antidot | f9f4e2276c241659da8988e5f825696f1f4767650aace15d1a942385444f4321

Analysis

max time kernel
104s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
03/02/2025, 08:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9f4e2276c241659da8988e5f825696f1f4767650aace15d1a942385444f4321.apk
Size

9.3MB
MD5

83cc7472eb4efc947f3d7c1ebd410e85
SHA1

3a53e523f11f92583a52bdfbf0295ce07b825108
SHA256

f9f4e2276c241659da8988e5f825696f1f4767650aace15d1a942385444f4321
SHA512

a21e74d215ea1b9102d4347c5ac792c2f0b10c6164c9a4f1fd27d8d83b626bc3a8ce9dbdf5128fe69c3d1bad63e044ba853f37b13f0e486828a1c174364bd4ee
SSDEEP

196608:A4lFVbU5pQTOnctr8s0JCASGGS1XVDRAKuQ8bgPTPR/J+JJkQKQgJtj:lX2kOctgsNGGS1XdSKKg7PRgJJitj

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral3/memory/4512-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.zabogutajo.associative/app_catalog/KMepQ.json	4512	com.zabogutajo.associative

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.zabogutajo.associative

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.zabogutajo.associative

Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Intent action	android.settings.MANAGE_UNKNOWN_APP_SOURCES	com.zabogutajo.associative

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.zabogutajo.associative

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.zabogutajo.associative

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.zabogutajo.associative

com.zabogutajo.associative
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Requests allowing to install additional applications from unknown sources.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4512

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zabogutajo.associative/app_catalog/KMepQ.json

Filesize
599KB

MD5
8d54f2b11dfafc29f7e49d1976515bfe

SHA1
b5a9758dfeb6934b9b5ac9612b36cb32658c10cd

SHA256
75dfbbfb6add3c586de315b6c88797b8a0dd7f77372469c1eb48f2e0d5715444

SHA512
dec76737422c2a507c7f10068f3470bcc6c68ded0d0515f90a3535d1fe176c757ff9957599102c757a42399f4586bb8efdfc1f5f71f3c11f09ac1e37fa79e4c4

Download Submit
/data/data/com.zabogutajo.associative/app_catalog/KMepQ.json

Filesize
599KB

MD5
ee6fffae01e99c3f684288656d8274ce

SHA1
bfbf5aee5fb09427e351bd89f217adc66360370f

SHA256
2f5054d42e939b76ca72093143256869d1ff0a92f6155f1a13d3a1bfc924619b

SHA512
3762b530d5d44658dfc04cd8cec56f63a07fbdb5c7d760fff87523d461938ab8b3f964dad886834bb538940c57611f14c1022d2af8ed9cde68e51b8080889d6b

Download Submit
/data/data/com.zabogutajo.associative/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
988da97c3d1737b1938a2539e6f6a2ff

SHA1
262dee39e0b4a6f22532ac6d5bcc5208ba9c432c

SHA256
0628c73270782ea5963bebc6c8941a659c2ebe20877b6f73b818740d050afbaa

SHA512
9646a0e4edda9421f51631fa83278aaca05ef5d99f6a1efce05dcaa087c5cc5b864b391541906afc684a95296e8c069bf8483d0f1b8c89e2cf958f849e10321e

Download Submit
/data/data/com.zabogutajo.associative/no_backup/androidx.work.workdb

Filesize
136KB

MD5
b0b720d40cd53144501562bff294cf7c

SHA1
3cf19f45c2ade12184eafbe289f54d4d83659655

SHA256
3a4e06367c8cdbb1f6d9220f66122edbc80dc8dc268536edd4cd2d7aa009b094

SHA512
dfe667b4a143dd83fff9e362e03e70847f81bbd27e65e0f47e67ff66928fd4cd3ff54f06c1a690c7392f3bd4752e058fab4e689fda37907539f35b11c388793c

Download Submit
/data/data/com.zabogutajo.associative/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
4b8dad445d88b7bcbe1ace3810696915

SHA1
4fe658e51e32e5b5995c35836e24e15140901042

SHA256
18c6b7ebf014f8e48b236ecb9539dbc6505083e91e62e0b51993e9b123881341

SHA512
6610a6ad14a021914d23571d8dc724aa3b5fcb7f289ca530beda24416347d92abca708f2a6e4eb21c98c13733a994958dd7c960d47d61f3e78975bb049235719

Download Submit
/data/data/com.zabogutajo.associative/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.zabogutajo.associative/no_backup/androidx.work.workdb-wal

Filesize
422KB

MD5
0d005bee6bbb4f59c640491b312ffded

SHA1
1823cef2fbe3272129e81cd593863c0eb49c2909

SHA256
5a9a2bc161d001462530ace2abe9acdaf8fc2773d1323b0f845324500af742ee

SHA512
bf5cb47c56c1df96bb6874f18ad8db4b692608d0f3c0cda9572af76c36816952e1f3540dcc65b8e25e84d588d236509d8d603edbf4ede3f4da8ae442fd4a84b7

Download Submit
/data/data/com.zabogutajo.associative/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
fd3266828507029f4616635fb8faf98c

SHA1
90f5ee369533d7e0b07bac9dc78c88d13cd75e2b

SHA256
814bb315c44ca053fb450e946a82806674f2c81e4f3e3c0b070309cfb3697d95

SHA512
cc6096acd19d1f5b17fb95952541000acfb3373347a27f968af1a1789e4cd48560b6fe950fd47b58f8f13e149c0e4d086220ca79703e1dd3117302268ffba135

Download Submit
/data/data/com.zabogutajo.associative/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
deba7c3d21d889488761e16f864bdcca

SHA1
c3eff2e843b7c479f12ed8c17477d44e9b9780a9

SHA256
4838714b377e3ad2ffdb5fd00bfbe243ce71afee18226ecdac0ddc7dbef1cf78

SHA512
7b7a94810c2d50e368f0d30e88da34c22480c6fcb82ba1eb6bdb38c4dbedd2e0497cbfede7fabe1af7b2f67093e56b89ef3f1cfc433c2ec8aad82ea30ac9934b

Download Submit
/data/misc/profiles/cur/0/com.zabogutajo.associative/primary.prof

Filesize
992B

MD5
af3aebbdb82e74bf3dcf3589571946a1

SHA1
22a45285964cb6ab4bf7769b5130e6667ad2e3e6

SHA256
672d9c161a8c01d29c5112de65386555a10aa29f46eff389ad98d44acf15b0f1

SHA512
aeea4d0ab87586e86841f1ccb83a2c3290404e59f440592666e3a90a7d0ff12ecf373fd237b4ff76ffd7670399be6cbd6e0a30b7722b9af0bddf5d427e011dac

Download Submit
/data/user/0/com.zabogutajo.associative/app_catalog/KMepQ.json

Filesize
1.2MB

MD5
c0e426c298c5e4a91bf535fd1ea8815b

SHA1
cb9a2aef0350fedffaf6c0d192afced329620bee

SHA256
2640de71a9ec4b517cc57d69cb5da2d7bcfb1d7ac9be758e9b78aa6e0af1585f

SHA512
9b0cb113c7839f5fbc8090ff3941a503a5e0622ba06c5ec1ee922497c8f0f9dd84b903821a7f5703840e1b2a72de1fcd2dc4c12f7aa01fba0451715fac699bca

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads