Analysis
-
max time kernel
149s -
max time network
152s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
22/03/2025, 00:25
General
-
Target
7214d315b6d9c582e6f06769c890515c6c8340d3f1bfebc57f8a2977f021691a.apk
-
Size
9.9MB
-
MD5
0b3acfb4a4d609fdfcaea52f71418a17
-
SHA1
356490fdb6d169787c9515c02e0699fe48d54196
-
SHA256
7214d315b6d9c582e6f06769c890515c6c8340d3f1bfebc57f8a2977f021691a
-
SHA512
abe971fbcb5fe88d4a12ab200326f4850b61af919c1430510de4c233c6a3aa31bf5cfc40e099849cdbffab5ee6c5d2363e4f37890b00ba9ba185d603633f1458
-
SSDEEP
196608:9dLrZ7+n1A4GXJai7EvApOUGICoxYErSsik8uf:1yRsJai7EvApXGGjrSm8uf
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.sahuxe.monitor1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
944KB
MD5a78215d56178b1136e6744fe262227ef
SHA1bb80ade285eef6ad823235e6b9f36fc6e4e9239c
SHA256bf455e8bd24ce54932b5a5c9c9f318670512b386b88fa455f88f48b064413f25
SHA5127cc1055c0fd42925e3d935abfb28d636cfa99178dfcf1d20930d7f8907916d99e447e08212596a004ab8100ea6ced729956b19a5c0ba4cbfa84f19fcfb190077
-
Filesize
944KB
MD54b9152756f6d308459a8a1cae8c7bee7
SHA15b180677274b1d7c7f0d6cd3fceb49bc12e0c36f
SHA256e10483cfd7b7f00d6cd21e149155ae68ef0e9b211d96531201b2fe87488758f2
SHA5121384c1b3263334aa1b5a72104b7632732d2a752e8a08c4197e691f64fb29819c6310afe93c44d832a4b8355e9841e9814390e4f8558c94d741ef3b58201d595c
-
Filesize
3KB
MD56942f83bdda06d835049fd3b46d99131
SHA1e4e2a97c482da3d26379c856d167116c0b8abd4b
SHA256d10ad88ae825d5eb28ebdf7480586a0b6c9a2449bbaa835f016bb48dc0f5d4ea
SHA5128c7fc6a6a1054525d6dfad75def39ae91be3e434e9b940e8d8d119caac144512caf01a08185941f6a7e82c3495f69cf597cdb5d1049079f11a792ac76a9c6a25
-
Filesize
24B
MD509e9af4dafb7cc90da0ca2f3f8e7c0c5
SHA17df368d4280b742d7a249c1308ae92d13386241d
SHA2565aed775683d327ccd1deb5ffd7cc48701e7c3500ec423bee93e002163cb36e62
SHA51267df9ee292b88f584f923b5ce0a51e153cc8adef8ccc522619d953cd553189f2cb0404bdc2f7c2f9866b931ea250807bc5a5c34e95d9d7997f46ed1ba23310a7
-
Filesize
8B
MD5faf3fdcc8aacaaa7ff0157bdf2e1634f
SHA1d2e5412791cd612dd7da8f43ebb900317ea89db8
SHA2569fc7063f44837f405d92a706c2ccd39b9be7d0e1297cd9e0d38bf532591ff9ed
SHA512af2523e9af76e936fe05051b258a9100abddf0846e956d6e7795924ac0981cc87a55fe4dfc1071e09f209f58d0f259a95980fe40b9975f3bcfe990c5bc147a7c
-
Filesize
104KB
MD5309a76b9c54a2ba0d7b866f4cb94c858
SHA130f9e1f03505689d8e6f33f2bb3e3477edcfc93c
SHA2567c6d3e625e9c6cd7434ab4240ea013dbef15ef68a91e25d96250c5e82ef84a71
SHA5127fbe4536fae233a0979f2bbe278fe3cb288fb32bf84a40c7706cf4ed68085f9f8766f3c4eddc62d3e456b032103af9e93a9c7ea532ce991a0cd1f5dbb27cbd36
-
Filesize
512B
MD55b1c306e6563a912d7cb8c1db8c4dbd9
SHA11865bdf57c85315d6e7b3adad2eb6077383402a8
SHA256328245a438a444e3701171d46508091f4f4bb350a27a9faddd35ff6e270f1c28
SHA5127f90983ca93d3d9d2c90ee5b671bfcc13bd2b7fab121e733b1fd652f4420ea69f3355d7b208742cc11fa9104a4f91d175b9bff42535f3efbe75ba3c30086eb1f
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
442KB
MD551e3ffcb1aed9216a9bf10113907310f
SHA1d6d961f0a9b7c8738d9cbb785ebab8b0dc8c591f
SHA256f40fcacfd7d1b23e5fdba18dc365bbfeb2cd821e6fb32f7673449d2e4dc44dfd
SHA51256c33c4cec1734116af2918bbdbdabfdcb7f24d5fc9d2622ef26a98776cc73aaa014c289439df30f935f25d91fab75c9c15abe90033b8dc57847f6f8ed0cf23c
-
Filesize
16KB
MD51d4e706d2a27bb690eb69e4ade48b7c6
SHA1202cae9d6b56e22f07e5ae4437363d94af1c7f15
SHA2569e01ba66d41b0abf75eb720de2d76c0e907cf21bfbab57b7678e6b625b703d99
SHA5129b5adc246e08f25458fecc33528f7d30041960b183018c5a7f9432949f5f2f8d4bd2811747d45066f9e6ebd3aae8251d0e7ffe5937704b8fcc765d300ae4053c
-
Filesize
116KB
MD599f4ea994f7d4fcbf0fd55058dc5129b
SHA128613814b0c2dc1ac11807db023ad31c76b808c5
SHA2569b7c6f5a5ca3b78bf9a8ab1c08db9bd7edb09cbac050e5a6c89caf1d13d822fc
SHA512f7022a3a74a080098516d1aba807460ba59683f4eae685f460357e6c6ee69480010f369f0a5f1bca6914ca3e63f9c0e31b39826f2dd914456a5a16f6242195d3
-
Filesize
1KB
MD507528debe20288057f4b98d231735230
SHA156fc16aeb4e3045d3836b5e8cb1fd67c18cc69d0
SHA25667d96b199600b0d656120df1a215dd207cad8ac65ed851d1c6db5703546aaa33
SHA512bebfcc9dc268b01e60e165d4d775bf0b12da26ffac64e80678c4286530cd2b86f6d581bbeb21440b36a0238a692441e428fd5fa12680df645953b6e6af837989
-
Filesize
25B
MD5b9d9e0f8902d129e1aeebff0ae7b725b
SHA1cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781
SHA25625a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91
SHA512f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6
-
Filesize
2.0MB
MD5038f77c28987447b71f464713ff02e22
SHA1c3f8b16058694de459127f60a1a5b119f829f821
SHA2564d587c52d031b4e59583edd18a36a276dae50785cf8f03c69f6c02adc61e4a24
SHA5128d9f44952932e2f224f264a882b0835c63fc02d3b026ede98c6d02252e5efe6f936ae83fb2d753a8111d82ae0f436c317a3858b9d989c31b6ef9a72e94c26660