Analysis
-
max time kernel
149s -
max time network
150s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
04/04/2025, 09:08
General
-
Target
Update.apk
-
Size
17.1MB
-
MD5
d44caa02e4fa7e2992b327abb4242791
-
SHA1
2ec56ee9ad5fe44a3407ff977c6d0b5dfe4704e6
-
SHA256
3de709dadce6084258b4928145e5da404affeeedad19426f93a2741d6fd6dcf4
-
SHA512
46b0c1d1a118bbfe621a1f95d2186259db9f3d458adbfdd07686961559d88b37252b1d71fdd4d9aad6e6f6e2b120c906fd52dc04612ae6e1de17fe9d356af57a
-
SSDEEP
393216:n/6/FU/4HPKDDeXtn7rqqn8W41YRdcz27+rDrfn7S3Zd:n/6924yDiXZr18W41YRvwDrfmZd
Malware Config
Signatures
-
Antidot
Antidot is an Android banking trojan first seen in May 2024.
-
Antidot family
-
Antidot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.belilu.acm1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD5f255edad36ca54915519e76fed7d8049
SHA11b5e5200fc0a4739f65170d8c62a12914272e480
SHA256ea8abdff5124a73c975b186e92de2fefc8d19b688082bea46cd7773b46374dfc
SHA512939eee51aa07b8672a911510603fa88fa1a5e9de2f907a2352e46d04cc2002dfb2c50aa7a91b8d1d92c724ecc0f7e992c412f6cd4f208cc7183a99a01dbdb397
-
Filesize
781KB
MD552c154dcde5d100bb1526079b0d7966c
SHA1fb8b8531e5c1da60d3d4ad3336df1202c6b2ee66
SHA2566c5ba604db8fcec76fbdca3a3a6356effc5d74cb20e526834157ec2c1055d56b
SHA51281d5297e24d3935b88c88a8bb5af2c2fa56323a375200f3d3ecd0215bdce53d13b017c2ed76f4668000eb3f5a9a61cbfb4661735f6b22c250bd12af68ee0263b
-
Filesize
782KB
MD537e70e82c84d65f7b0334ddd76d7b3ff
SHA10661ee06aa45c7c7e90e94b0ac3b19bb70f60b5f
SHA2563b8f83cf8b8e2033f0d1198ac495858e4803b4c655a4281a1f77187b7b779ce5
SHA512eec81c2771c655fb76f2ffb85f8fa24ae03eba6576299e295f21632e73d02f7c341c35f448ab8ac3de1b1b7eef409f1217e44fc55ce862f0cb5f022c70edc981
-
Filesize
24B
MD58300508ac2beac1eaed01e31f1dff618
SHA1d85de9d201b7b8631476c6d3e8db62c783f6c059
SHA2567cdd89119ba85db946434969157f26853c96165e41580d3d3429506c890f9024
SHA512b42f787968f66d60cfa5a7c5f6d6ffb54937471e4bd2fd64f180663fa267fff5a8ab86b9fc8985eaea2ca46ec8f8ebf000304ffa4de7d39c56101ce377ffaa93
-
Filesize
8B
MD5b6e18c1a6c39c37f44af16eade6347d1
SHA136e89e6f5e1e8f01c85856830d8db4aed808ebc8
SHA2566bc9252ed5ad4f32b2879d6b1c4174a477a4ea6d929ab1abb2fe0875d7608527
SHA512a4f77cf10778841f32c3ef6c820e36e8103d0e52e860741d38042dd33b74b8867a5330c4475eb4031f1aa227f43f5e2812f16e6282a2b2bce9639b2f78365314
-
Filesize
172KB
MD562e3ab5f56c7e7fdf3d98750e4b27c59
SHA1b5ff1d0693cf318df6521f43f0ed89be42f28be3
SHA25696cb44908fc77ce57a3cbd4ba550da899a79e9cb2dd7586627b2fc2457f2c048
SHA5128b8897276da26c6ef5387ac7674755b392bd3700d73ff7b5d155cd7b3bac0ed615ce602d2348637a76b5283b5cdb46d17cd473a3322e70b1bae2051ccfb429ce
-
Filesize
512B
MD5c1a115001e719dd7b1d7e50018a17e81
SHA1be65fedb14e4e68c72664db9f899c665f1aecfaa
SHA256d0b6870f61450c0b6c1131f075b058cbcc1442cd7b2d392830efd8c294935bea
SHA512969049e25dd8b928ac59754aa66a0b36b1178dcf168550aa054a1b738dcef66fe6ef1e31dfedb60adf50cc6752e6980cfa2f82f6f41dee86f7b212306d57a460
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
430KB
MD5adc840a937c480a460399c7de0db9f4b
SHA11b35d7e2c899b06a91293fece961654d4a3f56ad
SHA2564c396872c0e23797a3fd889e97f6d550d92e4edd8fea2aa1c11ee2f6bc34f7c3
SHA51257fce3b1fbfe11b01ede664471d273fd005062f59a83ab564fd620cb40b9ad9a878cf72978770773c60ba42359a95ca76c8f7bfc1d037b3ce3c25f48c56a8938
-
Filesize
16KB
MD52823dd3b246c8f87a16750d99c16e937
SHA10cb7813551163ed11be723b7fe42e764f2ed3560
SHA2567482536ced924ac489bbe0dd2bf3e551d7b4d2a22dc2e656685b2f1e0ac87bf9
SHA51273d2683973805aedaba6f5ccfac5df23e165b8bb94058e93976bcd544ca02890704452c9633740ed8ec3f7d4e158f4515adf2789390558b6f1b9e4a57d4542a1
-
Filesize
116KB
MD5c5079eaebe0ca0b098188724d37530d4
SHA1f363386cb22e1b9f97e3320c3b11b1c644487bfe
SHA25609bee528c571ab995e02ce70bfdc88dd83e332e06328eb4aa5ed1563af053977
SHA512f0f6436d7ee9b5f25abb53e95ad2227b66bf90513963865b1707a12efdc753b988362d1624dfc47474d123c8b9fdf2fc2ee99bb9125d274d2084c472255eeaa4
-
Filesize
1013B
MD500290bc6b09ac837f078d4ac753e0284
SHA1135a20dd7ca2c536b52883a1c3210e146087ffc1
SHA2560f30686171731bd060c6bfed03aa7d8efd96b517b9dc9b962ac1432d7d9fc717
SHA5120d2a64d482fac57df157ea4278f8025fc4a1dc1918b78b282b61a3f34fbd74ab7cdd47dfac7f92f7c6378c58226ae0f952bf32cf5fd5f5fd919704a5c7ac0fe2
-
Filesize
25B
MD5b9d9e0f8902d129e1aeebff0ae7b725b
SHA1cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781
SHA25625a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91
SHA512f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6