Overview

overview

10

Static

static

6

f5915fbb5d...66.apk

android-9-x86

10

f5915fbb5d...66.apk

android-10-x64

10

f5915fbb5d...66.apk

android-11-x64

10

Analysis

  • max time kernel
    53s
  • max time network
    59s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    21/03/2025, 22:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f5915fbb5dd28ee1eb99cf27b956503d9c639e978071a619a2ac01f08d513e66.apk

  • Size

    6.8MB

  • MD5

    239498ff472538e7a8380bae9a54e042

  • SHA1

    10a43c613da9cb1ce25318e07fcca5f9a5f78d8d

  • SHA256

    f5915fbb5dd28ee1eb99cf27b956503d9c639e978071a619a2ac01f08d513e66

  • SHA512

    842cd77f5b6501966595e7fae26079fb708bd44beec478fa416e21f53fb24b10240fbc2f03313e194c198a0c7efe287dd3628af760c29823a446d23a285033d7

  • SSDEEP

    98304:CWo/Krt4dtUD3v0nO2sIlLaYkgBv3d9knwAzIFO2ieSyeTgnrSsp:4dtUD3sO2sIlNVZdqnHzYYErSsp

Score
10/10
antidotbankercollectioncredential_accessdefense_evasionevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Requests modifying system settings. 1 IoCs
    defense_evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.fosaka.bite
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4634

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.fosaka.bite/app_true/YqBh.json
    Filesize

    949KB

    MD5

    a55075759466446db1623b2d6dff45ce

    SHA1

    3fa678773d37688ecbd1dc73d90bf1ca1b5021a5

    SHA256

    dade89d41375c99828dffa0be88b098fdd287f41c77e9caee79dd12792270eda

    SHA512

    3d28b0e65cd5b484eef699365ff9d32acc99429b2758f184b44d0e8c657ebfd50d24ce10a69e7cbcf82c93bdfef28a81aaac42102c7266a2635233b1be12bf29

    Download Submit

  • /data/data/com.fosaka.bite/app_true/YqBh.json
    Filesize

    949KB

    MD5

    8a041708e9aba85f32775a4832a1378a

    SHA1

    8b42a32f1bc8ecbd28c9c5c1877ae63ac9a4460a

    SHA256

    9cac13f8d7c6b8a6208775f5980d656cebc94d605b47b7fbebcd6a60c78c71a3

    SHA512

    4e4924b643d8fcbf46c90de70ffb14a7147d6fc2503767ab593a8b13cacbff7a9055901048a403afe5f9c50c98ffd6d374bfbd4c069c1f7a4fce57e8da36d77e

    Download Submit

  • /data/data/com.fosaka.bite/app_true/oat/YqBh.json.cur.prof
    Filesize

    3KB

    MD5

    3d67a1535e962291daa1cf6e291506f3

    SHA1

    9d563d0f7515b41f4faa0b76583f100c4dc91103

    SHA256

    a68fb20cdd083a99f318e1563404660043c144e22bdd4e18338006a40b6bb303

    SHA512

    b5f0b2708a679b815388f95e8d719c34d6dc4f61c0d7d8499cdbe091dbc98f8ac61cbe6dea6d40e6e2c64ee53b8037a36315cfbebeb8ba1466b65dfd3d0cf0c3

    Download Submit

  • /data/data/com.fosaka.bite/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    f7de97191122eb3cf6807a908a3dbd22

    SHA1

    b75e1fa94b1e2d16490dde031d468acd173f8020

    SHA256

    9833149b51cab1fb41e016505e50940e3fa416a8748cf46e90b65e2a06f983d9

    SHA512

    6850e891f741dcfd678daf8c5b40e40122856344a47f488ea3f2670b92b941f4f9239661ae54e6fba9745cf936f0ad01f4f2ad9ec04c9e1d73238f0216d4c6bd

    Download Submit

  • /data/data/com.fosaka.bite/no_backup/androidx.work.workdb
    Filesize

    104KB

    MD5

    cc91d312ba36f7d05fad0261f07d54bf

    SHA1

    a7dc8d691fe11b91d6cd7f109731f53835fd97ba

    SHA256

    3afb82a25c976cd89769f651667b2ae9f2acc8ff6e1a1b5f9bde68485253543d

    SHA512

    96538af3580ec7cb6b8c8e140bc2c594be1fddcd9ee9942bde1a4a9a6cbda63eb67fcd075df895fc6da73d24accb4c360642d47a020e8ddcb447c5324afd2d3a

