antidot | 84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a

Analysis

max time kernel
145s
max time network
152s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
26/01/2025, 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dixeda.apk
Size

10.3MB
MD5

8a9243247c1dfa0b249fae01f49b69a7
SHA1

c54366269d767717029e642081e63d2f1d9c630d
SHA256

c38e6e24e5a311958664492cdf5af99f8eadad21cb8aae07360a27cc044b293c
SHA512

a75c912eedc64c213d9c45a04af13e8c61eb6236616edca7e30c1dfa4dee42f6d405182a2027e0ffa821daf33d517f4693dea2eb349fdef7686f3d0a894c56d1
SSDEEP

196608:u9ecLSEPZI5mKfyGNUc/FXIvQwrKOYErSs2:MtaxfyGNUc/FYvQwrprSR

Score

10^/10

antidot banker collection credential_access discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral5/memory/5135-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.kiluduzexi.base/app_nose/CDyGNEQ.json	5135	com.kiluduzexi.base

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.kiluduzexi.base

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.kiluduzexi.base

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.kiluduzexi.base

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.kiluduzexi.base

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.kiluduzexi.base

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.kiluduzexi.base

com.kiluduzexi.base
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5135

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kiluduzexi.base/app_nose/CDyGNEQ.json

Filesize
948KB

MD5
966c4390212092889732145b87cffd69

SHA1
b51b85a90ba7cddce230aa1df71c5a4c7a0cc1b1

SHA256
f61ff8dbd7f91c0d3b4feb07171661fc47202b0f5f587f2c35e9fe5da059a514

SHA512
fc6f04d88034545c5455120ce77f13b541a7a04c2dc9013cfc7bd15f778f884e7025f96adf0e511a715799f65be8b114ae224eefa6099f529f70a4f1b6a954f3

Download Submit
/data/data/com.kiluduzexi.base/app_nose/CDyGNEQ.json

Filesize
948KB

MD5
f82a8de9423100666d64fb0a21fba46c

SHA1
d412e6be8f7ee165ee59b133ab19c636b5d4eec8

SHA256
d035ab5d11cccd31953071c94ca120a639a18772490c696d20f7d35901e1bf37

SHA512
b5d4452b1c000cdbdcb4a838778b4624563c4f14c5d48e2c698155cec3fbf3a24ecb621fb44e2dddb254daadd7ab077cc53089d99da2eee6d0fd06d9e5d7d528

Download Submit
/data/data/com.kiluduzexi.base/app_nose/oat/CDyGNEQ.json.cur.prof

Filesize
3KB

MD5
96d89184cfc79803dd31b1d0c80bf4f5

SHA1
49b6a9d2ef4280786f95cff175037371e60664f0

SHA256
30fd2cf1a8642030fd79a17522e21d4b03cb2a1ccd39077f9c492540dee93ab7

SHA512
b5d2f9626538ed8a6cd2d4f3fed38ca9a94c68ca4ec447b2cb33509da65a94601a60f77b9b6d8a1a64a66fa06d8ff156d6f3712b28c05a10cb3936e1a4c23123

Download Submit
/data/data/com.kiluduzexi.base/files/profileInstalled

Filesize
24B

MD5
971c082097472bd3e34f0cf46f28da89

SHA1
b01af4b766fbc04b29b2be31bcc3dd25ea34209e

SHA256
bf6e806820fb3f9b6b9c5615541977c0169ae31b17f50ecc55f684ae2b9bf31f

SHA512
be6b45913abd20d3ab6a8ac060e7240758ba2c3b5af561aa4eaacbd2968677c91845cc839be9985e97023e7f16663745f70fca942b1592784c0822403ab08bf7

Download Submit
/data/data/com.kiluduzexi.base/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
7cfa236f251dfd26e9e672f03424cd2d

SHA1
d2baf3c2e50e30a0bb497de519d6a46410ce8d18

SHA256
7cb43d413a549d5478021dc41d0d02d4d471c905b95e5b00350b7cfd9e5ed3f9

SHA512
cd686ac4de842c2eed9c253030f76ec4ae6ca850653eaa41aa61d0c6bd233e155cf3dd5af86b409c24812a6df7879f461446d91e9656df0184aa56d4fb778fae

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb

Filesize
104KB

MD5
321d3ae9f76f0ca5d0a219d371e659bb

SHA1
0163eff299a3d7eb13371223e15f9a0cae96e9e9

SHA256
a02d0c4875d002223d9ac78875012de65d8382a7af12a83eb63609ac7e5a7658

SHA512
34407b58b68c8d9b175a928e78271a49691a9019bcd5db1551df45af2d2213bac50bf31bcd20f948a004a589bc7633d6aec061c5d0191c35828d845a0ef51ad2

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
13db26844f1688ef127ca538dadfca96

SHA1
086f84342431a47e6de90ee2a65b5a2458fe08e1

SHA256
459542978399fd0a53b6905eb5eb5728491e0fad16879d59fe2f3d72bbeecbd2

SHA512
2c92fcf953ffaa13895b1ae79762f3525916fb8e22d58a5e19f09a0516f77c4e652839af92471f1dd6c8ad8a42345df214e71db840365d4e903a8d5bef1c68c2

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
36fa2e3f1cf7a7f5610638e187902b9d

SHA1
c9e84b5e4cd210b24fd3f1da86fe39ed5bc4db6d

SHA256
13249275edc552153c688f95de831d377b223ba13ff06794da8cf1b151425b9b

SHA512
ff28771f097c692d301a9931c1503c5d65fc908b3544d33529fa4e6d228e016ce4fa33169242a6dc6346a7d1c41d39c48d5204d4bd89384daeb6cd2b34f2c62f

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
83c71841873ef547cc3b8ecf67d29e8a

SHA1
21cde545ab8f44f81dd01718d5e7ea64f0f705c7

SHA256
ee08e9c0eb591d6dbf6316cd86907712b10fc297793beca5f78d34a1c3b8b98b

SHA512
e1ee1c1b1ab4c005a6672567076c37640a242bec5e035334a38df170685b4309dc62cb24c5662e67c4d0ec6698d3084c02a9757343b0014a283e4e36bf4ce958

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
ddc0e8e26bec727effcca054ea6ab6fc

SHA1
5ec99cff216730039bf7559cf15b6025dffdbff3

SHA256
32a8ccb7c656b1c4f4487316435dee239ee8098fcbf77666ea4be81fde3bc82d

SHA512
95a7dcc9284c2ea6e995d50d461b368703d58f6016f0f791521bab881268f11779c1df84a317bbd92061e60016d0ed2eaf9ac77ba36c5e8d8de1a1c0deeb9037

Download Submit
/data/misc/profiles/cur/0/com.kiluduzexi.base/primary.prof

Filesize
1KB

MD5
fc80600b409d5d7e3364c908df8f21a2

SHA1
af25e69065c632d65a48dde8bba8f45c3132258e

SHA256
8e4eca89dd272d6eae44604e9702db84af4f9f51680e9a0913ea83e1b53592cd

SHA512
d4d5acea3ef1462efd7edb59c92839a995e0ce663a9340fcd6794af51a56c66a8438af087e8ad7eac2da5520ca693c6b68fa1ab44fe4352250b69c46162c20c1

Download Submit
/data/misc/profiles/cur/0/com.kiluduzexi.base/primary.prof

Filesize
185B

MD5
2fafdff28e0ccab6f06f98356e3fe786

SHA1
99516d9dd304c97cdd17b7101f866fe90497e108

SHA256
c234587e62e2b7c569c59b9a6ee30669b3a623bbbf5efc69388ddc2a7fe4cdab

SHA512
e9c3c68ee2bf0ca7fc813bd856f5c2233155793fd61d67d036295d408f314cabf52001e0f30d83571fc9d3eb7c3a333a9d6ac752911a87c41dac23f43051b771

Download Submit
/data/user/0/com.kiluduzexi.base/app_nose/CDyGNEQ.json

Filesize
2.0MB

MD5
e9dadfcf351f448b854dd8b1a3e61de1

SHA1
a854ec48c5af859e2c561ca948d533d002c3811d

SHA256
39ffbca1a1b7167e56bba3ba378af8f284471d84e05972cec65e7c000960e05c

SHA512
bd21ecb20b49a93a4d27c8ac213d38d44bbf2c85c99e92d6ac337569a249a9d5db8b842ced14b6a6bada5c527be8600fe089e6a3f46e7cfd2d22f6ccaf4e69da

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads