antidot | 9e010345c827e0b37ca14b42f371c0fc1a98d1d5f94015df3c0105a6e0a1d787

Analysis

max time kernel
17s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
24/01/2025, 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Install Pro.apk
Size

8.0MB
MD5

fa02951bd5e0f0a662cf739b84a99ec3
SHA1

7b172ae5f07b9c4e2b896a454d89fe46704ddab8
SHA256

9e010345c827e0b37ca14b42f371c0fc1a98d1d5f94015df3c0105a6e0a1d787
SHA512

9a99f6692f814f83becff95f797264f19ebd862b1c4b2481b65515bc9fe440b45f6f1fc6056a2906cd06e8f795f0c61daaa4333584d2735fb72c0790b34453ac
SSDEEP

196608:bYL5S4NfXGhTuZFlICl/JISinxlrzuFF+QIklWwp:MSI2duZfTTISQFTqlWk

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4467-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.hovupe.debug/app_diesel/PWq.json	4467	com.hovupe.debug

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.hovupe.debug

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.hovupe.debug

Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Intent action	android.settings.MANAGE_UNKNOWN_APP_SOURCES	com.hovupe.debug

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.hovupe.debug

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.hovupe.debug

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hovupe.debug

com.hovupe.debug
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Requests allowing to install additional applications from unknown sources.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4467

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hovupe.debug/app_diesel/PWq.json

Filesize
626KB

MD5
cb090b0000874580d0bbf7ff72acf39a

SHA1
80976e3f192c5c47b643dac9b5a73a65e53ca244

SHA256
a8dee73a8eb09592bb05c373f532bcdf68b2cb389425979ad5cf58b61ea93bee

SHA512
5c465291c3c116f27a9481906b39d28b6601efdd08e0acd57a73dc47b80a173e76e07c3009aa6c6bfcea1615892ee8f83e74b3ed128b38b27f07c237bda8e854

Download Submit
/data/data/com.hovupe.debug/app_diesel/PWq.json

Filesize
626KB

MD5
adc5efbaeb2ec86084d9290790bd3f3a

SHA1
af3007b290fa926557d7feaa3902fa406379b3f0

SHA256
4e05da6df5ca12f78caa037b0dfca18a7b647533abf719e9dfeb15cbeb112420

SHA512
0a24e4beeb99b83d95046845b9107a94f7c84cb3ba5a6bf5b73f82f641aae5674e98edbae4783eb0906cfaf1083b6057b2b4dce578269d2cdf71ccd52edf425b

Download Submit
/data/data/com.hovupe.debug/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
74b76954189a70332bcfe9dabb3d724e

SHA1
7fb5d571996265299954d796b5f8a1b7ed140f32

SHA256
dc286e795da41edfa6e33b8b610270b96b29d1eab500132d2abe20bc478e2ad9

SHA512
ec079746610b6ac1eb76b3e9c530f8f2ed58c63dc4cf2c9192b043bfdbfd93ba8ceb4d58cbfee999819837f2d4e84964e083fecda25a58d3b243ab9229c0e9d2

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb

Filesize
104KB

MD5
623034ce377e631e4900388c3f69d8d8

SHA1
ab00ad250adbda0c1839f632750d4bc0f8df79c6

SHA256
3cdfadf3d28377ca77c3191acd099fe0b56ad1cdb3593bd0b21080ae27c40aa8

SHA512
6c57d28a60838ef6d9569fd1077dc0545b259689c621aa43fc7e81c2cc52a641109590ccc24dbb03bfce03273ac5534d561811a7246b7072d4477c7a29acc86f

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
773ae41c5980e33ec2ffaab7967b9d22

SHA1
5c7a02b74907cb3d625dda726397528c742f5cf8

SHA256
2811b315f1d71c2d0fcc5bdfd50dd3541adc18252cc417cc699f426c44fedf70

SHA512
2eea024d5c26e5e0c00df80eb0705979de584cc90df71089bfbbe3814bcb1339081955be63333acb91dfeacd74866a14da182aec92e27775b8abd49c56266ce4

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
fd2f7ed1b851d7d5d01bd7936cf73020

SHA1
ad1d28a6178bd23ba67ad00b9f5df38639c9fb1b

SHA256
1c7899594bc77a5d7dbda6e9d3d1ff6321d9dd5041bb3c1704fd21741cee5c3e

SHA512
b41c23b471ce54752bcfd8034b6fba0c7a5d2118f97276063b3911600133eecfbf52fbd9772561c45d49124dd5e8c70b40f8db1d8fdd87aee886e3e48f2cd2f8

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
c9455157a5ebb71118b917ef9d816abf

SHA1
a9dbc76af9e0d23dfbaa1b41f85de4094e08884e

SHA256
953ad98ab50067d34e857b7dd07ccec56e7ef56040ccf9c054cf517e8df6787b

SHA512
129c80ad0ac6df210cafa6c81d64f8630f9b5d6cad58826f42ce5e9d5eb1d72ccf2435723fc36de7f619384df72334626ad98fd60eff0b70e0eabec0a2cb18fe

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
691fbc4117d51ff5bbb4c6b6705f49ce

SHA1
05c922c8877ffe5bfe930b474075c4b7dd053bed

SHA256
c97affe7bd74505952e70760f3366ea18ac6a2c255da51ce4f2012b5aeacf8e5

SHA512
210fcb5edc701902b038b62735f645d2f7812244ed7650cd22b890352c15c2e3ef76ff80004930fa06c8dd6efe39a59b1a92908942358b0fa73d8c1f81b96eb3

Download Submit
/data/misc/profiles/cur/0/com.hovupe.debug/primary.prof

Filesize
993B

MD5
e08f2c4cfb12b543e76b69ac0e61e290

SHA1
7817f42eb783a87f4f05a50585b7ed34c42fbe1b

SHA256
7f2dc168f72ecd792074f5a67be81a85462529eee044887aa38f2855708e9755

SHA512
87638c589b1f61b6e4cd486288c00fbcb3a5879a06b720600728ed834b98938cd01667db76e011829894d19e4cf0d32b670d2a2f59e291b59beb32325d1cb3e9

Download Submit
/data/user/0/com.hovupe.debug/app_diesel/PWq.json

Filesize
1.3MB

MD5
2ddba57374fc59d600b24cae73808dff

SHA1
9e64c38c6c14cb3285031b7e4a749d761304c439

SHA256
2f4aca822c8ba712f5d173217de76410a3cac39e953a17de5bb4c38c47d4fec6

SHA512
a540508376c19818e79b3c203d3ce40d53aa10b56a6a2c55a638c25486208793bf8d8d2641c618abdba903724f032569661ca0b840cd602ab6805d73f1b7cd19

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads