antidot | 7643d4c23f374700d06e4ac708c3e6238a401470610e824130bb179735ea99a5

Analysis

max time kernel
144s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
28/01/2025, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cidugiwopu.apk
Size

7.5MB
MD5

f1a79a60e42064905ed8f2946df68864
SHA1

0b92d6beb4576883c800e9a08d8844dbf506fa07
SHA256

813b9d8291088664b2dcdc41ca6cd6ac197b55f8a5e9cd5c17e3258b4be2f154
SHA512

0da1bb6035bf79e43fc3988088f06ca41c29b29c227c07492ec0a401f0349517ccc99a2e3769f3f2e5aed831ffeaf2c927745e26848fc30ce7e9ff911aa3753a
SSDEEP

98304:qo/Kr4msIbbyHB7TJWnt7brES1V6i2ieSyeTgnrSstv9qmkF495Q7x:qsIbbyH9TJWntfDslYErSsF9qm9e7x

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral6/memory/4782-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.kujijate.operating/app_flush/QKwrF.json	4782	com.kujijate.operating

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.kujijate.operating

Requests uninstalling the application. 1 TTPs 1 IoCs

defense_evasion

Uninstall Malicious Application

T1630.001

description	ioc	Process
Intent action	android.intent.action.DELETE	com.kujijate.operating

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.kujijate.operating

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.kujijate.operating

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.kujijate.operating

com.kujijate.operating
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests uninstalling the application.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4782

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Indicator Removal on Host

T1630

Uninstall Malicious Application

T1630.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kujijate.operating/app_flush/QKwrF.json

Filesize
946KB

MD5
9267c124bf773b1feb060dee59381d99

SHA1
2c8e57cbbb851cf234bfe9081784be712abff6b4

SHA256
f1ee9711a60ea2fc7e9e241e4b7882c2fa3b758f5683e54e767a8a6df7c65256

SHA512
c21fa23a7c3fa4a44bcda0276a72b97a195cc57c8ae517622fc90c69e2ec1e1f3c0dced7631b020b2a3ccbfeb69c5f9424213c03d9546523b007059850d601ff

Download Submit
/data/data/com.kujijate.operating/app_flush/QKwrF.json

Filesize
946KB

MD5
1457b689573bc93c647b523eddde0c4f

SHA1
a6606e6291f564b5895ffedca2948de3899bb672

SHA256
bd627e92fa456a6f6a1626636ca470d794fa93381d5adb4da6b7a24e1ff6e8dd

SHA512
643fc9c210e2e430de809dc1106ad08b4aa5df59a279ffb46817b10167b4e1693aea741bf68a25d9a2391f59f583add3c4612dae4ea0430d1cac1640b7e9263d

Download Submit
/data/data/com.kujijate.operating/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
2dfe53f8541b8a4c60f4472efe127d1d

SHA1
0e0e76e351bf4d77454e4257b4b32dbb60911d1a

SHA256
eaec14a524a6ca44e87e1187a22b65ea96f125dee38864f9ae5a13a9b55286f8

SHA512
b8287a7cf5e0e4d1584adae10a798ad2924df8a95e1ce3cf58a29d4cdd44b7cfb8667decc13fcefdb50fe2b7667cb3359d5af2d2fd37d645a969eaa3b06a0a2f

Download Submit
/data/data/com.kujijate.operating/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.kujijate.operating/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
95b276f847dbee1c507aff7da4596582

SHA1
e9afca481746f741145f57e19df365d6f7d4deb4

SHA256
8604016fee2354bdce60a1da2ee6500ed5e215efd32d65fdf7c99ada6983cdfe

SHA512
6973b306e43ea4efbf81670d678a2e586655d74c844118a64764f6349e64d8c45fd04691e2ccae766b4309eced3699ebcf36fe10b9d6de18ae1c90cf95dabdfb

Download Submit
/data/data/com.kujijate.operating/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kujijate.operating/no_backup/androidx.work.workdb-wal

Filesize
350KB

MD5
a2482311a5759943f8a8ff20655b5691

SHA1
6a7def04c45072a5ea9751456809f45f4dc71c5f

SHA256
ab57e8a04e397a810dafe87d0b2973dff497d14321b1ee349363ed2c715df93a

SHA512
0d532523b89873ddd6fa5ddaab9c86bc45a43cf537a626f043d8f84d99f9f79eac9cc44c3eef16bec82451cca1396db3b1519ba8ca344ccc4899d2d9fde21e7a

Download Submit
/data/data/com.kujijate.operating/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
340f10669b6a842e9a1ca5bf8c1c1d6f

SHA1
515e961061996cbfe4c0fc0b8ba57117e66177f3

SHA256
b231f4e45a793b4a124cfcabcac77cdb2770e7007aaa9dbe86245f64e469df2c

SHA512
fcbb8f06fcaa7d20536e061bfb63565ff99d588acf59845c966d6dcb9d432357a8f0247035d7b1e9c8c46c05e6922376e35d42c8975c1ad68b4d0e145f191279

Download Submit
/data/data/com.kujijate.operating/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
be149dd181abbad3274148a743d5ccbb

SHA1
33767ed943159110da12e808c534a777b3e98570

SHA256
a69f608669f4e064923570121394adfe7f25d2e7f0a3428a1c781c503bdcf8af

SHA512
bae23a187535c3f585dc88a59f78ed387cb35eb660d3cbfcd529e0f25c539d8bfdff259a0e4ff0bb1c6024c477fd9ab99089f688a4bbe9eead9f0575e12681a7

Download Submit
/data/misc/profiles/cur/0/com.kujijate.operating/primary.prof

Filesize
1KB

MD5
9a230fe8f528405268a3b5209b4a7613

SHA1
6d3ce997ffd379d6728f76656c0b4e1d80e73e0e

SHA256
4529017b2034d6eaed51171b214a22998e473ea15fa50ff3b43fbf72fa91e637

SHA512
64699774faea8ad0afe6fa4125600765beaa4c471e5c78247f70acade8ed78335b868fd8bfef2a54ffec1d8855a1e945771792457194cf5a4c96637b9fe446dd

Download Submit
/data/user/0/com.kujijate.operating/app_flush/QKwrF.json

Filesize
2.0MB

MD5
ddfc98c00cbb47a2547989b28f559a08

SHA1
47d112ef12c4d25a122e457ccb778e787e434b93

SHA256
41a62359f06348fca4f22a95dc310423bd2ea174ea2d532a02847698aa94ab90

SHA512
8347e92fe9a58cfdadc8c0ec68340428c1b206e13778fe25f50cb5c26210f3ff640af4b760fa18137f8f4cddd84d484fc444866f3be60e8c5c06b9c0fced3f59

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads