antidot | 1f0e2b0a9ede1f1b99764e79b49f9ec8f709da7b0ac501ce3505b7db9fe25caa

Analysis

max time kernel
149s
max time network
155s
platform
android_x64
resource
android-x64-20240624-es
resource tags

androidarch:x64arch:x86image:android-x64-20240624-eslocale:es-esos:android-10-x64system
submitted
27/11/2024, 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f0e2b0a9ede1f1b99764e79b49f9ec8f709da7b0ac501ce3505b7db9fe25caa.apk
Size

10.2MB
MD5

4982e66fcc1ad470d0a93022b3c7dcc0
SHA1

07f382fb173f77be877de9f77fc92b52ba8b270a
SHA256

1f0e2b0a9ede1f1b99764e79b49f9ec8f709da7b0ac501ce3505b7db9fe25caa
SHA512

03a418077f362133c4631aa7f170973b724d1d56ac07fd1d3e5db17d4c23abe56182680de9c309ad92c33bc421aa0875da107a4aec386ab1bcd4a2cacb1e69fa
SSDEEP

196608:0oopuBYsGq7W4tjN2OfH8I1jWMMh7QNNjDNcAGoVQGlRlo1TvWM:MHOW4tjN2M1jkFgjD2+VQonoBvWM

Score

10^/10

antidot banker collection credential_access discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/5017-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.redewabobo.ASCII/app_afraid/YHfPRq.json	5017	com.redewabobo.ASCII

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.redewabobo.ASCII

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.redewabobo.ASCII

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.redewabobo.ASCII

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.redewabobo.ASCII

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.redewabobo.ASCII

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.redewabobo.ASCII

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.redewabobo.ASCII

com.redewabobo.ASCII
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5017

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.redewabobo.ASCII/app_afraid/YHfPRq.json

Filesize
609KB

MD5
6d4147d5dc237d47e6047e7c9e143a1f

SHA1
88a3ca6e99ed83b181ac91925ce79a2bf64e29d3

SHA256
a6127a9f0f4f6b4b8e926a67ed03fa06223a5244c1429e71ff4b600d761f89aa

SHA512
f2c4ef369841d60d92e3030c64c495712bd0300d1a82f4d86af44e4f888b216fbea5ac6d082d61413798094ed4fed6ad3e802f2d06b388d7e3fe1753c7d0b469

Download Submit
/data/data/com.redewabobo.ASCII/app_afraid/YHfPRq.json

Filesize
609KB

MD5
d29ff5767cac5e17ea2ad5110aa71597

SHA1
62ad19dbe39d41afae9f78e423eb182da8a89c85

SHA256
70a1ede06d781289b40d4980a35041d9e58504e5a4d55209360469ba70491cf3

SHA512
f8dd1eb911e8f591131d162d38dc2a29b24f87f0e052de2005abfb43a2560c0641ee48c2b587739a4a469322847ecf6c7ec8e2a88aa3af8ec654868443e1b1f1

Download Submit
/data/data/com.redewabobo.ASCII/app_afraid/oat/YHfPRq.json.cur.prof

Filesize
1KB

MD5
2205d720cd5300dfb894ac027da38a42

SHA1
ae6ccccf831dd7b77ba73ede391a4cade20c4704

SHA256
b3ccc1dc5092e6d68335a8e1365e5fa905832b2b16ab8ee63b0993d0b4e722a3

SHA512
8f3471b69447ac3f8e3642994ab91f5671c31c23fc54a1a91e82645e0b7b574352e46bb068f2feedfbee1207d5ae269156c0c8a79530a922075b845f913b3bc7

Download Submit
/data/data/com.redewabobo.ASCII/app_afraid/oat/YHfPRq.json.cur.prof

Filesize
2KB

MD5
cbfc3da2e715248f42300761b43cd258

SHA1
66e710d774afc0f470c87287892e1dff4c8ed8e7

SHA256
c09ab4d51d7982dc865aff43c638d047be7ef989d9b8816ba469b4b9edf2e130

SHA512
605ae96b0c9d604674232918fb6eb09ce88bf9adabceb118a0dc920f9461c6ae99e007290c202f4c5dbed074a34cfd21c8e70eb2ec5662030758a90048a06f71

Download Submit
/data/data/com.redewabobo.ASCII/files/profileInstalled

Filesize
24B

MD5
fc252b2cc126dd980b0777a80ec40a14

SHA1
f34b62113697d95c0d4b44adf2237eb4c4acf4ed

SHA256
eb37f4292c80e4087111234314ac1b96ad324429d0456928f504dac61b8938f7

SHA512
76aa0fa5424cb5654a1d14fe3a85a543f6824656d72a07ac351aa7615e857ce16beb4ae45452a44fc422968472ef0445635b3b61e437c5942b81b29287db01c7

Download Submit
/data/data/com.redewabobo.ASCII/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
b73e28883737c6276a3e37b2cc614c93

