Overview

overview

10

Static

static

6

08413fa810...1d.apk

android-9-x86

10

08413fa810...1d.apk

android-10-x64

10

08413fa810...1d.apk

android-11-x64

10

wubiyejene.apk

android-9-x86

10

wubiyejene.apk

android-10-x64

10

wubiyejene.apk

android-11-x64

10

Analysis

  • max time kernel
    69s
  • max time network
    69s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    19/02/2025, 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08413fa810ee812ae53ae07a4c96f015c35f0035401e2912b6390b0cd1e1451d.apk

  • Size

    8.5MB

  • MD5

    32afeb8a25bd43d01bc142df28ead886

  • SHA1

    06ef65f5aad1182b717ea026d3c96bf7f037db56

  • SHA256

    08413fa810ee812ae53ae07a4c96f015c35f0035401e2912b6390b0cd1e1451d

  • SHA512

    ac4176bcf8ab86eba7b1deb863930eb3ce20a5e37310edb130c4b6806946afced6f47875239dc6af4cc626b53e96d35889f82adf405bd90b51c5284589146c54

  • SSDEEP

    196608:nMK8WOAgTCIhgWHhm7e6xjddnbVoy8GJe5sHMbAk/98URWq9mWCUY:IAgTCIFc9B7VoyZE5sonXRWzWCUY

Score
10/10
antidotbankerdiscoveryevasionexecutioninfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.jibevi.compile
    1⤵
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4259
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jibevi.compile/app_easily/rg.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.jibevi.compile/app_easily/oat/x86/rg.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4286

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.jibevi.compile/app_easily/oat/rg.json.cur.prof
    Filesize

    1KB

    MD5

    9741bd0fe55bf881b39912114e335058

    SHA1

    93217a84d284077dabec0106a2209e5b2dd9ff9b

    SHA256

    f993a4213198dfb8387ea7b3cd8d4b6f9e00c1da54cd18ff9116a0cc13b28142

    SHA512

    f5765da53acbbed6168db81e4f8df3a9862671728e47f7882b6944e30a4bd08ca6fcf97e8dfe6e4d8401e9624b9184106386858f1053c5a0879a200aee9c709d

    Download Submit

  • /data/data/com.jibevi.compile/app_easily/rg.json
    Filesize

    609KB

    MD5

    7b3ea71989b640092a5fcd93b5e2c846

    SHA1

    e52852fe24fbf3b4714b1598a2625940316baea1

    SHA256

    8b4a7ee2296f210adff26e7d63c7c09393f055d62b960ce62931cbcbef8290b4

    SHA512

    e34adf42bf25bed78c42e9cf55f2eb4c220dfe0e4461c09d2fa09931509b9739edcb5c79661bedff0052207d859da2e600e6e8ed1a51e95e6df7d9825d109d5f

    Download Submit

  • /data/data/com.jibevi.compile/app_easily/rg.json
    Filesize

    609KB

    MD5

    045d157bff9f488bb002b5c5b3a20684

    SHA1

    c85c2ff9c87ec0e6ab396738e90940ef1ebbfbb2

    SHA256

    14b0087d510ca09c08d26706af56557d39101484c7f874592e1e7f54838b21f8

    SHA512

    22c1682dfb7b2c3215f0344bd31a6cec0a93eeda7ec6f98933aef1ca83b310911e9e925e4de283f5285d14e373777d064398259bcd429758f790d4dd4b2ccde5

    Download Submit

  • /data/data/com.jibevi.compile/files/profileInstalled
    Filesize

    24B

    MD5

    4a2f757a9dfdd1f721962649fb28f981

    SHA1

    298e7c4f79fa4b46f49b215a97376745f4afeb46

    SHA256

    717234c4cf5f4646e40d416028dd962f18bd22e4354c21b34dca3078f56379ce

    SHA512

    a6616dd4ad44b0a6c12252014da5c47c61e88f5a868327aba31b2aeb247933254382ec029af32bd8f25b33c8aa39407cacab0bd68fb90c377a8463d275a70019

    Download Submit

  • /data/data/com.jibevi.compile/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    71a8b49af04f13f9603560afb009eb0b

    SHA1

    dadf26b540fbe9623cbcb684478b26bdcc847317

    SHA256

    64cefb9924c9dfba5a03f7bbc4418ea2bd73cd8066096166c86de4ccd5f8f7a4

    SHA512

    0baf1f423a320a834ce3dd27a4a8742888af1aa5925796fc0a52c136ac2df53b52af09e0ae66094847124269b0318088f61c322339ca7c8698ebd61efb3678e8

    Download Submit

  • /data/data/com.jibevi.compile/no_backup/androidx.work.workdb
    Filesize

    112KB

    MD5

    95070c461cd71a007e000ed41ec281fc

    SHA1

    3f8ffce1c10ec00d899cfc184ea27abb408ceda2

    SHA256

    788de9b20164bbc17c225cc678de8fded570de161db1bc07e8a96026b48e7811

    SHA512

    0888d8d66013728f7aca903d5b2153905a951e8d20993eb45578881c2c10225a821be0499506a1b0880357bcfd98c44c85bb19f9909b4f4d5b9d776a2c84022b

    Download Submit

  • /data/data/com.jibevi.compile/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    3ce9529281a5b87818e609ec42703e53

    SHA1

    1e80a3678289486ecd523bb5ef0cf248b47ae81d

    SHA256

    231a6a5ffeaeeee913ab6654965fb86ddb17ae1d6d5995ba46c9d81baee51888

    SHA512

    73a3a19ac62d0c6bb052fc560ce36e65e35223b580f622356e49bbd8450ba75bbb5660f542fc6495c2e2ae529fa6aaeb5f99a51ec6cf2eafbfb6e9b600cbbdbf

    Download Submit

  • /data/data/com.jibevi.compile/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.jibevi.compile/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    2ab244b1b6433f735ac86ef0cce6f40f

    SHA1

    5fbabe510a0e63134cec1bb041aa7421f63d8fc2

    SHA256

    636569724b9818a14746b8b048038f2efdc269459c5448d1686efdb6841e87f1

    SHA512

    a5edefc0cdc55443b157715110bd24467dab1fc64f37bc36dc9f4f9dbf01a45376da50fe0c164d6b83235acf6ddbfd513236866dcc568c6868817841d10a04f3

    Download Submit

  • /data/data/com.jibevi.compile/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    13446076e89b3d2aad3b6423e0b05d1a

    SHA1

    dfc3dfae91dcdc856f08d11642362db81d6c18e9

    SHA256

    22c8e2aea8c098de09643f5f246d9aaf36c3fad64ed8460e0a3e064e248bd11d

    SHA512

    06913ffb9566897437a990e7794d54e2a160ea3dbbb4d703dc17c226416ff4651fa55ee4ae3caecf3cfefc4ef9d2641a71aba9fbcd9c73cb2aefb4502a6bcbf3

    Download Submit

  • /data/data/com.jibevi.compile/no_backup/androidx.work.workdb-wal
    Filesize

    414KB

    MD5

    79ad5806646cba9c8b387cf70dcfec47

    SHA1

    179cd1441159a793727deab0b531261867f38d84

    SHA256

    56e4d99c7254156e7845cb8244fe0bde323926db7514ab305aec49d00dc5d51e

    SHA512

    91f3d34c175297bbfc8fcf9e402ac662fa16a1520557dc275b4b81a9b40ffce6ff64e5e4892e2f1f475dea8cd170eea2bce45daa4d9bda5be6888d2bc9c654fb

    Download Submit

  • /data/misc/profiles/cur/0/com.jibevi.compile/primary.prof
    Filesize

    988B

    MD5

    940a1c839f01001b404675f3dcf67e32

    SHA1

    7b36f2ace798a881427ae030f3d170bed31edd27

    SHA256

    9e9e38373a133791171a36086d2e72719ac6de2f781316f89e43c3442a9b2535

    SHA512

    9966b80c79488806c520977f4d2e507d7b699b53f8ea46ff51752d7da23308677cb449aaf7c0a7bdd2880bbd53bf8e1282153af18c0223b633e21034b34cace4

    Download Submit

  • /data/misc/profiles/cur/0/com.jibevi.compile/primary.prof
    Filesize

    208B

    MD5

    f7d7873a2d742837e26ee5ea843dbf6b

    SHA1

    7922326f160f014b27d24f5bd8982adc69d5bd77

    SHA256

    357d51c934e33b6dcc0a53552c2cfffc62b7a886a72f62a12435d4f1a853bb2c

    SHA512

    129715457469c7988c373f15bcd890cac4e28625e88e7a0d3782c89e1754186317257db094d6422c4dfe7fe55fff0b875a5214a8c44cbc12f7402ad98443f57e

    Download Submit

  • /data/user/0/com.jibevi.compile/app_easily/rg.json
    Filesize

    1.3MB

    MD5

    12522f2a89ef49160a8f1af33a1c81d6

    SHA1

    a8085728fe201372064af83fdf1b37881dd4c4d5

    SHA256

    3fcb0b53a128c7621311fb6b225aacc69be0070432e568700fd26564a8613678

    SHA512

    354a94b17485d0c039fb6c9e54b8ed18f801309f276e1652fea876876a913857f79198a2b39aa428d03d0a470a68c5f0800433a937135101179f3ef29d51ed80

    Download Submit

  • /data/user/0/com.jibevi.compile/app_easily/rg.json
    Filesize

    1.3MB

    MD5

    1a96b811cdbcbc88680622d1abd486e4

    SHA1

    fa53100d2df1e32c37922b47c2430111f6e1c4ad

    SHA256

    acd82a624ee49cfc98ad667e69828badcebe58cbae3403ae40b34cedc288efec

    SHA512

    cf59245bb7c3ea562cd55480b649f47263dd34d33d807cb87edf821f281ed76f1f48995d735ba5839f910b8463377c90045b48f996b3bc57f2c2f628bcfb42c8

    Download Submit