Analysis
-
max time kernel
29s -
max time network
25s -
platform
android-13_x64 -
resource
android-33-x64-arm64-20240910-en -
resource tags
-
submitted
22/03/2025, 00:11
General
-
Target
3a67cd052d4489d80b891515fb628bb1055d1d36f1098f2e1f8d531f37495239.apk
-
Size
8.1MB
-
MD5
f33f2bb4a55e8e4d1d0d06b4c1d0a9b9
-
SHA1
237c8a41e0a5b60ac538e5aa14db0d842348f963
-
SHA256
3a67cd052d4489d80b891515fb628bb1055d1d36f1098f2e1f8d531f37495239
-
SHA512
88a5ff8cf47289277e423951d85fe50a03afa33e299c5b33f6a71ba67e7905c6c57541624a344af2db41edfdfe3351d024905a60ea6642233ff722d310241325
-
SSDEEP
196608:cKw334mHj8u4o1S3oR1h7fSbjTucAW7pHbYw1AaUttl+QUbLs:k34ijwo1NR1VfCxh7b1Ajtlrf
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.ziwukeji.method1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
660KB
MD5eb7a90b4d32f26eb63f0e3662eaac844
SHA1a1bdeb05d35d99c3aa9e36216aaf161170a4cdaf
SHA256a7342a34ced20a6143a5dcfe77a2728a6dfb9dc733dc18f6b5c06f3943a3163b
SHA51219228fd98f1777b1bd462bbec9f829a62e3378bab45dcae643cd838a269e8a5cdc76e11595a5a8346acfce2d5436786ee880ad60e9c2bd8e75b8d55822332c46
-
Filesize
660KB
MD56bcbcfd2021b05b718cfb5056f412cd7
SHA11d7252a512ef5bed9ccef15fe56911376c28d66e
SHA256fd09ebf785fc852dba1290603806fc7654ac4e6627745c20209cde16bda741c6
SHA51208ee2b38bb817fa09ba575f1f8f969e138b4ff6b4c0dc9cc4270393c1454385ec25d132f0053dc1e5dfcc2612152fd9d56cb85f0588a7a7224b0aa01c0297009
-
Filesize
31KB
MD56836848451874e923b5f43baeec23ba7
SHA161c65095a0a7087afd8a3af273ca8fac8e728e50
SHA256d294b730d80195181778a744a28d65bc99ad8868c34c1e01cfdeeb1a010a04b4
SHA51246fd33f426951ad2484be62ba7953ac71b83eba9b84e6d11c376bb938ea5ced2a974522f8dab119913d1424ec40496d03f13da7462e3abd8ba3dcfb4137d0a81
-
Filesize
24B
MD535a115d72664fb32260cceb07c068725
SHA1b0444eb2a350fb2bfee68e28f73711e403005001
SHA2561f2c981990ed2a7783088b2e9602505995c697544231d0fedffee18c63dd36c4
SHA5123074c5499c6f345dd67064e76e73903cbf94d6dfc24d9baf2dcf611527b58e3f9b34217e4e630c78379a98344ed8c3527309e235c6bd76936bde86faa052db09
-
Filesize
8B
MD596fbd5a95340cf22d853d8fd3e3a2308
SHA13f8dc990c59ad62383d084a274e632f35b7a3474
SHA256b1faabd4971273eb324a623a65a3475774d656879751565393847b30b7046268
SHA512164087127760884a0823a6f5a8137eb006c0458446571f85ac76e95cab0891446732e82d1c5cfa0e1abb0d2c47156b66a1d34688a5ebc12aabce561e26559062
-
Filesize
112KB
MD5ed08806355f5e05085883b61103d7393
SHA148ec174889fead47a3ef0c923da399bfe2fe7672
SHA256fce410b51b5ce6d6123f0046413a8a498627596ae9bf53a47d6414d659a7bf67
SHA5127f5dc21153e7bfdd73be0ea518c073c76e7b06a40ff63e4c1b483be0277d288dcec3545fadc0a0381d06976f284b2300bd8d146178d22b48f78d7f2e4c211c30
-
Filesize
512B
MD5e68a9dc33589517f820ba02588a7c62a
SHA1c94b5f66534d2c66fe2ecf2f5fa9a7b4110ef8b5
SHA25615401ebf0c04efa1fa0d4f60ade9447ac8181bd206a5ba0a12eef0b1adda0b0b
SHA512a9361197dcd7d5a5b7e940df1de9de0bffdad7b328d457b0d406a3ff4f6130583fa7613749c9fc6e908f3145447fe36c4670487630dd08d1bd8d28debbf4b744
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
116KB
MD5f398e48dbc03f82af3d572ed1dc4fb26
SHA1eadec755abde49a783c0178e2392ffa27a89d0e8
SHA2560ede4566e9da35480002270150bb480a3e352f30277e1ff0f3d84821e53f713b
SHA5128250e95775d66fd0470f746582319b806ad272a763f3529a4967da70db4261a5977069162ddd7e95a4464b304e2e65adbd90e7ac98f7eedc033b35d1c8c757fe
-
Filesize
414KB
MD54b0004b2b60fdece797d3342f39c56f2
SHA12e0cf49c5ad00b94f9b11d571e3418386adc55f0
SHA2566ac25b91e2766a794e44ac0f1af1eebcb146810c91f4e870c7d98dccc1479e89
SHA512272366d9447238492daa4e0b0383077bcaf195a51c58d78a64fb09d33a60e6cbbd99f94e106e224a417ed1f2ac6481b5125fe233a9bfa099757640e62bed3c2b
-
Filesize
16KB
MD5296716d5ce2ccbe1c79850676d634e96
SHA1a06361be6ed1e9f4564b428a32b8b2faf83d7d6c
SHA25604d98d83c158afa3887e03217ded4cb757cbe446603c07db97192e051f353147
SHA5128df059b3374672afc2b90d0b0f440ae4cde67fda058b717bca94c5ecfdab9e1ff4e4f47d5759d3e2c34cdfe667b0024e5d640491f1ec5712fc7196cd3437f1a3
-
Filesize
1KB
MD5f95b968714d2f50b99382837677fa333
SHA1966c7df9ace2b0cdce791bece3c247414fab8c83
SHA256cea8bef32c018a11b6c5a3ed502094c2baa7a99b31c9af95999272a30091a673
SHA5129683a220b810d41fbcd5d3ff85b2936c3c6f4263893616ccb1bce97f9ec4b971dd86f47b5f3f4cccb47d9fe6c2c114b70347cd9f9562411630803aa5c6bcb23d
-
Filesize
1.3MB
MD59b1dc8c345efcd6d665cdc441b0742f3
SHA1e993a666e7905bfe05a6ec01e5cfbb075d2b032a
SHA256a624e32b4de5914490569479feca4ab96ae1320f733befe6b15518d560fc05b5
SHA512e9f2455e6211daf1a77ac28b5bdcd798b5cac71a1694b10794a9dcf78da836e00c68c7dbcab3acce38a2314085c64ff154c1bd1555f58af2ee6e36d71520e005