Analysis
-
max time kernel
29s -
max time network
25s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
-
submitted
22/03/2025, 00:03
General
-
Target
de7f3752a820b95fd58fc0099eaf6bb5a825d3d561e03dd5766a64cda456338d.apk
-
Size
7.8MB
-
MD5
e89c4dceb41be42fe5b85863c53445db
-
SHA1
48c364929a8fe07c1bdd52438dd0dd031f426b20
-
SHA256
de7f3752a820b95fd58fc0099eaf6bb5a825d3d561e03dd5766a64cda456338d
-
SHA512
593735a5f3c4f34509ce735039345b1b53c986a0c8145db55eeecc8ae99ccee36a13ce191f8a4c7c174eb1d1deea560f5f1df078ce8e7cda5eb66614d450e4b1
-
SSDEEP
196608:v0Z5yUCT+IOCBZGz3urg/QVrHHjvvMMe3ko4HUUOPenRBz:+ZwtbkOrfrOPefz
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.beluponu.graphic1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.beluponu.graphic/app_shadow/nb.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.beluponu.graphic/app_shadow/oat/x86/nb.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
626KB
MD52033a71f100e0b51a8fe1a6d129a5bda
SHA1ca2e2fb8739d0483b8f4c43cb357d3a13ee923c9
SHA256a6df4640bd81114916a6ffbf594f1014d83d26798a401794141f63c482100cae
SHA512006d91405e0082e86bddae8a4789fb44eef94af1073616a4c899596101e3901ccc6b08d7c52294ab52dedc525666eeb7eb5c88af6319ff373ef28218f553c0cf
-
Filesize
626KB
MD59c01ee03a06cd5bd7eeffa55d1259b7d
SHA1235b8fc611dc47d71d8b821cd38f9a2afe294ddc
SHA256fd19ab440b48ecd41bf5979078757a3f5a30c1eb6f0351480220ffda8fd42cf7
SHA51295c7c9cf65bb61837cfb6d505c441b5fea002bb95a1817e7f214474deb8c03b0985d6c860eed67d453f242781b42f0495befad081036f292d2b67ff4d8b89e66
-
Filesize
24B
MD5dcdd357d63538c04c878e983bc72dbc0
SHA10bb8c7306de9138d1b58037c6690178582160b51
SHA25685000a519e39b0fb1b6fb86aa750a7784f143e96b9ab3b9b153ef25d9c8f97cb
SHA512d17d684f0e708f87ae31de0feaa0487733228eb5ef159205ba9bc2d8bae8df58009d6b59df87f0d2a5432ca2d46bc38ddca21e3bab11c11785b5b1b0d9bdf3e4
-
Filesize
8B
MD56c6fee05758070d82a6c7588ada773b7
SHA1c7bc3e9cc177d24f8a06e02f9342c0e96cba6eb7
SHA2563b8376f305a92b07082910b456b860005880d7b9ff8fc4a88f868f1f43c03a8d
SHA512fe0a683b5082a0c6c5e620bf5945b98d9ca200b0d2c796c254aa5bc16fc65459e1d285f83384ce6a90146bef453e8adc0ae834b433ed2cb08c844ae266bd3d9a
-
Filesize
112KB
MD57a70ffe57ccd949c031281a26f3b75b7
SHA15e2e298b9d03b09c846516892f15d64f637a60e2
SHA25677adb0848deb40bb427f7a067534027debff29a64a35a50b141e13bebb237525
SHA512bcfba86fab48c7eadf46d67b55b48efdf4f0469483146ab8653c11acbcbd951a091a6a9133e8d228265d55db736a114aeaf9d0c0a3f9a35f67e8fee8a372eab9
-
Filesize
512B
MD560468626e451840fe938b321709b1781
SHA1c2111d411898ee28342856ede84beaa046d20253
SHA25637def3c34442721dd624e4db2f14ff82bb892a565f8523a8a0ea2c71268daca4
SHA5127e873c93db4b6a6fb5aa780b5653624a66c183f5f49b34d623ba59a094509154c94c6dacfe5f16c77cbae4f235cb7d9307ec854012c632f7d28b31229356f296
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD5ac744954e6d515469d5ed11df79082ad
SHA16da6e4e8e2fd0067e4e601aa51409430a283c5df
SHA25669f8cb0c99a377e40ceaa4b22c7385db25c7b7e9f84b9185858d5154d62a3260
SHA512221d9c323868da6174eac118b5faccd00be6cde7544b65f04d0be238dfef804866f20723e65edc66c02521b35efb833b1ad970eb54d1fe74d52504951ac22c26
-
Filesize
116KB
MD54f715caee343d50f4080bac16fbb1d22
SHA161dc06ce5c21ba3e2a3787d9d9c307d10b758784
SHA256f3fbceb49a4a13b0bd68814472f72252c6ba2af9b5dc578c03ef9a14ffb73cb5
SHA5126de07864eb69c2d3294e9de4fadb18ecb5e1b1a2598c92d43b1fcf176aa446e9d80bff6a8decaa08c7c8abcd643382d5a6ca433bd6c5005355f46dfc98f19e10
-
Filesize
422KB
MD595e51aaf931de3e67ca19cbeb17bc106
SHA1ea624f2c1c23ae07a1eb778fb0b100a50b769221
SHA256e2f227bcdd45bf267c95cc4ac0fc3b33ed6058a1d3b6b3bdf5fcc2d3290a712a
SHA512a88255da36648f8e37520a0ab7e7dbd706a96ac9deae1c051c4a1f9fb2f1ddd69d0c25abff1c1a4e20e1873eca0da2d19ddcd3d55b50475f9b78d60954314cf9
-
Filesize
1008B
MD546b39cb95168e14fb8710576661f3d44
SHA101560aa6d4c22fd58bcfbf171e59043efe639c1d
SHA25615380bebae8d0874468071ee3d894e0ab15f6037a160ba768e7ccd6526552920
SHA512dde28169de09aae1f2807b4cd4adcb8133f231a8e82d11bd0bc22a8549b66412dd80a78c866767178f4c9076b5ff9c14771b718d03c827694cbae3cc07470914
-
Filesize
1.3MB
MD59444dde2927c8f70a3629435f787eb56
SHA14bcb5ce5f04e1926c7fc067e5f837d76d8adefb7
SHA256e9b39a4719db4e1faafd3fc2b7f059348850f6889ffe07c49173dfca83b04ac9
SHA512f9c262a5ed93d4c900c3699cb4ddb1b91a3db4b728236fb5b023f743d63403426bc3119958f11c74c8a3931bec86802d871a07a6f3612e066147ed0c0fb02582
-
Filesize
1.3MB
MD56e4800e14ae255e00b23ef27e5eb29c4
SHA133b451e52d3cbaf3e41543208a88c5e2ceae32df
SHA2563831a2242ff187e2f3442ccc699421ac29eb84a0b4c092049fda203866e6f37d
SHA5123c719d9f5694c84c863a53a8b6b721e269c37482b3223948219cbc2557efe6166492fa917014c2655d8c6f7e6b02a977d79ab5661f92f7a74539bbc4cd7eadef