    Download Submit

  • /data/data/com.fosaka.bite/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    619a21c18be259c0fcbc232a2af2445d

    SHA1

    f482c1e65c034e0ca2e7d1117d5002f594f08615

    SHA256

    d612df911ff96ddc7748ab6e19a061f8d08628c4b6c6c7ef4aeabb1ebcecf348

    SHA512

    fed5bc5a3a4002de38575bb8134725ea8cc679d32f31662ec343b08d6ed572e77132ab434fc5bda720000605a05715350b8a672132e0d0bd70407ccea646dcc4

    Download Submit

  • /data/data/com.fosaka.bite/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.fosaka.bite/no_backup/androidx.work.workdb-wal
    Filesize

    426KB

    MD5

    7e1745c21f100105c1b28c91c8dabf06

    SHA1

    714c7b89954d16dc358a645baeb4206af88f5786

    SHA256

    51b3d4ead7a89976d106596101213a22d5fbb0052a2082855f2e383ec78c0c25

    SHA512

    2b3cd36db2db3dd71eaf6e66ffe3b927e1d72c7dab6d88ea80b7d4a9cb7d6a2d2b402eee771a64d1098c1e1c56b93ed243690ad9f3cf0c44ea85c8c05452751b

    Download Submit

  • /data/data/com.fosaka.bite/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    c5da485d6437af222d79b107bf2e654d

    SHA1

    b300fc972ef0c7e75a74035a2dda2ee7a70ab66e

    SHA256

    6a91690dcd06cdadb9f4804365101ca51319c9da73e8e3730a49c673659dd29d

    SHA512

    567c73a56fca93d6b12c1d3415965666a571f9ac0eaef9b7e6496b914a2b20b683340de17ed055619bcf64a4696bc6d1313ec9152fd1c43cea5ab9816064fc74

    Download Submit

  • /data/data/com.fosaka.bite/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    4fa876d70f6a8fdc46b1dd676644368c

    SHA1

    bcce8f7177310bb9c7b13e57dda82bde1e84d175

    SHA256

    cf046c3dff6871fcced3518fe41b79d1bf4be4661c88e17815ad429307e1b2e3

    SHA512

    9b513dbcadb34b3946090e060dec2436796095ae5b3fcf6df8be8fa319af122b2e48e3283062ad2f0a8cb1edc24533052bb90f19a727293d2193e3d122637d13

    Download Submit

  • /data/misc/profiles/cur/0/com.fosaka.bite/primary.prof
    Filesize

    1KB

    MD5

    cef76ce29d5978a30c58f84dd60d361c

    SHA1

    dae657510f6af061c736e884d03668a22887e405

    SHA256

    ecce5b4013dd076db188773b49a015ffe66d7c3ef454aac3e44e527c7d43b31e

    SHA512

    149a7c27cc92277c4e988381a484be68d4f19b34c495363736359abe6b01cf5176affcf99a5e9895a4d79b768766b36f1f0cb2d1c954e3f8fa4e886ba9226774

    Download Submit

  • /data/misc/profiles/cur/0/com.fosaka.bite/primary.prof
    Filesize

    161B

    MD5

    4d19d4a8955535a80f173ae07fd15e98

    SHA1

    4244a5165533a14aa56e26e8c302d877e610025c

    SHA256

    57a76b9bf3ed7a12f616ca66264cca417b5b046cb80b01f1e0935a5e090b2721

    SHA512

    31a02ce5ef4c378a0330ed80b02b7bbd7f97caacb0033757b841703888e095ebff783e95a3d2f4e7ac663dba5f0a0a7203942b663a4ba0262a9f0d4da8bf2da2

    Download Submit

  • /data/user/0/com.fosaka.bite/app_true/YqBh.json
    Filesize

    2.0MB

    MD5

    c5410d3ed9b751b15a4bcd301fd60678

    SHA1

    b175be2343d29f985555a651b8f4c0c61fd21a34

    SHA256

    69b1f107bfc464aa8e1744b477e11f819378dc55769f870028ce65700eaf5a6d

    SHA512

    e67344f2cd621d78a66b42fc7c1ad176c6860087bfdabcfe7134b937f341a1bd74b0a8b8212f4e4a3e4c8910dc99967ed5ab9437ff162fdf2d6100129022d133

    Download Submit