Overview

overview

10

Static

static

6

Update_130...08.apk

android-9-x86

10

Update_130...08.apk

android-10-x64

10

Update_130...08.apk

android-11-x64

10

jidofe.apk

android-9-x86

10

jidofe.apk

android-10-x64

10

jidofe.apk

android-11-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    153s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    04/02/2025, 14:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jidofe.apk

  • Size

    9.3MB

  • MD5

    bb52b4b78af8fb0d90cd8cbbe64b51b4

  • SHA1

    3647b7df4ca5de696a455ef768b65d1af0b2a5d4

  • SHA256

    a8fb72748e0f1ed547d0d63991b8a46c254ca644bf5caf88eba680b1f0b23b50

  • SHA512

    ccc5756e7c95c0485745be5d1eb484a171b983a7984dc7d77e40e4d730ff5ebc375649a9f2970d7a809c9929820428b2400b1d8b03eefd52e753dee009eb05ef

  • SSDEEP

    196608:s6OnhxCYN6Dv93pJiTj4Nv3gyeYeMNeUhC:axN6Dv9BNfC

Score
10/10
antidotbankerdefense_evasiondiscoveryevasionexecutioninfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests uninstalling the application. 1 TTPs 1 IoCs
    defense_evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.yicetu.logic
    1⤵
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    • Requests uninstalling the application.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4264
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yicetu.logic/app_ribbon/yqEB.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.yicetu.logic/app_ribbon/oat/x86/yqEB.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4289

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yicetu.logic/app_ribbon/oat/yqEB.json.cur.prof
    Filesize

    2KB

    MD5

    350fc91fdf461b657e393384bffcda0a

    SHA1

    559fb670dda0ea821a96dc669987c82056d726c3

    SHA256

    48dba59e744189548c644647fcec32fe947a7dac776390f7fc3e68bce882aaef

    SHA512

    4587643c7ce89ad606d2bd483410a14b3b6abbee33b195d691d11614917c6837c7d2e81829bbd0489d7b84222b5aa3c39d69c85d3e48b33085cf9fda46271245

    Download Submit

  • /data/data/com.yicetu.logic/app_ribbon/yqEB.json
    Filesize

    944KB

    MD5

    d95c9b61429b7c2c4f76459fbbc8801e

    SHA1

    ceaec52bcb28734b73a08a0af11882674a0e0eaf

    SHA256

    4f5d6e62b08d5e5e7bd2b5189fcc993d2eb4969ea2ebf2da59a6c0856d037560

    SHA512

    463e667986937dc919d3c542d393419996a8a84702cbb5fbfcde0340f9ea111de7a6acb399dacd550af05c48095ff3a2fbb55b7a42c71fa364ae594f14dd4e74

    Download Submit

  • /data/data/com.yicetu.logic/app_ribbon/yqEB.json
    Filesize

    944KB

    MD5

    daf3a62b32bb16e318c021b23e150f27

    SHA1

    84f2bdf224edc27b900808c3e5ae92902418e7a1

    SHA256

    af16b35d5eec197dcd234a776e46b738f50788f79d029e8d9317c03b08faddb2

    SHA512

    fbd819499f6fe62faa404a55553404579798f726bd667cd713f17f1be198b4013bae7d57ceabe0a6f1e17c52dab7b32dc8f31f61f8e71cf75f4b837abed0acac

    Download Submit

  • /data/data/com.yicetu.logic/files/profileInstalled
    Filesize

    24B

    MD5

    e10da69ee77a62b8af56d74a0dc00723

    SHA1

    de56e4905bfb0168941bee8f43f58476772120dc

    SHA256

    b28773e125d27337f98c4f9483cee28f703a531c595f78f8aac5e1a28193b312

    SHA512

    e2a25b09f773dc898ab3df13082c88bb5a94c3057dd6065cb41396093ab478a6620bc69d15fcb122487d6e06682fc691905bc61c6743873c8daaf4d2b36c4a08

    Download Submit

  • /data/data/com.yicetu.logic/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    4263a84d83c0d4f2a4c082d4aa6e04d0

    SHA1

    4ea28967c897e0deb4b669b49fd0415f55c1494c

    SHA256

    4550175c8226f5498e75d315fbef0314aa8c4555531269f38509827c5ff5f909

    SHA512

    5581ec6ad5f91a8138a77d95e62adf9d73e97396725b4d68d7c850f8332817c3310f1291c8083975659bd9a40ad45da387489eb97ef84981cd3b25fdff57d26b

    Download Submit

  • /data/data/com.yicetu.logic/no_backup/androidx.work.workdb
    Filesize

    104KB

    MD5

    c421658d53fec7650372836805669203

    SHA1

    1c4e444dfb68c8415b9bc6b69d245e05a5754e5c

    SHA256

    ae59f052459afde37c0ba46672b563ad1f4558d4ca4f34d1ac91c0c255dad3c6

    SHA512

    fbcbfd17635d96353ef368630292a79441ca976c4e1b18e5d45eb0306c69230135b805f66a8bcb042365840f34d20022c1fbdec4509a84be0218322825350dc9

    Download Submit

  • /data/data/com.yicetu.logic/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    3312598f445b32934db068b632533187

    SHA1

    08358c8814df5c3bccd10519ea847f76dcf08244

    SHA256

    f669f994485c06fa684a581c632b45cde68debd14f86e30aaf396c0c9b09a70b

    SHA512

    0a35db6c528b54b3278c0a5c6b089d4e6555d7bb3b46b37d18a59af5953177787a0790a6511dfc3b7e4e728c2d9a86c9c192d0b20e45d4809fef9e301183b62e

    Download Submit

  • /data/data/com.yicetu.logic/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.yicetu.logic/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    6ff01683d8bd54b70aedcc56d6baa65e

    SHA1

    19474d82da540f4ccf98fa6aac77a0fcdbd066ce

    SHA256

    db067e7869ec3bdd132d9b0d5b259eccd9f2f8774c2c08c8c3a265445d728b13

    SHA512

    19f75d849d4e7078343a881c3cc56d8e54b643201bbd99d4355887642df082b73029710a9097f6482543169b9d807b5d746423515118b946ee13b91c620296bd

    Download Submit

  • /data/data/com.yicetu.logic/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    805f9178b53df2aa98caa5c3a3dc8a6c

    SHA1

    8d5ba83c64624a88652b066bcee26263d2f8dd5b

    SHA256

    0708da929d231e0eadd06ed7c21c104f660e13c58da2ee405c9b3049aef3ac56

    SHA512

    1d7f050325273edd89ce47e26a528588b476322a16d0b7fa92ec16d3286664a40dc3778e64b7811c7ceaf0d8c235ca202b78105656d9f917cf464aeed7a905bc

    Download Submit

  • /data/data/com.yicetu.logic/no_backup/androidx.work.workdb-wal
    Filesize

    430KB

    MD5

    b6d2350ace5361985ddee6d26f10c524

    SHA1

    0bebcc46817203f0c485caec28b2f4e7d02df713

    SHA256

    3669260cfd93e35d9e6e5bb93f441d3087bd164b8cfcf85d1394129a262f08a2

    SHA512

    556dcf260337aafb3400bce1d7a692f2335d6a80b08af016d742006a6f67206ad59adbc3d7cac98cc115658c3779f928660c9bb4e8a4955d996d912719efa9b1

    Download Submit

  • /data/misc/profiles/cur/0/com.yicetu.logic/primary.prof
    Filesize

    1KB

    MD5

    ae444ae7473a972eaa85234d3ed80938

    SHA1

    c14bee301a9528d27ad22438a084dd9cbe0ce658

    SHA256

    3f4c6a9b484a4d11cb2663682d74f6b8ff4a13fdb799ee3be3dd1482ac4dcc3b

    SHA512

    d0ddbad18941f6022a1b86db7e18db2616477230c1ff8906432e7e4d174e5e9b9e0a59d518d7a5caa91f8efe69a74bb9f13d4d2dc1bad03f69fce5f6ab4f0912

    Download Submit

  • /data/misc/profiles/cur/0/com.yicetu.logic/primary.prof
    Filesize

    207B

    MD5

    3ebe2ab39b5ab67aed2ecc37cf093479

    SHA1

    85d115ceb8ddd6ad88da0009db294a1397ca961c

    SHA256

    acc6e3f8da6e5730bc573034adf77f072ef9438053675dcecb0edeb0f0a51ed8

    SHA512

    86b9ef19b1f398cba138c83be595585514ed51befee570818139b55f384b7585cbad7a5dc44b778c8e67fddccfc4b8438a4ec2cdacb2063056ed68d6bdd67216

    Download Submit

  • /data/user/0/com.yicetu.logic/app_ribbon/yqEB.json
    Filesize

    2.0MB

    MD5

    6421157a79557d4ab710d7170df974fa

    SHA1

    eb21ffc4dd8562ac92324a7accd84c362b4887d9

    SHA256

    95ba2387bc21fc208da04addd9ea247585711df82a02f6974391e3c5de784dfe

    SHA512

    31cb8a20802160402520e1dbcc163cbed7399a11c959b93c0eaab23d14917dcf3461ed980495ea5ec5bf95dc26d39169f714289731ff23f72fe2d841093a7609

    Download Submit

  • /data/user/0/com.yicetu.logic/app_ribbon/yqEB.json
    Filesize

    2.0MB

    MD5

    3a11fba2a120b20922aa13962feff96a

    SHA1

    4e1e32e774cddaf3513875a9e3f3507e9b7c4b81

    SHA256

    8d51e4e9866bccad396d1b68fad8b0bfb6521f9c9dbed8cf3744e595158f00a8

    SHA512

    37366c617c7c2470aefc399c070c40e373517635b4e4d3da3b471267f81fd565d5a8433db87909836a1b464db4daeb16124fe16ba993a0f09d1ebd477789452c

    Download Submit