antidot | 1f0e2b0a9ede1f1b99764e79b49f9ec8f709da7b0ac501ce3505b7db9fe25caa

Analysis

max time kernel
149s
max time network
141s
platform
android_x64
resource
android-x64-arm64-20240624-es
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-eslocale:es-esos:android-11-x64system
submitted
27-11-2024 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dexizuzi.apk
Size

11.2MB
MD5

4d2d8be66cefc3008f2ea85ea4f933d3
SHA1

f492eddbdd49930308ddf8424c629d515fe2d29d
SHA256

86f8ca31bddccc5c65cc6de18a9e8801e65e7e6169b6734bc1bfe4cea0fd9071
SHA512

671fe2bd7c25b0a7755ee8fb24a5ac0de92559271608245a8e80d9b051a0a07dc4ec8e75ec727301dfce6b6d5606d3ecae46684a117fba0dfd965871f79dc884
SSDEEP

196608:LowNHsXbyO9yeieCROoarJ4xNK1YErSsl:LgbCeieCglVgKHrSw

Score

10^/10

antidot banker collection credential_access evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

Processes:

resource	yara_rule
behavioral6/memory/4543-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.kokevugopa.backup

ioc	pid	Process
/data/user/0/com.kokevugopa.backup/app_work/MSrQZQH.json	4543	com.kokevugopa.backup

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

com.kokevugopa.backup

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.kokevugopa.backup

Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.kokevugopa.backup

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.kokevugopa.backup

Requests uninstalling the application. 1 TTPs 1 IoCs

evasion

Uninstall Malicious Application

T1630.001

Processes:

com.kokevugopa.backup

description	ioc	Process
Intent action	android.intent.action.DELETE	com.kokevugopa.backup

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.kokevugopa.backup

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.kokevugopa.backup

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.kokevugopa.backup

description	ioc	Process
File opened for read	/proc/cpuinfo	com.kokevugopa.backup

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.kokevugopa.backup

description	ioc	Process
File opened for read	/proc/meminfo	com.kokevugopa.backup

com.kokevugopa.backup
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests enabling of the accessibility settings.
- Requests uninstalling the application.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4543

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Indicator Removal on Host

T1630

Uninstall Malicious Application

T1630.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kokevugopa.backup/app_work/MSrQZQH.json

Filesize
945KB

MD5
89d3aa39d5633f0cfa22b048a9634b87

SHA1
d970800618282248195d94f7c49ba78410aa8832

SHA256
5bd6add73e8898a8ab316357e6cc4a8cb98d05ef314f1576de0f3e227852045f

SHA512
7a7923f258e61c0c619b8731fe6d2bde5237b732cb09c28d8af9aa759f431c12e8207008bbeef72894df9222be044801c7b683ca4d266beab9915adc04767a28

Download Submit
/data/data/com.kokevugopa.backup/app_work/MSrQZQH.json

Filesize
945KB

MD5
6cfbb48353b6d9b96774e4f142d66d24

SHA1
dc296970a251a4fc9413c6f03f23e433bbcd6c23

SHA256
69b4eacd73f0fb5b52bd6ed6e8fa6bea4f20f3449c371e87330a504ba954b1f0

SHA512
651e5f569fbbf82fedcf7c7f4fa5ed20c5b133ac6bb710818c6dd0de0185142f8c1b1e914e4961ab55deec600da33a097a57290adcc61f7d1432715d872b1711

Download Submit
/data/data/com.kokevugopa.backup/app_work/oat/MSrQZQH.json.cur.prof

Filesize
3KB

MD5
dda7558c3c5a61842e7e31c3701138d9

SHA1
30207012dc61fbff7d967b346da05b0be1723be3

SHA256
96deeac31f5b0effdcd6515c0a03337322408a70250de8959f5e413bb1238ea0

SHA512
cc16d5e79a9eb8eb29ed9c9b1383d96a23a733d4673e624acb1084c35ee620d6b8b74b281ff26d2cf67d7b88f5c1fe505c7ddca75471061d745f6711dcb0b8dd

Download Submit
/data/data/com.kokevugopa.backup/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
419deac2ade4e2ae55920c3e5e7e3917

SHA1
98e4e3a497293cbbad952317dae4e35784caa333

SHA256
4964335ec31f24d10d448ff6d5a863c9fa66820198d414199d6a88106770dcec

SHA512
d05cf950941e631b19dc32ec14e6d3bf3515a2706dc2fd17df8aa4ef0b46dbf60f0a3c97fbf26bcf08c7c179c56822851769f59b6fbac0c2754c7e38edd00814

Download Submit
/data/data/com.kokevugopa.backup/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.kokevugopa.backup/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
87f647ae3cd170e2063e7e7a0fc50f53

SHA1
672955b52d4786990eb80455781b3bdf678e9339

SHA256
73b8978f0f45ab83dfe4475316b5ff8d726cc0931c1c0d7feda4a979dd89237b

SHA512
f7dbd3d94238ce8f5a46a77599360d506663f22f2cc8e2977cdb9cf8a1a3656c4ee934d0c5af32118ad2426dd15c02b98f25877e7c2c79352e5bffd5b9e0d657

Download Submit
/data/data/com.kokevugopa.backup/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kokevugopa.backup/no_backup/androidx.work.workdb-wal

Filesize
350KB

MD5
503f268be384a0cdb15587dd4bc51bdc

SHA1
48dbda0ce2b801d7cb0d7a495da64a4aa4639360

SHA256
b0458a5bfeb1cbf21e144c7ddd6cc1b464a1d32b6b82f65460cd2f002a13b683

SHA512
9fbc9f348e8691f11b050d4418984a861fb0f96e71d5f31b6f53288eb76c75a98817959810801df3648cc1f273d109abd7b38db2d7433b0b04b04d97f5d069bf

Download Submit
/data/data/com.kokevugopa.backup/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
bec8cf85ee2e27c10187ffe2a2955df8

SHA1
83694afb793e7e08f7b01bac310e60f5e1a7886c

SHA256
fa4a061f9abde160057c5ef73ac3a938dc00853c3c15ef047f7399f5856d48a1

SHA512
46cc93c633b358f7552664fcc43390d8a400f803b46f21db7222236171034eed2e4f06ec2d88d5360fcf29cb2e9e1f129e79564b9e817c2ee8548fa49c246053

Download Submit
/data/data/com.kokevugopa.backup/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
b4f29d4e2ea231b8cce2b860b101c337

SHA1
773061b5877e82ceb239c4fed7707aad375f1fe6

SHA256
eec46abd06a7e6d93b5b6f5de2dfbe1b2482a417a3018be5e051eefe6597511a

SHA512
d8b1cdf5ffc7f0a7201e4687a2e66e59c0f8025cf0f19b0363f4cc1d928c6d57509abfb17de816db453501715e3aa24d509438adbc69a4be21f17738a62b393f

Download Submit
/data/misc/profiles/cur/0/com.kokevugopa.backup/primary.prof

Filesize
1KB

MD5
7b6f2ad56e47077a0afa331b208da3bb

SHA1
9ced7c791fee3f19a6405a6b31d0ea3e6cce3826

SHA256
8d290c1341eb12a456a8c73462b52a634d0dd59aa9bcc433b57b2c2fe2553bb8

SHA512
9118957aacda3d68a938a2f99181591c84403dd6107a0399f34948f8a812ecde5d13c5224b74ad0f17d233d23fcd237c7dd28aafe71dc690f41cc833d3e6994a

Download Submit
/data/misc/profiles/cur/0/com.kokevugopa.backup/primary.prof

Filesize
206B

MD5
72d08e075878b78477dc7c0a4c528b55

SHA1
448e438195abc64d65792affecf7bb17ab512666

SHA256
e40332c0cef05184700833be70dcedb3d53cc4bb16a898a7e3e4def274206d76

SHA512
f378c6cab2566ab49afc26a9670b579f19396bcebe2643d71eae7ea76ef09f34affd2155777a416203385b586c9429b7e34b3643e88d8914067fd202454ecc77

Download Submit
/data/user/0/com.kokevugopa.backup/app_work/MSrQZQH.json

Filesize
2.0MB

MD5
cc1b3bc580852eef88b69702c457cf00

SHA1
6f55e9bd7ff350de3539ad443f12e022f1380e1f

SHA256
50de312cc6850fe9cfc6d4ee6b85281b3441fa833be072cfce2d1d9aa4972784

SHA512
48684c11a5daafecaa274fe443a680a4c8d575c2dc6572e13273cec7aa7d41bce5882e99053cac0f42175258a4000f7edabb1140f589624c3ba8d7e19eacea33

Download Submit