Overview

overview

10

Static

static

6

c87e9f6e8d...12.apk

android-10-x64

10

c87e9f6e8d...12.apk

android-11-x64

10

c87e9f6e8d...12.apk

android-13-x64

10

c87e9f6e8d...12.apk

android-9-x86

10

mizexe.apk

android-10-x64

10

mizexe.apk

android-11-x64

10

mizexe.apk

android-13-x64

10

mizexe.apk

android-9-x86

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    29-11-2024 12:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c87e9f6e8d1a099e015bffa68ed157792cb0c6de562ccbf20607f30772adb512.apk

  • Size

    8.3MB

  • MD5

    bf5284bde7432eed1d3235e8f8c8a552

  • SHA1

    a7435be13d888dfa67a093a8896288effc5c4e3d

  • SHA256

    c87e9f6e8d1a099e015bffa68ed157792cb0c6de562ccbf20607f30772adb512

  • SHA512

    bed6124909fe7c3c668c929174ab932dcb3e576639d594442cffad833e6f53d14bee645a3e0e7dc9d69887249e54e961330956b3c4247307d0ad03f91356fcca

  • SSDEEP

    196608:vIU9mDrvGCm0GcqeVU7/HOUe5iO0VIKp0cpUJ8:l0+CseVU7Wb5iRVI1cf

Score
10/10
antidotbankerdiscoveryevasionexecutioninfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.cebugoyi.boot
    1⤵
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    • Requests allowing to install additional applications from unknown sources.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4212
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.cebugoyi.boot/app_security/qYqbtti.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.cebugoyi.boot/app_security/oat/x86/qYqbtti.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4237

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.cebugoyi.boot/app_security/oat/qYqbtti.json.cur.prof
    Filesize

    1KB

    MD5

    704e6e5f0e2fb8e02f0fb856ee32eb6e

    SHA1

    f2ba1b39363b6a99c208814cf64d13ab9eaf4138

    SHA256

    5c1b3cf6e18d261397ea6a2b29f6ce82e716fdba8869ae3ce2c65915e0b0be86

    SHA512

    87de67c6b84a6bae6095bfde3a2562e6aa3b595546408632ec68c5eeb5698c016a2d281396a1fc21e8e4c71911671223c7161aa2eca690f92fec3d5cd0e976ca

    Download Submit

  • /data/data/com.cebugoyi.boot/app_security/oat/qYqbtti.json.cur.prof
    Filesize

    2KB

    MD5

    42335261abfe1b74a4398b06eef249dc

    SHA1

    d1c45933b935514a8b6f48314a1af30cd4ca7d3e

    SHA256

    732bba900c9f8b8018b134290a11437ac9bf6226ce1185e4a6a3f9f746cb2ef0

    SHA512

    db459426e6a9ce981dafc07a215ec809f16b09a4b0576701fdebbf546ff9dbd097e71aaf5752579a8b8f2d29cd3e66bfdc159dfabbbce5669df2c5bba109ff45

    Download Submit

  • /data/data/com.cebugoyi.boot/app_security/oat/qYqbtti.json.cur.prof
    Filesize

    2KB

    MD5

    537eccb37d92968ed75a89bcd78082bf

    SHA1

    82a8220893374bf36c518c4fcdc00bfba4bd63eb

    SHA256

    35ac95b2c0adc507a9819c5d549a7938fa570311689f81d7d61602c1a68060f4

    SHA512

    3906be845f929c890229aeb0c848996f856039c24379ade44af14d50b99f800e4e3f78c5bda8dbf9233a4979032fa364f634edd2411292ab1931ec5123b892a0

    Download Submit

  • /data/data/com.cebugoyi.boot/app_security/qYqbtti.json
    Filesize

    640KB

    MD5

    080271ce7feb60cae959fd4d7deff760

    SHA1

    c998597ff824b12616176ed54accb799d8a3ab61

    SHA256

    09cafd41f55569d1479180e82f5fc49edc4753b433f1966e29f7741ef5a1e678

    SHA512

    76479896532a7f44fb23b2dc8ef809c7d534b579e6dddc84a9023c441b505d326c80a402925bc0b10db562af11827635cfda50129a45603abb067e90db6a9723

    Download Submit

  • /data/data/com.cebugoyi.boot/app_security/qYqbtti.json
    Filesize

    640KB

    MD5

    5b66d9d1f5c2a9685a266a1e90a08ae4

    SHA1

    0f466553e006602563fbea49628dc6e1ef16d393

    SHA256

    5ad06bc979c18c250d45bb10d76a109aa07dacbf6165f999b384466313fd62e7

    SHA512

    3c6e47c5caaf6b50bb02572b6eb7d7417286b822abdebef15a87f4bd4907dab571e74a33b41dc0bb401a6804837fbd76ac9e939a9f21a60ae818c45d11926dfe

    Download Submit

  • /data/data/com.cebugoyi.boot/files/profileInstalled
    Filesize

    24B

    MD5

    04b45cab617ac7469fa9c9ab8f8e0a7f

    SHA1

    c43799b23854381ad4d029872665c553d579af3e

    SHA256

    e099c9b6e5f3dea6c799d3477b272883d8c0051cf3af1b7ee2a644f2c4f02d54

    SHA512

    000beeac8576c82d714400dacd7bcfed4328904010e755974f3717010332d8f5b3e8922881d5878c0a6fbfda6ec1670830cc3de21766f80fac923fa6331e089b

    Download Submit

  • /data/data/com.cebugoyi.boot/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    b142ef029bf83c240debb3ee4f7df3ad

    SHA1

    ca61ce72391af041f40df70e62ea31a3cc69ade0

    SHA256

    14bdb875d9f3a10b8496ca92ea06b98d0b1c6e32facb534333ee6800570a9eb2

    SHA512

    97fd1aafa642f3f6da20acf0aed3024a9333429010153cd7aa2510b5e68646d5d2fab9564d75f23d7b121cd7d3fd69c702e041ee2a2b8a6f1da6f39a239e62b5

    Download Submit

  • /data/data/com.cebugoyi.boot/no_backup/androidx.work.workdb
    Filesize

    132KB

    MD5

    7acc5aed11cba67b576da392c74b16e2

    SHA1

    cf0ff742c1309f63eb49e3cac1640ad2fb6ca3ae

    SHA256

    02517eaf75d2fde90146346507af0275ea58223ce96b6743c63d0d68d37e988a

    SHA512

    077067199467e9ba5d99f93ce8698a32bce85f00a9ab51ccaef5a906fc7ea421f03ee05db30e1386b5f00bc3e6dadd61f4d60af0e103967ac0de39126b5cee48

    Download Submit

  • /data/data/com.cebugoyi.boot/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    9242e1b8549f715e101139645831ba60

    SHA1

    3a1628855ceb556d7d59573e392ed5aed810faba

    SHA256

    9ca8c7c19be075d6f20b14c3cc8ba4ff7279413719e05e26e968b88ef62039ba

    SHA512

    16065154b047b7351ced284a4e21fdd48f7a82ec4766de1537fce3e50700a716776a9cd26eb44f419daea43dfde63d780c8680b3444d7e873b3a6ec79cbea146

    Download Submit

  • /data/data/com.cebugoyi.boot/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.cebugoyi.boot/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    7c7c49bbbabea5f9d6ca5d426d831691

    SHA1

    3d9bd36501aa316f7c2b77f557e48dcf2efcfaf9

    SHA256

    241c98574180580ffd996a12c65ab9613e0cc0074744df1a4b00021230583dae

    SHA512

    264501b225d4d9ab21fcf669ff57349eaed372aa3e3fd0e269d1484fdade5f5beabe2410d00ee336905898801dbdcc419e95c5ddee78233fab8b959894bf8b67

