antidot | 84b94edbf79d057dbbdc9f8c009d5d175464f0a069bf4c1e9df1b07cc245d15a

Analysis

max time kernel
27s
max time network
39s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
09/02/2025, 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dixeda.apk
Size

10.3MB
MD5

8a9243247c1dfa0b249fae01f49b69a7
SHA1

c54366269d767717029e642081e63d2f1d9c630d
SHA256

c38e6e24e5a311958664492cdf5af99f8eadad21cb8aae07360a27cc044b293c
SHA512

a75c912eedc64c213d9c45a04af13e8c61eb6236616edca7e30c1dfa4dee42f6d405182a2027e0ffa821daf33d517f4693dea2eb349fdef7686f3d0a894c56d1
SSDEEP

196608:u9ecLSEPZI5mKfyGNUc/FXIvQwrKOYErSs2:MtaxfyGNUc/FYvQwrprSR

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral6/memory/4461-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.kiluduzexi.base/app_nose/CDyGNEQ.json	4461	com.kiluduzexi.base

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.kiluduzexi.base

Requests uninstalling the application. 1 TTPs 1 IoCs

defense_evasion

Uninstall Malicious Application

T1630.001

description	ioc	Process
Intent action	android.intent.action.DELETE	com.kiluduzexi.base

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.kiluduzexi.base

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.kiluduzexi.base

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.kiluduzexi.base

com.kiluduzexi.base
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests uninstalling the application.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4461

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Indicator Removal on Host

T1630

Uninstall Malicious Application

T1630.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kiluduzexi.base/app_nose/CDyGNEQ.json

Filesize
948KB

MD5
966c4390212092889732145b87cffd69

SHA1
b51b85a90ba7cddce230aa1df71c5a4c7a0cc1b1

SHA256
f61ff8dbd7f91c0d3b4feb07171661fc47202b0f5f587f2c35e9fe5da059a514

SHA512
fc6f04d88034545c5455120ce77f13b541a7a04c2dc9013cfc7bd15f778f884e7025f96adf0e511a715799f65be8b114ae224eefa6099f529f70a4f1b6a954f3

Download Submit
/data/data/com.kiluduzexi.base/app_nose/CDyGNEQ.json

Filesize
948KB

MD5
f82a8de9423100666d64fb0a21fba46c

SHA1
d412e6be8f7ee165ee59b133ab19c636b5d4eec8

SHA256
d035ab5d11cccd31953071c94ca120a639a18772490c696d20f7d35901e1bf37

SHA512
b5d4452b1c000cdbdcb4a838778b4624563c4f14c5d48e2c698155cec3fbf3a24ecb621fb44e2dddb254daadd7ab077cc53089d99da2eee6d0fd06d9e5d7d528

Download Submit
/data/data/com.kiluduzexi.base/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
46ada9ab5676344bb129cdf4cdff56a9

SHA1
b8e09c5c9944c124efbe173bd5252ec9a1ed46d0

SHA256
fd810c0a1235d66c0f6bc7719dd48ae6de46ec2b36167d8fa8b197fc80b895ad

SHA512
49509ff84aaf0055810558b755dc432ddc4fe1fe07058e25484df142aadafe024fb7d54dfeaa908f1dd3dfb7ea584beaa25c2be047dd401a4db7d3abbf81762a

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
fc47dcdafcc1f93a3ade2d4052340b59

SHA1
2452162f03bae41e077021dd10b4e618fb04aff5

SHA256
fa2f9e4906592afb4610b51b6b15f99121c5f4ba4e73832e8cb37cf212b375a5

SHA512
7ab8c3c787e19bc9c6d075103aea97e04ee6b35c0115274271afcb9bf4e68acad46f2b6e42052a526faf66af2a311f972e32d394a3ee8053c38e3f8a13dcba6c

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb-wal

Filesize
273KB

MD5
dc8f6d6cce81adb73afd11d05a7c0b5c

SHA1
1c5bd3a95cdb0f86c2fe4c6d678b434e25f3c966

SHA256
b5230cd745d226272b405d86fe967a9fe317c9ff23cb0f76543f7d4f528d3891

SHA512
ce7902bc2fcb248419a79723be3f3a709bf0999cbb8720ceba60d8b135432b7671e491fcc232ed809a5abf1d3513f4e4dec1e97571ae8946af3249d1f28fff7e

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
665bc8c12c46604509f31475c62e0820

SHA1
9d2ad336afecd588314ea738548416ae499065c0

SHA256
89a97d89d5c2425f937275da3e89b820d6ee766dc0ea52e2acb2085ef5db4194

SHA512
7619db5d8f55d2c891fbd7dbd2da0929f3080953244d45f120f093820c4fca5004123c2a3ceafa050a506c5520e928778249235db6508b7a23a4ef8637b50e84

Download Submit
/data/data/com.kiluduzexi.base/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
1ac0d61ea0124ec6e0287c228605c34d

SHA1
1b369ed9c901eccc829067012c3e9c326781996a

SHA256
2a893f7a0bff369579401d534957b191def68c96fee12a8ce442e70146fac789

SHA512
797969dbd231c767f21c10893bfe84f160f66b56764920b909e5e29b65858d4d06d1de560f40058f5523f1ba737b07ecfff6665fa5f6659005ba0f0e086f5251

Download Submit
/data/misc/profiles/cur/0/com.kiluduzexi.base/primary.prof

Filesize
1KB

MD5
fc80600b409d5d7e3364c908df8f21a2

SHA1
af25e69065c632d65a48dde8bba8f45c3132258e

SHA256
8e4eca89dd272d6eae44604e9702db84af4f9f51680e9a0913ea83e1b53592cd

SHA512
d4d5acea3ef1462efd7edb59c92839a995e0ce663a9340fcd6794af51a56c66a8438af087e8ad7eac2da5520ca693c6b68fa1ab44fe4352250b69c46162c20c1

Download Submit
/data/user/0/com.kiluduzexi.base/app_nose/CDyGNEQ.json

Filesize
2.0MB

MD5
e9dadfcf351f448b854dd8b1a3e61de1

SHA1
a854ec48c5af859e2c561ca948d533d002c3811d

SHA256
39ffbca1a1b7167e56bba3ba378af8f284471d84e05972cec65e7c000960e05c

SHA512
bd21ecb20b49a93a4d27c8ac213d38d44bbf2c85c99e92d6ac337569a249a9d5db8b842ced14b6a6bada5c527be8600fe089e6a3f46e7cfd2d22f6ccaf4e69da

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads