Overview

overview

10

Static

static

6

8fd64a79bb...f4.apk

android-9-x86

10

8fd64a79bb...f4.apk

android-10-x64

10

8fd64a79bb...f4.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    22/03/2025, 00:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8fd64a79bb82be391831246f087f61e6b7efa91b1088de671b5a0505d74596f4.apk

  • Size

    6.9MB

  • MD5

    08288e2f6635941c7dcf44ca1fc72b5d

  • SHA1

    ace53ea605e8deebe778d8da7f38212807a30b5c

  • SHA256

    8fd64a79bb82be391831246f087f61e6b7efa91b1088de671b5a0505d74596f4

  • SHA512

    4fba748e64dcafe2740fb9fb132f5c66846b26e88650376d5e368b7dd26599c772f3e2c27aa44d26e37d97d28245f8f66dafe635508a95732016002982238d3f

  • SSDEEP

    98304:+o/Kr+167klRoI4fslzEBzyHPxkZrSf/cd96hg+hbj2ieSyeTgnrSsnT:D67klRpaCnHP+ZWf/O96hg+QYErSsT

Score
10/10
antidotbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutioninfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.moduzigope.array
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4338
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.moduzigope.array/app_loud/DuWbiK.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.moduzigope.array/app_loud/oat/x86/DuWbiK.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4364

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.moduzigope.array/app_loud/DuWbiK.json
    Filesize

    944KB

    MD5

    473c56196d771ec58f1b7ca467108559

    SHA1

    ebab80e23c5058aab2a8706297dab08e0b582fd1

    SHA256

    0d898506b0e707fb54280d12ceae72e6f73b78939551a293331e66f997144bde

    SHA512

    2d92645548784730ba744c2598c516d68aca704ea042ff041272c1e961e4ff5201f0f2f1a8456fcdd43d6643d75543c9edfe9e98f5018d8a68f73cfb09d40dd4

    Download Submit

  • /data/data/com.moduzigope.array/app_loud/DuWbiK.json
    Filesize

    944KB

    MD5

    7e1e61f33c84d3f1dc0f16dc604acdab

    SHA1

    e51f8e5ddedba95c5712bd1585f3409278e760ad

    SHA256

    cb526ba231f422499726499461a026f7a1c38901c930bc235ca48e08356d5dd4

    SHA512

    c4f45793f11480624b0afd17d4730d0d02c9353029197103ff17384713b25d72f4afd3e78297ce0458c447aea84773fc698c2ac9a33c380a053ef8eb1da92749

    Download Submit

  • /data/data/com.moduzigope.array/app_loud/oat/DuWbiK.json.cur.prof
    Filesize

    3KB

    MD5

    fbc5ff5306556a28638ca75ae2f2002c

    SHA1

    129740d8399f0507debb3dcb30e1ad1367d8956a

    SHA256

    ede8c975065b699b231dc09061c548a57f18759556198f61eb3b1db950694965

    SHA512

    2b674626ed76d527b72cd59f733d9aaad71c8e35322877af1e59629dd0cbddb070e28736968c70aa346872b62a46c295117a999061f5f718a0761cc1a71e8763

    Download Submit

  • /data/data/com.moduzigope.array/files/profileInstalled
    Filesize

    24B

    MD5

    175d05b70cf56479aca0f94e9ffe65a0

    SHA1

    a3050cc68669296cc5cc0f345ab4c76c4d4d1ca5

    SHA256

    d72da1d1aae5cd3d9f14850f83de87a88f1dc03c300c8cb4721dff3578fc8a8d

    SHA512

    c2146ba0274bd57484a5016d3a07fdcec3ff0ffa3ca28309ce4c7ff211155a23ca78a7193ace93fad9042b364e45f6b05c1b627507823aa0416fec02c31695d6

    Download Submit

  • /data/data/com.moduzigope.array/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    5eb264774837788061adb8b7995f3980

    SHA1

    797d057c52508089d8be621daeabbd1e99c82f51

    SHA256

    75eaecb34d9c9ad7e414f4860d86a6304b5a1d1b927ed65e5a4ddd6d41bb5bb6

    SHA512

    c3f7afe36d97cde54a3dee80c44e0508ef402409e0a39c73300977b7920c203b0c569b57e0ae90f0d49671bfbb88bf708400728ea3bceae360d3ba8039f6a13c

    Download Submit

  • /data/data/com.moduzigope.array/no_backup/androidx.work.workdb
    Filesize

    104KB

    MD5

    ca3eec5afebdcdfc082d51460e0ea5bc

    SHA1

    4a4facc8f501d6b22b2283dc2b0039fd2bb51980

    SHA256

    3e74dd23167678508c89bf0b55f5ce4bfa609e7fed21178322e9b8995bd92fe6

    SHA512

    6cfecf88b7580ce84fd0f286f3c615d646ec1ac6dd664ae451fabaffe8943a62d8614aa3e4cce491891794e3fb8670afb9838b694008ceaf7b2550b27bd46d7c

    Download Submit

  • /data/data/com.moduzigope.array/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    bae47351d89be8b05ec50357b3b7e40a

    SHA1

    6e8c66e0d9207bfc307d261b6f8fd99239aab574

    SHA256

    a4d23a9bacbef1439b1a0d6f123218de436eb5da7315112f3e8f7add3a35dd20

    SHA512

    17ec4f9b4312b0a1271ec8bdc6f7a0fa9859bd50c66c4f160287ef73f6efdeb4922bdea3c927f7e73291c9d244c8b047eb832d8c64ffdc0030f6e07939c0cce2

    Download Submit

  • /data/data/com.moduzigope.array/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.moduzigope.array/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    623e19778787cba07060277e9534a73b

    SHA1

    e6fa14fc9a9a259640ce30eed1147e35add6d6bb

    SHA256

    f494be55d1c80ff4651ef40c490af2ca78c3050fa6143990b9d22452202362fc

    SHA512

    d1b75d825295971e80024bc1664e99e52297c7b9642bd86ba5732577c4f4a1a6bf0e379b7f3c477b79c895de5a8ffe8a907982c41644408c9ef2f8b9439d4937

    Download Submit

  • /data/data/com.moduzigope.array/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    aae0690f6272690bd6ceff463e91d700

    SHA1

    1d3408937dde0222198531d1cfcce372dcdfe29f

    SHA256

    59b287bd44abc3a17f4335ba8026377cb955f45d9166db64ba1e3a81e94e8f53

    SHA512

    e93de708b1ed08c2a5b0eac799e968bf4706559155be4e8b4b860dc79e05a30fd733551c40d960410f64bcda9eef36be870c870137003082c0366591e57af618

    Download Submit

  • /data/data/com.moduzigope.array/no_backup/androidx.work.workdb-wal
    Filesize

    434KB

    MD5

    0c5d29e5d81e985710418fce26512a97

    SHA1

    5ed5a6aa8420466c5cd5e0b65d671cd2aed515bd

    SHA256

    2ab16bd1fbdef9ccdd134ad1a59d48d58ebd2076ba774b2e19ae2cf6bee6809f

    SHA512

    f07932db5711ef0c089fb533acfb88af2f9ef30cb7c91b2e8384885298a8dd5edc5e7f0c52897b8f55463e71ac644e2a184cda06af0220d9f171eff6b621e80a

    Download Submit

  • /data/misc/profiles/cur/0/com.moduzigope.array/primary.prof
    Filesize

    1KB

    MD5

    e0d99945dbafbcc2e474862af8a4ad61

    SHA1

    759d6db9d7b7ecd3769eeb03054db5f48a44955e

    SHA256

    1900d5877f50b7ef892621d186b57cea9a98aeb558fb059c95fa45eb69787661

    SHA512

    173063e904bc1ca33eaf525be8e9664c3ebd329a2e948da8015877cb4a2c91a3871f332d91a22febb8913bf9b85d05d4ce14e939754eb8c7f89b32b58b87153c

    Download Submit

  • /data/misc/profiles/cur/0/com.moduzigope.array/primary.prof
    Filesize

    172B

    MD5

    8facb9bcacf57cf2c2d60347100db801

    SHA1

    423105ab64418bdb5ef6bf3effa49eccefd58a53

    SHA256

    16d28c2f919fb8bd82d257648214c789b5ae2ae1c987fc4ab378b9a59ff4c45b

    SHA512

    999869e107e2d12fce02fb5a3eb8946d91940ee50055e3d0192fdab3e09105d83f22e5873ac1ad6f1573036823524013cab9d07e8fce7b192a285c73e3738ca4

    Download Submit

  • /data/user/0/com.moduzigope.array/app_loud/DuWbiK.json
    Filesize

    2.0MB

    MD5

    1fc1820d9311712a2ef4bb7b35093f8d

    SHA1

    98803bdafa7474d530b4540f6a04e81dfa6e6ea4

    SHA256

    471bb0020ea3139296b8ec054368362fe27437d703544f88f71c437b2f3a76a4

    SHA512

    a6a73729942355b83aa653a97fe7690e4f6cfb10a100316ad2c723dfa64a00464231b5625bbab9d0469b9184e7168634b5b53bbf8376e48b2ca33f391cea69c6

    Download Submit

  • /data/user/0/com.moduzigope.array/app_loud/DuWbiK.json
    Filesize

    2.0MB

    MD5

    9fea90da834e82079c6e16b94c23bab8

    SHA1

    69473ba6eac095ee8a9abc845264c01a09a77a9f

    SHA256

    5d62db5294944a1d824b159f1d3d829ec294d18e8447ceb56305d8f6801b7527

    SHA512

    663ea4c65778002a1845bbc9c4f80925799771585fc36a5a238bee233d3de6c36194882d813f122bfb303ddaad0abfca906a295b40b329d28b7225a13f280d98

    Download Submit