antidot | 7643d4c23f374700d06e4ac708c3e6238a401470610e824130bb179735ea99a5

Analysis

max time kernel
149s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
29/01/2025, 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7643d4c23f374700d06e4ac708c3e6238a401470610e824130bb179735ea99a5.apk
Size

9.5MB
MD5

7b861c06f50ac186bb2f6e3c770766b2
SHA1

3f458513ee69e7c6ab0e04b6350d73aa4ba4496f
SHA256

7643d4c23f374700d06e4ac708c3e6238a401470610e824130bb179735ea99a5
SHA512

e694573aa164145df45accd52dd147336be8ad63ff6074892cd8716393900a0b410dd2768218ff11ce1406c5516f171455b51c53664d85ef455fcf0e336db3a0
SSDEEP

196608:e0hmHTYaWN6VZ6GrepTSqud3HvdBUGKWcA6RCeYbaatEHCwpaAk0V8:v0TYbN6LKpBu5Hv0DWARCbRsCdBB

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4334-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.cebucosu.reboot/app_base/JSabX.json	4334	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.cebucosu.reboot/app_base/JSabX.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.cebucosu.reboot/app_base/oat/x86/JSabX.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.cebucosu.reboot/app_base/JSabX.json	4308	com.cebucosu.reboot

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.cebucosu.reboot

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.cebucosu.reboot

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.cebucosu.reboot

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.cebucosu.reboot

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.cebucosu.reboot

com.cebucosu.reboot
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4308
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.cebucosu.reboot/app_base/JSabX.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.cebucosu.reboot/app_base/oat/x86/JSabX.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4334

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cebucosu.reboot/app_base/JSabX.json

Filesize
626KB

MD5
7854dca752c900a4a2bb3d80c27f7b91

SHA1
dca5c2251c20465a47d6a4456e75bc1085d55303

SHA256
28f92c34c03d332c05d4886cbd12053b33c050571e0767e30013b155b86222e7

SHA512
003dd3d7f1906990c50f5923bfbab458de59c877de0cb21e132a645087a440ea99f8edc84cf7266c5de352041146bbdbcf05876fae971672314e3d079dd1b517

Download Submit
/data/data/com.cebucosu.reboot/app_base/JSabX.json

Filesize
626KB

MD5
bcbd4dd998d9d9d579268fc34207f604

SHA1
0dc20f1f2d34a95c590d7d1955356231e2c2ad56

SHA256
53332fea6761d547315059076f4c74abc96285c5680352342b7c19319dae3ff3

SHA512
0df67cb217626f033cd394ebc702b9d21f27d74f9765af13e686138fceb5d8378cb372ef37b8fa7e4d6c2beac4cedb332101709a842a904ab836f33131f2df33

Download Submit
/data/data/com.cebucosu.reboot/app_base/oat/JSabX.json.cur.prof

Filesize
2KB

MD5
defa5eb1f4a043d371d533734a71d783

SHA1
2be96bc21fdbc31a8ad4be5ae877c03e252cd26a

SHA256
86cee39fc4ef030791eeb8e6567f574f279586af07236353741ba943dd761d15

SHA512
f68ec8b73f9c2f1d3a781da95bbeac69a5c93a07e7b83e0b12e9b99c38f03a5fa2c3f43d52d9f8c620ad03ad97133e6ea4844741b3e3e0c234a37cb91a1aade7

Download Submit
/data/data/com.cebucosu.reboot/files/profileInstalled

Filesize
24B

MD5
db4b724312f067bbf04aa8b0efbdc6cd

SHA1
b16ca7ef104c5a19d239cdee9a9f0280e487e9f9

SHA256
72ff354ab3b1654bfc600eae3042eaf41db4d374d86e1573ef19fe4da1ad7973

SHA512
845c06794f171ad9e95b0e6e15d27863a93d0db60be212617ee58a695d26952b8acf48e9a37b00283bb731ec9452cf5807195766551e5929463590c120efae9e

Download Submit
/data/data/com.cebucosu.reboot/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
6cd1eb901f6544bd611f124b067978c2

SHA1
116204aea6339047cc42ab8da9b1a8af8dfa912b

SHA256
176fa7f7662a17633781ad305212e4c4298304ba6414cff25054569744897128

SHA512
f0c918b7d5485264de32bcf402ae22082d6911b9c36db6845b025f3d3ace5fd4ff680172eb9e86510063d53ce9b04456c14344c7c77340367fc6a31f2490e971

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb

Filesize
168KB

MD5
58aa8821c1fa0fd16a8133849e157e8a

SHA1
aadadd2ed9b158a2fcedc093b6f27e1049b28bf6

SHA256
d9d97cfa127ee318dbf26f088bcf081a8eeeb68a0144ae7653214ebeda0126ee

SHA512
b0487e123b495b97040167667b5c008c1f012983fb591b5a9e4714d36b0dd32dd6a09c93a26229d69db24ba3884e269255202c23312729794c5c6368b074820a

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
89f32272dc952c5a0d6447d894c400be

SHA1
bdb9987a2a0f7db9b9351aed92b506727fbfea05

SHA256
acdbcf4095ff3f4c8abd7f0e2e0eec41310875f2ff943f02f3d382df61c6c1b4

SHA512
2016b7dfa1648089e154564ae59f80fdb6593943ed0754a30ba2e955799ee399ca824429361d0796ac971cf4baf7fa83dbd4301f914cff8e74a85281efb53819

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
773251364aac52d5d1cf81b9ccc3e5fe

SHA1
b76a55f8a7abc1e23250a673d51b13c2ef087e46

SHA256
8ba603190209e5aba14287ab8ffd23aa76dc0857ca55966e3c9d243158c46fa6

SHA512
d1ec645f1749d36da7a8a8e11cafbd9c944513019f79d8b6c946a3a6fc3756e179af05060c665354a174c7c605ae832eed5c795405ab61d2a69301abf775da8a

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
2cdd3bf9bacf7b1bc172cb39eac35548

SHA1
5ec6d080f9ddd04e5bd34564cd2bfe273334a585

SHA256
1b9904b67e4da660e994a2c931449fec3b99a60a2a23fb62db7b9ebd309f7e99

SHA512
82f99ca370e0b1b77c024901f92aa4c340d843424f64431c78fd5e644c4bc8fa4aa9e0e73599531ada30dc8e84af3cd709d0368fca8d48d90be53cd97bfb8b78

Download Submit
/data/data/com.cebucosu.reboot/no_backup/androidx.work.workdb-wal

Filesize
426KB

MD5
94f5d5eb66d32b7b5699f941b6029cbe

SHA1
d6aafcfdc80bd5ed75ee3742b0507959f0a07050

SHA256
1be37d289534091aed5819e6b7bc5ffb7267ac02c4ec0a664ea48121cb44e42f

SHA512
0b18819dd40be282c67626076a9ad2742c3e27a12bc16dbd823d00d5ebd453140f05aa913614a2ca700b9bcbec349eb19f7875ffea4ad31f89a784cfee560715

Download Submit
/data/misc/profiles/cur/0/com.cebucosu.reboot/primary.prof

Filesize
986B

MD5
876384aec3c1f9a050384616c419c362

SHA1
ad48123f9e2566753b678d41975785d94878469b

SHA256
fea8569052eccbdf3ab077ce82bac1719f4a0d9b7af5abfd34a4bb58f51f36e9

SHA512
f95c6720b91b6b7ff8541ae64ac347c9b5316a9b353abb13b0d8602b92bf1a2f34ef61da2d5c5b399ab17a796dd3dcb8d879bf43acc75931e3c593ace9c97803

Download Submit
/data/misc/profiles/cur/0/com.cebucosu.reboot/primary.prof

Filesize
200B

MD5
4653f8fb36af16e13ae871dcbf56c8d1

SHA1
8e3b413ed0b883af4da931fc10452d2e37722289

SHA256
7b1cd6da4f2a0e427a71c9f70d1dc7c88651511c97b1400ff688415acbd8e183

SHA512
b25a050cb3873922d82a15f285dfb6efef8cf9272e6b4785819d9fcade6d25e96aa01310b457f58cf2d29ea93dadbd6889d898ddb88c5524c00f65cd638c484e

Download Submit
/data/user/0/com.cebucosu.reboot/app_base/JSabX.json

Filesize
1.3MB

MD5
2b1e8923ab1b0518184baec6fb4a3a67

SHA1
b1bacdb2414bc359dab8b53d07f33c6cbfc0ef0a

SHA256
b709f5fd7142dbf46201215db2fd639b099f5cbee3aeca4dd87bcad1d8544fad

SHA512
159bf36ca32b80759e216819e6185d32398f7a0bd55d4b1c28a83fc740e4efe66160620e696fdacbd470eba1ecdca8ce017e20f3f73583d192c46647429963ad

Download Submit
/data/user/0/com.cebucosu.reboot/app_base/JSabX.json

Filesize
1.3MB

MD5
071dbc741ee23c10d0ad3bb45bbab252

SHA1
f5862ae43df2c30378d59a852c3d5ab28d688c90

SHA256
de8e3dc9b1d38de87d8616c57b81ef64ba427c42b0c77c491cb06f3b60eac364

SHA512
b0570a0284e6e79912736f2859f09381c796e7658c1f49d4e7e68a569b103b3496cd953890b6de2beeaa2a5ef709cbb888f65048c68855c4d62ba5e65f0897f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads