Overview

overview

10

Static

static

6

de7f3752a8...8d.apk

android-13-x64

10

de7f3752a8...8d.apk

android-9-x86

10

doceniyobino.apk

android-13-x64

10

doceniyobino.apk

android-9-x86

Analysis

  • max time kernel
    24s
  • max time network
    30s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    22/03/2025, 00:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    doceniyobino.apk

  • Size

    8.8MB

  • MD5

    b07c3dad4ebf2fea0be071b21d3a35b9

  • SHA1

    055c9c361f242fcfe37d349390b407fbe5fb38c0

  • SHA256

    185c250c0d6db60ddd9f16c48e733e358b81c9fc277710c20a236cbcdc8a86e7

  • SHA512

    120e6892445604b1561555b93c15a4f204f44d2f2272d0ba28b9efc82ad25001fef427d8212ceae1259129cb41c94762edae9eb2d2c88a9b956b1e5cffdd2452

  • SSDEEP

    196608:GF9loJeYwPGzyIr9FTLjvsI7a+s/4sTeCXuXT:G6yPGzN9L2+UuD

Score
10/10
antidotbankercollectioncredential_accessdefense_evasionevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Requests modifying system settings. 1 IoCs
    defense_evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.reguvukavi.cpu
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4485

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.reguvukavi.cpu/app_anxiety/DKrQd.json
    Filesize

    952KB

    MD5

    1d41f63f904cf38897338db0c74e000d

    SHA1

    ae3d18a2707bb5a4790c225668a66ab2e2c5dc26

    SHA256

    56946726ad413b3f0689d7ce748a9926e689a75d369f4f63121e6583cdc116ea

    SHA512

    4deb908dec81cc1f45129ecf184f7f8b66d707634dd79e324da11cb6dfe804a25dcabde7a94f01e3cd54e6d325313d81d2b941d3bbfe4eab2de21ad873844572

    Download Submit

  • /data/data/com.reguvukavi.cpu/app_anxiety/DKrQd.json
    Filesize

    952KB

    MD5

    5daaf56647cc976f95d181ac7187898e

    SHA1

    0b1e53213d975305f5b68e70700c42f84d37e4f7

    SHA256

    a79b462b811ef20843d2de8b6ddf574e69f3fb97eecfd4abbedf8b65eb50f190

    SHA512

    0ee32b8e570389f769f24d0e6f4a805648bc4c949effe6b44dac62d98c5847636922f08f20aa5ebe2febfad40c5d80f076eb37d491410593044c6e0b81e8ff14

    Download Submit

  • /data/data/com.reguvukavi.cpu/app_anxiety/oat/x86_64/DKrQd.vdex
    Filesize

    37KB

    MD5

    1667daf5d93f04d469e2ae43f1ce46cc

    SHA1

    f73ceca4c32c345edd7af71dd48a915bc1eeba41

    SHA256

    74404ab86aa8e2a4a680adebc68bffb1cbc16360ef8e7f775a35cdcf474bd96f

    SHA512

    673e099261828e3732ca814ac849e5e3099f9de47340588b390615ea0e8c546c66139a10119a5c074f353419f97ebc114a4f16fd287770e053260890a536cdeb

    Download Submit

  • /data/data/com.reguvukavi.cpu/files/profileInstalled
    Filesize

    24B

    MD5

    e586a04472b101e1d08c7db56d26cccc

    SHA1

    200a17c5608faf6d86664d13b9e007ad0a1bb23a

    SHA256

    8f03e943be96ac3cfbe85d28aee7218d9e9424062453d0eec6f8d14c8f8fe4af

    SHA512

    6fb15d9e8ab5c0ff7f9fdcaa8081063a35d0d741bcf3bc9508f2fce9d5e4c889b35f3841be8739154b8a0d66624652b9c7f9cbadf8fdf5dbcb845a7df4b87c28

    Download Submit

  • /data/data/com.reguvukavi.cpu/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    c96bfa905504e234f6918b15526a92c9

    SHA1

    bf5eb465d5daf346cd31707af99217297db780ca

    SHA256

    5c32d1552c5cb6aa7daca0f93dcef7a5aeb040ba4e707263a84bb9808c751733

    SHA512

    ade6fa7bfc8cd50c08c1ad68c522df9a2e840579c99bc3ff356a4c3d3b347c69d4e10b2554cf6093f6088e487521b1e1186bf0f51825dea635b9fb6b78fc767f

    Download Submit

  • /data/data/com.reguvukavi.cpu/no_backup/androidx.work.workdb
    Filesize

    104KB

    MD5

    fd15af827ca232325121269aa0534c31

    SHA1

    6f6b1a391c42d6e5fa729894010063aec7111177

    SHA256

    9f1459747793eb8751f90246637418cd2cfd3422e912f4c16098c64bc201c729

    SHA512

    b5900c2e04d2d431c5676b3928563ec7e5a659abd9ddbabcecd6abd7fb3630ec0afe99eacab8177281d87a882522b5bbda6a33aff18d619798ee9f031b14a5ca

    Download Submit

  • /data/data/com.reguvukavi.cpu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    a901c82feeac1398f0d082b9b5712f33

    SHA1

    f6a033ab7858e763c7df0a9ab96e3bed29b5190c

    SHA256

    44cda00cda831f23e984f6f0c8d34a54560bce7c833f93cdf9dc9a737fd55fb6

    SHA512

    9adf01b1e0cebade7cc6864af96f1046674cdfe6487a5eb33db5fe3ff85fb2cfb0699decfe840eb8d551ccb94750ec88ded974657c789a0c51e403e34b8bd220

    Download Submit

  • /data/data/com.reguvukavi.cpu/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.reguvukavi.cpu/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    69a0684e7fad620ffbe079780c85815d

    SHA1

    b53ff1ea9c37e9345239581a082489bea711c81b

    SHA256

    64660736c985f4a102dbdbeb3fecb185f50ac85da5439fa96c9ead3c0055aa07

    SHA512

    217d4764e687d0ecbb30212877e4f42a07e06bef579dc17b3818726c0b4fb7d5d0cfcdf7a53d128a029bdb838a9994b827a14b88b28f1545feae2d6c15028a76

    Download Submit

  • /data/data/com.reguvukavi.cpu/no_backup/androidx.work.workdb-wal
    Filesize

    434KB

    MD5

    aee391e8c7905b80dcd50e3285a16740

    SHA1

    0569c15606c3abe42c1a451b723b3847272cf283

    SHA256

    13aaf15e94372fafc29c1333c9a5361f8d2b4ca30ca116ec89a08da1810642f9

    SHA512

    98f034ce3719446632a49571a3d49c64ab08371bcd48e245e2e8298007170f18b69be0af0e2e192d20f58518881c69e896ff39b0066a67eb6893bb14ca294b53

    Download Submit

  • /data/data/com.reguvukavi.cpu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    20f05105ac67c0dd9554affafff4f561

    SHA1

    658a001978d663ead9fb81937f28f62b60f40675

    SHA256

    4c6e8ec722cc7bf80673ca08226cbf1a5ad9e10706e35d0302628e1b7b3c4122

    SHA512

    985b3380d6dda89e92f2d3bd94001ba53489a98cc7bffc474572c58fe017f70a0c60d70f4ab1ed540b34f81c016ec9a151997d3b1b2d2dfb738ff5c3086e7d39

    Download Submit

  • /data/misc/profiles/cur/0/com.reguvukavi.cpu/primary.prof
    Filesize

    1KB

    MD5

    2745d8d81dc45eb3165ffabc45c281b0

    SHA1

    b6310b6fe21213e399287ba9132c11fc1cabfee4

    SHA256

    05b64f857d5bdc55bdcf7e56120600d4402be5eca8a6c3e2303385f458d399fb

    SHA512

    bc1bd5bfba7d85cdc856731e9e73b2a36253a450e8742b221a806131127db2d4bedff568f5e25b37d9674dee0ccd2d2b89b703b5df141efd5d934fb7d822b6b5

    Download Submit

  • /data/user/0/com.reguvukavi.cpu/app_anxiety/DKrQd.json
    Filesize

    2.1MB

    MD5

    94af8efe738b7a42b031ee0d363b63dc

    SHA1

    8769376fb22ed6dcc7b255d2df1b76b620c55bbd

    SHA256

    50d64bf33ccd94c178a8b8ddd2ab240dce8355deef8b5b0e657bb688e1d52eb8

    SHA512

    6618c383559c61507117c66ee5507a9499d4b2fb1e0459173ae757b533eebea7179a525c466459bbf562da0388c4c6bac17ea62683218c1ee9c3146cb93bcd1c

    Download Submit