antidot | f9f4e2276c241659da8988e5f825696f1f4767650aace15d1a942385444f4321

Analysis

max time kernel
144s
max time network
155s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
03/02/2025, 08:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lebezewa.apk
Size

9.7MB
MD5

0772b1116df1586b419acfbff9f8d96c
SHA1

827f307ebf5f3abaedc31645b5ec43203cbef72b
SHA256

85f24e29fc5f68f2a3a456fd749e887958758821e6f6512fbaee2f54b6bfc0e5
SHA512

95199611de6c507b54bf7bc162c5e8cc5543a215c08d7cc04ec1ab4ddfce50da66a24e5a58e4d43cba5eec0af3f0469bef81b54ee342fa24434ac9a5fa2cee1d
SSDEEP

98304:Fo/KrqB9EBvkB9ph9JyArVO2jmN9hSjGUI+YJqob5POoeT0wUar+qe+7eS3N8H2J:e9EBva9HyhAiqOA09qb7Rt

Score

10^/10

antidot banker collection credential_access discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral5/memory/5051-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.fagulave.data/app_industry/IIWn.json	5051	com.fagulave.data

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.fagulave.data

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.fagulave.data

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.fagulave.data

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.fagulave.data

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.fagulave.data

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.fagulave.data

com.fagulave.data
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5051

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fagulave.data/app_industry/IIWn.json

Filesize
944KB

MD5
3c3dce925bca4251fcc017ef525599a9

SHA1
7bbbf0f840bab1b7dbd4e5968273322a307c6769

SHA256
b3c1b868e9080b12bb73b5ae8b6015afdb7947a0327472c831cddf888441afa5

SHA512
8e9f91d9a6ff24316be3778d2ed34d2fec7690679de851aff26387029f8001d7460df4d82cdea00fa448dbf31e17a275fa76997acd6656ae22b715532d97b173

Download Submit
/data/data/com.fagulave.data/app_industry/IIWn.json

Filesize
944KB

MD5
18271f23882b6c16875056c505e5e168

SHA1
7db2c8f0cd909f8ac1b5951dee454e93cfa5d2f6

SHA256
40d8161b62c9ec1d6b3673c9eaa7ef796efdcc032c010422d9bdf2942a543264

SHA512
c0a884dfb31ef67c758ec6987882f672b950353fa9b9228d5231ad4e4ce50f0e92414a94021620c09bac3ea39e3f7420974a8cac363491879b77bcf1ad05c044

Download Submit
/data/data/com.fagulave.data/app_industry/oat/IIWn.json.cur.prof

Filesize
3KB

MD5
757fe891a0ef39d0008fc39c42c5b617

SHA1
45e17d35cbcbbd5e984d370fcdf48437c6a4c6d5

SHA256
ccc76a56b55f45e674faf3018f975fd1348d850be1b542132b78edb14cf75f27

SHA512
c01f40b681562efbd2df9fdd1461afbaf648bddcd901d009ad2602394b4146fbabe93917a8b062bb78baedd34853944f71290276db83050b6074cc1e1a9b58a6

Download Submit
/data/data/com.fagulave.data/files/profileInstalled

Filesize
24B

MD5
63b13a129b0b8d718374a0c6cc37392f

SHA1
32494e3977aba6bfa127fac3b68569a184f406e1

SHA256
de970494964d00d6cb04482665ef81faa34b056f6b2f2fb5dec2b0bcc46d50d9

SHA512
37170b4b52c1210d0d1fca9e7376f3d23aed20b81e30482e6c0d2420419f7e012f8b04d044852f63894f7d0f88641c7696e7e2593fb795c045fac37f9d1219d8

Download Submit
/data/data/com.fagulave.data/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
1dad229e28fe5585b1c94dcb73567ded

SHA1
e76b3df81108bf065abf755fa8b2a62fe0b5eaab

SHA256
1b43cfbfa320f05b2903cdfa06a71d3f42be9e8447975058b11d35c2762842c9

SHA512
3c314ea55c563b65e4e927f7151144a5d19c6431dc84d1221293a435a96228816c65bf27ee9aa6ec749a54867ff47e11bef93532f959fa21f570717e7340e9ec

Download Submit
/data/data/com.fagulave.data/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.fagulave.data/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
fed641a9c08216426277b96a34f67364

SHA1
1de07470d32f1b593c0413d114f7dba65b748813

SHA256
6d1670bab859f01591e7a16f45d409df14c21cbd7e6cefb92884a5b92b354f50

SHA512
126b4a1e516ae223a27c5d77103946bd45493c0797ecd7ab0dfedee168ea3c5c6b0ca87eb7eb3f33c48085925e6a3423b7444245a13386f4da290962ce47c7b3

Download Submit
/data/data/com.fagulave.data/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.fagulave.data/no_backup/androidx.work.workdb-wal

Filesize
358KB

MD5
2567fe2aabe47a46e1b6db63169b4585

SHA1
2164ffd834f0230ade86a281d9ba9ca4720ebc97

SHA256
0428d35df1535fa507fc6483388f47a0820e95b8d26374dedd0fc413e67f6cc2

SHA512
ed7f367eb992046d3f49a032d231fb7fa82fe62fd70e2dbaea53ae1828362a66edbe95ed71e8ffc346828cd555d4c2e82d41e70844249e8a4bbb3b5db429f5fc

Download Submit
/data/data/com.fagulave.data/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
f41b3aebced2c316cabe1236363e487a

SHA1
538005ad062ffdc983013073a2a41c771981a53f

SHA256
e3ab1f0c77a621a0247e0459b114c8edb2f8282bd7ed42450daacf6a0ca58103

SHA512
01dbf319386d36361d8bbd1ceb077a63ea6a3e620ec9cc817a5d5bc61b898e686d79894713eda374a21b79d66d8b900fa7c06969931b4d95601f92fdf3a9c86f

Download Submit
/data/data/com.fagulave.data/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
6bd76a363d3a10b989d65afa236e5310

SHA1
e685f5133c251fbeb2c1a06ff9692fc5d3e931ca

SHA256
ebdb9ee0c5df5bba7569324cd239f7a138ee84284c654c8825b97a07df10bd37

SHA512
dfe2efd693c711414031783a8d556af1b8b440ac9813b8a844b1446d9a5ef4018485f1e45a5ad3481bbae330fac744b9c80df32e016fe406ebbc2f363dd04c34

Download Submit
/data/misc/profiles/cur/0/com.fagulave.data/primary.prof

Filesize
1KB

MD5
9f88180dd99bf63e87c27877ee8d90c4

SHA1
bf9befefb8895d416fbf7cee2c545bd93ecd23df

SHA256
69d9a9b85b46126cf8d83489f0e39234895e15811c2ea1fd43e424fda0d68bf4

SHA512
0d49a33bee14c38f6904bf37f90577b24a8f3a3584be18a2f6ed07ea94f909d15e9ef834995713f4281e79345e2cc9e05aab8380db2a803533434f8ca855d20d

Download Submit
/data/misc/profiles/cur/0/com.fagulave.data/primary.prof

Filesize
211B

MD5
57c3524a9273649c1ab88fecc0e371b1

SHA1
d666a6c67af5f1b80532277eac01096a5edf2c7d

SHA256
db89a71d2efbe6e23e26868af4e73c5f1eced50abfddc0dab62ebf00d8fce82e

SHA512
ce943a0c1be1d3d5ef3a6f246481cd9ce481cdc4d26b62bc7c5100dad0c596e0a621cefac142e2a14ad2a72f7829af5258aa50bcf5d457fb43f72c4597e8d6c7

Download Submit
/data/user/0/com.fagulave.data/app_industry/IIWn.json

Filesize
2.0MB

MD5
6c9ecd07c7b836a605735aaa2b471d33

SHA1
df899e99b62feb0fba0a60975246320e314a713e

SHA256
2a9236dfef0be510cdb9b69b933ab69d723bd34fc063b00483dd57c7f0d84c1c

SHA512
afe3733c2742b272266dbf505ad5d0998c88aca0b1ba1dc38105effd94387569332429a109930aa1d225fd26d0311621d94bb23addd21a62745a5a5a4b127ad8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads