antidot | 9e010345c827e0b37ca14b42f371c0fc1a98d1d5f94015df3c0105a6e0a1d787

Analysis

max time kernel
149s
max time network
140s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
24/01/2025, 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Install Pro.apk
Size

8.0MB
MD5

fa02951bd5e0f0a662cf739b84a99ec3
SHA1

7b172ae5f07b9c4e2b896a454d89fe46704ddab8
SHA256

9e010345c827e0b37ca14b42f371c0fc1a98d1d5f94015df3c0105a6e0a1d787
SHA512

9a99f6692f814f83becff95f797264f19ebd862b1c4b2481b65515bc9fe440b45f6f1fc6056a2906cd06e8f795f0c61daaa4333584d2735fb72c0790b34453ac
SSDEEP

196608:bYL5S4NfXGhTuZFlICl/JISinxlrzuFF+QIklWwp:MSI2duZfTTISQFTqlWk

Score

10^/10

antidot banker collection credential_access defense_evasion discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral2/memory/4944-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.hovupe.debug/app_diesel/PWq.json	4944	com.hovupe.debug

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.hovupe.debug

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.hovupe.debug

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.hovupe.debug

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.hovupe.debug

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.hovupe.debug

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.hovupe.debug

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hovupe.debug

com.hovupe.debug
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4944

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hovupe.debug/app_diesel/PWq.json

Filesize
626KB

MD5
cb090b0000874580d0bbf7ff72acf39a

SHA1
80976e3f192c5c47b643dac9b5a73a65e53ca244

SHA256
a8dee73a8eb09592bb05c373f532bcdf68b2cb389425979ad5cf58b61ea93bee

SHA512
5c465291c3c116f27a9481906b39d28b6601efdd08e0acd57a73dc47b80a173e76e07c3009aa6c6bfcea1615892ee8f83e74b3ed128b38b27f07c237bda8e854

Download Submit
/data/data/com.hovupe.debug/app_diesel/PWq.json

Filesize
626KB

MD5
adc5efbaeb2ec86084d9290790bd3f3a

SHA1
af3007b290fa926557d7feaa3902fa406379b3f0

SHA256
4e05da6df5ca12f78caa037b0dfca18a7b647533abf719e9dfeb15cbeb112420

SHA512
0a24e4beeb99b83d95046845b9107a94f7c84cb3ba5a6bf5b73f82f641aae5674e98edbae4783eb0906cfaf1083b6057b2b4dce578269d2cdf71ccd52edf425b

Download Submit
/data/data/com.hovupe.debug/app_diesel/oat/PWq.json.cur.prof

Filesize
2KB

MD5
d4d417665acdda9160703ac65958f0a8

SHA1
e04587900d1d53843298dff4b4bf1f1c1f57234c

SHA256
6412ce0790f45a357ee2368150098836ceaa10ca447160270a630e4173b7fbb2

SHA512
482bc29cb8719a43061a8e907644175794b6f4d08eb61bfae0b859c8050f455fb21eae7c16d664b708e3c76c300c41bef838e4b4eb459671772d9f823bafe2a9

Download Submit
/data/data/com.hovupe.debug/app_diesel/oat/PWq.json.cur.prof

Filesize
2KB

MD5
2b4214df8ece24dd8b1f5e0f3d89c632

SHA1
d6483e7e87f63732aa678d3b785037c1bccbcc0b

SHA256
3c423f8228d200f82db8b062b02760fb386628570b740d7c53901585eca98296

SHA512
80adbf729bb2392743981d46a29c21a6471d334631ba57c19ef5f343421570fe9fda374a68f5cd83f614fa42daba58266c73342e3f1ea20d5e1b2fa0d7c095c1

Download Submit
/data/data/com.hovupe.debug/files/profileInstalled

Filesize
24B

MD5
b42eccbd86ff55bb410d51bbefaef7e7

SHA1
7d9d4a9512b2bb7f8300205a396f69b9d2baac2e

SHA256
a1f55f2ef3bd841f093730ef8f5ae7f545939eda922997799027db08347b7bee

SHA512
53d0325f10db96b69cf3ceb26569b8837d0ef0e6ddea4803a89e411e54963b69b196ae4ab070a27e933c529e7fc7079e1a47941cf1b3f01d540dfc1721366daa

Download Submit
/data/data/com.hovupe.debug/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
bb9e0fc08752dd004bf573a745d95e9e

SHA1
e321080b4a69000ed6dd23b9e2cf5eedb35088f7

SHA256
8a8bcf6fa635bdaa8504de4dbcbf4f66169244cba7af93b7d981bf5a5f7423f6

SHA512
6cb3a52b26bc05e559d53ae20a6ae11e91d2915db45d18c7002098b0de57b0304bf78068b1e70b3fc624d12551aca4b77b1914c07113fce983c744453b30c4ed

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb

Filesize
156KB

MD5
3889dfb4dbb2f81dd1d3f157e494e6b0

SHA1
7c31bc08adeeb68db3a3b8c127384750eb8561c8

SHA256
fbae60c1ed458fba83196ae1cc12f8fc235f65c067c6f337b8ba62f4ee77e07d

SHA512
d53e0e1fd92cf03ce2a5460ceb1337bc390d37f0d4b89b5cfc9c229a4f88958200e41e9f1c5278c267631e19b7b77905c92a3be677386a9289cafe6d4148a04f

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
2f73eb57a7184b8334742b8d920378b7

SHA1
6389ebaf74a8ada9127398f7a5a531b41e8c391f

SHA256
7a9d6abe9fa8bba258b8b9ee1b032c189ccf84f5d5ec1310b22de0ddc260ee17

SHA512
de1ec3c7ffd6dca7198bb5fe8a15c15e1d2b77f5de2f086bc9f95658684019bb0baddf28d88daaee1f31eb7bf6a0ee8f143db10fc4ff409b8e8aaf31c717ef61

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb-wal

Filesize
426KB

MD5
fd7e8c48b5de048dbeb7a76f3259061c

SHA1
cf803519f66eb092920249827842cb0a4a580931

SHA256
d07d5b0233db32b058898a264c9fed610df2410ce70acd5f4dee19c63f3fb88e

SHA512
8adaee1b5c5f3508ab944610e1951e4e3e07bc7595df9c0542d4449d7108f4d61cb7cdf266d9fc3f5cc9b2733312a37c4641ce460e5e5cbf231ef7f7c56c7597

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a76690d7701d945b44574c9423f5f314

SHA1
dc0ab0209b811531a74824b9ddb90b3e9085ebb0

SHA256
3cf1054953d7f527dfd735b5f978ab9bb595138ad7c81a267d077af66f6784fe

SHA512
99d526a768bec5588c8390a7ea8cd5d9f3f7c6c5c37285a38a2b8d40bdd9b41f55c6cb06a380852620c989b2cc4707ed9ebd4abf80466316849425a3a8524011

Download Submit
/data/data/com.hovupe.debug/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
a87d13183541a07226c5a4829d8bbd60

SHA1
6e92b71d236a8c45c320a631acaeaa59012b430f

SHA256
73621bf42bf8bbf2359cdd37784b674ee64dd188b709af7273807b2969362635

SHA512
f8e38d4492fce252828788db81e3e4c4cf54b8bec28872b2997c24e835c0b61dd901f16242949bf1411132ad9874e3359301aaedac895dc87ac65545582eb3df

Download Submit
/data/misc/profiles/cur/0/com.hovupe.debug/primary.prof

Filesize
993B

MD5
e08f2c4cfb12b543e76b69ac0e61e290

SHA1
7817f42eb783a87f4f05a50585b7ed34c42fbe1b

SHA256
7f2dc168f72ecd792074f5a67be81a85462529eee044887aa38f2855708e9755

SHA512
87638c589b1f61b6e4cd486288c00fbcb3a5879a06b720600728ed834b98938cd01667db76e011829894d19e4cf0d32b670d2a2f59e291b59beb32325d1cb3e9

Download Submit
/data/misc/profiles/cur/0/com.hovupe.debug/primary.prof

Filesize
201B

MD5
ce324dda790757600b23e3b1328136e7

SHA1
8422c18d8de03e9124534a71bbb964b892f72c3b

SHA256
aea285562a54e608560b63e681403e6bfccf9a915fed38b2162b2e5b1d8926b0

SHA512
99faefc36be51f88abaa794e8200520e711404711947a9920f4aa1c10ce4891d09ef7133faaf5f39db43efc5856f2c747c7e30a8bb9beba15e5c34598e8ac99f

Download Submit
/data/user/0/com.hovupe.debug/app_diesel/PWq.json

Filesize
1.3MB

MD5
2ddba57374fc59d600b24cae73808dff

SHA1
9e64c38c6c14cb3285031b7e4a749d761304c439

SHA256
2f4aca822c8ba712f5d173217de76410a3cac39e953a17de5bb4c38c47d4fec6

SHA512
a540508376c19818e79b3c203d3ce40d53aa10b56a6a2c55a638c25486208793bf8d8d2641c618abdba903724f032569661ca0b840cd602ab6805d73f1b7cd19

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads