Analysis
-
max time kernel
119s -
max time network
119s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
-
submitted
24/03/2025, 20:33
General
-
Target
wibemuse.apk
-
Size
10.4MB
-
MD5
8e03e90022214eda8f01ce735d8fe972
-
SHA1
0a5fb8dba68751a01aaa113f92b2db9225dd24a2
-
SHA256
5acb5ebdd0e4c8fbafb44a88e66e741f1c94a72e3f07f5adc454687010634848
-
SHA512
40f1415f69ef72ba6ec53745c2192cea7a82e4d1c028cdf0b636af163a0246a3d201d67ddb60f8552733239ebac82673bac179de179cc78656b9d9cef1e2fde8
-
SSDEEP
196608:mB12mtwTYrqOBcjvLDxLB5WLDDKfYErSssdkpxHaNhJ/Ds:mBxmOBcjvLDxL2DKFrSuVaNbs
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Requests enabling of the accessibility settings. 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.belasaba.guard1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries the mobile country code (MCC)
- Requests enabling of the accessibility settings.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
945KB
MD5211771a5071821646415d372d9df992b
SHA188cc9303bfc9f1c4684d9052a82f6887a9e32d31
SHA25605b15fb490d264ffb6708d3ca6c95b5eddf1a5cdbbf58c8320dddf549db49cd0
SHA5129b1b89dc1dfc810b4e3d05d384971c614c4ff0e020cb7d5a85da46efc88655d8592bdb18cc8bd5a91073fd456969c63ec55c5f7d1528737bec000eb67fbd7dd5
-
Filesize
945KB
MD56083abc4cd5e5452335f2d97cbdca967
SHA11995692c5fe9a01fdb4c9dfef8b4cd4fe8276a90
SHA256394bfc698a39070118f178e3c11e24d78c0f4ec3e6a3e02f32929402933482c5
SHA512f067518fa5d5d4ff8a9e253e32e16664d52ba09e4aeeaac5410fc09d5ccd4e2443ce35112e72fd49e900171b43c9d90b8cc696223f76ea6858be4fd547bfc1dc
-
Filesize
3KB
MD50fbe508185a55a5122cf55a6bfd8bc8a
SHA14b558a51be99bde5f7edf77b6fef5a25fcccd663
SHA25667fb268e85cbdca520b321d3103b633bc369a8362504356f8caf00be6a03538e
SHA512ca0c120a9cb1fa59329bd4ceec7de3a4ff29dd5599d906c698ade08f73dede642b416d3ff15b4d955547233a70133296f95d3c80103285f97d304ff877a8dd7b
-
Filesize
24B
MD5935a3732dc88677674890e79226d4872
SHA1ae033b4a8892fa1520a90525e1174a91ab11f1ca
SHA256d9769e9b1122792e21c31cf5e2d33f69e09a579534d440b9369bf3fa67e00fcb
SHA512bf4fc6ecc6368d67fd9c5b00483b329c73a6a7a2ace17dc90038666fb88df709f69891ea6070d6f2cda85dee3e63de4858957ae804514694977447a57262dfc0
-
Filesize
8B
MD587d4f2ad12f3f8b297912a845f3bd9ea
SHA1e71964b77392d1aeec3e4abb909e8336f32ce32e
SHA2561836feefb3a0331b2e96fa420b20c5fc6082df320c395f4a9cbe6bbc9f6cf135
SHA512eeb0643308914e90a15c86395473f670f9a9e1b27660725ae35e42a9f5774a8f97e327103feb82aacec8df79b5480abcf60bda6615382b1d09d08119e579a3db
-
Filesize
104KB
MD5669e9982ddb5ef1fa8f03f65a94d8353
SHA1166603b010c3f2073c4d3f3857ba3d0085cc438b
SHA2566e884b5e7a5a95db0677a7f23b42a1877d273be61d34ab90eb70a0875a043894
SHA512f69654399c72b295c34460dfd0089803b33c24a378949c04cf2f312309551ab648284084129bf835ca91937f8c7e278d9d1eff37ff06f8a20ec75e856715c2e7
-
Filesize
512B
MD5472e51a48961ca2c652eb4dc8b0ef00a
SHA147a3cb21da75be8cec9600ac08bdbf7b84ac59d1
SHA25608fa42e816677c3ad866db7d68be887cf3eda02eba8748149beaeba94c955866
SHA512981d16fbb3fa90fbcf07b416b557dddc017ad45b415adc53daa0b3dd2ab26f6c05894075a6f5a49f6664259ed00fb96fb41989ac86afdb9829c43b39bf40ac03
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD538802e2e55b2c29dc3be544f34c57356
SHA11ab5f0e813f18c6659dec62709cd1b0fe7d96d9a
SHA256578f321607953ca56a5a9b20e44df10e0bf4259b4f97f3cadcff95823bebe48c
SHA5129a495bc01151b5079afd3d7a18d0ec0cdc21a894b595b925f310bafcfb94d2bd9b88ffde607f80aa57e15ec2be17205579f1020b5b63c22c9415dcaa0815925a
-
Filesize
116KB
MD5c596c4b82d4357c879f8518dd47e2f62
SHA1bcab6b1bb3f672b3f5a6fe2d9b1a106a74d5665a
SHA25683c6f468b5f0438b5bc122e4ed52f32bab8dbfa43701206c0a59db5c0c58f668
SHA51284f3c6ee2d43dbf9fe5199dce4ff5116bc56404a8fa2f045b759e6bed3ad5e1fda0beeb624a906c2fed6493ebcfcf05b5ae33668ea82276696c6899776021263
-
Filesize
434KB
MD5b4dc3c13ccf8bbb315bf07fcd11524c6
SHA118a26a570315af14b93606e38c3f2b91bc50b61b
SHA256cbc14fae9910d74b822092ceed7795ff5d62b6077b0547528dcc65aebac1a1dc
SHA512ef46318f149d2b307bb64d7e434751f087cbdd748de813247b1b0e64b6dc9d72a4af0d3237004cfa3ef2d6099e89ed64b562712768b15aba662cf5218c3a4ee6
-
Filesize
1KB
MD555020e8f639d39ea05fd432ff0e490ec
SHA1e363b94d622814c2ad9296ef518cf73b9aa0d526
SHA25634d8f04da6b2a8e397efe6ea01f1f466b716c1c6f14770a86f0493d96226ee5b
SHA512109ba08189331c1cc172eca777b17b7b51465abb4b5c2bda371b4de11261e8be64321066c459b866c1437d637bd06596f2e860051daecc316995810173f9e593
-
Filesize
25B
MD5b9d9e0f8902d129e1aeebff0ae7b725b
SHA1cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781
SHA25625a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91
SHA512f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6
-
Filesize
2.0MB
MD514729c3618a03cf849b664361086962b
SHA15d2065692e55e6340826b4670e93743fe4ebf49f
SHA256bdaa4680b58d117f7cb4e4ed89a61119e0cacd5c6bd375af912d2bac4c83fc14
SHA5120cb89089293565ce3b89476395be51cfc4103f69aa76671e7f3af4e1abc705d437dd4dfcd81d60c94b3ed4ddfe8c3296dfe7a6972267934a7a1109b9d81f4afb