antidot | 14a0995d3a1008d8027a90a2696ef4452225c0411693b4e82e45cd50b1781cda

Analysis

max time kernel
149s
max time network
137s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
04/02/2025, 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Update_130.1.6723.108.apk
Size

8.6MB
MD5

591bd3375176c120e46620897117230f
SHA1

17bb2aed71ce0f1bba8d1d288c695d2b2266b016
SHA256

14a0995d3a1008d8027a90a2696ef4452225c0411693b4e82e45cd50b1781cda
SHA512

bb4dca37d6eca6282be01a79a073f9d06f4602397a07459efae6d8583daac549e7b74772ce279edbc483451c86741ffb8e168e81378dcc28adc6a931edfd1cc0
SSDEEP

196608:kMJlMUPUPu0H2v8LBhGrmJmn8ihzrfcJsyu5tW587NB5F2qwWbIm+KaeTx:EUPUmqc8lMiJmn8ihz6/u5tlvbqfu

Score

10^/10

antidot banker collection credential_access defense_evasion discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral2/memory/5071-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.rapupacupo.constant/app_top/Xw.json	5071	com.rapupacupo.constant

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.rapupacupo.constant

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.rapupacupo.constant

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.rapupacupo.constant

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.rapupacupo.constant

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.rapupacupo.constant

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.rapupacupo.constant

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.rapupacupo.constant

com.rapupacupo.constant
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5071

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.rapupacupo.constant/app_top/Xw.json

Filesize
599KB

MD5
d1844ae27bca4357fe4e3d67e259d8f7

SHA1
c0fc8d7de6ef4698ff85b2442f646477eee88e54

SHA256
2421ca9688e09ac90f9d4a97b5f26c73eec6ccae5062768269ef3f5bb042d858

SHA512
6f1d149c46151b912b27d4f64abd1f5d8e8a4d940517f7ec4cd47cc0545e97803396f6012d50c72cbf4ca0292cdfc29189f816b3f79079221759fd2e9e6795fc

Download Submit
/data/data/com.rapupacupo.constant/app_top/Xw.json

Filesize
599KB

MD5
085cc84a2fb4e5c6aaf3f64fe1397e74

SHA1
022962f1dfc01765f93e7f18433a1e912df43249

SHA256
91fba40c8cfeb10aa74e49a2770a8ad453c5183c50c2a90950e2470dfb761545

SHA512
d398badf46a883e2ddf4a957e90daac6b45a3316dca06d583874779e91ab681961a9eed4e4dea4ecbec14c3cb4ab2ecbd29b57802fd8231651b21307f189e92f

Download Submit
/data/data/com.rapupacupo.constant/app_top/oat/Xw.json.cur.prof

Filesize
2KB

MD5
9dd5822251de28bf4bfa6980e2e03b23

SHA1
40a5453f8f8053e6a3bcf51de0007d77283e048d

SHA256
c55acbefecff2bab8e17723f9a5b0344690ddc04d9a3ac312af66e86e6409457

SHA512
5e76944ae9e40b6060574dce6b008798a5da7f4504be541ade2a0063acd8c83ea83092817775f5ea0d32ba67854e9227080d7f6b34c6a4dce61eb2196a24a388

Download Submit
/data/data/com.rapupacupo.constant/app_top/oat/Xw.json.cur.prof

Filesize
2KB

MD5
25f743606b18948b6f81166e3bf902c5

SHA1
4c1602121650053946463f6c428df8ae10cc6fc3

SHA256
7c2419022a6aa31af703d32efe956a1923e36c5041fcd0e59909785a9937cd7b

SHA512
63d9b7d6109e6305750e5c0c4c8ff6ec1367581a0274b816eeba376abc25fd47477c763b08305cb3f243ec816ce2d9f9540c66fa8e5d77c97e93afb19ee0e8fd

Download Submit
/data/data/com.rapupacupo.constant/files/profileInstalled

Filesize
24B

MD5
fb9f7007d0fc0cc04c489ed54cc93a68

SHA1
5798e219c84f3e187ec2b963a35656ca61a07222

SHA256
b8b564dc2b768c8b3d8bd02e621a3e79b241c97e04feaab7a70f53deb47adf89

SHA512
4318d328dcc2c5ce99370d75865d74076388f0cd34fa682f0921e7245d3f87fd6e657a73cb25cffaa32f52cf03b34c9bcc94bba040aceb15e397a56a53c0c3f5

Download Submit
/data/data/com.rapupacupo.constant/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
4ed5315f0e2489258b317e5bc4a3be71

SHA1
71abc9c1a6fd3b6430b213ccc78b2107f6317e45

SHA256
6a4b8558ec01ccfb791ea014bef0425ecd79ce32cb1ad097ef27755337330707

SHA512
b3e2476ca7ce2b054c057268696cca8f157277b5538993b621b853cbbc4eab4a447684787b498cbb1b8f363c29a988aacfe573264a125f211525501708915a26

Download Submit
/data/data/com.rapupacupo.constant/no_backup/androidx.work.workdb

Filesize
140KB

MD5
c7cf478376a59e9ee1767b3c8c66e5ea

SHA1
73eca542584415f1080ac4dd3d199086cd80aec0

SHA256
56d5ff5dd7a8b635d7f5a21b7a83fe5dba1df13ac9285acb30ab9f9d66bcd829

SHA512
3c922aa162c653d8a2d6f9e17fef95b362fbe79a69b94db79a91e7dfdfda40816053421bd71cc0dde19e420e1047ae0be5aa87aded1343f35ec33204ae2d11c5

Download Submit
/data/data/com.rapupacupo.constant/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
a5e0942665fb1f6f4821c2f50153a1bf

SHA1
2b30970c37136fd225e5adc2632efa275a10cb5a

SHA256
33b1ed895c5686fd674c64a695d7bda2faf6107147a82124220b95cc8860e5f2

SHA512
51cd3376a8a692c5693b75904ec58bc7d7ff59cfc083388cdf5c3bf59d601c89f2f4602dbfd7f1bf8b359eecd783ba31c9b91c8b3e3b9b89d3eb3498042590dd

Download Submit
/data/data/com.rapupacupo.constant/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.rapupacupo.constant/no_backup/androidx.work.workdb-wal

Filesize
418KB

MD5
5d7ec8656eee9667883e4ae64b0c1465

SHA1
3240b8373aefbe22f9cb1a2a56d90ea67e47d909

SHA256
bd19bc55cad0c232b24dc40ff995d2b27f5caba78497619ce889ce124164813c

SHA512
d32b0900f2dbd3b39ea78fd19586b32e9aad061ef890bd27159e66d94a11f76404afa6ebe8f136b8835217ecc6a79d3e9534f0fd54f0d3d20a778b04ac8f1a25

Download Submit
/data/data/com.rapupacupo.constant/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
45ab36933dcdf9759ebe0f7a8b52a2b5

SHA1
50852260a4ff6741b65a26e9ee6cc62ff2341988

SHA256
f7c2140ffae2ef6c2ef14da04a8580bd8f78020fbf7b5dcc327595e1b9eb8a24

SHA512
8832603604131f39d7533be0840f2dba9a7b499f9138a90de368492a4ba47e78aa2502399f008f8b75adc65e46622d710184cd445444a3c6688a72d58807002e

Download Submit
/data/data/com.rapupacupo.constant/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
75210ba5690afb454a31aa1f8cefd73c

SHA1
04b93bb9dd9a66e478d42a71e398029c76b71e98

SHA256
00e64e57ac2afcaf2310b47140008b198428b69448aa75cc07461ac7e8ceda3b

SHA512
1558ab4d9b0dbf0622ea5345bd86079f7abf3d846af1a30594c30f447c65cbc18712e648859d1b1eb74178b2036595d8dd365d1e51e20c1d96867144a4acfb8e

Download Submit
/data/misc/profiles/cur/0/com.rapupacupo.constant/primary.prof

Filesize
988B

MD5
a62872837177aa7167b3b801142f9a2d

SHA1
0fc347b628730da8046bcb33d5be6541025e8d23

SHA256
61486daf2ace84d2feeefcb6f16ca69e66324ae70a372ee37707c8527185a0e9

SHA512
e4f467698dd898968149a3c8dbc44bac6d9c1bbdc2c4ecf1021140544a7f5e06a0d1057f03ecd3221b6fbb24a62ef2c184f18fad0826bd426e46a016d5394d79

Download Submit
/data/misc/profiles/cur/0/com.rapupacupo.constant/primary.prof

Filesize
169B

MD5
8d6c735bf2aaf977301c0894d0f64d7a

SHA1
d28ef97d23262cc275c6fdaaac35484601bddff8

SHA256
a61b61126fab2cebf2b953e4c5a54bae159c3eb1235828422ace45f554b3b0df

SHA512
6783b5992a84786dee4521ab25e0c53d27104864260d12ea321de967786accbc0bad3195a96576e8126ed9206b9f80ebd24127b91895c1e692ac1d4ef1d18eb2

Download Submit
/data/user/0/com.rapupacupo.constant/app_top/Xw.json

Filesize
1.2MB

MD5
4befc32174cae29692c1cb8fb4bf8b93

SHA1
abc964406b0ea982b50bb3f312960b3302f302f2

SHA256
eabfe032fe89aaa86b895712997076542269845e408db7d2166b55d28c00d3df

SHA512
bc24cb45ffee0f8211e9f6cefb191e550abb8a637181bbbf99188968751a4f8db9a68e41e64bf03f831c8efdad504989adf1925c3dbe4e7bd08256106a8d1925

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads