antidot | f5fdc1672088ee29affc4817986e722765c4f03af4dcde8fc603b25544bae62d

Resubmissions

24/03/2025, 20:33

250324-zbyfyaypv8 10

21/03/2025, 22:49

250321-2rnmsasvgx 10

Analysis

max time kernel
29s
max time network
18s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
21/03/2025, 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5fdc1672088ee29affc4817986e722765c4f03af4dcde8fc603b25544bae62d.apk
Size

9.6MB
MD5

e6c96197eb41de926fe43d6721f01aaf
SHA1

15fd15f9803134efe6b7c28c86a00a4f0390c973
SHA256

f5fdc1672088ee29affc4817986e722765c4f03af4dcde8fc603b25544bae62d
SHA512

e36c4a07161d77d98d6e1fb7f30cb42667e9fb997adfdd1e36fd5ac41ef58428c87b0dcc507988614e29a7b9ba93f4f1e42715ac6802916729af51941020e5e2
SSDEEP

196608:B3TfkmoN3qOqH51QWqzQbgk4sAw7kCwDkbe9H/yzL3itOrY0obFF6a1SEfAL:BDfkmoxqUXzS4W7krDkbe9H/yzrrY0oO

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4323-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.gatefada.digital/app_border/pk.json	4323	com.gatefada.digital

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.gatefada.digital

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.gatefada.digital

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.gatefada.digital

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.gatefada.digital

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.gatefada.digital

com.gatefada.digital
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4323

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gatefada.digital/app_border/pk.json

Filesize
626KB

MD5
89e42973273a071c7810384f13f65b63

SHA1
9ac4c1043923f75764d56d8f001f6e5fa0b3a4fa

SHA256
3ffc2ac802f73a7321451f456a52195f3d733a84c99b22b36cca7505e1ffde66

SHA512
35c21b0536e0cff62283585a2a07913467c67a9bde10b4d9c75add5f516da9505509764d86b984ba23fe8f80a69f79b1950336d9ec4fd782eb9b5cf62ae168e1

Download Submit
/data/data/com.gatefada.digital/app_border/pk.json

Filesize
626KB

MD5
9b3ebd3743eeeb9a4ddafd8885393b3c

SHA1
2d5800f7ccd88d64080c4fcfcf3b2ecf61f38a2f

SHA256
61a91d1c88bed936873b60ebc0048165f81ade57579a3f5309bbc3ee11d0109e

SHA512
04e412da11cf825a41aba0948570543c8c4fe82a60584a36eedba2dff465f237a73d37f68807e34623886fe4bcb882acb183c40a1313607f4195de801283f863

Download Submit
/data/data/com.gatefada.digital/files/profileInstalled

Filesize
24B

MD5
f96185aedce496ba037b212c60343bb6

SHA1
3b8f7787df080378e31642677dac77bc5b686000

SHA256
1d817c093609c47d8c62016cbb7de846067d6a1310378ce95fc9379af63f5485

SHA512
e76f1bf1c1017734297981418f045364f9f268048663fa27c7c60b6ac35a1419368cd2beb93c9013f3761e06de9d245709dc94cd4e1af699901f159c6cb39abd

Download Submit
/data/data/com.gatefada.digital/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
e044ad5959c8fa559f724d69405ff612

SHA1
620c0927b59abcd404e69027f2e6f0a5e7312182

SHA256
46d358af754ef49d0f3050a2f912dc4bb9b1f6ffacb8e1f8a1c7ffa8a4dac6c4

SHA512
29c620e028ffb58ddd7a1c73c5ba0de3cf642a7f24525b9904fc3167504c575aa8e0d9c5c5eb0f3d4ed2951d87afbfa9cd8d55959695c7a09d553c006f0653bd

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb

Filesize
104KB

MD5
297111db712f27d103d58940e30243e5

SHA1
7d13b61bc707d213fe8c73e499eb3078d3557339

SHA256
8b0be8edc230e02d9dbe03526e23631f2b285a670f7da2b83bc683ba6c45c9ae

SHA512
88db45c7e449b969276999a419853f7489815596a3c1cff455902ce0ca366e2c3c9d6f14e1871d8f9a51b9e180c42ea5ab5dad10eff818617e4c16b605a60e26

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
9560b87c8513c9f09d02859ca77813ab

SHA1
927499b22bf279ef0efef538aeee28c4fdfcb4b4

SHA256
493b4b55af144cfc9c5d95d55a2f8c1d8cd7fe0596d9f1338a5f149bf942c657

SHA512
1d8596539e94011ee73f637668fc8ea8b3236b9922047150165cad2960f8095ed332e95534e1ce15723b9adfc6c3a2f7ab1bce0d46b43c628315279dd6eea2a4

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a64a3bec3baa37999dc5b95b082165b2

SHA1
1617faf01894707371c119dd97abe67454a9435a

SHA256
9c8857d6490f271bc9c6103aee6b1acb6ee50377f8c6a5d5123ee5f000e20edb

SHA512
c0e883c22d356a4ea5b12d685e9d81e8d0f232c73295ef572b3d01dcb476b95582ad181dc521c0baed86f8e9e358f031768173a3b23728b62ae4e6f33c5478cf

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
29d572c2e8f05e404a084facd82f983e

SHA1
30ba29952c4d6dbce031e9bb5e85724f86733406

SHA256
027c5a6b35fab1438884ad90a36ea8a20db85122b68d672cea81ae24578ebf1a

SHA512
fbed76d6295f31f9a7b90210660920a58e0dda8d7b892bb00a3e1d57653419b952ad13e12452b395e9c49122d9fd5da81602bf4095fa6de7efd02372c75e80b2

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
c641f579287ff3bce55c02dc9890a494

SHA1
f572a2ca5bf590328f4a88a5a4e34aa3e36b7180

SHA256
2dbf91c4250380f4a41e9f4809dc547278b53a60ff87289ff5a9a7cea70ca127

SHA512
8563a557e4367eb3d81af153800a479b9026d1c327168e251be619a1ca74720ca1aa9c76058efb8aa8e21758039d1f4059276488d82bbdcfbd279dcea70ea769

Download Submit
/data/misc/profiles/cur/0/com.gatefada.digital/primary.prof

Filesize
986B

MD5
d2f1160f8584e32aca0a14c939d55ce8

SHA1
745ead3ab9ab804c4b35fa8de8aa67e90b134a87

SHA256
31e8408e823d20e580d23428b26d350a054b1487fd89658808bb0bc08e9440fb

SHA512
c17c8dda09c0fa226041dc06320b399d47000b1b5f28a617c761b67fb642aabbceb436fa90bb94f2b1f434b7b5fe6477703d95d210821e98bfd97c9bdaf45b86

Download Submit
/data/user/0/com.gatefada.digital/app_border/pk.json

Filesize
1.3MB

MD5
8f58959358243e0b52290d35817ab042

SHA1
6ec7f62a669b1fc3a5761d27e5fd5d65fa1f49cd

SHA256
97da4189934a50294bded0d2b6115807811ad15e0cd50eb6ad7e767c5004da6a

SHA512
28c6d8c0f8b49c44b1cb66323ac13449a75a979cf4832672dfec0a0d4a314340bf0c55aa7afcfb5dc1b34330971bec574433ce83f827ae5310ea39a7a0bfec95

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads