antidot | 58911b7dbc485fb5e8bc3967de002ab5cb898023223d7a41e5dd7e1a074e40b1

Analysis

max time kernel
16s
max time network
135s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
26/09/2024, 15:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dogexuzo.apk
Size

9.7MB
MD5

ed1dd47ee8ea4b6bb0d06837c5e96d70
SHA1

1bce41dfb97da1cd4cd51026df78d33c78bb66be
SHA256

5c6d278d5791748650065233697419a744a1d12f50960dd56b9f86b59dd052c7
SHA512

df139dffe6aea4d05a03ba1bd7e9352f02f1e6914c427219a209d6fbc7150bc757ab8aa41c4ee2f3542f2c3c99183b5e6947145652dee9b7e078649035aac4eb
SSDEEP

98304:Fmv/Hh3MT/Jfr+c/byhZMzYWV2ieSyeTgnrSsVo/KrL1QeWLn4H:Fmvfh3c/JfrZbyhZrWEYErSslQeon4H

Score

10^/10

antidot banker collection credential_access discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral5/memory/4322-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.xusayu.platform/app_wild/irEAq.json	4322	com.xusayu.platform

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.xusayu.platform

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests uninstalling the application. 1 TTPs 1 IoCs

evasion

Uninstall Malicious Application

T1630.001

description	ioc	Process
Intent action	android.intent.action.DELETE	com.xusayu.platform

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.xusayu.platform

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.xusayu.platform

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.xusayu.platform

com.xusayu.platform
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests uninstalling the application.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4322

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Indicator Removal on Host

T1630

Uninstall Malicious Application

T1630.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xusayu.platform/app_wild/irEAq.json

Filesize
940KB

MD5
385941dc8f483a9029d3a9abf89042bf

SHA1
067e090202ea50f15681e62cd082b5238fcb102f

SHA256
f6a0c5d765695d00a57656f5b240149d6b31655de7666a8702aaa47ae76895cb

SHA512
59835e9fc8bb2443596d0f4d23c30fa158bd766c5385908c753560994ee729a3ebd0b4d60e9252ee2691c39868a9be53758b270a566bc180ae7ff613ba0c4f62

Download Submit
/data/data/com.xusayu.platform/app_wild/irEAq.json

Filesize
940KB

MD5
5428d4b818b6a2ffaa39d6d346ab649a

SHA1
d7084f3dab6e834d16750eab9772a1e3bb705f0d

SHA256
21e9b8a4d0e1a2ae9eea407971361357558b4c78824af55b2205bef865d7161e

SHA512
f5af1bdb2539d697075d557bb8c46b77c2d18094adfbb41f407cee2aeffe35bdb10c73d298bd7d18995957ecb9dfbd53362fdae791623d003b6e07e6c84cd040

Download Submit
/data/data/com.xusayu.platform/app_wild/oat/x86_64/irEAq.vdex

Filesize
36KB

MD5
8a8717fb744d1795d6aba7a6cfe73221

SHA1
60a212e549e64c91e377b3399588c0725739fbfe

SHA256
ab1a46e800db41e643ce150fe0315a4da5dad8d962b46663e85854d9b29d3258

SHA512
eedf160c7a4037aeabdacfd5f095e1833472c136e71a6ab164837d9cc514efa256fa53b4127c284ac40b5476b850e197c501041e5db3f8f7fe481e397538fcab

Download Submit
/data/data/com.xusayu.platform/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.xusayu.platform/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
26c2ce6d5803a09e982a3ade5dbd6ebe

SHA1
daa1dd456786661ee111812a34dd8c49d2ee429a

SHA256
3b4a82224842f0ed446317baf5450396184a0e3e34a7fc2f6ec4ad84ed5a76d4

SHA512
f4dfe902bc53f7e3e601cd82740f9cd16cc374b1d7c9964916618bb6d169476f1f1afd9057ba6dfad248de2992d9489db8fb7e66c5c8c365567d321a7511d11c

Download Submit
/data/data/com.xusayu.platform/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.xusayu.platform/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
6f0f3051b405b366b34319c848772906

SHA1
2c7d3a59425c529adb95fe6cd9f6ee34ad7bb8ff

SHA256
70edbd55c11f4a5e5a54f97ae95b7db112e8f02f4cfc9023539ceea8b44b2e5e

SHA512
23d1d595a76e1b053047ffe87c5c08f4e33326ae67a9719a69a6c49315521c030d07d75bed507c1268cd835305c621da61d3a9dda9390fcf8e2da174b24b8959

Download Submit
/data/data/com.xusayu.platform/no_backup/androidx.work.workdb-wal

Filesize
185KB

MD5
c862b48ca8f2afdaa3f427ae49fb16f1

SHA1
79700f22203a3ad00841707e0652f444ee22cae1

SHA256
663edfa16d31490ea368e3795c3dd28d8d34e7188cee1d886439e2a69ae23897

SHA512
53014c618890dda7deb3521cefae71eba1955e1726281f529700fc07ff2090dc47c1601f7a8897b4c6e88f562bd561f768b038edf5bbac36083534cfe42354f0

Download Submit
/data/data/com.xusayu.platform/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
b0bb2184b4699b906b8594428c5d0bf9

SHA1
44ce3402361f87776a31e10968a4834d3fa09f3c

SHA256
ba96b9e09453b8bda4b7cc43b35d6008759081bcbb1d73b555f64ef1da23fcf2

SHA512
a1dcb325f1d3889cf577684d68798e0c015eb95eb2244c66c22ba825a0815238f6a0d20a6fe6a78b8348eff72545e4cb0d81d95f42dbf42936477421146b7f39

Download Submit
/data/user/0/com.xusayu.platform/app_wild/irEAq.json

Filesize
2.0MB

MD5
907dc8f5c73ce932bb6acf8b564de3e4

SHA1
4712b98d9161cd6c40e625d8426c15d2746d45a9

SHA256
adb7455932ebb70a3b165a8003164883878c6e91bb96086fb20d3751849d364b

SHA512
c1a03691ba0d23694748f295d1e216d10294514ba9a9aaf4ae3fbae748a8d7e7dc65220f0fb1c4510d915230bc8c6ec72945c6634b35b9ee40744b2983e213e7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads