antidot | 999e95765111215c6c91cc230a8a775f9b542f8d8d52f24f4ad402e949b46ce9

Analysis

max time kernel
152s
max time network
301s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
20/02/2025, 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

999e95765111215c6c91cc230a8a775f9b542f8d8d52f24f4ad402e949b46ce9.apk
Size

8.3MB
MD5

a74d54f5da626eee43934d48bc1854e9
SHA1

ec9ffaec84db40506c1aa994bd40c0779169adc3
SHA256

999e95765111215c6c91cc230a8a775f9b542f8d8d52f24f4ad402e949b46ce9
SHA512

ecb2d2896a41d9a7b1d11cbb9bb76937bb0e96c3af31666eb917900f24d05fc6afff208ec3eb31bc737c43c5093f7c0155f71374b1824bc11cc2036a27fb20c8
SSDEEP

196608:HI7++j03CqGQPmpb4FWke/YvtX3p7K8xbyyXmmuz4s6f:a++wcQOpsHvJ3RK8pyyXmm0A

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral3/memory/4452-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.cevazu.operating/app_harbor/Jq.json	4452	com.cevazu.operating

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.cevazu.operating

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.cevazu.operating

Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Intent action	android.settings.MANAGE_UNKNOWN_APP_SOURCES	com.cevazu.operating

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.cevazu.operating

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.cevazu.operating

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.cevazu.operating

com.cevazu.operating
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Requests allowing to install additional applications from unknown sources.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4452

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cevazu.operating/app_harbor/Jq.json

Filesize
626KB

MD5
2c43cd13fddde99c3b008be8d388260b

SHA1
37c4e4764c4c54e16ca765053d81d4578745a52d

SHA256
8c1000c290e7a10332081a8db956cc97a342257213830fadee215484425037c9

SHA512
39489c7edb5f5d49617f81845e03b4e1022f4d3be1b9c1fa0402e3ccbc95dbfc480d82fabcc8ef3d80b796ff8d9e50e968f861e7914378a7c4333508fc78233a

Download Submit
/data/data/com.cevazu.operating/app_harbor/Jq.json

Filesize
626KB

MD5
1fd0b8b5040f6ccebcd94861e4931d84

SHA1
a2b659de4d2ba4985d88bd40eb23919eccfdb796

SHA256
9484687476536e04ef1fbae6665f4c08b58618c99c85079df5d6acd97ae09161

SHA512
0fe6690bbde9b74dca6ff70bae00cddbab1a1bfe80c89079463bd67bcfcf0cb4dbd5c338d131f0d1ee97daf45b3fb615ff2109c4b892f6689a69c8f3227d13de

Download Submit
/data/data/com.cevazu.operating/app_harbor/oat/Jq.json.cur.prof

Filesize
1KB

MD5
cf7b52ea32e2d94b585270f87ea85574

SHA1
c43d7bec771af572d01df951dc49707469a08de5

SHA256
a1ea9379ac65940a4444ffda3e23a390fa39ebb1cf66c7eae8f814c1eacafd12

SHA512
f3043c41d687509841d0a1e5a0b3a62252ed38124317eb66a2d38ad16abb8301a62901bccbaf38fd2d9e645d2c5290848f2545bcc4ab8d4e17f760a151ba913c

Download Submit
/data/data/com.cevazu.operating/app_harbor/oat/x86_64/Jq.vdex

Filesize
29KB

MD5
6653a2fdab03acb5b5d2ad3e9bdbc884

SHA1
69bb5778e683af2007b3dbb40a21993ecf1034d2

SHA256
3c6b2796c4f2beb92caf5f54fd995c241a732b62b3044fdfe9fd829a719c27d1

SHA512
6e42c1cf5c1a79ff6ddc4668050c20ce1c82d0573ef70cceb4d1ef01c567c3522ecc5cad56bbdb9e225722aecc53944b739c180e41e362c1002e4aebc51122d0

Download Submit
/data/data/com.cevazu.operating/files/profileInstalled

Filesize
24B

MD5
0ba0437fd7b49344d529dcb386eef845

SHA1
6322b37e0440bb6126a65357b958273a8809b382

SHA256
e7ffca76912c1baf10e356d0c556dd2b1507ec7d11541f6c19e8a45a63fc2d09

SHA512
6a6dc09c01d3e928e9f76f97b7931bec79b089f16f6288e3cabf073f0d2002f383bcc89a8c2af229acf95e831a07ecbad0a0f43d16ce30dc7974a2ebe7243c1f

Download Submit
/data/data/com.cevazu.operating/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
570647bf72504b7a5535396137697bfd

SHA1
df4c55f7cd0a62cbb941be1a41fc256fa0fc59e6

SHA256
ac4025bd24062b19d9c5db3390b7f56bb4ff4af3085925102dfe5676e5125ee4

SHA512
485adce0538f402c44ee1369cf5b8f488c53b12004cd3fce17a3955a236688b68bf2364f0047be68d0e9db0fbd67ca6172d83210ed3d995ea5f49738e3cbf9a9

Download Submit
/data/data/com.cevazu.operating/no_backup/androidx.work.workdb

Filesize
172KB

MD5
eaebeff7a0477289a4cef82ef772b4cc

SHA1
bf3880a627b6d23b9ffb4fd193db7a4fc73d2ed7

SHA256
834501226a350450413e0d798cd3c42308d95520b086670132f4af02d41a8192

SHA512
7f5e21e0435fad1c0d86ef92c1ab0146ee4670b28e353dfa451cb9d08091147db986da881751a2599995b8ccca2fbf9e925bed11fd3ccb349e955c9deecd8ff3

Download Submit
/data/data/com.cevazu.operating/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
abccc045c68aa586f2f96b0e4812d7c0

SHA1
50903d957f4eaf94169f79ff11407b36c9a079d5

SHA256
c0d22f1d07380ab751378c6768043e26a768066354f915635e502848085cfd5e

SHA512
5f1e00489af177f77e0a2a75f02a943f1b64f5ddf28b094edd9c50c5c752533615c590afde35ae510b9d3e382b004f4a7f696971bc3ca4d8a218032e71bcb768

Download Submit
/data/data/com.cevazu.operating/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.cevazu.operating/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
abc99a0be5a9d445a92e87828f954592

SHA1
77b5140118eb1d1c0750df0c9661893829952af5

SHA256
d64ef2a9e027330af3894279a8180435edd4acf5c4123b260a977453998e43a9

SHA512
40e691afecb6d309f7a8288494d0552094decffead590c00677bb1cb36bcd5d252663a95f6b124e8e56ac645de03345c4801fefffe044c01b04f0e705c50b36b

Download Submit
/data/data/com.cevazu.operating/no_backup/androidx.work.workdb-wal

Filesize
426KB

MD5
ff47745f437fd441d30ef8957847589b

SHA1
0eace0c8ee21e817e9fab26928e3d841e6935d44

SHA256
a1b0607dd5f667801dbb76abbd8b7f74756817bd76576511704853702cd1f48c

SHA512
e320d7594d6154097ba9d16f37a22cf8dfa9402b9c12c087542f514d3b1aaf7a7ef54c5160326daa43aa14cd1a52063537b28d4bb0194eb20129b312729c1730

Download Submit
/data/data/com.cevazu.operating/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
68270b4c85f9c1aedfbeed83c786ce19

SHA1
8e0c11ec1e89d08981694db0819684d54757512e

SHA256
8b769bf715e8fa1271d2b32a90eb409d0131f1bd560d0116ab4bd952ebd2f891

SHA512
c830da19794ec3623604be8cf9aba89aab20dfde65ba186fefa31ed06b97e5c3f2e4b5c1710d21f9fe3f8b6ee6b1282923c8026ca64da10ad699206ae5db8a29

Download Submit
/data/misc/profiles/cur/0/com.cevazu.operating/primary.prof

Filesize
1KB

MD5
52a6f8199248e4188288f6d9eadcbffa

SHA1
2c15ad3b6f100d96319f17361f8abfa358fa7c40

SHA256
ab1acaa5e25f89c1257aef0d42960e48a2040cc18d9e4ebe2a82033869c5153b

SHA512
22ad941f2fb91e1a56e9fd25f8f1916916792634ce2d27b5b3d82e314c97a205e4f76976f198f35ddc0d8a578dc3e5a3e7570d4397366634a20ff8a719335178

Download Submit
/data/misc/profiles/cur/0/com.cevazu.operating/primary.prof

Filesize
269B

MD5
a2157f4dc7da8ddd8649a30f2f1cf789

SHA1
d2fe335cc60a28ae5cf75cd253f687ff856bebb3

SHA256
0bd0c290faaa525eab02a66fb8ee6a1c96bef893e0487c94cf2eb5a3fa0d8318

SHA512
f3fcd877f21699813fe0d7fa62f857a09f6ff3f20f3a6a7eabb10d5342eb004badc62670da2f268e6777cb042f4805ac69b7ef7ead14eb8e4a8e1c523565d95b

Download Submit
/data/user/0/com.cevazu.operating/app_harbor/Jq.json

Filesize
1.3MB

MD5
2d86b89064dbf1d269a4928315500363

SHA1
f0f89e33ef263191cc6fd4200d425f31cfc7bb42

SHA256
ff5180b2eaa7abd9ca2c8cb88fd6e36f0cde64612f3d87d6d55221cbf50ae7a9

SHA512
8ef0546e4b9e22ad8f68c43b24af720bcdccddf4968c318891e5337eabd06576bfc023470707aee1a7884488e92348a6b2634008906765b5dda3c2a1a145db0f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads