antidot | 84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a

Analysis

max time kernel
141s
max time network
140s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
26/01/2025, 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dixeda.apk
Size

10.3MB
MD5

8a9243247c1dfa0b249fae01f49b69a7
SHA1

c54366269d767717029e642081e63d2f1d9c630d
SHA256

c38e6e24e5a311958664492cdf5af99f8eadad21cb8aae07360a27cc044b293c
SHA512

a75c912eedc64c213d9c45a04af13e8c61eb6236616edca7e30c1dfa4dee42f6d405182a2027e0ffa821daf33d517f4693dea2eb349fdef7686f3d0a894c56d1
SSDEEP

196608:u9ecLSEPZI5mKfyGNUc/FXIvQwrKOYErSs2:MtaxfyGNUc/FYvQwrprSR

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral6/memory/4603-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.kiluduzexi.base/app_nose/CDyGNEQ.json	4603	com.kiluduzexi.base

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.kiluduzexi.base

Requests uninstalling the application. 1 TTPs 1 IoCs

defense_evasion

Uninstall Malicious Application

T1630.001

description	ioc	Process
Intent action	android.intent.action.DELETE	com.kiluduzexi.base

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.kiluduzexi.base

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.kiluduzexi.base

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.kiluduzexi.base

com.kiluduzexi.base
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests uninstalling the application.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4603

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Indicator Removal on Host

T1630

Uninstall Malicious Application

T1630.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kiluduzexi.base/app_nose/CDyGNEQ.json

Filesize
948KB

MD5
966c4390212092889732145b87cffd69

SHA1
b51b85a90ba7cddce230aa1df71c5a4c7a0cc1b1

SHA256
f61ff8dbd7f91c0d3b4feb07171661fc47202b0f5f587f2c35e9fe5da059a514

SHA512
fc6f04d88034545c5455120ce77f13b541a7a04c2dc9013cfc7bd15f778f884e7025f96adf0e511a715799f65be8b114ae224eefa6099f529f70a4f1b6a954f3

Download Submit
/data/data/com.kiluduzexi.base/app_nose/CDyGNEQ.json

Filesize
948KB

MD5
f82a8de9423100666d64fb0a21fba46c

SHA1
d412e6be8f7ee165ee59b133ab19c636b5d4eec8

SHA256
d035ab5d11cccd31953071c94ca120a639a18772490c696d20f7d35901e1bf37

SHA512
b5d4452b1c000cdbdcb4a838778b4624563c4f14c5d48e2c698155cec3fbf3a24ecb621fb44e2dddb254daadd7ab077cc53089d99da2eee6d0fd06d9e5d7d528

Download Submit
/data/data/com.kiluduzexi.base/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
16011f03f32c447d7c957d4df73b0bbb

SHA1
4579a41f565905a7e55f6ef4d478659b70fac1be

SHA256
fb913abcc07d45506af6f699f7ccb0279c18e041c5feb83fb87ab4ff16a8bfab

SHA512
ddaeb172b0111853ce2015e786b8bea67ac3b61fc47d27cb8471745fd6669b4bb4f879f5b06fafaa81753c694b8c6b10703d19716e44d98ce7653648f5bc803d

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb

Filesize
104KB

MD5
a93cb076249ad7e2426a85e2d6a4c68e

SHA1
28a11dd00f8a75a43b50c44c604605ea31d211bf

SHA256
0bd4d861632bbeeeaddded1b25ee117517e6f41de54ac94945bba0471e6e154a

SHA512
434d51507d81937e1f86367534a57614635042799f5a10bb6af91903567a8046c13f9d8da8366168a9f49b3c6ff91e627b7980dc1e02ad62291734f37888459d

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
15212e0cf95858c82debc8349c376b35

SHA1
bdddcdd1944d91ad685fa9ef2e5f823fd886b713

SHA256
a6a98c95af058a87b8c9fc6a04fca0b17f33384398c1ac236bfd53431dd04c11

SHA512
996927accfd1cb11a50a7ed75251dad28e8d3524f6e7ccee9c3b5bc47e7769463fe65225edbd90c4b22fc03946905bd1e6c318b7bab359ef03d435b254cb8cbd

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
00b786711cd32b976e6342c9a2388bbd

SHA1
47d9d3fc2033a179faac0b7e408e71968ffa90dc

SHA256
f27480c3a0b1bcac09fc874cc6067e77f5b51624e937288759ecd1d06fb7ccdb

SHA512
47cb3a4485d34906c3dcf7a385e303acecf2de35e5972a355edd5a3947701491c501890ed24aaae96745911b38977a957311a92048385817050191312eb49071

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
25cd31c689e84d154b0d11c0d1afe9f1

SHA1
79e2e15b681ed92be69ce0fba19775bf04d3d024

SHA256
4eb906b2db0986a8b811647553d3434f367b4c68075f33e239e63449ae6fde5e

SHA512
b3f3789d07167a775a8d7e93e48e7098a99bf12105e393f793d98f859ff5be65a1a09170adb241fbd55f610c6f6ba3b82c303a2a191c11513570a1f908cfedde

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
56cc3996d4501a13191ed3808cf96dae

SHA1
b19802c3d5d9df8239a93288a10538586af3f44e

SHA256
65340414501c89af4fbfe196b6bbd44551ce48dd92b13561eead7d4152fed803

SHA512
39c77b2c616742628a4222fd539d5bee980dd334356de0951bd29d0eeabc6e0c237d02ece4313a868054e683db47727dbd5cb1ca8102c47e39a2a9c95b3418cc

Download Submit
/data/misc/profiles/cur/0/com.kiluduzexi.base/primary.prof

Filesize
1KB

MD5
fc80600b409d5d7e3364c908df8f21a2

SHA1
af25e69065c632d65a48dde8bba8f45c3132258e

SHA256
8e4eca89dd272d6eae44604e9702db84af4f9f51680e9a0913ea83e1b53592cd

SHA512
d4d5acea3ef1462efd7edb59c92839a995e0ce663a9340fcd6794af51a56c66a8438af087e8ad7eac2da5520ca693c6b68fa1ab44fe4352250b69c46162c20c1

Download Submit
/data/user/0/com.kiluduzexi.base/app_nose/CDyGNEQ.json

Filesize
2.0MB

MD5
e9dadfcf351f448b854dd8b1a3e61de1

SHA1
a854ec48c5af859e2c561ca948d533d002c3811d

SHA256
39ffbca1a1b7167e56bba3ba378af8f284471d84e05972cec65e7c000960e05c

SHA512
bd21ecb20b49a93a4d27c8ac213d38d44bbf2c85c99e92d6ac337569a249a9d5db8b842ced14b6a6bada5c527be8600fe089e6a3f46e7cfd2d22f6ccaf4e69da

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads