Analysis
-
max time kernel
145s -
max time network
151s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
22/03/2025, 00:14
General
-
Target
wilacayuzeti.apk
-
Size
7.6MB
-
MD5
42bdb83e42a9fada855b991c7cbb1c86
-
SHA1
d363089380fb259c3fc071ad04cbd2662ffd53a2
-
SHA256
f5de4bc0a114ad6e47beb3ed90df7071326d87976b9bab6670ecaab6222e6850
-
SHA512
c1d01c7a393ca2b936da476bad5abe3faea517a4683fa48275e4c70d28814050a00c379c944576651b830028f99c17cf40fc640b0103492ba81c1b1d68ad8cb2
-
SSDEEP
98304:qo/KrTKdFp/WvLPzQlNmxbi3K2ea76TIyIIiB2ieSyeTgnrSsnrBQaOVTXMyebi8:/dFp/KLPzZBUgIydYErSsrixdwiaLt
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.zumaju.dynamic1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
993KB
MD51dc773b6acf83071f6516d605bc63d10
SHA1a31d6a0cfb1cb020cdb87ee6f1a8d36160b85715
SHA256040ef48945c9df2e08d495db83a6f47351e44dc5f7f05979c2e39c6f98b927ba
SHA5127bb039958532b3b6cbed3a4fd3a9fdd3bfb6129bf8e2966ed57f4605437f3a85b9422ff29c51a7b5a5dc83052266bf9cf875289e028190afcc6177124b0dac6c
-
Filesize
993KB
MD58c52882e3cf4ca705c3164c40c9d1e96
SHA17ffdbff27a2ad5cb0c076b332849ebfa2ffecd31
SHA256c6d4eee4725eae1fd5577c6e5642c551a0aa4347c6d3c195c124237a48fdceb7
SHA512afecdceb4857d8e12100d8d3c4a39beb460d93bdb5026eead2a3ac893238ce1c16aa24d0ae27f3eee5283a6bba2de2d0f60c8dde59c01ee0330772bc4fdecb44
-
Filesize
3KB
MD5829c36670c4140008deb4ca7f76f604c
SHA123aa1db33633a961894c4bcd1c9bca24be19158a
SHA256961574a634634fded89191f76ef0e62e918c3f49f5254b10039da219577b1892
SHA51250bfe732ee526c617913b08c7ac0b258f62f667a4ca18540bff1c67dcc4a370151be51c19aca544a3700e08921a503de219f8ff80a8b627d07a23d404e46f5dc
-
Filesize
24B
MD5f7bf8672c3f3136517fdcf8a788c0595
SHA1792f7335c855d8c32d2d9c083191df620995b0f6
SHA256bfe84f11a6be020473ecc4084b45666b7279cb3b6668ac32ee45f929399d5c81
SHA51238addf7b5ef5134911f5ca14d8c5fe277421876236933fa7f139c337be1559e08feb2d7afef92ee897214db23b0b31e2b32b476838c6006f29c5276701247f99
-
Filesize
8B
MD50a93edcaf6a05b4625946d0fc9db53e5
SHA117b0466487c91d028e8eca26f459a2be22bd8da5
SHA25640d268bb92fbd47909ef7288361dc341a511661a306bb68530a0c31b70c7d0b5
SHA512e888f93dcd105e8cc5e1fe10c348bdd7a3d1e4680630174a87b14ef0de47782b995ed1087a417cced82407b93a3a502e94778cedfb875901ba85df0aaec90d71
-
Filesize
104KB
MD575cfa0dc88e3e474b3356cf4d920ec0b
SHA17ad9e76c84b6c746ffdb02a5b55880d2a12fd402
SHA256a355d7751cc389994ac02f0f1d9e6bd7962fec9466a03af289aa8b84e7a5c02d
SHA512079b9bf380a48734adb5ac259d5fc92dff8b6e84d3114897a321bedfc9249e9ca70cf27d522d73773a90c89e254fdde977cf9f2924ab638cab8f93cbd9178c5e
-
Filesize
512B
MD5f64e2c74ab469323977c376e81405a89
SHA138e8e76da52a84990ef7f559b1fbf7e07819c3a7
SHA256febd050c49874cd9b66f47b4eb3054d62280888efaa156fdde3518a1bdfc74b9
SHA5126eca05846a6ceecc04a5d2f14b46e819521694505c7d30fa1cbab1ce9d8e745ad1cfff0dae7ddf7a0817d381de305dbc00928ee123e76b858abc4453090c2cef
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
446KB
MD5eaa20e0e34100882e0c4fa813bf5070f
SHA1f60a34759bcda290ccf2fe8225243b577aaf65e5
SHA256edaeb128a204c38d73ebcefd2aae523cce5472b0272a940ca96b5a5a6f1df5a7
SHA5129a757bb744951d7e9339aad77470fbcb22e2f017069697579b5c1032cef936a89a8053a566dbace91d7117832d9d21d461a94d5fc2824a0eb93e2d379dfa8832
-
Filesize
16KB
MD52fc7c93dfcba1621d2b651f52214a1db
SHA10f24750894945dc2fa9cde976f3f8921aee0bc0f
SHA25647dc7cddd988eb2084c10466a1043348ad6e3fa6687ea7c31fb63b7e74ec1fde
SHA512d040162311272a24c615c05b4febb1c910734443472dafc99797f53bc4af7c0a9af864bced16cf0f57acf28b4050893615fd5e410331691ca1c77dd04887a7a7
-
Filesize
116KB
MD5aa560951d69d4816742e4e1fb1f9eb81
SHA105fb6c76b61aa1318a373388bc04fe21a168fa69
SHA2567a696eda70a560dc51e7b9464d07ad982679d0119694661d395abe0147ba799c
SHA512e6f26f21e6467c7e86050fcd04545f658c2c9a3e1fc7c3467cf6a3dfa4575184ba3b8e53b3a88909d5b42e2ab3549d52375a46ee75c199d293bd9eef6e7feade
-
Filesize
1KB
MD5cd95702fcf186bb33493c17508fd711b
SHA1517cf7916e1dcfc6bea4d637b7a97b177e8057c7
SHA25644bb217cbe60317fa024590c7d1bb9dc1bdd755abf0df770ddceddd4ea7ed716
SHA512dbff21e3cc5909dac2a69a7c88c61e78d46e31786efb9f7ddbdc037cdd98e9395afb9923ff803a85131b16d43aff9b246c9e6d3f1eece0ac2e6df070790f2db5
-
Filesize
25B
MD5b9d9e0f8902d129e1aeebff0ae7b725b
SHA1cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781
SHA25625a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91
SHA512f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6
-
Filesize
2.1MB
MD594c30eae3921878ae3e8a3a495b7a85f
SHA19606d33fedfcfa807474c035b3aa0c59b1621166
SHA256f215e32736c7d47be0b97ebc3292b4767c1e439ddb65a41f09d7e97de39e21a7
SHA512634401055fd3c9653727b6ad32cddb3e605222b6f521b544ba6f148e2ce8b84a5d8e9f0b7218e979395f2fed59b3ba90a99ff66e88ad76413b43e95aacfeb8d0