Analysis
-
max time kernel
147s -
max time network
149s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
22/03/2025, 00:05
General
-
Target
doceniyobino.apk
-
Size
8.8MB
-
MD5
b07c3dad4ebf2fea0be071b21d3a35b9
-
SHA1
055c9c361f242fcfe37d349390b407fbe5fb38c0
-
SHA256
185c250c0d6db60ddd9f16c48e733e358b81c9fc277710c20a236cbcdc8a86e7
-
SHA512
120e6892445604b1561555b93c15a4f204f44d2f2272d0ba28b9efc82ad25001fef427d8212ceae1259129cb41c94762edae9eb2d2c88a9b956b1e5cffdd2452
-
SSDEEP
196608:GF9loJeYwPGzyIr9FTLjvsI7a+s/4sTeCXuXT:G6yPGzN9L2+UuD
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.reguvukavi.cpu1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
952KB
MD51d41f63f904cf38897338db0c74e000d
SHA1ae3d18a2707bb5a4790c225668a66ab2e2c5dc26
SHA25656946726ad413b3f0689d7ce748a9926e689a75d369f4f63121e6583cdc116ea
SHA5124deb908dec81cc1f45129ecf184f7f8b66d707634dd79e324da11cb6dfe804a25dcabde7a94f01e3cd54e6d325313d81d2b941d3bbfe4eab2de21ad873844572
-
Filesize
952KB
MD55daaf56647cc976f95d181ac7187898e
SHA10b1e53213d975305f5b68e70700c42f84d37e4f7
SHA256a79b462b811ef20843d2de8b6ddf574e69f3fb97eecfd4abbedf8b65eb50f190
SHA5120ee32b8e570389f769f24d0e6f4a805648bc4c949effe6b44dac62d98c5847636922f08f20aa5ebe2febfad40c5d80f076eb37d491410593044c6e0b81e8ff14
-
Filesize
3KB
MD58886a1c68916db4100e8be5f51fadb6f
SHA1aafd30ab0bdc43de1bd350b7f75ad6fa12a283e4
SHA256e1963f1f608069f8c1506f71dd6d93195585a9285c749d7303bf91b445367fb9
SHA512fe82a065601d3378e749df185c17670c7b601754416c67b90d21affb92512bcb16c0d4458642c4edb8c97ee13a7f58d51fc90e5c6168e6108275d7b568941557
-
Filesize
24B
MD54d73caef7f97adc2c41aad033cffc4bc
SHA14ae4908e951628b46a5ec32355d9a795dc5732bf
SHA2566cf93a3525e24fd090467123ec2e54e0c48b182a95f4ef9f8c852c91d30579b3
SHA512313369e54c4a4e5c6aaea8af8c0bd3826979483bd24cf2931147cec57e8b688625906c42fb9b52b794ba7f97fa03f7873bdbe2e4a330a5315b2adfe2509a5650
-
Filesize
8B
MD512f99afc545276c1023fded0605e7fc8
SHA1979dba916471cc23b6465f792225e5903cb89015
SHA256c4aa0a92356ad937d358f10227400e3c30eecf60cf7f7e3b27bd2cab8ba416d0
SHA512e8d146c565b48f1cfc1aa4a4e424c0ef7c7ddad42c173f2a246075589feb03bfcde87b75b1204cb0fa5aeaf74ca0d25390af8985c0aef7202748f1f4d332e621
-
Filesize
104KB
MD557d9fe546f7285b9351974cf8419db4a
SHA1a2f5e0fa5b2b9c8844bc4176a426529ac4e02146
SHA25621f472b600ff4fc54f8c236443bb40f158e156de7a3db0fe14ef02cef844af95
SHA512a4b9ee12e2130c7fd5d2d4c5e1f4062d12ec27f2c806bb09e05c8c58ce0493b8ac95f50047f48e90f35a240a1faedeeccad332542f1086b94a8c3783e8efa0b3
-
Filesize
512B
MD581dcea94da58c342f5ab5600838d2fc7
SHA1d43b7aa349bf41208e805fc403736bc1024a7d88
SHA2561b84ea1461dcb4de80ee6b50c10f133ae8fdac29221814b3b09c11395ae5912b
SHA512c9fabe03cb40967743eecbf8ebc24388d0a0ee461bd7bbb4a6283f80874071d49e9710a90fa5c9b4e9b0ecb3bb9ea888481f480c069e9b081e15d602755126d8
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
442KB
MD5e33c5196f4853a9376580ae74781bb58
SHA18dd7eb746435685c8ac0854fd5c95a0e8a14c1fb
SHA256009c556d883446a27176d1b7a19b3decc70896dbe30482ffa75106a84f068da4
SHA512c6304da96fa6e2c430fa130fdd9914055849535ec90d2fda084bfe3036c1dd39e4d4573fd6de692c480c85968de632a2e676f7fd7fbb3e02038c66e63b71a5ae
-
Filesize
16KB
MD5845f9a706484d2540d2497f816fc8ec4
SHA17cf22c864f76cf1e131ab65cf8440da93155f14f
SHA256eb7f48ea5f374971c83776bbdd3c598303b776a1cec951e5ee7d2ff8fc26cee2
SHA512ed1a2ec41d05827dd6eca3f8f312175175e789266cc6d8f818d633463b6e3dab360abaef010898462c5f58a4371d160ed2455b3407193f0b81256492e059fab2
-
Filesize
116KB
MD5beaf9a2a20de38587bd5639d05e815ce
SHA1e2127263b047ed443fd64febc50faf2d3d7bb646
SHA2562486418d94237c2afbefbe304212d46e98387f04d169884be9a9bef2c8106be3
SHA512d8e5463ecf0d68060b41c017efbe8db87dcda7eb69fa773a655b0422e044d17c46703ade696a78253a9a18ab2c9c4c0e2d73f7ae63863b65f664ca7e881f7131
-
Filesize
1KB
MD5231f086bec6ef79f91401d368d7121eb
SHA1699f48c1fd5428718d4bcd90e95af1b2409b4b2a
SHA25646f0561fa6b5be4bbe345f766f7589eb560c52ddb0ee80105fead1713be06192
SHA5120442767443d1c64c751997891c7f6c3f35f7fe580a2d82de9092b67df710665ca451e59925370061132c04e2321d2a55f55d92aa2d816fb2c85f7d3aef4746f8
-
Filesize
25B
MD5b9d9e0f8902d129e1aeebff0ae7b725b
SHA1cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781
SHA25625a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91
SHA512f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6
-
Filesize
2.1MB
MD594af8efe738b7a42b031ee0d363b63dc
SHA18769376fb22ed6dcc7b255d2df1b76b620c55bbd
SHA25650d64bf33ccd94c178a8b8ddd2ab240dce8355deef8b5b0e657bb688e1d52eb8
SHA5126618c383559c61507117c66ee5507a9499d4b2fb1e0459173ae757b533eebea7179a525c466459bbf562da0388c4c6bac17ea62683218c1ee9c3146cb93bcd1c