antidot | 14a0995d3a1008d8027a90a2696ef4452225c0411693b4e82e45cd50b1781cda

Analysis

max time kernel
149s
max time network
147s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
04/02/2025, 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Update_130.1.6723.108.apk
Size

8.6MB
MD5

591bd3375176c120e46620897117230f
SHA1

17bb2aed71ce0f1bba8d1d288c695d2b2266b016
SHA256

14a0995d3a1008d8027a90a2696ef4452225c0411693b4e82e45cd50b1781cda
SHA512

bb4dca37d6eca6282be01a79a073f9d06f4602397a07459efae6d8583daac549e7b74772ce279edbc483451c86741ffb8e168e81378dcc28adc6a931edfd1cc0
SSDEEP

196608:kMJlMUPUPu0H2v8LBhGrmJmn8ihzrfcJsyu5tW587NB5F2qwWbIm+KaeTx:EUPUmqc8lMiJmn8ihz6/u5tlvbqfu

Score

10^/10

antidot banker defense_evasion discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4275-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.rapupacupo.constant/app_top/Xw.json	4275	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.rapupacupo.constant/app_top/Xw.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.rapupacupo.constant/app_top/oat/x86/Xw.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.rapupacupo.constant/app_top/Xw.json	4249	com.rapupacupo.constant

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.rapupacupo.constant

Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Intent action	android.settings.MANAGE_UNKNOWN_APP_SOURCES	com.rapupacupo.constant

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.rapupacupo.constant

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.rapupacupo.constant

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.rapupacupo.constant

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.rapupacupo.constant

com.rapupacupo.constant
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Requests allowing to install additional applications from unknown sources.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4249
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.rapupacupo.constant/app_top/Xw.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.rapupacupo.constant/app_top/oat/x86/Xw.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4275

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.rapupacupo.constant/app_top/Xw.json

Filesize
599KB

MD5
d1844ae27bca4357fe4e3d67e259d8f7

SHA1
c0fc8d7de6ef4698ff85b2442f646477eee88e54

SHA256
2421ca9688e09ac90f9d4a97b5f26c73eec6ccae5062768269ef3f5bb042d858

SHA512
6f1d149c46151b912b27d4f64abd1f5d8e8a4d940517f7ec4cd47cc0545e97803396f6012d50c72cbf4ca0292cdfc29189f816b3f79079221759fd2e9e6795fc

Download Submit
/data/data/com.rapupacupo.constant/app_top/Xw.json

Filesize
599KB

MD5
085cc84a2fb4e5c6aaf3f64fe1397e74

SHA1
022962f1dfc01765f93e7f18433a1e912df43249

SHA256
91fba40c8cfeb10aa74e49a2770a8ad453c5183c50c2a90950e2470dfb761545

SHA512
d398badf46a883e2ddf4a957e90daac6b45a3316dca06d583874779e91ab681961a9eed4e4dea4ecbec14c3cb4ab2ecbd29b57802fd8231651b21307f189e92f

Download Submit
/data/data/com.rapupacupo.constant/app_top/oat/Xw.json.cur.prof

Filesize
1KB

MD5
06976ed3de12170555ad716874a0d8df

SHA1
d60ad38bf8c29b68b661aabb7e7d3ce304cd1f93

SHA256
f8b16a490dccd13bddd7ff9a0448a7894bb256dc4d9bfe3874ed3c5f45dea5f6

SHA512
0d994ae1f1a5ebef322c9dad6e5728748637c62c4e14fd3d40cde2581fb5a04f72927c9a7ebcff4f7e6d35c6f69cc7d67e44155ef0b1dbbe46e297961503aa9a

Download Submit
/data/data/com.rapupacupo.constant/app_top/oat/Xw.json.cur.prof

Filesize
2KB

MD5
6fc0e516203ec6ddf6628f0546ef7487

SHA1
5b6421fd353533e9a96fa508ef1c963fdfa83f82

SHA256
c04d41df588d241931b371c4ae522ad1d89bb4f87c3f5a20478152f4f7c12a9e

SHA512
c1b3f61dfed81b8b26e66d22904e0eedeb0744379f1acc9735bab85f5f10375850ace91380a7fda8aaf60aefed84ac4bb9b51b8d65b8ccee1fcd7f9935338c29

Download Submit
/data/data/com.rapupacupo.constant/app_top/oat/Xw.json.cur.prof

Filesize
2KB

MD5
cae0ceffcbc7dc3f947df25e1b537695

SHA1
9d5c27d86df3e40881072468610deee17a31344e

SHA256
7dfe1327463520f5d9c05271bee1e36a6c0d36bf76ef3eedd30532c4c6990f72

SHA512
36072b4b6175144f2fe45cbb239b93f5c5a287cd317c274660d7c60ddde8130672069c9ca1d1f04b373bfdb81e828d4339f2827739c1221bd1a924111d5bafe6

Download Submit
/data/data/com.rapupacupo.constant/files/profileInstalled

Filesize
24B

MD5
6c42a2ad37f6ff718d52fdd70f941492

SHA1
0344397a49453ca51763e00ecdf073b6e8edbd6a

SHA256
d7570e861b8f53ec63c5d6d41f3a49833ea5b5066f7ec31d6ad961c5cedc9f6e

SHA512
eb6494f9dbbe15b512719f7240e23954198f0d669f1898a8f687b755762f3248a537b2aafe3b3f7b07bead241fc9d36b13bd352c2eaaed6df359d856806679aa

Download Submit
/data/data/com.rapupacupo.constant/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
496552a66d029b1ef2c1cfbc56563e89

SHA1
893b32aaef32142789ef64e43b0a95bd46c96fda

SHA256
ca182c9a55742f281f5575fbe0010501f17ed7088d6fffc5163f97984eaac53b

SHA512
59495bfceb9a5bab2cd60278179456ed33b3cf93287e6ac81155e1fecee8d064c0441c08e021b9e7f8ff0aed72e3ccfc3ec04fb100f5dd1742539d529390c824

Download Submit
/data/data/com.rapupacupo.constant/no_backup/androidx.work.workdb

Filesize
136KB

MD5
e6daca9bfaefe395bead671d8f44492c

SHA1
16470a81d2d17a0d73780bcad432664bbc5f9d93

SHA256
0e2f41778bca7e61ff4fa7503f26e668c501d265cbc72d283830e15f9d24890b

SHA512
61561744fd1f4464170498c41204b5ac592dbc1ffbb5e7905f07f6505fc53345114cd6072362385d093e11e5c338e64a337a3250ff44d0d5a02c97ee01c551f3

Download Submit
/data/data/com.rapupacupo.constant/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
73d90e03488bb67a03f1af13a1a9480c

SHA1
57232a52c57f8bf7a6c8923ff1da7dbb6e2af1e2

SHA256
19e6f7fec756397307fff7b072d9949d78ed1d8cdb1c2e784c463a6bf15002c8

SHA512
84b4608a5db4af6e1db3c01d3a176998c26d78dd7d09bd5a288ae67d32e758867ccb02bad54e61c8871f78c8c9d776efbc854f5ea5f6e67cbe095ab9bc3734ea

Download Submit
/data/data/com.rapupacupo.constant/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.rapupacupo.constant/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
21be654c6a186ba919540d5406f6f1f1

SHA1
4adce05821716e8f6c8476d0b994f5b21071a5c4

SHA256
cc11c534d3382973a2273f48fffb11e95de15f5063b388147d893010e76d96ce

SHA512
d9dbd621a27858aa0cf768cbe017650803297d22cf6ab4fdc7e3bf6a612d2b39cdcfc91fcfe40cb1426159a5df9f17e4ba13e892a8945c562e6ae157f05fb927

Download Submit
/data/data/com.rapupacupo.constant/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
053d34d62eb8e7a780c22457895e9ef5

SHA1
bddd0ebf31741ca97dd3911019fa4e70c65f1c9e

SHA256
539fd73fa731e2e75fb52449ba50933a737f395ac28e0353c80767c0fe25f4b4

SHA512
f0d181901de6557bca74eca4e6cac53020146280397efc1f824d184114d123265572b4a5c939a25b6f95625f011771f4db9421ce063973d9a0bfef6c1c94a3ce

Download Submit
/data/data/com.rapupacupo.constant/no_backup/androidx.work.workdb-wal

Filesize
422KB

MD5
e83a4016266720ee16979a61d2106752

SHA1
b11608d1d0d5b70bf2dbdcac74ba10b35ac6980d

SHA256
0a7020862bf78d077e4e93aa3860473d5df465bcd8160bbd954e31d744d6d675

SHA512
83d16845f657b2c91e13a29c58769c37572e010565ce054cf25f0533bcd730d29f5dd584798775d5dfbdbd7cb2d5539aa6ff98e66781d18a0179fe1f2abbd2a7

Download Submit
/data/misc/profiles/cur/0/com.rapupacupo.constant/primary.prof

Filesize
988B

MD5
a62872837177aa7167b3b801142f9a2d

SHA1
0fc347b628730da8046bcb33d5be6541025e8d23

SHA256
61486daf2ace84d2feeefcb6f16ca69e66324ae70a372ee37707c8527185a0e9

SHA512
e4f467698dd898968149a3c8dbc44bac6d9c1bbdc2c4ecf1021140544a7f5e06a0d1057f03ecd3221b6fbb24a62ef2c184f18fad0826bd426e46a016d5394d79

Download Submit
/data/misc/profiles/cur/0/com.rapupacupo.constant/primary.prof

Filesize
169B

MD5
8d6c735bf2aaf977301c0894d0f64d7a

SHA1
d28ef97d23262cc275c6fdaaac35484601bddff8

SHA256
a61b61126fab2cebf2b953e4c5a54bae159c3eb1235828422ace45f554b3b0df

SHA512
6783b5992a84786dee4521ab25e0c53d27104864260d12ea321de967786accbc0bad3195a96576e8126ed9206b9f80ebd24127b91895c1e692ac1d4ef1d18eb2

Download Submit
/data/user/0/com.rapupacupo.constant/app_top/Xw.json

Filesize
1.2MB

MD5
3f3acd902fe57f74f9ac9d27af99bd74

SHA1
ac9b64d97a11cdaadf6bef989b64845d5ad680b2

SHA256
b47fae05944b688420e65b2e7101c9ea92455f409e02e8e4bafcdd9638c51871

SHA512
c368cedcad841b012923953fd9ab2f2195fc340dbf6498a925fce664bb3a860db8a32afc1bb9bd64b64b12b543d8f55f621ab3452fb083d630f1de9f833af7fd

Download Submit
/data/user/0/com.rapupacupo.constant/app_top/Xw.json

Filesize
1.2MB

MD5
4befc32174cae29692c1cb8fb4bf8b93

SHA1
abc964406b0ea982b50bb3f312960b3302f302f2

SHA256
eabfe032fe89aaa86b895712997076542269845e408db7d2166b55d28c00d3df

SHA512
bc24cb45ffee0f8211e9f6cefb191e550abb8a637181bbbf99188968751a4f8db9a68e41e64bf03f831c8efdad504989adf1925c3dbe4e7bd08256106a8d1925

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads