Overview

overview

10

Static

static

6

3a67cd052d...39.apk

android-13-x64

10

3a67cd052d...39.apk

android-9-x86

wilacayuzeti.apk

android-13-x64

10

wilacayuzeti.apk

android-9-x86

10

Analysis

  • max time kernel
    26s
  • max time network
    28s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    22/03/2025, 00:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wilacayuzeti.apk

  • Size

    7.6MB

  • MD5

    42bdb83e42a9fada855b991c7cbb1c86

  • SHA1

    d363089380fb259c3fc071ad04cbd2662ffd53a2

  • SHA256

    f5de4bc0a114ad6e47beb3ed90df7071326d87976b9bab6670ecaab6222e6850

  • SHA512

    c1d01c7a393ca2b936da476bad5abe3faea517a4683fa48275e4c70d28814050a00c379c944576651b830028f99c17cf40fc640b0103492ba81c1b1d68ad8cb2

  • SSDEEP

    98304:qo/KrTKdFp/WvLPzQlNmxbi3K2ea76TIyIIiB2ieSyeTgnrSsnrBQaOVTXMyebi8:/dFp/KLPzZBUgIydYErSsrixdwiaLt

Score
10/10
antidotbankercollectioncredential_accessdefense_evasionevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Requests modifying system settings. 1 IoCs
    defense_evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.zumaju.dynamic
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4529

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.zumaju.dynamic/app_shield/FtbPN.json
    Filesize

    993KB

    MD5

    1dc773b6acf83071f6516d605bc63d10

    SHA1

    a31d6a0cfb1cb020cdb87ee6f1a8d36160b85715

    SHA256

    040ef48945c9df2e08d495db83a6f47351e44dc5f7f05979c2e39c6f98b927ba

    SHA512

    7bb039958532b3b6cbed3a4fd3a9fdd3bfb6129bf8e2966ed57f4605437f3a85b9422ff29c51a7b5a5dc83052266bf9cf875289e028190afcc6177124b0dac6c

    Download Submit

  • /data/data/com.zumaju.dynamic/app_shield/FtbPN.json
    Filesize

    993KB

    MD5

    8c52882e3cf4ca705c3164c40c9d1e96

    SHA1

    7ffdbff27a2ad5cb0c076b332849ebfa2ffecd31

    SHA256

    c6d4eee4725eae1fd5577c6e5642c551a0aa4347c6d3c195c124237a48fdceb7

    SHA512

    afecdceb4857d8e12100d8d3c4a39beb460d93bdb5026eead2a3ac893238ce1c16aa24d0ae27f3eee5283a6bba2de2d0f60c8dde59c01ee0330772bc4fdecb44

    Download Submit

  • /data/data/com.zumaju.dynamic/app_shield/oat/x86_64/FtbPN.vdex
    Filesize

    36KB

    MD5

    c3e1953715a4e66f77ccd99d6dea4db3

    SHA1

    c4f097ae5df4b18673883e60162e17d7c56bd502

    SHA256

    610dae38b98bde43747bd8216d2a75af21a7a10b62ef7c4bf4c40ec1cd86d546

    SHA512

    5c365c3b7d3a00e2f26d43c025fc820de9046ef8676802c6ca14d512f5e497bcc57a68c3abaa3e27853cddf9fa2da5993f98c55f0fc907128ace3a8f16da5e3f

    Download Submit

  • /data/data/com.zumaju.dynamic/files/profileInstalled
    Filesize

    24B

    MD5

    4df534bf6bd6cb353d71d5e53fd32678

    SHA1

    7b77dd1375c949a8e84837ce2844c34156d5af68

    SHA256

    155ddfef7cab603e44553e960ec95da0ae77beccaa96cd1df10c664e8ba12601

    SHA512

    7ec1c01aaf20d73fbd796fdfdbc6a599493dc121b2254eca8307f2ab44916a548268968ba5122d3eef956b4c6d48baf3d5e63cad2b75d66ba6b3f6a4e769b514

    Download Submit

  • /data/data/com.zumaju.dynamic/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    9738d6db099d4e196ee96f520e76f92f

    SHA1

    057b126126849b393b8fec19573f344d8797cba4

    SHA256

    97803fd5d6772fe4002f9e13622ba158888b67f05a925bfd3de4e81ad429d2f8

    SHA512

    f9158e550dd529e4450df5dfa340a39afebbe7bfb3d78b2bb765c956a865ac2e1d47609e05cc4cf42e0b641f36c41d9d85f51e99072d7bb32bd05db21f9b88b3

    Download Submit

  • /data/data/com.zumaju.dynamic/no_backup/androidx.work.workdb
    Filesize

    104KB

    MD5

    41d3516298979d139a356d92bfc3bdbc

    SHA1

    e6f8de615a7aa78ffd0765b0967d09fdebd5bda2

    SHA256

    72ce63b5f7034bf6b22a0ce15e75ebdbf8c9a0efc5c4b6a9061966660173af0b

    SHA512

    9bc362252893c480ec099cb2d17a9717405c68d75934bed2c8731a3ade983bd1181abb79cfe17ef7034f9a0a4c911c5af77a24505116fef5efef22bbfc39fc21

    Download Submit

  • /data/data/com.zumaju.dynamic/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    78da4dd7d230b6a4ec18a175bb5eee55

    SHA1

    e857339254a6b7f3647e0beda895b9f3c43f9b3b

    SHA256

    22f8162e3c72a8ccd57285513a445729d13611ccefbe7b9049c95939c39653b5

    SHA512

    8cdf281fc4228897b41f26e530d322aff6548148a642af72d96508240420303f69c82d63afa598494a0fc5b31742d9f9e3c34231381149a803250d53e326e322

    Download Submit

  • /data/data/com.zumaju.dynamic/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.zumaju.dynamic/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    88da8227804065668c80c0b09aac4e22

    SHA1

    6587e6e84cc48f8a47db7b8451870ada743e26ae

    SHA256

    4461e6289625d9008f02a86e1f8ffd256b8c4492340220885a11b62867973319

    SHA512

    62d62778f989d52679bf489a7c4756b46f559400aaa0d6eaa1afe7f6e548339b1f5c6a65530ed544a99afa334d650821214458fa9e1b542e89b2e8ed296adf57

    Download Submit

  • /data/data/com.zumaju.dynamic/no_backup/androidx.work.workdb-wal
    Filesize

    434KB

    MD5

    9caaf050e31b4a11e0ad4d67ce870532

    SHA1

    269b50de1da4dfb469228be328dd0e24897ebfbe

    SHA256

    7d89b6638049d07768db20a8a1c18bb97c80251110c811ff23bc58ed1d9f92b7

    SHA512

    8c7c5f08994360a110dc7021cb818544e4d286c0370e30f82d7704b03e4b3494d18757b2e53271db10ee3e132feb78fed3533f472f6349dca54ab00248263312

    Download Submit

  • /data/data/com.zumaju.dynamic/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    3ed42cef8972e1871b3c125b30d39e64

    SHA1

    b45f768b3c09a335b36f6488f45105737f702533

    SHA256

    d9eef7ff01793fb93f37ca5b3e0b4757aa02634776515a7ea1a42a80a7e89007

    SHA512

    34a27e4261f2e87747e44b0d3d0afbc3cb4e9f21dc92639b85dc6c66b6246d94efb6f2296f2854468cc083a756eba52e877b985968b59f3a78983048712b677f

    Download Submit

  • /data/misc/profiles/cur/0/com.zumaju.dynamic/primary.prof
    Filesize

    1KB

    MD5

    1f2b28699840a3d45076b28fb0204522

    SHA1

    f03fd94a4a4ff5917f3c5f31d18d1ac531185ab8

    SHA256

    e2ac2236c14504cd8d2e1afb583d80b9c13c8d6a804cb16b155a119edf4c974a

    SHA512

    75c6b04392b62654634b921f681ee0dd5ce0232b7945631d3f0a696328c1a75e083af818073c5f9ca2b05cfd543adf506b06896e89379d89047266f067d07bac

    Download Submit

  • /data/user/0/com.zumaju.dynamic/app_shield/FtbPN.json
    Filesize

    2.1MB

    MD5

    94c30eae3921878ae3e8a3a495b7a85f

    SHA1

    9606d33fedfcfa807474c035b3aa0c59b1621166

    SHA256

    f215e32736c7d47be0b97ebc3292b4767c1e439ddb65a41f09d7e97de39e21a7

    SHA512

    634401055fd3c9653727b6ad32cddb3e605222b6f521b544ba6f148e2ce8b84a5d8e9f0b7218e979395f2fed59b3ba90a99ff66e88ad76413b43e95aacfeb8d0

    Download Submit