antidot | edcf2f02a491fab69c3c18610c9d72966567c632ff4d881e4dc6d7154019d8e3

Analysis

max time kernel
149s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
24/01/2025, 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ChromeSetup_v.13.06.11.apk
Size

9.4MB
MD5

a46b20b8a7bddbd0adfd01654f456c09
SHA1

c9681ad05915a1db4d7182c2b6cd0c8eadb4b480
SHA256

edcf2f02a491fab69c3c18610c9d72966567c632ff4d881e4dc6d7154019d8e3
SHA512

4cb2a5bd66f2566f1f4a81eaacc40d744ded9542d519187df96ac7059e6ecb33976ab7aa8d6a3bc1327517e1f911d3af8e6cff292a93d517ba79fafeb0080a76
SSDEEP

196608:wEYBfTwwaC4vfd3UPfhCYzlQMufB2rJxs49XdhCrj4QzO016:dfC4v1WvdFxs49azO+6

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral4/memory/4273-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.fiwuyedite.library/app_arm/jyLgGqe.json	4273	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fiwuyedite.library/app_arm/jyLgGqe.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.fiwuyedite.library/app_arm/oat/x86/jyLgGqe.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.fiwuyedite.library/app_arm/jyLgGqe.json	4246	com.fiwuyedite.library

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.fiwuyedite.library

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.fiwuyedite.library

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.fiwuyedite.library

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.fiwuyedite.library

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.fiwuyedite.library

com.fiwuyedite.library
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4246
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fiwuyedite.library/app_arm/jyLgGqe.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.fiwuyedite.library/app_arm/oat/x86/jyLgGqe.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4273

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fiwuyedite.library/app_arm/jyLgGqe.json

Filesize
626KB

MD5
4f85ae2c0f7f1408e0f9b8790325922f

SHA1
51b117d5eaf51d63f12174cc9b1ae534af3b4dbe

SHA256
d5b423e2970c4c40f89c13fc1e56bff67ecbc93339b54022d77dc4af8c23fbbb

SHA512
917264d09ba8919436f614522e2f0dc2e1449c31c5eb24abe4fd99677589f0e5d6a9766aa6c8c6422215d34d7d1a329aeae76b6fee5232b850b89492c6f29e4c

Download Submit
/data/data/com.fiwuyedite.library/app_arm/jyLgGqe.json

Filesize
626KB

MD5
82d6938a1fb512da330721ed0fa597d9

SHA1
630d2d9c00d4cec03a4f6553d63e4b5f6856d4cb

SHA256
1c13d4279dcfeaf1604f128666beb1e786ce537856e47e9968a53b611010410d

SHA512
7157832667fd0c8b4a45e7ebe634458d166901010dac2d111295f26bdd50433f762ab0dbbdf744fbf74f9ea83f23ef4f20ce83e7d5a0e92f10cebf88202a7a95

Download Submit
/data/data/com.fiwuyedite.library/app_arm/oat/jyLgGqe.json.cur.prof

Filesize
1KB

MD5
71b5e0ff161da354bcc2fd425a7bf08f

SHA1
8d96a0f9e62e19df5cd10002bd40f8d0408a94f4

SHA256
8e9498220f7b2d5fd11a0be4e50e53500880bcd17b9ad4f7e9545ab53ec79054

SHA512
d9c758d6ecc666628707e2456484616668253830b756478eb20500dd78222c20f08b0d09181205f09223a5fcf29dd3cf59bcb7677a88c12d39c45c464349a7d4

Download Submit
/data/data/com.fiwuyedite.library/app_arm/oat/jyLgGqe.json.cur.prof

Filesize
2KB

MD5
0e8def0fc5703856adadb6574077eb71

SHA1
5080e54af87b4bd7f0e2214d75dd6cd2a74fd2fc

SHA256
193cb9f73a7b062d6730ae1c0ea7ddcc899fbbcf367f892da24447780b1a2acb

SHA512
7ca2bee9b0a83cb95015b3df28c76fb1bd917269028445980ab3f6fa83190166f34b6b1fd3dd9e0a1c3d0912d06fcad9a99fadbd7fc783624b66c8e555f20deb

Download Submit
/data/data/com.fiwuyedite.library/app_arm/oat/jyLgGqe.json.cur.prof

Filesize
2KB

MD5
3cf27dd5d6c2aa94e1c2f3a3fb475b7c

SHA1
d49ef7fa88ca405839f033624ac5f2755a9fd886

SHA256
2febcf5ce15361d70bcff23f92eaf0ccf4c641707ce77f9816f612546e6a1eac

SHA512
19beb198ec8e9908d77827cc2cffba28e8975ab9a86cd797c4f496d3f357dedf731cfe2b5234831512b27c89ad781b5eadadfc7bc82ad54b419a7ce07b5ff282

Download Submit
/data/data/com.fiwuyedite.library/files/profileInstalled

Filesize
24B

MD5
f5fa25fc3adefa66dc16aab563ebac53

SHA1
315f83f8319dd6f84c7624f551d13fefbee60a7a

SHA256
3786065286b808e6d54c8e28b5286531d274d7046c1a5208c99cda95c7398bc9

SHA512
22d5937f01e57904e4c00f292faf3000d242fdba46dda754d22b7f0339b86f718ced8fb2d35e424e0884182020a9ecaa49e366a15a8c1e6be756495f1d69dc7a

Download Submit
/data/data/com.fiwuyedite.library/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
557718cd50a255025d6add7ed80b5ee8

SHA1
aecef49d6ae24d8eebda85d2ffeb5dd723e43d29

SHA256
7b9ac7ebed1b4f6206f83354ef2f3a25c4e068cb25dfb6266cff81d1a54f0077

SHA512
d8770555e69cecf1d2e327eb5e1aa8e30fa6ba648c1dec407c1d482d3f3d53efcc94d249ceec17d0c5370ef81e290d2984dbc684ad9eb7af393c0b2b74ec84ba

Download Submit
/data/data/com.fiwuyedite.library/no_backup/androidx.work.workdb

Filesize
136KB

MD5
f6f7155ee7f5fa9248a1c0224883fa20

SHA1
ace4566dadb2964834f1b84ee2ef5bd233882f26

SHA256
68a4309b8694c3d8eb9a48a299c15d6e2cfd6d0679e998cd01a917962323d0bc

SHA512
c4eaf974e8d715464b7ebf6af31737fe79f4285141c5cb5c5d8ff542f3a1028ba503b41b4e2c51dd577f9cd1550bdc659d7854037c4e8646c946928482dc083a

Download Submit
/data/data/com.fiwuyedite.library/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
0cccb9b239d23e6165f0cb9ede1f5ff6

SHA1
846241be31f3c086c9f091b91fc78f7adfd99f88

SHA256
da06d100ed51fbf1a6083436b7e647b668546440b79f087c22844a8d1f28e0b1

SHA512
f3c3b5caa2c8811e7170f3eef7ce89661b298a2628561627f29d9fc744815695a21777a99eaf5f5e9ceb05554c7d177823824ec99a44a73ab133b2fc67fa18f5

Download Submit
/data/data/com.fiwuyedite.library/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.fiwuyedite.library/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
f2f33b00e1590c58cff57cc42d4bff54

SHA1
dea3cfa1dd055823d8b61abcb8d6a9c63637608b

SHA256
52bf5e1d4818d0c7b0d0d2e6217a294581f5db01b16e3499479cc9c0feebcebe

SHA512
6f684ab945366a499f1083a4f761951a0ace9c6a806dd2964806dc38994fbe5116899be4f466cc173cb60bae75a7afb1b83a8a0fdf3ed48e4bacd247c387500d

Download Submit
/data/data/com.fiwuyedite.library/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
eba2610ac77cc2a900fa1b661b8b6d58

SHA1
431998e21c9be08432f6ae8050281949b6b907a6

SHA256
a32bcd1a83c75d92a67366beb78e6553325147e3835926e783ee1dfa79c9737f

SHA512
770bb9efd22844efef8ed84d9bef06353e83652d805370b014d29d7189d7cd3f4872ff8d917203413387fb759984b0cac37cdf1cf8e7057d9b8c7cab3d53654f

Download Submit
/data/data/com.fiwuyedite.library/no_backup/androidx.work.workdb-wal

Filesize
422KB

MD5
9b21e401f6f46b3d12e6afe318424341

SHA1
6f08b0252480c36e4b8fd69eba242a0ddae7fa50

SHA256
b837fe177cd1121c658ec952882efe4d4a3ca9011e8505e447dc945e6c2e741d

SHA512
e81bf827a969baf137483c22b88982c4acabb3cafbde896749a8f764d3fc2cdb1e7bafccf751cc9ec00d9f015ba5c98095e159dca8feaccb9672480e58c122ba

Download Submit
/data/misc/profiles/cur/0/com.fiwuyedite.library/primary.prof

Filesize
1000B

MD5
dda41955d1c5f59537afe5b2d8387545

SHA1
7b4b6f83fd2cb65c78a9f718e0a60c35e44dbbab

SHA256
0418f960557c9495849428e222513e04d5ae11a0a4fb1c710cef0a6a20c04905

SHA512
62339200e7913d95fd34da597c690a772307a50695f4a0a847828a584ac718698f8fe6fc7e8e3cfab78770d9cb96564c79478cd6ac1611b24d11cf73d81e909a

Download Submit
/data/misc/profiles/cur/0/com.fiwuyedite.library/primary.prof

Filesize
201B

MD5
5dda66743d7dc4cb2303f30133d8b36d

SHA1
0582c75f5821e51bc512914eb03eb409ad4b63ab

SHA256
a1acc709c6ded0d81cc56f3bee94066589b6e4f741607d8f64a4a0583ec0369d

SHA512
60d2782e9d462a3bb8ef6a0b64543da74720cc4ef7ba3d6a6abcd055799ddc67a596ad9fca7f1aaf2e77c3691f6d5e0f90126e1eeb219a5cc82ddcb581cee602

Download Submit
/data/user/0/com.fiwuyedite.library/app_arm/jyLgGqe.json

Filesize
1.3MB

MD5
9db7d6334e89885e410e708fc90e4e9a

SHA1
9b0224c1474a7afe21fbbfcb1d1b3583d13c41fa

SHA256
dda4e1e440b8e124ac2d75d838f5235f2737c63209d08af4285d83729232fc62

SHA512
9aa1d4600579b7658ce31b47ed1e98892d659cf9aa3667a2ffdde19b8b380144d3e8b7f0c0526514d4bc99f196e3ef973756b7ef65f07b64f5c787d1e85ec112

Download Submit
/data/user/0/com.fiwuyedite.library/app_arm/jyLgGqe.json

Filesize
1.3MB

MD5
55e8ff96a72005a4cf6584f82baecf9e

SHA1
983294856552cc9949dab71ad1a0f67ea1ca954c

SHA256
3a46f3e7bfcea466e017865a18568a01511134090b79f79710830a7dd46e9be9

SHA512
7c7147dac53cd479f7423da4e5ba7911542e536b70972463a2ee2e7d0f27ec070d0459612fc235c784efcec727ae9b00b625c854a1c8c44e2d69ac259492bd5a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads