antidot | 7643d4c23f374700d06e4ac708c3e6238a401470610e824130bb179735ea99a5

Analysis

max time kernel
149s
max time network
120s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
28/01/2025, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Install-Pro.apk
Size

9.5MB
MD5

7b861c06f50ac186bb2f6e3c770766b2
SHA1

3f458513ee69e7c6ab0e04b6350d73aa4ba4496f
SHA256

7643d4c23f374700d06e4ac708c3e6238a401470610e824130bb179735ea99a5
SHA512

e694573aa164145df45accd52dd147336be8ad63ff6074892cd8716393900a0b410dd2768218ff11ce1406c5516f171455b51c53664d85ef455fcf0e336db3a0
SSDEEP

196608:e0hmHTYaWN6VZ6GrepTSqud3HvdBUGKWcA6RCeYbaatEHCwpaAk0V8:v0TYbN6LKpBu5Hv0DWARCbRsCdBB

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4274-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.cebucosu.reboot/app_base/JSabX.json	4274	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.cebucosu.reboot/app_base/JSabX.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.cebucosu.reboot/app_base/oat/x86/JSabX.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.cebucosu.reboot/app_base/JSabX.json	4248	com.cebucosu.reboot

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.cebucosu.reboot

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.cebucosu.reboot

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.cebucosu.reboot

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.cebucosu.reboot

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.cebucosu.reboot

com.cebucosu.reboot
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4248
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.cebucosu.reboot/app_base/JSabX.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.cebucosu.reboot/app_base/oat/x86/JSabX.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4274

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cebucosu.reboot/app_base/JSabX.json

Filesize
626KB

MD5
7854dca752c900a4a2bb3d80c27f7b91

SHA1
dca5c2251c20465a47d6a4456e75bc1085d55303

SHA256
28f92c34c03d332c05d4886cbd12053b33c050571e0767e30013b155b86222e7

SHA512
003dd3d7f1906990c50f5923bfbab458de59c877de0cb21e132a645087a440ea99f8edc84cf7266c5de352041146bbdbcf05876fae971672314e3d079dd1b517

Download Submit
/data/data/com.cebucosu.reboot/app_base/JSabX.json

Filesize
626KB

MD5
bcbd4dd998d9d9d579268fc34207f604

SHA1
0dc20f1f2d34a95c590d7d1955356231e2c2ad56

SHA256
53332fea6761d547315059076f4c74abc96285c5680352342b7c19319dae3ff3

SHA512
0df67cb217626f033cd394ebc702b9d21f27d74f9765af13e686138fceb5d8378cb372ef37b8fa7e4d6c2beac4cedb332101709a842a904ab836f33131f2df33

Download Submit
/data/data/com.cebucosu.reboot/app_base/oat/JSabX.json.cur.prof

Filesize
1KB

MD5
63c0d0f70d7862d034a96b8693facd94

SHA1
234887db6b082c28346ac0c3144f0ffc2ff0968d

SHA256
1ee73a096b7ecf348fd2e0dbec9f7aac170f5be30fa352bcc28db22e2bb91de9

SHA512
c55c1c463fdd9b2fd4e2d5ea2424c9d534035cea4d6e7aa98dbba952ee2b8d9f0cd8ada745a93c0c4e10d2787c4ca5ed107ceccc95d7d927f7eac0d6d60804c3

Download Submit
/data/data/com.cebucosu.reboot/app_base/oat/JSabX.json.cur.prof

Filesize
2KB

MD5
534a203556a0e5c2d89e6c1ef3a885bd

SHA1
4aecb544bd93e0c4d3e92bb1d9a218df20b45b14

SHA256
879dbcfa8f428fd109ba2480936ee5438ff74ed4454b4f0ad822b60ee29cf72a

SHA512
ad4765c5591d10ef5bd0812bee7539e317069db53502ade82f16d7da7cbd50e0421d63d49f4ceda413bd1928451edcbce66da7e2096037fece7dcc37959854b0

Download Submit
/data/data/com.cebucosu.reboot/app_base/oat/JSabX.json.cur.prof

Filesize
2KB

MD5
9afb7fb88c4abe2cc3fb1fb586c13ec5

SHA1
2ed664816699a4f94fd59c2eb175efe113ee697e

SHA256
e36a28567309e4951ebcfef782d9fb2be4827a92a48881c9925527ad4b556165

SHA512
fd98a576256e4c46f844c5cb6e6210084b28c842ab8df24f31be446ace34225dadcce2635e00fa1258d58bc68bd61d099ebf651a60db464a29c7289f5900da14

Download Submit
/data/data/com.cebucosu.reboot/files/profileInstalled

Filesize
24B

MD5
2b45d7f28ad74a797f01288e68b48abc

SHA1
3b69edc4b2be6e464545c91ec87aecd02d61bc11

SHA256
c76368440e400accb7d9ec4d32f7b4c6a91568ba5fd182987575a74820875811

SHA512
fc96ecb4aca5f9aae301596b572412518eb2e192166639f941398499e29573af05ee7069d37b5c50b3d76a28f9edbeee0792bdbb2effbd50d4ab12eb6c1890c7

Download Submit
/data/data/com.cebucosu.reboot/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
43afe65d89af0ffbb3618e25228e1326

SHA1
ff62c9574ed3b9498996785f6dea659c9ee92d2a

SHA256
fea50be83641982b64915f3a3d06d64684f5b047be7b42338d9ebbe402b34699

SHA512
3e55f5ebc15383f825545093f470f9b86e517aace09056c8f813e070b23cfe9c7056046b6f1911d918caeef175902ed677691eac8300de0e894f7ed47f2dd4a5

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb

Filesize
136KB

MD5
7fe26a8ace3569ee343148a9e0c23d5d

SHA1
ca73b048f0f8c3cf292fef9980cb2f4c54f5c847

SHA256
204eff10ac625ff9bceba6986b5ec61e8d4df62df40d38356720ad09142473a9

SHA512
99cdca72b7905efe5a46b0effd50de3c7405540bde539f3eb79b238dc476b8f2bd939eeb417299b6369c4cc409937c46abd4a144bcb9cc1182804e23451ddb95

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
c5c1b05bd8bd06d0e2ade68ac436235c

SHA1
575f70b1749734c9066383f4b2f51005346769c6

SHA256
4c087e0b74faf6d41fe14e97cba11c9cdc5db46b79d9328e39090800152bd133

SHA512
8d63faaa2fdf88b81c7f59feeeadd952891b71606cbb5a0e344f60916c52ff86d0fc80a06563ebe2b557233d70609b09cb9d7596893bb4fa65c4eb4ad2a8e7f5

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
ef70319d1d922156f53cfa6a5acbeb77

SHA1
0bdf79c33b75a6aa1abb563086754107ffa30fd6

SHA256
320bfc3c5b3be18b5be1ae97c18f091aba8a6423a9476daad6a5e4da7b2ccc3f

SHA512
1abfc6bd79cf3c7c5dead1d6b84dbcb122a7539183db25fcb2bfbfd78ecacee08d4ca007231cae8ad37ecc786cbd4a9bc88f29ca214e2d8cbee15b950e6d8c6a

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
214e08bc8782585cff4f3746623d6c34

SHA1
f6c15ba305c90f7f1cd72d426ec54d015d779a4e

SHA256
e75c8fdb4e00ec9994b338beb48e6b3143b61506a1ec50dbf5dcbfb03fa9f056

SHA512
642ae5486314d69ff5ba67385176f66176dc454a8bd588ade61cfdf212a7d4f333b901bb544ed7cd5e98b72fe7bc35f2a2e5812a3690ce28120abca1269c9b31

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb-wal

Filesize
422KB

MD5
d67c38bcc5b4f6327531b7987e834729

SHA1
3bfa354eefc64639fa2a306608c970c17ffdc573

SHA256
7291cdafa7b4c9d6a953c427a0d4b1103861fa4ceba44ab4aec02127429adfe5

SHA512
438388c29bde28493e7cd5acf93c373d4247b34dc7dc258d7619d16d9cec47363d96a4b093ac978e330def399da8431c815725395df1fc91377f838462a0da6c

Download Submit
/data/misc/profiles/cur/0/com.cebucosu.reboot/primary.prof

Filesize
986B

MD5
876384aec3c1f9a050384616c419c362

SHA1
ad48123f9e2566753b678d41975785d94878469b

SHA256
fea8569052eccbdf3ab077ce82bac1719f4a0d9b7af5abfd34a4bb58f51f36e9

SHA512
f95c6720b91b6b7ff8541ae64ac347c9b5316a9b353abb13b0d8602b92bf1a2f34ef61da2d5c5b399ab17a796dd3dcb8d879bf43acc75931e3c593ace9c97803

Download Submit
/data/misc/profiles/cur/0/com.cebucosu.reboot/primary.prof

Filesize
200B

MD5
4653f8fb36af16e13ae871dcbf56c8d1

SHA1
8e3b413ed0b883af4da931fc10452d2e37722289

SHA256
7b1cd6da4f2a0e427a71c9f70d1dc7c88651511c97b1400ff688415acbd8e183

SHA512
b25a050cb3873922d82a15f285dfb6efef8cf9272e6b4785819d9fcade6d25e96aa01310b457f58cf2d29ea93dadbd6889d898ddb88c5524c00f65cd638c484e

Download Submit
/data/user/0/com.cebucosu.reboot/app_base/JSabX.json

Filesize
1.3MB

MD5
2b1e8923ab1b0518184baec6fb4a3a67

SHA1
b1bacdb2414bc359dab8b53d07f33c6cbfc0ef0a

SHA256
b709f5fd7142dbf46201215db2fd639b099f5cbee3aeca4dd87bcad1d8544fad

SHA512
159bf36ca32b80759e216819e6185d32398f7a0bd55d4b1c28a83fc740e4efe66160620e696fdacbd470eba1ecdca8ce017e20f3f73583d192c46647429963ad

Download Submit
/data/user/0/com.cebucosu.reboot/app_base/JSabX.json

Filesize
1.3MB

MD5
071dbc741ee23c10d0ad3bb45bbab252

SHA1
f5862ae43df2c30378d59a852c3d5ab28d688c90

SHA256
de8e3dc9b1d38de87d8616c57b81ef64ba427c42b0c77c491cb06f3b60eac364

SHA512
b0570a0284e6e79912736f2859f09381c796e7658c1f49d4e7e68a569b103b3496cd953890b6de2beeaa2a5ef709cbb888f65048c68855c4d62ba5e65f0897f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads