antidot | 58911b7dbc485fb5e8bc3967de002ab5cb898023223d7a41e5dd7e1a074e40b1

Analysis

max time kernel
71s
max time network
144s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
26/09/2024, 15:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

qcojes.apk
Size

8.5MB
MD5

df2e25512953821661b4ab8a5688a9c8
SHA1

7f60852fef126e5fd8e71266a65ed153b6094d40
SHA256

58911b7dbc485fb5e8bc3967de002ab5cb898023223d7a41e5dd7e1a074e40b1
SHA512

a9d57579442311c693af3c4c5fecb4ef8cd4d68c2ddbb4a6734eb892ba6e5cca58fa4468f07a47da7433d2329a75d948696a652341fb05be30e4a448eb61c127
SSDEEP

196608:G1mTS0d6slb4lDlPUfTDfu/cggd0CRCYSIB2euR2kSdr4l:G8d6slb4lJPuTDfu/cICR9B21R2P4l

Score

10^/10

antidot banker collection credential_access evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4623-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.wafukizifi.server/app_addict/NFGYpTB.json	4623	com.wafukizifi.server

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.wafukizifi.server

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.wafukizifi.server

Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs

evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Intent action	android.settings.MANAGE_UNKNOWN_APP_SOURCES	com.wafukizifi.server

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.wafukizifi.server

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.wafukizifi.server

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.wafukizifi.server

com.wafukizifi.server
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Requests allowing to install additional applications from unknown sources.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4623

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wafukizifi.server/app_addict/NFGYpTB.json

Filesize
602KB

MD5
4ea265a5115ca4553a2f49ddd4bc936c

SHA1
98ef66230d578b1439d8ff95f45279e2f22c6454

SHA256
623bce07ec9cbfda83dbad1ce35f3a6c9a018d2018ed4c3749c106010caf036c

SHA512
c1f6ebe4adf58a4ee69173309921699b577b761b9491d35d0e16563a3ca7a6aa76236b0f9a8dba82a572c4b8a4d7f17d4a34b8214b3a4f3005a31f47610361a0

Download Submit
/data/data/com.wafukizifi.server/app_addict/NFGYpTB.json

Filesize
602KB

MD5
b0e5ce664d3b72ce27fd936ba50fc9f4

SHA1
5c003e9f84b972124465b1dc0500cb5e44644a61

SHA256
3c278b862d2689ae0f8cb6021ab3860035f9088b6b84f2b90b2f54ce9a3771d0

SHA512
b8e79f9abe0e1fe568ddbd2d0c0010c0ea797a02a106fce6f64d8ea1bd03c7cbb6559637ae4dd487026b9fbdab8c967dca77aff719735d7a6f5337c99cce1164

Download Submit
/data/data/com.wafukizifi.server/app_addict/oat/NFGYpTB.json.cur.prof

Filesize
1KB

MD5
b378596f0cbcd99df4b4f2d62bb2a176

SHA1
be81abe5ee273eca808623eabc936efc2a614e2f

SHA256
5ae02a005c62e6b6ce08b88d28804c2052ab479f94e6808ed7d4e2836e61dbe8

SHA512
3ad267239da8e13c3b357a451fb6e75f8447f6cc940d3b620960dea739b2b37f6be51ef815065ce75f9881597655e8d5d2b42bd8f8495de1264665d9bba979c2

Download Submit
/data/data/com.wafukizifi.server/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
ec7f282d6f151ccb9088fa4502cb6800

SHA1
f92da306b1bbb7961535ef91a12d8dddb32238c8

SHA256
7a7fb7924f95bc891813878774c1c3a72a9e198c5ef928fdd040d2381534fa58

SHA512
2beed9c8384732d1dfefa64d4014658fada6521936f7772aceec2637f66d689d3f1366f7a05543cdaf553ff768ceae826ccf58b512c4ce03ccc79f638995559b

Download Submit
/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb

Filesize
112KB

MD5
be014ff8fb9d216a2e3687363e3584bb

SHA1
b1f0849178d1afdbcc5ecec8019412f6a9d85042

SHA256
3f9ac6919252af82e71560c33fc5e5fc291ffa97f62c245ad004cca45c2038db

SHA512
ff99788e615f73929d47283b4bffe727682b7326fd9d8861278fa19b302951802e6cbcdadcdb12cdafb9f80c96b66dcba266d683dfc5727e06b4fa7b252612d1

Download Submit
/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
1308df25a92d010808c049acb513c1be

SHA1
ae5390fbb76f4fddfe2dcdc88f7c1854275527fe

SHA256
75668750053a997b70b67a399be326598c69c6c1dce7d2eae261bba7e4194e85

SHA512
64a8a7edfe850e67c94e02d230bc054118455e4649b2e4afd2f96c8fe7b6ce8a70d5ef26144272c0a6287cfe97f452303d4bcb331067d5debfc853208535d15f

Download Submit
/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-wal

Filesize
414KB

MD5
a6e8484d89a32f53fdd1bb414b724a09

SHA1
2509bf2cc6fc0f10b54e0c7684bcc6fee35323ec

SHA256
ccadf1cbac85cddeaa58bda5935db3e201bf1de79d4fc21710beceda3dba2ec1

SHA512
2d67aef29364b6d222dc2e27e7f7c16a410c50024d03529659f11eb09c962515208fe263ded67c3baf778fcc84c6225c6591065547c42749bb8806a8e12d567b

Download Submit
/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
6f964afb08fc7362d36973a022dbeb9f

SHA1
2e816896f02cda5778b82a6c6064da8a5a96f1cb

SHA256
e3264960a708131308d9d4df052f5ec2d56616bbab1b68c27075995319a8ba8b

SHA512
e89e304ed46202395ba2574477497fe652118269b85075d145cc4b203e6af12f96252bfb732f730e6aa4c06d878d54cf435874e82931fd3dee5bf71146adbb61

Download Submit
/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
36f252167bf0a7b852e079dd02236094

SHA1
fea52860ac817a23b66c67df1c6620c1229792dd

SHA256
2726efd48e771d8da3be0a0c64c8b39f4c1e12b0993a769868ea76aca43c7113

SHA512
8ba9611b9c7aa95ff962a0d64f38d17b9722fe59cfbb3c1a71ca05e957614b508dbb999c36ac5c4e6e79314d2bc092fb6299c4888ab6c96f7b7d0ec7f2983324

Download Submit
/data/misc/profiles/cur/0/com.wafukizifi.server/primary.prof

Filesize
978B

MD5
55d76a4e1123e8a1a14c423161f826f4

SHA1
89281fd85e898b47e1a10abf842f0e3f477c715f

SHA256
94582a73f60c2f8f11aa02c50325386637307ae42694405ea6884978a150c00b

SHA512
38c8ca5aedac261d81de95648faea27e546e277f5e1ef5fe18586642d9b58057f89edb7d44ddef9b83f4894afbaf58bbd778b11835b31ad9a926fa52016813ee

Download Submit
/data/misc/profiles/cur/0/com.wafukizifi.server/primary.prof

Filesize
203B

MD5
8e2aaead2edb64b9eecb5be119047d9d

SHA1
093928bf32386729e9db8a9a1ca449ef2ba79d6e

SHA256
db54be07ea61d18f431ab41cd7fed3cfd47c3b0b7340487787ab96aec509ff8a

SHA512
9707ed76def4297bf47bdcbe8fc63d5835f8b4a263e9049c7d440157f65552e9f9e149bc541c303e99a759c7357748377484c2bb3dc2bb1b08bbedb6f22cd99a

Download Submit
/data/user/0/com.wafukizifi.server/app_addict/NFGYpTB.json

Filesize
1.3MB

MD5
c9aaae1e74411b132d2394bb0be61477

SHA1
b88481229124c0def855b73e2046cddacfff3e08

SHA256
ffd4d13e1f12225aeb58b15f8f2348b6be7e332d5f90bb8d218fa4ebf3510e05

SHA512
695e2033b15f7d7463599a8567b097757bb241ec155b027a56daf0bd2a69b5884ae3b8af79de2df98e217deff9bd474549babfccacb8f6aaef2df7eb872c1b0d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads