antidot | c87e9f6e8d1a099e015bffa68ed157792cb0c6de562ccbf20607f30772adb512

Analysis

max time kernel
142s
max time network
142s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
29-11-2024 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mizexe.apk
Size

6.8MB
MD5

736e623e2e85ec7b1360e9df07ab2fb8
SHA1

4825b020d9a719fe275088f39642e0290d0d6b3f
SHA256

6136a6ff061aa378e346bd61a6b90a992c61a5844f7fa47a2678dc262be50a2a
SHA512

e9a529525f2c183d1a89b3060e5b52d76ba18c37ba5a9782f28eb41e718fec744df9df3620c9dec95cc8b390a568e290e58a3a036a33baaeb42f4558affb5867
SSDEEP

98304:2wo/Krsr6OxRnQ0OiBofffd8hbaWBvl2ieSyeTgnrSsGlosFj1ORv:2P6OxRnJ9b2YErSsOos1kt

Score

10^/10

antidot banker collection credential_access discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

Processes:

resource	yara_rule
behavioral5/memory/5000-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.tidezu.exabyte

ioc	pid	Process
/data/user/0/com.tidezu.exabyte/app_bunker/Mb.json	5000	com.tidezu.exabyte

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

com.tidezu.exabyte

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.tidezu.exabyte

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

com.tidezu.exabyte

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.tidezu.exabyte

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.tidezu.exabyte

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tidezu.exabyte

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.tidezu.exabyte

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.tidezu.exabyte

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.tidezu.exabyte

description	ioc	Process
File opened for read	/proc/cpuinfo	com.tidezu.exabyte

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.tidezu.exabyte

description	ioc	Process
File opened for read	/proc/meminfo	com.tidezu.exabyte

com.tidezu.exabyte
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5000

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tidezu.exabyte/app_bunker/Mb.json

Filesize
944KB

MD5
6042c42af03f6b3dc8c2840c46e18272

SHA1
f42972b0ab7020dd7645b29defacdd2b5dbb4fec

SHA256
a0195f11d4a9abe20d00c271054eefb1a5dedf89339e5c2e63f0a64b27af779f

SHA512
79e79e508dd1db847d9e6301250afb40aef0efaacb86c6a4d5710bd1f94e7e91b723fada328591dbe22eeec32a8711ba5dc898ab32d7e359698fd469bd00c00a

Download Submit
/data/data/com.tidezu.exabyte/app_bunker/Mb.json

Filesize
944KB

MD5
c3afb26e7aa1e8d5b22f788ad7ba717b

SHA1
a9073c68b81c0777aad654339d96c504bb2b5043

SHA256
8294c78f37a42e441510d9219d879fc3f716c178d920a36d889c2f27dd32c16a

SHA512
bf317c40bc18691d50311e6331a8ba61369de0890e1e38996abcc84247ebc12362743699f80f4c6ee6c6934479425a978d5822836f3c7ea052f7d1758af6001b

Download Submit
/data/data/com.tidezu.exabyte/app_bunker/oat/Mb.json.cur.prof

Filesize
2KB

MD5
49dd7d3e8688dddda894f441f82f3ce8

SHA1
53c7c7e48776e1b040a989d9aefa33e057edf0e5

SHA256
598d696e1669e001a096ada11e8e7a4b6e491dd68b8cb5ad1d324040706bb7f2

SHA512
73a2efb2c68e1fabe2df17877519e0cac4e41ba844cd919e53630b114600478604a2f0bbf76fbda0a6831f803888fbc98ebbad41179232e96b249b7faaebd944

Download Submit
/data/data/com.tidezu.exabyte/files/profileInstalled

Filesize
24B

MD5
619fcc43bdc8bc3c227d0677a2716283

SHA1
2e903a1f8a3de89906bb351a13b83b533e795103

SHA256
dfcfe29ee2da7cb94bed11a41df1d517242c329b81f85c2efb455d67513b029d

SHA512
9d388b1f7525a71809844b62518121baa6afee077a19dec04eb01f00e4b4bb5b330e9b2baeebbc5c83c5a7609db80d7c053954ffc53b66fc387e1fa509103035

Download Submit
/data/data/com.tidezu.exabyte/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
8e717ae84c7db32c3e6564c9aa6486d2

SHA1
1cec526ee5a8cdaee26f0f2fd3963e7ff04f867c

SHA256
96840abe5f8af63c2fe716764f53b70bd5dc294183d7eef39f78249807674ee6

SHA512
a9b5331be14fa35d36160be8d47fc53efac77ee145295f9e8ff1dae671901fcd04c9d348ca113d58a6e762768872c21706eb51bb9d6e005131ef259237d296d0

Download Submit
/data/data/com.tidezu.exabyte/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tidezu.exabyte/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
36a705c24de3b2d289149572ed86bff2

SHA1
f5e441d1e531cb681ab804866ed721ba86e93614

SHA256
7e1581b745257ce0a1505cd2175a22a44e673d66bde45425440a89aabf873e5c

SHA512
3e47ded00aee2f81984c751a034d5bbae4c38e3257b74e2616a2f941bec8c3d8eb140230709f313e09b2c801e31ae5eee0d87f599ee3d0136c477d8765f58428

Download Submit
/data/data/com.tidezu.exabyte/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tidezu.exabyte/no_backup/androidx.work.workdb-wal

Filesize
358KB

MD5
6c072619ff3304f4920b4cdd34af7dc8

SHA1
f365e47513c857813798678eaaf82d7c294ae48b

SHA256
4143f16ce1f23bbabb9d62ddd007ff25b909322e44a1b9d4c9e3fd770895db49

SHA512
f843d3a8323bf9109d1eb27545d762689fc1ecf9468fe1a9b77c99fe3533a2e6c259fa7860971c24c3f8542bfb4730df42537304637fd9e4c493493ec76c48df

Download Submit
/data/data/com.tidezu.exabyte/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
9fd537485089d41588e8e72ed4a6b630

SHA1
0380adba0121c4050aa76a2453f50a72d9579a84

SHA256
98af3eba7c485e5d706b7486da578a443e9a4abe1f588e73bf3cb214eccab773

SHA512
0ba1cfb98b08d0a9f413f98e9f8835ecf1f2a1bbc1282631d520af80f8d596b1c588dbc11976227cb8f260bbc22d3fc84be1f507ee85bf959f2edf71b33cd0b5

Download Submit
/data/data/com.tidezu.exabyte/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
fed3f185d173aac8227b3c7f3b258131

SHA1
963197be97e86b2c60fae5f823af285c43c6aaa3

SHA256
6b6145c3898efc4643a6db95ba642f3f87d19356d9ea75e151462aac600c9e28

SHA512
1e2bb45890a1942914a2d7cd0da7b526d50e6fba51c22469b2a9162e0a85ac52da4ecb5d36cfb96cda98bdabf083eeb58f164143af99fe620ff1de5504bb449a

Download Submit
/data/misc/profiles/cur/0/com.tidezu.exabyte/primary.prof

Filesize
1KB

MD5
570aa3d946e5fcddc4beff5585f40cfd

SHA1
4dfc8682eda8a6010894864f86e9f1a26e1b93f7

SHA256
f9a3692909a61e3711e58631ab7607b0e6250e975fd8059b992cbb6ebb298987

SHA512
2de5a6a8b76ce3ba089c1384e93ccab3d0109ca081cd5663822791d2207edca635caaf13ab0105843836bfdd30529a4912bca556385476eb1b624b29e8fd494a

Download Submit
/data/misc/profiles/cur/0/com.tidezu.exabyte/primary.prof

Filesize
177B

MD5
7b54fa4206d7a3009b25deb19cd5fd61

SHA1
9b0eec163bb2993835d8fc6263f6382ae58ed97d

SHA256
e8e36b61e14ebfa7ca08e768c712dd798cb4dafdcc7712440a0c46ce1d1e7261

SHA512
5fa19cbcd9e2b488c8834a86f91b98e25db002df8311118bf8198c7d617c52de11208ac7125b842037c884c2bd9e733fdd7bed7127e0d83f58bcd27c2745efa6

Download Submit
/data/user/0/com.tidezu.exabyte/app_bunker/Mb.json

Filesize
2.0MB

MD5
0edd7a71e7d6108c5bdb05a1b019408a

SHA1
f1990fe3c97a703f4f47031c2b854144792e97a3

SHA256
b5775b7bf2208a5dbddefd87f65fa13e5002546ef0b2df7921c2c12fb5db184c

SHA512
e78153524c713ffabd25745a903c551ea219c86f5444def6db2742bbd49cdb5e7f04c48684b204713c5b3afc6b9d3bd363a64f72b656e2367cebcb8289c9418a

Download Submit