SHA1
572603272776793d57a46631eef649cfa9b7f93e

SHA256
5d4ddf13f53f1237eab25ba97866de38c472de4726f90ff3a0c7938032f0d5f0

SHA512
5a8e5d2a48de6164d55bf0311ee14ebf52ff7339c84e658df833f40aee0e6e6b70629bfa9ef4205cf68297bc82ec9e604b4aab36ca0f363dcc79010248da2401

Download Submit
/data/data/com.redewabobo.ASCII/no_backup/androidx.work.workdb

Filesize
136KB

MD5
44316924e4e74d4c8d21e7e1af1e6f49

SHA1
cd0ce22aef5fae86b7b26017d5fd26da0eac6e9e

SHA256
9fe158f035c24a62642bc3f61802f9284a400f7f02a46500a5ba2df67c747412

SHA512
bc4ca101cfbfccb65adf7f8451f28049f1a2f0d5423191ac9d6753045c9c6eef5eb35bbff7a94da78b9f6412577fa24f868e1c4d10f94b06d92a09763593c88e

Download Submit
/data/data/com.redewabobo.ASCII/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
f564437a2469247ac17f396807e97295

SHA1
cb0f2291d77e9cce87123cf7b6ff0ac703ab8c3f

SHA256
e2b809ac8e9363cd23be9c149d147fe5a94f5ea294063cd17b8bb652c15f9b67

SHA512
da54ba813785bcacda53555203ba440ab21f4f99278cb281364b168ea96e3a7e35f6c54cb3d627ff7ac3c3227ddd6ccd360a45c75591538cd2a944b8bc44acbb

Download Submit
/data/data/com.redewabobo.ASCII/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.redewabobo.ASCII/no_backup/androidx.work.workdb-wal

Filesize
418KB

MD5
4fe1ea8a9d733122952827d01db959b4

SHA1
b6322f316c5ac52bed516c99f530905b7750e146

SHA256
46120d91e8880e031b255083ef8c4fabd4cb94a64715a256ecfa5de79e3b8c5a

SHA512
e7f6f72b826c2a83d25f4446e284054f3a23133f9c056cc2492fdcb8ec96b3b84b0a6f0688af119a961ff3dd77997214edd4e9691299b7f5bca69d3b8911d526

Download Submit
/data/data/com.redewabobo.ASCII/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
55bc00548bd57059993543bc1b9a6bd5

SHA1
7a1beabc2aa0505ddcfde84eba0b505bf83c59d2

SHA256
2d4ba302bc4841331115987df5fc25c55e9adc06c0e4bd9c8061e5ccc5fac40e

SHA512
a404923715413423a6faf9adf1a77fc05cc8ac78997fd00d8e3312a11f6ec048f76e9659b88d8c7130d9496f9aca79b843e2c1cc248a7c540c8569631b64f182

Download Submit
/data/data/com.redewabobo.ASCII/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
8176db2ced8fa404380595a7b0a07ab3

SHA1
61a5522636b7d829d0ae2d7eb10bf7fd482d3697

SHA256
4636e4f7c5672cd025a87e9fceaaed59320c0fd098874f831f289c8315a60658

SHA512
522eef467d85f2ada051df7c69bbb61a3c764f4ac348062587cc719665dd43f79eb441e65d2b609a6166c6001fee3e458dcef54e319e11912dc5e4c331ec3919

Download Submit
/data/misc/profiles/cur/0/com.redewabobo.ASCII/primary.prof

Filesize
992B

MD5
f9fb0ef0764e987c965397688b5e58ad

SHA1
5b2c1dad6b5f1a301948924fcdf8b574dae57a4c

SHA256
531ba96667421fe63883c0f7cba6ccb49ff301192bc9467224f7be0fcee74181

SHA512
2a6e6637e2cbd978314f773a91613779bfdccd3b7bfd270f6eadd3b698969ac6cd8ea553d8eb7d3df4cbe905fdf61f5f745602173023cdf9795b10edb32e31e0

Download Submit
/data/misc/profiles/cur/0/com.redewabobo.ASCII/primary.prof

Filesize
186B

MD5
288124e55f183a7d8d93d81e350dbb15

SHA1
711653db9a47b45194991d3bc7489e4b8f06b5cb

SHA256
0245a9e5673e7b55c89d20083d1866d17728fd328f5998f3670042a0289a0063

SHA512
bca79a5b5c62fbd41a50cfd80fd70577586a55b728f6893bd4b17385a8f737985d15f8e56b231260a74860b4a43d578e54a41a19ac39738389a0ea20338eaeaf

Download Submit
/data/user/0/com.redewabobo.ASCII/app_afraid/YHfPRq.json

Filesize
1.3MB

MD5
c32af470fb777428515b5c01369fd81f

SHA1
72e65e062280b2a13b4792630119392bfd451860

SHA256
8c110fecd6d2f3d6b22ec6885d03199e64bba8e79d6d0acc8ad16f6cfb4a05a5

SHA512
bb40e7eac8d0861a060a37632ce6d679503972309cf510267ede98e7d9e0b14b252bd222300db3ed1e696e69d6f47c852129f8d52eff29fb34319cefc1dbb500

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads