antidot | 9e010345c827e0b37ca14b42f371c0fc1a98d1d5f94015df3c0105a6e0a1d787

Analysis

max time kernel
140s
max time network
146s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
24/01/2025, 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kovobopipe.apk
Size

8.7MB
MD5

02af81325aaddd54feb7f0e8fc84ee7b
SHA1

3161e43ca8dd405de2df79eb03edc601b52a7ec4
SHA256

e8bad4b9a036d34bd196b09ad1ed225a94b46e6b7d41ccd250281208ed87b040
SHA512

8f194cae88c8759545bc1456166478e66b5f23492652088de9504b6b2612e4d0227e1133f7a21cd8301a158b80718a32206c86ab120de10a80bd680f6f74c807
SSDEEP

98304:so/Kr2VeTADQyKmLqUoDp3j8qkG07zjaY5YZBPxeV2BUsCYsTh2ieSyeTgnrSs+:BeTADQX0at80vZMPfn0YErSs+

Score

10^/10

antidot banker collection credential_access discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral5/memory/4968-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.nemuwebexe.address/app_chair/kwusiN.json	4968	com.nemuwebexe.address

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.nemuwebexe.address

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.nemuwebexe.address

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.nemuwebexe.address

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.nemuwebexe.address

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.nemuwebexe.address

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.nemuwebexe.address

com.nemuwebexe.address
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4968

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.nemuwebexe.address/app_chair/kwusiN.json

Filesize
949KB

MD5
254b588682b5c750660b91ab03f26869

SHA1
2efb70710eb70785ea48713b4ca03b1d481faf6d

SHA256
85725d73debea23a1ebc06799b4235c45cb1d001b9ca3254cd9a89c4911517d7

SHA512
f688c55c96cb1c5d231ba7aedf04d5998b8c2f521c2bcecd7acef9cba51e01017429d9d5a98f22b51538d4ea43d7836a3094b7a12a815bf122a4d46f233dd743

Download Submit
/data/data/com.nemuwebexe.address/app_chair/kwusiN.json

Filesize
949KB

MD5
dbff78014cc2cefe06032c4537b6fbd5

SHA1
ca02f8c265bc2a67215f0bbe42cdfb0ecab65375

SHA256
025523db1f46f1868210882652d7ee70bc0bbe53e7a1150476f2cd8a5394afcf

SHA512
ad6a9e3f5092db9bcfa88ad2fb8f152d8656ea0d680e7e677883be17945f33b71db19bdb2a2f1409b6ac7984921689008c8f812555b2b495b39f6b74c46632e3

Download Submit
/data/data/com.nemuwebexe.address/app_chair/oat/kwusiN.json.cur.prof

Filesize
3KB

MD5
350baeff68cd8a17a911e0b3495fa256

SHA1
e62b4e8770e4beec18a64914b003af603f2a7d76

SHA256
1ea86b9c1e76d903d97b976d201e3ae3f76e73569cc8b53e1c8ba6c99011b9da

SHA512
a69153b5f42940068e65c4774d77368964f83d17760acfeda4b2ae1e241f9b1fa9a8ff136040426b2f4114aeba020326843aa7484085af619b8683ab1123e2ee

Download Submit
/data/data/com.nemuwebexe.address/files/profileInstalled

Filesize
24B

MD5
77ecf80941d691d070a2a7faf2e322d1

SHA1
3852db8875fbde6dc7b8740d0ee87031c99ba9b2

SHA256
04765df77bb94ad11ba1489dd3e720a51d8f5856f1b8e460f9c3b2edbc4caab4

SHA512
ad5857878de10abdde4491d9bc98ef30d933bfaa3b7bb015f53790c262c176904ad6f474672cb6bf63b0955aa2ef695c14ba453d778e2eb1ac8273a471727516

Download Submit
/data/data/com.nemuwebexe.address/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
e8fb1bad260c43b5400b25ff137f561a

SHA1
a4c89a1ed009868c5219232e3cb0967ae2cceb2a

SHA256
98168d02b287873b1df9300398298cb2f1b74d65c3b5c8e6c22637dfe85866f2

SHA512
5956bad665fefbc60c028cfe1bec44c01e54cca8e7c9ec29b0d1071a71907424c9a4596ca98cfe20dd7abb0ec882f3c3a00191df4247276ffa26660ebead8d02

Download Submit
/data/data/com.nemuwebexe.address/no_backup/androidx.work.workdb

Filesize
104KB

MD5
3f4b424bb59ee951a611c75ca4f7bbd5

SHA1
2456d66a876de0f654c679aef6459f2f17218d87

SHA256
dcc559cadeacab01d1ade509fc230e7e645a71339e967a46da822fc3296c1a4d

SHA512
8fa2aaabef317fb1e97bbea37d38430d63c448935734a8956c3eed913c42c6d90e61746ef4b95a284f36b818452ab7cc546f4b3af337d1e48fe913a828e7ef49

Download Submit
/data/data/com.nemuwebexe.address/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
9c57e588e1e46779367c3b5bca5191e6

SHA1
c43675c140749ad7693d3c6fd867e9f763cc82c5

SHA256
adccfa7ee23fdc455318052d3e2461670c14aec64f77a4d2526032660554718f

SHA512
637f2edebba79596c0ac943229178cb881c1b3a45acc722aaf9942202d2985a83efc33a393a6aec1c9815a2422f2f25a4119bed3d74f9e662a713ea4f3dfb38f

Download Submit
/data/data/com.nemuwebexe.address/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.nemuwebexe.address/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
831867c3b66c2564c02bfaf1d9e1046d

SHA1
cb85538c9018d1a96069f781e3506a8a61f02865

SHA256
9ad0d5a28846228b4de23f1eccad5e32e5c6a890cc20d85f9232398aa7f31253

SHA512
38d3bbe57c2ec0554bb3662324d8e60e86c27f1c0ec7975ba64501513f2b60b1b8039ca4ac61bab61f68978db2cbb9f77b6f7cb61223b0e111ad7e81e7b21807

Download Submit
/data/data/com.nemuwebexe.address/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
4fc71f667d6efd5ec72b2101a99fb33e

SHA1
036147ed43a1e3e49d4c1508f35e5e456a16e770

SHA256
748d0357ce1719f7a26a1aa6ea46976e08247e863a1603dab3f0a0c70a4ac5bb

SHA512
1b3da201d9229890aac86443feef3d7b4a82da07a787e9550e7438e9504b5a816683d3fc8b61c1704f3d5780b2f3bee22bdc2ab0d32d9ad74c7eaaecec2bff5b

Download Submit
/data/data/com.nemuwebexe.address/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
4d97997c51207f19721b1966bd6a8dff

SHA1
aed35c6accf67aba584fa363e45c1182da94fde8

SHA256
0c07e7cc015b1d2ca936270ddc70b243a52209ff5f1a69f7df08186a9993f672

SHA512
55b9ecf8eb7d6b0962157ac6cf2d3738f9d6b0f75b95a693c83b228691e3dc88224c569181d2ccb808ac4d2e4f4b469c1920882027e502d696249333f59f7850

Download Submit
/data/misc/profiles/cur/0/com.nemuwebexe.address/primary.prof

Filesize
1KB

MD5
7eb5d81ed2323308d49d03673b9900b1

SHA1
0f90f803e36871d649140e50ecbc5da3f49c6d4f

SHA256
91cc83617647094d051b6611da7a89a2d3c681b654daad736eaf55538dc90d97

SHA512
e938e87a7edce750af151d57d40bb15181000bcf33ee8fcafaaf6c32cc19fc02da74ccbf025fc9a2f198f2ee1bfdd1f032aae6175268547ae88373aa24168bee

Download Submit
/data/misc/profiles/cur/0/com.nemuwebexe.address/primary.prof

Filesize
178B

MD5
947879686d96e19345da717c593618a4

SHA1
109b107060a545f5915a582d680ec7b2b46ed773

SHA256
8d9c92da9c2333179f158f34684b94bfad21c64740d95ebe4715d3d025d52d08

SHA512
c3b87b7d22a4d3e69f78c9163745e7f294820bd2b7ad2c3b5b1fbcb8ff994e4f864597377734547f3027485561f71be5be06f555aca35f158da5436aa04590a1

Download Submit
/data/user/0/com.nemuwebexe.address/app_chair/kwusiN.json

Filesize
2.0MB

MD5
a3387bde9897ff87c15d2d12693f5fe0

SHA1
e58b46892df1c51363a193ab3d732aba4b045463

SHA256
3fb8284d341271ba0d1227dd41e87e07312cafb2c98d8b6b9666c7d17c77822d

SHA512
457b30af651d6efc9636ea498bef9a7dc3d10added39927caaf238f5a86fd642a807457e7edbf2429732e3e1a46ea1696c255d90e7e66755ac2c8477ac03c74e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads