antidot | 9e010345c827e0b37ca14b42f371c0fc1a98d1d5f94015df3c0105a6e0a1d787

Analysis

max time kernel
149s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
24/01/2025, 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Install Pro.apk
Size

8.0MB
MD5

fa02951bd5e0f0a662cf739b84a99ec3
SHA1

7b172ae5f07b9c4e2b896a454d89fe46704ddab8
SHA256

9e010345c827e0b37ca14b42f371c0fc1a98d1d5f94015df3c0105a6e0a1d787
SHA512

9a99f6692f814f83becff95f797264f19ebd862b1c4b2481b65515bc9fe440b45f6f1fc6056a2906cd06e8f795f0c61daaa4333584d2735fb72c0790b34453ac
SSDEEP

196608:bYL5S4NfXGhTuZFlICl/JISinxlrzuFF+QIklWwp:MSI2duZfTTISQFTqlWk

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4239-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.hovupe.debug/app_diesel/PWq.json	4239	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hovupe.debug/app_diesel/PWq.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.hovupe.debug/app_diesel/oat/x86/PWq.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.hovupe.debug/app_diesel/PWq.json	4214	com.hovupe.debug

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.hovupe.debug

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.hovupe.debug

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.hovupe.debug

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.hovupe.debug

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hovupe.debug

com.hovupe.debug
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4214
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hovupe.debug/app_diesel/PWq.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.hovupe.debug/app_diesel/oat/x86/PWq.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4239

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hovupe.debug/app_diesel/PWq.json

Filesize
626KB

MD5
cb090b0000874580d0bbf7ff72acf39a

SHA1
80976e3f192c5c47b643dac9b5a73a65e53ca244

SHA256
a8dee73a8eb09592bb05c373f532bcdf68b2cb389425979ad5cf58b61ea93bee

SHA512
5c465291c3c116f27a9481906b39d28b6601efdd08e0acd57a73dc47b80a173e76e07c3009aa6c6bfcea1615892ee8f83e74b3ed128b38b27f07c237bda8e854

Download Submit
/data/data/com.hovupe.debug/app_diesel/PWq.json

Filesize
626KB

MD5
adc5efbaeb2ec86084d9290790bd3f3a

SHA1
af3007b290fa926557d7feaa3902fa406379b3f0

SHA256
4e05da6df5ca12f78caa037b0dfca18a7b647533abf719e9dfeb15cbeb112420

SHA512
0a24e4beeb99b83d95046845b9107a94f7c84cb3ba5a6bf5b73f82f641aae5674e98edbae4783eb0906cfaf1083b6057b2b4dce578269d2cdf71ccd52edf425b

Download Submit
/data/data/com.hovupe.debug/app_diesel/oat/PWq.json.cur.prof

Filesize
1KB

MD5
bf18828d90934627c5b9bc5262d866b5

SHA1
677bcf55cd837cbdf8c9db4606b843b32373a878

SHA256
ddc6adb5c450dc9a8b3cd92800051a97860aa9f29fa7b196cfebe43e4183beba

SHA512
b7add2ac5b553fd1ac01c25cc28b5f0907ddc012bdd5751f9189813a69da7cf19b611aa1bf8c6d07e51be9a2e037ed8c36bc81e322ecd94ede2992862906f0b4

Download Submit
/data/data/com.hovupe.debug/app_diesel/oat/PWq.json.cur.prof

Filesize
2KB

MD5
19f97a2fa295a09d94886f446fcd4c04

SHA1
003055c05a739b65336e9b629befd9acb578356f

SHA256
a20505c8468c8b79e5ae71402680b9b234b48de5d95ee5d9caed2659f80e2d19

SHA512
ec285a27e19985b5d05648709325fd31ec5d8220021b4eec939decb3b0c20c13fa69cfd49f2576312c72f88a6d6d9821e4f0e9d0ec3733103e1426d61c9a3ed6

Download Submit
/data/data/com.hovupe.debug/app_diesel/oat/PWq.json.cur.prof

Filesize
2KB

MD5
90dcd1386a404b3ac0b67a565b53453c

SHA1
baa26a7f21814d25a0019fc367d63a4bd4602527

SHA256
a0fd17eaadc9d03bb775525c334003a72d577a4397fb97dab02687c7ef396f1b

SHA512
483db1fd0d1dc53ffeb96b153db423409ae18a10f4fd190cad50c8092dca0a7fa527cce5212d0663a2daa523eca250f38e28d87562f5d898f78ac60b7936e635

Download Submit
/data/data/com.hovupe.debug/files/profileInstalled

Filesize
24B

MD5
27b1034e3d57b64ebb0c4cb8d7d5d9aa

SHA1
70c1eea40ed9cc057e80b82f26e7f69b0a804dba

SHA256
e0b2a8f4a9107b4f519d4747b1ae4450a665bf7c5254a0bb34c0d4950bb07400

SHA512
61a0f5d6c00f94eb231602a6d887af1f2539b0d22936a34a9a464487d0722734ce498fe0334149d3cfd03dad62748be4fbda6af7bc388df211f4a0267875ad27

Download Submit
/data/data/com.hovupe.debug/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
77728d642f9711ca71d6c8b50b4cce81

SHA1
9b9ad8db78688e21631907b9d986e0fef36ce6e6

SHA256
bd3de7b3099240450a6bb8570d2a81f5a9d93356f1ee0ce8b975e97ee65e213c

SHA512
5058f3d2e82fcee4cfb5ee41f534bb0553d55bf51139b10fca21e41eacafc78db2d8d5e7796b002433eaf5a1a0635e4901954414060f66e92bf56aac7e7e3e0e

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb

Filesize
136KB

MD5
e0dbec451450f7b541cafa305b878a4e

SHA1
feb9489de26ee475444885cb76318c417e0ce97e

SHA256
4806000b64ff5481939941f23c9d0b2dd95be24c461006ed56defaf812eb84ed

SHA512
db6976247ba59217d04e5f4af35f1159c1bd4742df74501ca049a0b477fa008b941bac7c1daf2e5ddc5a665fedbe6337a51be9eb894999a38198647bf1a8cf0c

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
ee577f647ba7f7145d4e1c79366a0269

SHA1
c7fbb23edc32ed62e5eb0e3d1633c78f204c1845

SHA256
0cb00aca57ab27746702231220b9c45618ad76f86acce3a1821c1af6fe11b64a

SHA512
6961cace71611bc50c26287dee97325d7e78873e06740ca33182d4e7c454d050f94ec7fef38d426fa8d9205e7e35cc43f42b7c09cfe2e896a8cb9194ac919613

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
539979bdccf5726891d847b62c8617e6

SHA1
8d735192ec30fbd381ac368f74d0a319738c0414

SHA256
83d5fd77727bb3b5eba403fc6148aeebe50bf76d77bfbb91c6fd57d83c5b6157

SHA512
40f8e7d3940a4cbdf704dd7b67e42a5ce6d4fe14db6670e5682fae46792812747df6e8ca4e5ef686b669340125495f8b0823dd2ac43050a5b8f565454c7836d4

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
cfff2f39f1f3b532b07da657bae0e3be

SHA1
9ee3460cd95ed1d75ea3de3687ccad3e25fb8e2f

SHA256
ac9289b2be28deee7f256a9eae77213cfe8551c68e1431bb1cfa539cf2e0949b

SHA512
99f16bdb6f1fdfcef4529115ab7eb6e42a63c5272dbf109e1a089b56d06f63119e4c4f41b1e643403e14e8f0cf457d50d7a8c451b074ad5c04855b3f8c8e6696

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb-wal

Filesize
426KB

MD5
998b904a5da2749c7fe9a22793802753

SHA1
9e61cd7f20ac7f281f4ef527802d342ed9525177

SHA256
88d64b512bd2807aec037a4a7378b90b8a738f1204eda012cf58165d4663dcd1

SHA512
73ec57e1cfac5d042acfbd4d58ecf69bff581a5ae01cc7490acc579b89b3a0f0473adb93b0ae76d664728a7c9c5a05b1e74158276f7a8c1620f84c480f57fd2b

Download Submit
/data/misc/profiles/cur/0/com.hovupe.debug/primary.prof

Filesize
993B

MD5
e08f2c4cfb12b543e76b69ac0e61e290

SHA1
7817f42eb783a87f4f05a50585b7ed34c42fbe1b

SHA256
7f2dc168f72ecd792074f5a67be81a85462529eee044887aa38f2855708e9755

SHA512
87638c589b1f61b6e4cd486288c00fbcb3a5879a06b720600728ed834b98938cd01667db76e011829894d19e4cf0d32b670d2a2f59e291b59beb32325d1cb3e9

Download Submit
/data/misc/profiles/cur/0/com.hovupe.debug/primary.prof

Filesize
201B

MD5
ce324dda790757600b23e3b1328136e7

SHA1
8422c18d8de03e9124534a71bbb964b892f72c3b

SHA256
aea285562a54e608560b63e681403e6bfccf9a915fed38b2162b2e5b1d8926b0

SHA512
99faefc36be51f88abaa794e8200520e711404711947a9920f4aa1c10ce4891d09ef7133faaf5f39db43efc5856f2c747c7e30a8bb9beba15e5c34598e8ac99f

Download Submit
/data/user/0/com.hovupe.debug/app_diesel/PWq.json

Filesize
1.3MB

MD5
4571f4f865f123e359ce506701681f9a

SHA1
41734262dab3d7f077d9ff29bd7ba7aa384bed5a

SHA256
c76b087a8616dda3d7d5b699274c84aa7abe4d2aebb3987b818b31305935ab02

SHA512
9435e568340f84b9e90127c703ba6b40525647ae439268ecdda7232be3446207779d1fea0a024f910c5b4d409aa4857caae729e4730f47f427ca20d2d12a96ef

Download Submit
/data/user/0/com.hovupe.debug/app_diesel/PWq.json

Filesize
1.3MB

MD5
2ddba57374fc59d600b24cae73808dff

SHA1
9e64c38c6c14cb3285031b7e4a749d761304c439

SHA256
2f4aca822c8ba712f5d173217de76410a3cac39e953a17de5bb4c38c47d4fec6

SHA512
a540508376c19818e79b3c203d3ce40d53aa10b56a6a2c55a638c25486208793bf8d8d2641c618abdba903724f032569661ca0b840cd602ab6805d73f1b7cd19

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads