dedece373e7967ed4e54d8812553b
SHA1348b491081ac30a4a1f080f1c6ed0ddad346f3c7
SHA2567a84605ddd46df57b1a52382378dd716e86ec71542d728a966830e553108d29b
SHA512e4ce924c94e2fff240c2f5c27cccbc6ca4946d6bf3da68eb46511dacec4e668c4ee66e693ba0b06bdd800688cb62ce121d239b5c98b456d994ec29f1b456e00e
-
Filesize
945KB
MD5839816a2a5097bc3903870943c1d5788
SHA18f5e232ba52a8ae92f4359e3331d17897968ec22
SHA2569b79ee512b0efc9bba466722babff8a26e2e334913555f100cfc6ad374b5df2d
SHA51239a07d2b7d53ce9a8d952fe446f94c5a23e001cc0fe7e58ac54933e41bb83d4958bd29d4ef7a5b5cc2d45a6b5582955acf1579769b869053eb90245c94547796
-
Filesize
3KB
MD59651bae98b25ad4f8bd42bcaa26c6b5b
SHA1f599fd4237e14b005f2446416ea5708e45951f46
SHA256882dfe21cd4554e499d0f283811260826b15487aae5c2fa42f9a369e62b29d2a
SHA512647394b22a31f1733d89ac387656d1fd076e23753cf82ec683ad560654685a3b2ff045799d6e8a2a28c113b9786b6d3e204655b71db04731e19b0a5e8c4cddc8
-
Filesize
24B
MD502f0ef43985e841c24bde66036119607
SHA1a3b140d913b9e39764b71f43b804dbfe3c2fa957
SHA2560fa33e97a9ad6fb39c90f14be68f3a6468484b076478002fb2cdb95113729bbc
SHA512a684c4ca210f8cdc4ee4cf0b1a5ef648504d98bbd59437b1f5d5226f36913ce5fc50aa1248e2c1ef25c88fbfe8bb9272c03677502f8b2119715864052d8cef57
-
Filesize
8B
MD5473499a5a74bf92a7649987918e81b02
SHA1cca4bbfad2e18a845643ca168960dff93156976b
SHA256282d6885252728748c9c28495d4d2eeeb7b22f0ff05d47a1f0578737f3dfaf3e
SHA5128fbbf26e7e1d1457d675a7649e7f5985bd8b3e8a7e4618b8a714f533088da83ec1b5d7ab2bda42f0eb0f7a9f920c8f52ce945744f5af048c12136dd4abc95d72
-
Filesize
104KB
MD5c3054952fc91ff7b1971f9999701a1c9
SHA1cbefa40acbccc3f940784723f2336df66c34f850
SHA2561af7a52d6af993e4a1adaf8da3933f8ec1212f80037597179151db479c7b2d5d
SHA51238fc415e212b71b236fc166a3d54ef4376a0a6d4f24d9c28632086ad3e1ca9ca09127c181730e94cbcc236ec3f9c960e2136456db157e5637dda7d09eabbc05f
-
Filesize
512B
MD512e583ea75cc31b4a2a6ed1d97843338
SHA193e9ac85b6a3fe73d1da838a5ac6f44f6f08a590
SHA256dd21ccca04429d88377ffd96b8837aee3be7e6e8cc7be53f1a4716bb2ebdd5db
SHA51259c23d1a798699e21e07e364566dcb7a31d7b69104d26e175d552267ca5bcf6d3f7becd208145a3970f18ce2b099f852de96158f7a074d9a0040259a9799b54e
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
406KB
MD52f81fded5dfa2fd29a609e21b0ec6845
SHA14371f04406d3faf2234f22c1215c195ea822b436
SHA256bedaae076c7d660e04fc0ae7d35577cbd3ee03844a7c51baadf08595fd6cd8bc
SHA512c55633070de93fb59cc5af4ead19649e6e3eeebab8a2d16bef5c71c6d08a4997c4e7c3af894a34af9b73543ed656a8eeeba9a48c18ecde066f63a9dfa16f6872
-
Filesize
16KB
MD5ebfbd43c03dff120172641284467cbec
SHA172976db66450f87681d3b4d9738a7bb53225a514
SHA256a8ab32a2fcc9b2daa9d517ca89bd19b18b3f7fe45535379fd23b162c6ea1b959
SHA51233d0b5ff1cecf3041d345ebd4753093dd4555f7727da1014bb77a662dd88c6db87782fc06b9d6604e2a3c150b9832ef85f9f99c71142086218273413390a3d1e
-
Filesize
116KB
MD512cc119c5847f08cfcd93823114bc99b
SHA1e44429e62b747e86552a3ed22f2c4f04eecc30cc
SHA2566f93a9cb070487df68b6ded3c6bb7e518dde7dc39bee442e87be070f028e2eb3
SHA512504d18b0d800c7a2fd930b164349d75f0e0f3006fd4dd72e231fc66c817dc763cdd75cdb6c2290edf11c1f5bc1ffc969b8395933f9fc9e0f546f59737e83ba36
-
Filesize
1KB
MD5d78de0bd970fc6ad104935c207dcd2d9
SHA1d4402135fb0d5f5b873bf15808768833b165941c
SHA256e2d08991644cbcc367aadd4b88a93a682b1b1035499424bb1f884045c2c7f283
SHA51299eff0e2f5c47e619c9fd579f6056259381d8a771b96fb24ba7dc6360c64433f9c294adf4a69166b61ffcb685b6a42db4bb77a4fa7462471e475b693565fa1c3
-
Filesize
176B
MD5a70eba70d62e636099591feefc4f9385
SHA13b1c22be922fa5042a356e223e28a9b562ad1908
SHA256f92dd643d3b9f85edb62e05382ae48765125b2817705b4a20819b16679648e47
SHA512eeee234c5ffefae48692b00588f208f2f33f75e4a86dd551848b3d252d0e1239a501e98b22374e0e968e083f28598dbe765dbb68d602947d24173fb1a75687a7
-
Filesize
2.0MB
MD5039b2f6ea2a3ac6889109e03a4ba6ede
SHA196aa1b9cfa9c95a1f6a6f8dc3771d5955904419d
SHA2564565aac23e3b499f4e1e01d462f00f5dfe2ce1aa98c8c5cc1346e12c8be62999
SHA512d1596f0e45067dd52b80423297316fc1d92350b6adf2c90bf85d92713ce24ce5622aaa415945dd368168dd07884e062fb0567c2236410aea172c13f902b48f3f