antidot | 7643d4c23f374700d06e4ac708c3e6238a401470610e824130bb179735ea99a5

Analysis

max time kernel
149s
max time network
151s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
28/01/2025, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Install-Pro.apk
Size

9.5MB
MD5

7b861c06f50ac186bb2f6e3c770766b2
SHA1

3f458513ee69e7c6ab0e04b6350d73aa4ba4496f
SHA256

7643d4c23f374700d06e4ac708c3e6238a401470610e824130bb179735ea99a5
SHA512

e694573aa164145df45accd52dd147336be8ad63ff6074892cd8716393900a0b410dd2768218ff11ce1406c5516f171455b51c53664d85ef455fcf0e336db3a0
SSDEEP

196608:e0hmHTYaWN6VZ6GrepTSqud3HvdBUGKWcA6RCeYbaatEHCwpaAk0V8:v0TYbN6LKpBu5Hv0DWARCbRsCdBB

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral3/memory/4828-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.cebucosu.reboot/app_base/JSabX.json	4828	com.cebucosu.reboot

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.cebucosu.reboot

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.cebucosu.reboot

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.cebucosu.reboot

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.cebucosu.reboot

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.cebucosu.reboot

com.cebucosu.reboot
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4828

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cebucosu.reboot/app_base/JSabX.json

Filesize
626KB

MD5
7854dca752c900a4a2bb3d80c27f7b91

SHA1
dca5c2251c20465a47d6a4456e75bc1085d55303

SHA256
28f92c34c03d332c05d4886cbd12053b33c050571e0767e30013b155b86222e7

SHA512
003dd3d7f1906990c50f5923bfbab458de59c877de0cb21e132a645087a440ea99f8edc84cf7266c5de352041146bbdbcf05876fae971672314e3d079dd1b517

Download Submit
/data/data/com.cebucosu.reboot/app_base/JSabX.json

Filesize
626KB

MD5
bcbd4dd998d9d9d579268fc34207f604

SHA1
0dc20f1f2d34a95c590d7d1955356231e2c2ad56

SHA256
53332fea6761d547315059076f4c74abc96285c5680352342b7c19319dae3ff3

SHA512
0df67cb217626f033cd394ebc702b9d21f27d74f9765af13e686138fceb5d8378cb372ef37b8fa7e4d6c2beac4cedb332101709a842a904ab836f33131f2df33

Download Submit
/data/data/com.cebucosu.reboot/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
9d1d6a4a2a159d908db4244226d3efec

SHA1
c1633e7dc834beec002515dfd44a3803c707dfd4

SHA256
9084e42bf3b955c21d5434cfdb7f6b09d9ff7551ded280d5e2ccb189022eaedf

SHA512
4dc8c4b39f521188d3ed28962609ea420bd30e708b67a3db0032e2833b7ff5a7a6ef3f9ea35bb9016e7f9be6c180b0bf4c138e3db2b43945783d150069b21dca

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb

Filesize
188KB

MD5
e2c9ade8c6eee61d1c8949df6b423254

SHA1
04eaa6977e9ee798fcb0b173c97171bf06d02457

SHA256
9349ef069ae7ad63cb19572e7ef0982f803dcc22f6529bb6037532fa9f95c705

SHA512
2be9435f4d029e0a79df20593e1274f7c119e025987787a332fdf4ef05cec8d84353ab35f6b22991118ccfae1d43a1699220852165c17cd5c93a4ba8e28afc6f

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
338242e1cf0dfe1b8e34db4b8cc07ebe

SHA1
69abbd40d8fa6988ac1ef8c93233cf66471353d6

SHA256
406fb59d45586a72385319cd21ecd357092f6ba0623b111cc457420a7340745a

SHA512
99359a8888d108e401ce5d3fbf2a1a751f853812b29a9c56db1ccdf10564d3a8fc6cc0cd6968f00be57c02195f7a4bad5d99e3a6c49117d00782fc29ff3c3b59

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb-wal

Filesize
422KB

MD5
f584d65b47a75fed41fdf50507ee6f94

SHA1
95ee097cc75a98e8a5b3087f3bfb45a3fe1fc401

SHA256
2f58cd91a2fd90e03e5b1fa237991a4fd7a6ace53c7af4e11d248c1f197e3b44

SHA512
3ae3ad2b19459c883e469019a7d9f256da0e6e0d183b677b53195a8db50079f82b506905b9b1198b613f0e5f9d10632d57b51cd648d3c4827f5a77e98e72f3db

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
d567c8719c7b9ec843f8113fd9de1d5f

SHA1
8acd0c5f44bbd6add965e2dcc008c7250763cf50

SHA256
dd33c5f431ad0f52d1708ca1e9b74922050ba70df51ce27c9e63fd4f0e986aca

SHA512
b5fcde40986adb143f993cc475713bb9579b978b114bf8fcbdba4480e432900f88e2a055298ddb6f84f73041a7969f25c649a2bf6a6dac0ab0eb111ee55a94a9

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
b5e9b4cce28cb71df73d86a6d55b7729

SHA1
2a6720c2716dd6ac254723c0e2a29eefd4d53531

SHA256
e38693bfe398fedb75b4b701e2ad902baf36212771a27d829d4b06918863c052

SHA512
ffd56b1541f23e3d4cac90db77eea080fdb819a547a06954f3398f8ae60cc2b9c6553e97fddc63ceec531641dedea4e57142ebfd98621ac9f0e998a44976a9f6

Download Submit
/data/misc/profiles/cur/0/com.cebucosu.reboot/primary.prof

Filesize
986B

MD5
876384aec3c1f9a050384616c419c362

SHA1
ad48123f9e2566753b678d41975785d94878469b

SHA256
fea8569052eccbdf3ab077ce82bac1719f4a0d9b7af5abfd34a4bb58f51f36e9

SHA512
f95c6720b91b6b7ff8541ae64ac347c9b5316a9b353abb13b0d8602b92bf1a2f34ef61da2d5c5b399ab17a796dd3dcb8d879bf43acc75931e3c593ace9c97803

Download Submit
/data/user/0/com.cebucosu.reboot/app_base/JSabX.json

Filesize
1.3MB

MD5
071dbc741ee23c10d0ad3bb45bbab252

SHA1
f5862ae43df2c30378d59a852c3d5ab28d688c90

SHA256
de8e3dc9b1d38de87d8616c57b81ef64ba427c42b0c77c491cb06f3b60eac364

SHA512
b0570a0284e6e79912736f2859f09381c796e7658c1f49d4e7e68a569b103b3496cd953890b6de2beeaa2a5ef709cbb888f65048c68855c4d62ba5e65f0897f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads