antidot | c87e9f6e8d1a099e015bffa68ed157792cb0c6de562ccbf20607f30772adb512

Analysis

max time kernel
149s
max time network
140s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
29-11-2024 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mizexe.apk
Size

6.8MB
MD5

736e623e2e85ec7b1360e9df07ab2fb8
SHA1

4825b020d9a719fe275088f39642e0290d0d6b3f
SHA256

6136a6ff061aa378e346bd61a6b90a992c61a5844f7fa47a2678dc262be50a2a
SHA512

e9a529525f2c183d1a89b3060e5b52d76ba18c37ba5a9782f28eb41e718fec744df9df3620c9dec95cc8b390a568e290e58a3a036a33baaeb42f4558affb5867
SSDEEP

98304:2wo/Krsr6OxRnQ0OiBofffd8hbaWBvl2ieSyeTgnrSsGlosFj1ORv:2P6OxRnJ9b2YErSsOos1kt

Score

10^/10

antidot banker collection credential_access evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

Processes:

resource	yara_rule
behavioral7/memory/4316-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.tidezu.exabyte

ioc	pid	Process
/data/user/0/com.tidezu.exabyte/app_bunker/Mb.json	4316	com.tidezu.exabyte

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

com.tidezu.exabyte

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.tidezu.exabyte

Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.tidezu.exabyte

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.tidezu.exabyte

Requests uninstalling the application. 1 TTPs 1 IoCs

evasion

Uninstall Malicious Application

T1630.001

Processes:

com.tidezu.exabyte

description	ioc	Process
Intent action	android.intent.action.DELETE	com.tidezu.exabyte

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.tidezu.exabyte

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.tidezu.exabyte

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.tidezu.exabyte

description	ioc	Process
File opened for read	/proc/cpuinfo	com.tidezu.exabyte

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.tidezu.exabyte

description	ioc	Process
File opened for read	/proc/meminfo	com.tidezu.exabyte

com.tidezu.exabyte
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests enabling of the accessibility settings.
- Requests uninstalling the application.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4316

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Indicator Removal on Host

T1630

Uninstall Malicious Application

T1630.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tidezu.exabyte/app_bunker/Mb.json

Filesize
944KB

MD5
6042c42af03f6b3dc8c2840c46e18272

SHA1
f42972b0ab7020dd7645b29defacdd2b5dbb4fec

SHA256
a0195f11d4a9abe20d00c271054eefb1a5dedf89339e5c2e63f0a64b27af779f

SHA512
79e79e508dd1db847d9e6301250afb40aef0efaacb86c6a4d5710bd1f94e7e91b723fada328591dbe22eeec32a8711ba5dc898ab32d7e359698fd469bd00c00a

Download Submit
/data/data/com.tidezu.exabyte/app_bunker/Mb.json

Filesize
944KB

MD5
c3afb26e7aa1e8d5b22f788ad7ba717b

SHA1
a9073c68b81c0777aad654339d96c504bb2b5043

SHA256
8294c78f37a42e441510d9219d879fc3f716c178d920a36d889c2f27dd32c16a

SHA512
bf317c40bc18691d50311e6331a8ba61369de0890e1e38996abcc84247ebc12362743699f80f4c6ee6c6934479425a978d5822836f3c7ea052f7d1758af6001b

Download Submit
/data/data/com.tidezu.exabyte/app_bunker/oat/x86_64/Mb.vdex

Filesize
36KB

MD5
44e600b50fb83d77c1eaa7b70cfabbf9

SHA1
d47a7189f41e1fa51435ecb61080b3ed845931f0

SHA256
c16e329f7ee3b92e6725a03f7ab6a6b4506254245b51103696c17ed35bcceb9a

SHA512
3a055a4c8691e6e5308ecd4b1c615f4191cf2bf70ce134355b33e9896c9da9764f1e39311ec4c64506b886fa175e0eeaa54ed552f19125bc1e90b9b825a5c31c

Download Submit
/data/data/com.tidezu.exabyte/files/profileInstalled

Filesize
24B

MD5
468892f5c2b4faf0ab59624895a7a257

SHA1
7ecd4d4814084511f4db40d527ec3adca8f3cfa2

SHA256
88669d31d84f6884092a94298b939060a4410cb30b3fae6b176156d4e0e72a0d

SHA512
ecb6b1ff87724d89a5f8dca3153350a7fc2494b54bf182704e8092f5fff16168c0a8c317e064842ce55bbd9b98817e2e36730f543af1ce5a180eb2624e2d7be7

Download Submit
/data/data/com.tidezu.exabyte/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
7d62cd7c2ea05029da672cc45b3a3c7c

SHA1
9b00d51eae06d2ca7ec52190111e887e76ab106d

SHA256
377405e8dc3a506b510506ef968c72658e9d4dc1c037fcc687c1d78eb0a3e731

SHA512
a53d298a08344d6309d40b32cb190d5c5a1ec20ba478be63dc52b2206e209b6fce761f6fccfc7aa276cb5aceab9f6bc26882192634dbb4e4dbbdcd71d6233109

Download Submit
/data/data/com.tidezu.exabyte/no_backup/androidx.work.workdb

Filesize
104KB

MD5
5016c962786a27bd634ef171819f1068

SHA1
5867062822ef57f51f3d9d3d64f5cbf080b745a6

SHA256
48e303c8789f2c92ba447ab323db4f6a2cd4342110d3be46487a4349f4f76f57

SHA512
1e13a5711649a4f4e5e35aa57666cf596a29f3a2ea6773d069e36bf2c5255b708b0192de7e3f7b762ad02348f107b0a2920e4e2b9dab812c7a3bc2a0e93bced4

Download Submit
/data/data/com.tidezu.exabyte/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
3bb8aa5594623c782b54d2f7a61eeb03

SHA1
158dc332b1f2dec22c0ad15f36c3a1c886d4b2a9

SHA256
810cf74ed5788ae4819ee0a88dbdfce7e3444f07359e655e42fe79e605ae6191

SHA512
be470ed437a6e408410bfc7676ebab6c795732d9e133366ce2c9fec3992d1090f70b4dfa5436d41465dca706fc1088cf1c553e678a9b8893525086cc3f68017c

Download Submit
/data/data/com.tidezu.exabyte/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tidezu.exabyte/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
af69ea02866c10393cbb57817bfb4eea

SHA1
22d7cb403017933e74a12e3da804f4a900c8ebdc

SHA256
2d3c208f381eb8641c28460ef167838fb12c20fa457cb97cf95a7f87cd46affb

SHA512
33e2a52e1c7265a63224f00e40ae57c075615d76339dc0a5c5d04d6e625d590970be2419c7ac8ac28e1caa8be251a75f0ac52e1fb02d415a8207aa0efba5bacf

Download Submit
/data/data/com.tidezu.exabyte/no_backup/androidx.work.workdb-wal

Filesize
414KB

MD5
d2b2bcf50d361873011873bf230da01c

SHA1
cbf5eccc85e5fcf8e4475064fee9c64afd728a71

SHA256
24a0b2514ab01954fe7fb209731dbd99c0b22ddf62ed11566282b8ad20d9853f

SHA512
66637dd34f6717d1438463b3542c9cfc81c8efa951b43001e5ff10181d0c982f26902ca1536018f79169fa075398e07806731f552e580c5e44ec0634fbe8ccb6

Download Submit
/data/data/com.tidezu.exabyte/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
92957e783930625dd6adc603e92e2d80

SHA1
499f594bb2420b9268da3984553b5566519e2ab0

SHA256
a9b39a78ec2d7e0eb6a7917e74acfcd2afc8194c96fa97ee626c98c5fada2f00

SHA512
4fcac90dc06368870a7935317ba6ffde228c618146921caece11f39981d5bae9b3907edb19945909c8349445a92098e5e2990b2dffd24a87d23f6b4530f43499

Download Submit
/data/misc/profiles/cur/0/com.tidezu.exabyte/primary.prof

Filesize
1KB

MD5
a764a1abd677a2d34fa073c40938648e

SHA1
97c6d76371f2812e487361bff316d1356a37787b

SHA256
e7adc9f59a719113db0c4c5eef461e5edf68444151a862f020bdd1662e7134fd

SHA512
60d2edafb2d3f434069abce1fcc5a6b3a09fa257889144b9cdce06f75363fcaad929b7ef13bc3bc0e4747b478942b1604500befb499d9572dcc573ac1c281139

Download Submit
/data/user/0/com.tidezu.exabyte/app_bunker/Mb.json

Filesize
2.0MB

MD5
0edd7a71e7d6108c5bdb05a1b019408a

SHA1
f1990fe3c97a703f4f47031c2b854144792e97a3

SHA256
b5775b7bf2208a5dbddefd87f65fa13e5002546ef0b2df7921c2c12fb5db184c

SHA512
e78153524c713ffabd25745a903c551ea219c86f5444def6db2742bbd49cdb5e7f04c48684b204713c5b3afc6b9d3bd363a64f72b656e2367cebcb8289c9418a

Download Submit