    Download Submit

  • /data/data/com.cebugoyi.boot/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    803918b04ca67ddd2cc33591b8bd7bdb

    SHA1

    47d15c512200255ced66d79c3fb3fa6017cef705

    SHA256

    e8826628adffc082ffc3f28239536842bc6e42ca514be3e5abf3466cf80bb66e

    SHA512

    7201ac085632527d57da11be3d7fbef3d2bb5c806d856450b5d5508b4772d1c14a739bacf1d0da74104a296f53047899108f0d78a946035adc57d3ee1c6251e1

    Download Submit

  • /data/data/com.cebugoyi.boot/no_backup/androidx.work.workdb-wal
    Filesize

    422KB

    MD5

    3d1575048347e29dbaf6daec2b10769d

    SHA1

    b6332ae7d1d96b24157592698300aab2c5bb6fef

    SHA256

    b5c7d46c8acef65d8ea855fbe937aa86b2de7dfc145301333609674ff6512b7a

    SHA512

    c00a6f0ba6f5e5d9f5ea39d15457a3bbdd9ed5d4061fe4e13a60552aa2eee834eb3c215ab3efe6eb3ebb5430e8968aa03366051d535dac126f2a391e201ac2fa

    Download Submit

  • /data/misc/profiles/cur/0/com.cebugoyi.boot/primary.prof
    Filesize

    999B

    MD5

    40daad7d244cefa8aceb8a8626083a5d

    SHA1

    a4e0363eefe23810f504d91c21208844610a8c0a

    SHA256

    39ce994e24fdbdd727e4456c32dc1c4242f9a2441125c8806efd34b7d7c4b09b

    SHA512

    bdfbd1b56f88e583aa02b17740e36697c9b2167bdabd7f51470fdf0fa4ee6c83c349f0e1b9a31982d91d6a02b45efe8beb5f319c91eefbc651b32f049a716e50

    Download Submit

  • /data/misc/profiles/cur/0/com.cebugoyi.boot/primary.prof
    Filesize

    184B

    MD5

    fd00909f637dcad5264cd7771af72bf5

    SHA1

    e44b7d8c16b0b6141efe8e0b29c2b9e7bc0fc30e

    SHA256

    d61f650e568d47498a59ddcc3195d52a15901eda18c9d9fa7b1b03aa68fdd18c

    SHA512

    6d2439c3598befe0100bfe9670e0d82db1af893d1dd27c11354319e5fae0eaeddca3b074041c132d90a181d76dfc902de4571192ff7dc874214bfed0374bb8e5

    Download Submit

  • /data/user/0/com.cebugoyi.boot/app_security/qYqbtti.json
    Filesize

    1.4MB

    MD5

    8587947cc481d0307c8b675b35c42a0e

    SHA1

    7031d09c64d46b9dbad3bdf64fa47fb0094db91a

    SHA256

    3e744502d5ea9b220ad8bb3bfc17221ed234bb8db3ccc66fbcb485a1f5e4209e

    SHA512

    04d46b66a44286588cd4a09e33305819d410a53f3b4e31adef03b0a8bdc609970479814df9aead2a8bdb6d037aa018ab4b7cb26c19ff93a7f9a5447f17868974

    Download Submit

  • /data/user/0/com.cebugoyi.boot/app_security/qYqbtti.json
    Filesize

    1.4MB

    MD5

    63fe37a8e582054fe3a02be377b86386

    SHA1

    adecc8c1c1a3e194bf33263aaf6dd46ebf19575f

    SHA256

    134a686b6041351fb4911124112977e8d0531c40e3803e5a4557745afa62f7be

    SHA512

    6f3ebb038d464c6e960777d31c4cb8d974be79db58ca0123bb99ffed09d0eea67f183023579a738bbd4621a3837bc4fc019d5ba5ba4796901f9a7b70e61c5a6b

    Download Submit