antidot | f5fdc1672088ee29affc4817986e722765c4f03af4dcde8fc603b25544bae62d

Resubmissions

24/03/2025, 20:33

250324-zbyfyaypv8 10

21/03/2025, 22:49

250321-2rnmsasvgx 10

Analysis

max time kernel
11s
max time network
32s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
21/03/2025, 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5fdc1672088ee29affc4817986e722765c4f03af4dcde8fc603b25544bae62d.apk
Size

9.6MB
MD5

e6c96197eb41de926fe43d6721f01aaf
SHA1

15fd15f9803134efe6b7c28c86a00a4f0390c973
SHA256

f5fdc1672088ee29affc4817986e722765c4f03af4dcde8fc603b25544bae62d
SHA512

e36c4a07161d77d98d6e1fb7f30cb42667e9fb997adfdd1e36fd5ac41ef58428c87b0dcc507988614e29a7b9ba93f4f1e42715ac6802916729af51941020e5e2
SSDEEP

196608:B3TfkmoN3qOqH51QWqzQbgk4sAw7kCwDkbe9H/yzL3itOrY0obFF6a1SEfAL:BDfkmoxqUXzS4W7krDkbe9H/yzrrY0oO

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral3/memory/4587-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.gatefada.digital/app_border/pk.json	4587	com.gatefada.digital

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.gatefada.digital

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.gatefada.digital

Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Intent action	android.settings.MANAGE_UNKNOWN_APP_SOURCES	com.gatefada.digital

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.gatefada.digital

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.gatefada.digital

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.gatefada.digital

com.gatefada.digital
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Requests allowing to install additional applications from unknown sources.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4587

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gatefada.digital/app_border/pk.json

Filesize
626KB

MD5
89e42973273a071c7810384f13f65b63

SHA1
9ac4c1043923f75764d56d8f001f6e5fa0b3a4fa

SHA256
3ffc2ac802f73a7321451f456a52195f3d733a84c99b22b36cca7505e1ffde66

SHA512
35c21b0536e0cff62283585a2a07913467c67a9bde10b4d9c75add5f516da9505509764d86b984ba23fe8f80a69f79b1950336d9ec4fd782eb9b5cf62ae168e1

Download Submit
/data/data/com.gatefada.digital/app_border/pk.json

Filesize
626KB

MD5
9b3ebd3743eeeb9a4ddafd8885393b3c

SHA1
2d5800f7ccd88d64080c4fcfcf3b2ecf61f38a2f

SHA256
61a91d1c88bed936873b60ebc0048165f81ade57579a3f5309bbc3ee11d0109e

SHA512
04e412da11cf825a41aba0948570543c8c4fe82a60584a36eedba2dff465f237a73d37f68807e34623886fe4bcb882acb183c40a1313607f4195de801283f863

Download Submit
/data/data/com.gatefada.digital/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
df17e8c6cdc5ab0a0e9141da1679b98b

SHA1
63cd1a1d22f79b1d3c4612929dce83ab985031c2

SHA256
cd2fe2c8ba12eaa6adaa9c4f982518e75f24066440a1d74d651191a6c0b8a39b

SHA512
53967a84d91884aaa7a9e130de1dc3200bf685cdc9b01d00c26a89ec479b715f32cd0e5f939aa7de04b3b2394046f6d2d415707d2ffe57b4e44dadf76fe840fc

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb

Filesize
104KB

MD5
49a8bb50ba20ae1fc1a84e3501534021

SHA1
a91cf91b6443dcb1e07bc557cb2dd4cd39bff97f

SHA256
89b4687f22ac4134c6e937337772d504050ce9c27a3c155166f3e03b442471f0

SHA512
dd543b8cd0f94d7f452e36edb4707c61abb91aca05f3f5cf3529b020afb70eec4d129168b33be6d6a2b1f3f55f914fbc6b864cf3668ac114865681b9ec828342

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
0821bc38d53fad62a7abb028d99a335e

SHA1
9765f9574a94682c2ba760feac38fbb9a0863684

SHA256
76fa39a33ff9e22afe548440cb1799b791e16f6568b96ade0e1300dad41d5a84

SHA512
fa12349996efc4781af22f75c6091b8cf01c9e00bdb56b2dd64288e405d40c940e98401c55c296c6f3e97365d59dec48c14228adc6825fee0802020875fa0e86

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
72ea443f4c76fe6e669dce2a4b391215

SHA1
c03ecb152caad0be471b2f0da2981e0217dcaed6

SHA256
15d41949f9cfd95b93c8713da1a262ea69cad01581214fe1bb68c2ce4a56da28

SHA512
b922cceff34392f301ba1a03c081125b278afab1abf755c81faae97299e162b1cdb68746507a86cf308d1229245aa4bb99315ae3694c99d153b9bf895b1a4af4

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a61934a5af527b65f8c5d1cfac912449

SHA1
157cce7c71d0943a04fc9ef113d483a0b3995207

SHA256
4143d45fbdab7ef1cca7eb6751874542d11356ab21689aca8bea9b2aacb8a928

SHA512
332be5c4fed83343471d49cdfd22131d8a452e710583fbe4a444727e463bd576560af67ceeb6081443198348d41a1e972cf92336c7c78107b367c5b176b41c5e

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
603d91cf0672a37d6715435484798a30

SHA1
5a8138e01bf8e3840f0109b6e1dbee0b0cbeb724

SHA256
29b756b564f6e2e1352cd9a4509e398120d529512556978c4b2384c3f6083452

SHA512
a62c2233cf59bded9dfd35c319e352698e7fc40366f344f7b79ddeffb03b0807a875cefdff33afea9b760f02779cdbd24a45db07a95075bc61ffe42eae4c4e30

Download Submit
/data/misc/profiles/cur/0/com.gatefada.digital/primary.prof

Filesize
986B

MD5
d2f1160f8584e32aca0a14c939d55ce8

SHA1
745ead3ab9ab804c4b35fa8de8aa67e90b134a87

SHA256
31e8408e823d20e580d23428b26d350a054b1487fd89658808bb0bc08e9440fb

SHA512
c17c8dda09c0fa226041dc06320b399d47000b1b5f28a617c761b67fb642aabbceb436fa90bb94f2b1f434b7b5fe6477703d95d210821e98bfd97c9bdaf45b86

Download Submit
/data/user/0/com.gatefada.digital/app_border/pk.json

Filesize
1.3MB

MD5
8f58959358243e0b52290d35817ab042

SHA1
6ec7f62a669b1fc3a5761d27e5fd5d65fa1f49cd

SHA256
97da4189934a50294bded0d2b6115807811ad15e0cd50eb6ad7e767c5004da6a

SHA512
28c6d8c0f8b49c44b1cb66323ac13449a75a979cf4832672dfec0a0d4a314340bf0c55aa7afcfb5dc1b34330971bec574433ce83f827ae5310ea39a7a0bfec95

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads