Overview

overview

10

Static

static

6

f5915fbb5d...66.apk

android-9-x86

10

f5915fbb5d...66.apk

android-10-x64

10

f5915fbb5d...66.apk

android-11-x64

10

Analysis

  • max time kernel
    59s
  • max time network
    62s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21/03/2025, 22:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f5915fbb5dd28ee1eb99cf27b956503d9c639e978071a619a2ac01f08d513e66.apk

  • Size

    6.8MB

  • MD5

    239498ff472538e7a8380bae9a54e042

  • SHA1

    10a43c613da9cb1ce25318e07fcca5f9a5f78d8d

  • SHA256

    f5915fbb5dd28ee1eb99cf27b956503d9c639e978071a619a2ac01f08d513e66

  • SHA512

    842cd77f5b6501966595e7fae26079fb708bd44beec478fa416e21f53fb24b10240fbc2f03313e194c198a0c7efe287dd3628af760c29823a446d23a285033d7

  • SSDEEP

    98304:CWo/Krt4dtUD3v0nO2sIlLaYkgBv3d9knwAzIFO2ieSyeTgnrSsp:4dtUD3sO2sIlNVZdqnHzYYErSsp

Score
10/10
antidotbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutioninfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests enabling of the accessibility settings. 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.fosaka.bite
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries the mobile country code (MCC)
    • Requests enabling of the accessibility settings.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4331
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fosaka.bite/app_true/YqBh.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.fosaka.bite/app_true/oat/x86/YqBh.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4357

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.fosaka.bite/app_true/YqBh.json
    Filesize

    949KB

    MD5

    a55075759466446db1623b2d6dff45ce

    SHA1

    3fa678773d37688ecbd1dc73d90bf1ca1b5021a5

    SHA256

    dade89d41375c99828dffa0be88b098fdd287f41c77e9caee79dd12792270eda

    SHA512

    3d28b0e65cd5b484eef699365ff9d32acc99429b2758f184b44d0e8c657ebfd50d24ce10a69e7cbcf82c93bdfef28a81aaac42102c7266a2635233b1be12bf29

    Download Submit

  • /data/data/com.fosaka.bite/app_true/YqBh.json
    Filesize

    949KB

    MD5

    8a041708e9aba85f32775a4832a1378a

    SHA1

    8b42a32f1bc8ecbd28c9c5c1877ae63ac9a4460a

    SHA256

    9cac13f8d7c6b8a6208775f5980d656cebc94d605b47b7fbebcd6a60c78c71a3

    SHA512

    4e4924b643d8fcbf46c90de70ffb14a7147d6fc2503767ab593a8b13cacbff7a9055901048a403afe5f9c50c98ffd6d374bfbd4c069c1f7a4fce57e8da36d77e

    Download Submit

  • /data/data/com.fosaka.bite/app_true/oat/YqBh.json.cur.prof
    Filesize

    3KB

    MD5

    035bf876117c88b7ed687738a9515c62

    SHA1

    ea4cfe85a648d235c6f13ad1680b808fb0778f87

    SHA256

    a4a1be367c4471029414d117e235992a6de1a64dd5a2a9865c249913dd82a643

    SHA512

    69769db555033051aae7b97e8638f16bcec70036a9ef3d7018bbdee62cf89da9c963b75a458c925f413e3aa3639292cd7ff9020ef019d1c31fed398996cd68f4

    Download Submit

  • /data/data/com.fosaka.bite/files/profileInstalled
    Filesize

    24B

    MD5

    d233846794d81d478fe465b00c94b11c

    SHA1

    52afed381e3466a584ce9f3c3a4bb0b4d92b6f53

    SHA256

    b3a54892695a6c6ba55c819bda23b7c60224d81e22b9e04ceea9c8be491d7a75

    SHA512

    aa1834145b6d46fd382f1faba79dec7b35ec53d019fa25185421520378ef7612a75038d9077d345ee31599c83b5d20207b3e5a78bf077947d0e6dec0bfd08d0f

    Download Submit

  • /data/data/com.fosaka.bite/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    f5213725c58df5dc94a6b94b4a4311aa

    SHA1

    f042daa58bc9094412345478c56e9479ffd4f2b1

    SHA256

    9cd4566c573d017a2690ffc94c4f4c248e5911088e642c3daef00fd1d89d1b24

    SHA512

    ce54c576a3c9c11bc8826a4c5bde92a5f62368ad1b8af0215122ceee6fdc9e6f42ea86068f7f23a79114b94d38dda0a0fe296b442c26469f30c3b56af6717a3d

    Download Submit

  • /data/data/com.fosaka.bite/no_backup/androidx.work.workdb
    Filesize

    104KB

    MD5

    d3fcd297a497f05e4f948f8739bd2bda

    SHA1

    33ba573041d432c3d231cc3e949d18dd635ec4f3

    SHA256

    bbb02be51fb5c61a9cb6c722f3b827817713f72aaf47a6e9f3ef3c265f9a777a

    SHA512

    4944be11dff34eea19391db30a7d8167222114e4117855f81191625e44adf552df80943fd606916a8ba6e145490d4f441b6d0068a7fffa91621b3d1a6691ecdc

    Download Submit

  • /data/data/com.fosaka.bite/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    22dc2b38e803d021f858133ad3713164

    SHA1

    b7b8b61fd6c8fac6e03d135b553ff375eea58eb0

    SHA256

    a2c2063f855ab750e841b082e6a2ac220aff2b2ff7e1ed70efddf3e2d73a4080

    SHA512

    15b244335ccf4cea59f2110359eb61f17dd695a833c33b485362131062f6638926a02d73d5851830995a483b87248a5e1f1136a94e46120146bac2002935687f

    Download Submit

  • /data/data/com.fosaka.bite/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.fosaka.bite/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    4aa7f43ad9e9eca736265fc5a3515426

    SHA1

    6e30607acdfcb5c53d63c8703a4b31455c0f554f

    SHA256

    4c02fa96a6f2bcfc29e4a60ba17ae5ae671197815c17b1285d59edf3043474bd

    SHA512

    2a528a3c86685755b1b5fb130a24b592d2c8ff51ad6dfcf9dace2b34d919a5d9d8fe56b9522494b6251a1fc2a3b9e24202ec3c731945ed0b9fe23d58613bcd6d

    Download Submit

  • /data/data/com.fosaka.bite/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    a4d674ffd322c6a57c52fd821af648e7

    SHA1

    4e2f9c4afcc310afff9719dacb3aae5a90a367cd

    SHA256

    1c8cb2b47e9e522f25bb9746cb788b9a3c53a84dfd6cbddced2a26d68d48b270

    SHA512

    627bb9153b8e42f0a5fa18db3710740348b3eca87973b607774c4fdebc7dc3982c17218f36978884ec8d36dec8ac293a9b096026d0e830474ff787e8745d2730

    Download Submit

  • /data/data/com.fosaka.bite/no_backup/androidx.work.workdb-wal
    Filesize

    430KB

    MD5

    4a4d1da26a05f010359e5c2dc1ef4b16

    SHA1

    c2dc42d4298af5580bfd06f778346a06362a26fb

    SHA256

    9e328fa189677bf40a60c55677314b0bfdfbecb4e1428a79c655919665a5aec8

    SHA512

    be7e07bda2bcf87344cba47f295960d18806600004c0f8013da639ed60117e4d28c22c35a54aa380bc092f0d7f48623e56317fe718512d2fedf6f4cd800672c1

    Download Submit

  • /data/misc/profiles/cur/0/com.fosaka.bite/primary.prof
    Filesize

    1KB

    MD5

    cef76ce29d5978a30c58f84dd60d361c

    SHA1

    dae657510f6af061c736e884d03668a22887e405

    SHA256

    ecce5b4013dd076db188773b49a015ffe66d7c3ef454aac3e44e527c7d43b31e

    SHA512

    149a7c27cc92277c4e988381a484be68d4f19b34c495363736359abe6b01cf5176affcf99a5e9895a4d79b768766b36f1f0cb2d1c954e3f8fa4e886ba9226774

    Download Submit

  • /data/misc/profiles/cur/0/com.fosaka.bite/primary.prof
    Filesize

    25B

    MD5

    b9d9e0f8902d129e1aeebff0ae7b725b

    SHA1

    cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781

    SHA256

    25a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91

    SHA512

    f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6

    Download Submit

  • /data/user/0/com.fosaka.bite/app_true/YqBh.json
    Filesize

    2.0MB

    MD5

    c57efcdf19123cdbeef9101154ced73d

    SHA1

    40669fed6e0d691491c8ab28ec8c6a8b31da3992

    SHA256

    5424361aeda3332dade9a1f1403fd33d4059ca48b4d580b1c8653eaa7c0f8c08

    SHA512

    1e459458da8c6575fa02d8dc7bc218497c18420db4ed500cdd1adcafd8b3fe81bb5d234d25bb06ba28430c0b5bd9fbcd811686ed4b3a8bc8733cb2e416457aad

    Download Submit

  • /data/user/0/com.fosaka.bite/app_true/YqBh.json
    Filesize

    2.0MB

    MD5

    c5410d3ed9b751b15a4bcd301fd60678

    SHA1

    b175be2343d29f985555a651b8f4c0c61fd21a34

    SHA256

    69b1f107bfc464aa8e1744b477e11f819378dc55769f870028ce65700eaf5a6d

    SHA512

    e67344f2cd621d78a66b42fc7c1ad176c6860087bfdabcfe7134b937f341a1bd74b0a8b8212f4e4a3e4c8910dc99967ed5ab9437ff162fdf2d6100129022d133

    Download Submit