antidot | 207a4f9076aa04435c532f8d62ff134859abdca31bc0f11fc31aa4f8146ef9a1

Analysis

max time kernel
29s
max time network
26s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
21/03/2025, 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

207a4f9076aa04435c532f8d62ff134859abdca31bc0f11fc31aa4f8146ef9a1.apk
Size

9.4MB
MD5

584af941017f437f35e4c0d457c22c0a
SHA1

b84b59337eda585de666038d9f1a051440e2018f
SHA256

207a4f9076aa04435c532f8d62ff134859abdca31bc0f11fc31aa4f8146ef9a1
SHA512

38526099969861bfb8a87728e17bf929aea606af79357cd172931734f1cf24afc9e15322d00611ce25b241acb412921c5ad87d13965fd134e2ea16ba8df523c7
SSDEEP

196608:Ns+q4ar9v0IaVbJTcPZq/oMziAsyTPE29w87PA:lq46wVbpcPEJzi07E0To

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4466-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.xunewuzo.constant/app_misery/kxUOH.json	4466	com.xunewuzo.constant

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.xunewuzo.constant

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.xunewuzo.constant

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.xunewuzo.constant

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.xunewuzo.constant

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.xunewuzo.constant

com.xunewuzo.constant
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4466

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xunewuzo.constant/app_misery/kxUOH.json

Filesize
609KB

MD5
a4265e4273b80945a1067171908372ed

SHA1
a0a75068b29cb24eb5f11f2e0bad68bc5cef0d5a

SHA256
8351f77534974d0958e4185e9359b2fcd3d56d90e01b8865b4d144d884267b3b

SHA512
447157c4c699dcf1a8ce8ef19198ef13b910208b720989e2a2a9a2a110c5a3d5eb9b04c5b9717467429231b5c48452c81548b384cbc4a43e9806d4eb3d72f499

Download Submit
/data/data/com.xunewuzo.constant/app_misery/kxUOH.json

Filesize
609KB

MD5
65aac637e04286bdb9f4c489fb51cffa

SHA1
1552eddd28f7707edae696ee4f7ca2f733eb1d2f

SHA256
b5bcb58d2fd5b1feb25b58dce17038c672a365fa17908e5627a376002b0d6434

SHA512
2c43dc7e5e96119ba252dfcd734641367fb5f1f58f6c894deec2d290f5af6c5932ce5c34c142313cfa50eaae6625ed8228db64fab5c5c1523d0b4b033072a336

Download Submit
/data/data/com.xunewuzo.constant/app_misery/oat/x86_64/kxUOH.vdex

Filesize
29KB

MD5
c023ab551138e357881eee9b31065cc2

SHA1
640fa4e4fcc76c1a3a50c3586607b07af40a1e0a

SHA256
aa01377b428925ff08d6598097ffac67f0e416ef938f67f0a76d43d09eadcbfa

SHA512
df25515ccf46881f88da25adb73b9eec20cb5c85008ad469250906ea41c4152a73c7ff0bf4ed620c35de6e7adc5d621ffca6e57963fd4d4957a6cf97ecbc0fd2

Download Submit
/data/data/com.xunewuzo.constant/files/profileInstalled

Filesize
24B

MD5
ddfb774602ef83014d2ae59e9f2d6b21

SHA1
d43a32b2a0d03e7510bba0b1027169a8b64e76a4

SHA256
bafca7463fa0f8636a8d9593f64bd2f5b90ed523fb2d15df021f9c0b4fbbf3d8

SHA512
1b579879bf21681c93a2b1b978a073c4d9a136782b2ab532400ecb1ba55f0f8ef03372fdc58e9fe423cf309b87875146e02e094e44e7ff5dea3401a7514671ca

Download Submit
/data/data/com.xunewuzo.constant/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
5ec24d9ddfd67457ecebbf39c0fbcc71

SHA1
77d870714030d5dd1832c0a1e4b565cbee8cbada

SHA256
c9fbb5e04234f3e57a4e545b8dbb6bff09c4639463e32390373c13fcc19a9b9a

SHA512
7b1b9169d78dd873f25d1d13b2af613cb358882b3879492e9eca0c552ce6ec665c7b831eb74d96a5a1ff0760d8541be7791d020a2db1574911d54533e668bdfe

Download Submit
/data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb

Filesize
112KB

MD5
be3651c4f926fd0d4b4520c439364ac9

SHA1
1b1d0d6d8f9abce6a57906381eb0d5045b279155

SHA256
2ef1894d4b3cda18195ad638cfec71cf45ee08cc2990917b26fae14e872f9848

SHA512
80f8433199dbe4de05d4ac865fd1f755e0a25808b44c7c5e19b370324cae6400d2a1a944953ef19d88b09d9e79072bce74e7a22e9686c23392a3c57d72fa448d

Download Submit
/data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
df2ca38e559ca5ba6125701d9bda67c9

SHA1
00aa8b414add091b78bb92b3a27b6a38e3acfed7

SHA256
41e7e2c663dcfdd76d0cd393d5760563700e5478346cbce5c2e6ca43b086f5ee

SHA512
251f72a6201ef6f3ce5d2a69cf2a4dc3f9cbb899beadbb9bd8db61ed2312972b194eebee40f166ff729ccafaebb8a32272982ab287f579a3317ddc90e76c55b0

Download Submit
/data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
23ad39da594db02811407c627ba05cb4

SHA1
145a67c6c568bc8ee6f6b6b4650e1e16a1c62e4e

SHA256
fa4f3566f72aca78356b1d0665bada4a5a4bc5fc1e7a30192df3f4b7d2ed466a

SHA512
97eeaea5ec6d3202e1bb34ace5e039727d99fb6d988952973582966ced810e8ab170177caf59791230fb4d148407d525492bca2d983512866d3b751be64261a3

Download Submit
/data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb-wal

Filesize
426KB

MD5
a4864ebef50202cc621298af05273ddd

SHA1
0a6f06d1984abee07d482c1dedbbbeb1181c989c

SHA256
be688ec9015383b4b3f8d30bdd81668f92115b1419fa37b9e91a5bfcc3b1dbf9

SHA512
c2256ffafcf45c4e048b22ae404fd323d3edfa9abaefe360af597eb52b0fa6769730fbe04aa40d0e9d489962e38390f9eca0f991b82d2590349706dd6758ab07

Download Submit
/data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a92e23ef0164e77022c8349faa03d222

SHA1
41432ba6e82f6f25ad62ee75cd6e1f1a10bcd7ea

SHA256
fdf5d9a4ccfe5dadade9e12d4cffe3674313b66f27077568a63745e432e24407

SHA512
eae23a39d848cbcd324fa8c3e52aced59c9ebcc146f23fc7f9ea008e8c4f77919a53a924151bc43c4163cba27d7e280fa488cb76d07b1ee9b9ccd0f3462e12e7

Download Submit
/data/misc/profiles/cur/0/com.xunewuzo.constant/primary.prof

Filesize
1KB

MD5
ccb9226ed20f818d55045f14000ca3f8

SHA1
0da559f6c0a3f4b3064405797f3bd3ba4e859010

SHA256
d2e6b9dd80289a6085af2cb20aa11cb571c8d952be6bb50db327cfbedd8e6cb6

SHA512
00696641348b6ac6a6a420b17bf291e753be2ef6cde4ef39d4f55389f054691a11a677bdabeedf649b7cf69bb784d7ecf3bc8907c20e1a754d7828d69152d010

Download Submit
/data/user/0/com.xunewuzo.constant/app_misery/kxUOH.json

Filesize
1.3MB

MD5
1a95ce3282b03d5794fc39d38bac781f

SHA1
57a00c556b4a13b41dc212622652116d4974072f

SHA256
3926e26b0c6b87a7e5cf9d8c8337d1205a2fa3f6f6870d74376996a3b9de798c

SHA512
b5f40cc64adef556f64be055e4f88371539144fa9ea5e924041c0e5f56d97ae9f91c32561a481bcae1b8859a7f90d01fb83c2d70754f22733478644427dba50d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads