Analysis
-
max time kernel
149s -
max time network
150s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
-
submitted
22/03/2025, 00:14
General
-
Target
3a67cd052d4489d80b891515fb628bb1055d1d36f1098f2e1f8d531f37495239.apk
-
Size
8.1MB
-
MD5
f33f2bb4a55e8e4d1d0d06b4c1d0a9b9
-
SHA1
237c8a41e0a5b60ac538e5aa14db0d842348f963
-
SHA256
3a67cd052d4489d80b891515fb628bb1055d1d36f1098f2e1f8d531f37495239
-
SHA512
88a5ff8cf47289277e423951d85fe50a03afa33e299c5b33f6a71ba67e7905c6c57541624a344af2db41edfdfe3351d024905a60ea6642233ff722d310241325
-
SSDEEP
196608:cKw334mHj8u4o1S3oR1h7fSbjTucAW7pHbYw1AaUttl+QUbLs:k34ijwo1NR1VfCxh7b1Ajtlrf
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.ziwukeji.method1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
660KB
MD5eb7a90b4d32f26eb63f0e3662eaac844
SHA1a1bdeb05d35d99c3aa9e36216aaf161170a4cdaf
SHA256a7342a34ced20a6143a5dcfe77a2728a6dfb9dc733dc18f6b5c06f3943a3163b
SHA51219228fd98f1777b1bd462bbec9f829a62e3378bab45dcae643cd838a269e8a5cdc76e11595a5a8346acfce2d5436786ee880ad60e9c2bd8e75b8d55822332c46
-
Filesize
660KB
MD56bcbcfd2021b05b718cfb5056f412cd7
SHA11d7252a512ef5bed9ccef15fe56911376c28d66e
SHA256fd09ebf785fc852dba1290603806fc7654ac4e6627745c20209cde16bda741c6
SHA51208ee2b38bb817fa09ba575f1f8f969e138b4ff6b4c0dc9cc4270393c1454385ec25d132f0053dc1e5dfcc2612152fd9d56cb85f0588a7a7224b0aa01c0297009
-
Filesize
8B
MD592c3b8e4cfd404320dc515d81bcee1a5
SHA1f2ea7a072a8653be8aebe9e8ded0fd0618a4e536
SHA256de04a4d01793a96db7b8bdd24a14c4d6ac7cf25f3a6d58a2ef5e27c04efb6465
SHA512a6ec877f57b27643eddb061bb22b5a2d05392b5b3bc666ae33643a1f5cf4044394886bac4ab11e4104796392d7959bdcd148dd0f48ba264fe2bfe1ce8172661c
-
Filesize
184KB
MD5fd228829093904b863fe33b2164b1cc6
SHA1305f238179f192f85676821cbaac917a7bbd7549
SHA2564a4f9868e56b7c27556e825c56b0cf426c8dcdb6ea7cce16f0f5a81337f4443d
SHA512d12df72b2232d5c5ba5c44a57ae9f58d69d22f151c57e41405cab6ac008cb6359e18bfc8911cb4032abc0faa7f64f6a3cc6290137f9225ca579f13a3dcbbba28
-
Filesize
512B
MD5e5bee7b2b74e0553e8bf251f4e57710a
SHA1915fbd052598357c53f3324a437d5f21f0855a0d
SHA256627ed1bd03362042cab9a6a479980f095590f8124c5dbb6c3aaf0a953e1b9296
SHA512f8b44eaaa0c005acbe03c32a0b2e4b998a72425b65da165aebdb1cf6f8ee586be7d20d52ffda5cc9581dbf1566ce90712af791cb02332301278e14a8eab61ab1
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
422KB
MD58afbbdefc631609130366fe45b522b80
SHA11cba710968217bdc20850aeba4a6b113b126a448
SHA256aaf6cab6a75804430bfa37aa4c52597d781da5c3a0f12d3e254b9c2f21191679
SHA5122e2a9a0691241a11cf7936df5f9b80dbcc63cf634e39492616dd3ae3fb25308fccb4b1f66d5db5c6989521af7c25f548dda4283d523ae0f2101984538e223e81
-
Filesize
16KB
MD57398bf97b56cde6659e7f3d890262b68
SHA14e6eb85533fc2af71c7dd96bdc3a69d46bf07818
SHA2565578f640260ba3f1e5bf890aa5821e33dc37983ea50265f0391ba7c2e6aad61f
SHA5125e5c741a8f91a8892dae1f51195219325be0ccec6a053b4ad70607d8c7054d7475a15f621c0354f9bc20769a7b491cc4c33f51f94d7607c2f092c4713cfdbae4
-
Filesize
116KB
MD5bbd67e4afc5a6ab15fb09c7b3e1ae6ad
SHA1e475ad5671a5e2557041916feb3436965f77ca1a
SHA25661bfb394c848266191025f587519c143815e040ab237fd06f879acb0e0ac8ade
SHA512c8b5473384f537fac8348be252e57aefb3099d51b28c2439e99e3e0275d1884677ce972658f5f7326d6851ec96da9c18f02978456fd122371670f97a1100734c
-
Filesize
1KB
MD5222aef0bbf6112f68231a800df22aa48
SHA1397d92202723eeab7deac45a2f374a452376c4a6
SHA256fa53913fb9c01c107822611017186642e2ef2e86f862402ee31712704a10c392
SHA51285ed326e5d66c959856f057ead9ecd8e6eb8237f2941cad458b9f11f39ed91fb627ab717ffc68b42080f9ec363d91fa907a6f248e7c53721c1c86c5f900fa077
-
Filesize
1.3MB
MD59b1dc8c345efcd6d665cdc441b0742f3
SHA1e993a666e7905bfe05a6ec01e5cfbb075d2b032a
SHA256a624e32b4de5914490569479feca4ab96ae1320f733befe6b15518d560fc05b5
SHA512e9f2455e6211daf1a77ac28b5bdcd798b5cac71a1694b10794a9dcf78da836e00c68c7dbcab3acce38a2314085c64ff154c1bd1555f58af2ee6e36d71520e005