Analysis
-
max time kernel
148s -
max time network
151s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
24/03/2025, 12:03
General
-
Target
jixofobu.apk
-
Size
9.6MB
-
MD5
7f4cd817e65363a0d9e47a2c89d53d96
-
SHA1
59560a4005b338883a77e920bdf1eaae6bbdb04d
-
SHA256
f9f89b6f4b104cfa5f764d1c607ff35799146dd65a5b8634fcaec3eca84ea39a
-
SHA512
f5cba2f7c0f7b02143906834fa3a7769507b126ea13867b63dec829dbc6ee0ab2099acc3df96b04d04a8e8c3e8479b565f4521f91af1b173869f14f3f3c51e02
-
SSDEEP
196608:ZZrwI0owMqyEt6FGvcmVjCwGeH5H17j8gGK+6tNkidKlWFGkWDW+N3:ZcowMPJkvcCCthgGKztNk+s/kU3
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.didalu.common1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.6MB
MD5fb4dfce8566681beed170dee87116d03
SHA1bf62509e6139e3501242f4dc1f3d95f45e1e6ef7
SHA2560a82ff23ddf3eae1815755c8db5265b2d27c781ddbdd3675938b8278ed0f4dba
SHA51206ea158b017589fe76b2a90e792d6c4dacbf17ea0eecd45ec1332dad51e63d33f2224e21d5f8092f6285b648d96106a8f75f367b23a5ca4d058943dc5d929718
-
Filesize
1.3MB
MD51aa5175f617fd2b6da3ff3b603bbf6a9
SHA1096876900802d304299f0b59243483c964d069b9
SHA2566826f82315b84acb75e1991c333acdec06f2810ac6cc55be330f7441d185ae91
SHA512cab0e2a62551e917255f595ef21cf7a1f8c1a4d078168c48b6e7aa7d5db9c42470b8290e28a50c855fd6461fd4059b52dbc41922a7c62333abcc9aa4ed4cb9e6
-
Filesize
1.3MB
MD54776581d1b0add9544b9bb4b49480382
SHA120629bd8eb771ceae7e3e1b1a9eedfd34eb7341f
SHA25631e3330acc47aba9309c9952456f8277896ec2679fc650f5c1720ad646cdde0a
SHA51287f2b54ce346c60d224b013fec69041ddf32a2f96eabd973cf7eb1d8bd53ba5431aeb1c8b1d252933a211b095e9e448abe869a369f6c9a7e5a3a4172a5a1f855
-
Filesize
24B
MD5ebb48b9b03632cf670ff2ee9cb919490
SHA1e5bab959c6e9c739bc6a47924892e8755bd8bd34
SHA2568fb7330b9bd886b6b30f2f918cb875a67aabddea7654f2f932a679412bf20ad8
SHA5121f3b2e5c4522e3a19b97e3623fb2a385951f88f456b22470c200b6f1a58ba100a1a5e1d37f9963938222a70516ca474ae17b40ccd5508990f5b93de57fa41b11
-
Filesize
8B
MD59574668e9bf5e2089780a56aab05d908
SHA16a17090e092d26f1eb5410626fe5955de9b423f5
SHA2564f178f702b6fa0e45b12c3ee76ce756a08a1967914588b44df45e0d586672e94
SHA512bd3ab5a693ab4b8c8e6446e4b331fd865058ffa50ac867a66a07e4c5fbefbaf4e0a12ea3e502595c6b03d795c411b86fcf2f159e99ab1b629e045c66f47df0ed
-
Filesize
104KB
MD5bd7a03db974a04423e28a6dffb7a7da9
SHA1d318abff7ead6bd6dde80d62d99d88b80e4cc9d9
SHA256b485e25e75440f057e4685c631b9d7d434f5a8d7e31e158baddb54239308d5ad
SHA5128a541c5bb7e4b225f56d24e4d0730d82f1441aa1946ff59e3aac5c0071d44a9585c64f79206a0090c0c49eb04a22a9cea1c9e18d11a7496615cb105c1f0835f9
-
Filesize
512B
MD538394284dbb724a38d11d3190a24b14c
SHA1ab0a3be30f4255320c7e9325efd71cad9050c37b
SHA256046f3c1c698afe7e79bb9975a66afc8028121cd6f0b0e2ad4de81378f13d4edb
SHA512437a85aff49c7cc5056ef2f19e77100e3a9affb192ab57f83d1229d93c67e9bd133fa6e3c79e06d1bbbb82211fd4821c48ca4246b3a07f8a14c9a0d835b5e4b6
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
406KB
MD5fef92b18dd6c28cbf8e4a61e4fd278d7
SHA15a91c5cde24f61405d2e7b6b30dc76325bcea525
SHA256ee51c02d760def78c48f2a279bf9856c399b29bd1e7254e152fff5e18092547b
SHA5123ccfad315b7b673240b86c02b49f2820241b3aa5b69317cff8b50ec3e9c34f010a9947338df0ff47fa1b4cb7f25c1fe3ffd845b747954f7301e58682083a7ba0
-
Filesize
16KB
MD579cf0e0de3512728f1e262c1d836a183
SHA174cf1b44e1927eaff3c48382b872a4a10ee50623
SHA256ae6ff961de0714aef7d7330eca008a2be6903dbda70e931c9721e5e00a7f9f2f
SHA51233690a851a6c72986e1665d64153cef3a9633f482869796dd5201a2cf39bca018ad8f2eab01f2c34a8d13a978ffdfb0be8c29017b2a8b26a94a068b5721d6659
-
Filesize
116KB
MD51a20a46dcb7286c6850519e7e62c7aa1
SHA1cd9a21b3bea838556479cd4eb128488c7c375e8b
SHA256526625f7aba4d2d873bc33c2932f620cfd5c33ec53e0eaa023ef4ded94c41d18
SHA5123a603aed4250a551f881f267e92caedb35b9b1e1acec386948ed8c02e54fc2e32b2432760d4cec1a1c63455c486169d08bc6f2b8f0cea9a515623e2d2ea7222a
-
Filesize
1KB
MD5a838bb75bedea1d29d023c8196d30e8e
SHA1b29b5bed4be7f6151c0bf115b56c31b792fb165c
SHA256b34ce366e122bd728c904c5866266ee472d176bdf106a2455cd1ca67ea08f245
SHA51208d73afdf5902d1257d9973d8d162afcd52fa720b0967897922876c23881fe28ee343821e85bf3aa6c2e372aab7502e53030b2126c7e201940357cf4ff8ca5fa
-
Filesize
111B
MD5c330c6dc894c2dfcfbef627d90a395f5
SHA1403fc1cf58a7fdcb5a457e35d9b3954b42a5b391
SHA256ba8d4e334019bcd8dd4ea52e07745782f9c3282b61328d4bbe248a0c4bcdcea8
SHA512fad78d55824766995f3a7700f7c08d9ac5435ecf5290cfecfe724960d854f5e18ef65300e0c8f921084d8104085c41370c63f9b5197f834f7f7bf4f15264f291