Overview

overview

10

Static

static

6

207a4f9076...a1.apk

android-13-x64

10

207a4f9076...a1.apk

android-9-x86

10

gubuza.apk

android-13-x64

10

gubuza.apk

android-9-x86

10

Analysis

  • max time kernel
    29s
  • max time network
    27s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21/03/2025, 23:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    207a4f9076aa04435c532f8d62ff134859abdca31bc0f11fc31aa4f8146ef9a1.apk

  • Size

    9.4MB

  • MD5

    584af941017f437f35e4c0d457c22c0a

  • SHA1

    b84b59337eda585de666038d9f1a051440e2018f

  • SHA256

    207a4f9076aa04435c532f8d62ff134859abdca31bc0f11fc31aa4f8146ef9a1

  • SHA512

    38526099969861bfb8a87728e17bf929aea606af79357cd172931734f1cf24afc9e15322d00611ce25b241acb412921c5ad87d13965fd134e2ea16ba8df523c7

  • SSDEEP

    196608:Ns+q4ar9v0IaVbJTcPZq/oMziAsyTPE29w87PA:lq46wVbpcPEJzi07E0To

Score
10/10
antidotbankerdiscoveryevasionexecutioninfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.xunewuzo.constant
    1⤵
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4336
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xunewuzo.constant/app_misery/kxUOH.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.xunewuzo.constant/app_misery/oat/x86/kxUOH.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4361

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.xunewuzo.constant/app_misery/kxUOH.json
    Filesize

    609KB

    MD5

    a4265e4273b80945a1067171908372ed

    SHA1

    a0a75068b29cb24eb5f11f2e0bad68bc5cef0d5a

    SHA256

    8351f77534974d0958e4185e9359b2fcd3d56d90e01b8865b4d144d884267b3b

    SHA512

    447157c4c699dcf1a8ce8ef19198ef13b910208b720989e2a2a9a2a110c5a3d5eb9b04c5b9717467429231b5c48452c81548b384cbc4a43e9806d4eb3d72f499

    Download Submit

  • /data/data/com.xunewuzo.constant/app_misery/kxUOH.json
    Filesize

    609KB

    MD5

    65aac637e04286bdb9f4c489fb51cffa

    SHA1

    1552eddd28f7707edae696ee4f7ca2f733eb1d2f

    SHA256

    b5bcb58d2fd5b1feb25b58dce17038c672a365fa17908e5627a376002b0d6434

    SHA512

    2c43dc7e5e96119ba252dfcd734641367fb5f1f58f6c894deec2d290f5af6c5932ce5c34c142313cfa50eaae6625ed8228db64fab5c5c1523d0b4b033072a336

    Download Submit

  • /data/data/com.xunewuzo.constant/files/profileInstalled
    Filesize

    24B

    MD5

    d1807bb38d3e40cb224fba09be2ebb40

    SHA1

    1f97f13d384e8d76478dbc1077ff9fa3565b3fac

    SHA256

    306c674b41846a656374d0c518a6b876767a534c0595c1771b888238df05dd06

    SHA512

    27c6d779766a0ded3b1e0cf2766ecdce54913f5fbd7fce55ce29708c484489c2ac711511002278b2bdab33a30a39e3d951de3105d5d4f8013def350f1a4bc975

    Download Submit

  • /data/data/com.xunewuzo.constant/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    7a1ad35e464da005d565d41591a075de

    SHA1

    9d7bbd2c1b8274b17696ea27584660a814398506

    SHA256

    2eae3333bd6835631b4f5968a534ee6416380e4affa2b381f3878c8ad59d2531

    SHA512

    861fdb2c9d70a9a38c27934440e068be5baa98302b0b719dd64d2749a1da2c18bb658e1c88a611b8efed02cda3e74da6003c65f3f8fd3812be73c5072e8dadeb

    Download Submit

  • /data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb
    Filesize

    104KB

    MD5

    04253883c66b684c580b5c4887ca8218

    SHA1

    c193c9895324e56b106f378ae662db86d0b574f2

    SHA256

    897875367c61760855ec2f2102d784b34a1c1da3ec914ef93f0b3c9840bd54b9

    SHA512

    60da93d6b0fa0406a01bae410a03a152a65e624c972ea5e4d12f65103af6c5c7cb5f4a9ae19161e979c019797fbe0bf258552b7b487564ffd2814a2ff198404b

    Download Submit

  • /data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    75fb219ee1eec3161eeb6474fd839f57

    SHA1

    29b00d6b6e444925191c8ac402015e111fd8001f

    SHA256

    de866cd8310cf5fbb0edbba9c9a436b0d1c48b1b2c151c076e5c76def65c6c94

    SHA512

    712e3fbed47b740c3a35000119a4be7b80c4c89998051443a648f7f419ca9581da602be3e846aedf1d3115a056736df666cbe97aeaa8d657283ebf9f18e9683d

    Download Submit

  • /data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    b2b1432f5c568cb39c0666fa9d2246cd

    SHA1

    c6d0d037f9aaa2085e0d9bd1557276b3561842a1

    SHA256

    8e86284fc3fee3f0c18ed4cd52236caec8b06f0b39fc7575d22518c8a0af868d

    SHA512

    b3176f89a13a8f8b4659c6d68f9f05cef308d89a8252a979fefe9bd99af70b6b944c9cee52ea317b01d362056bb323a9fdabb6a03eaa468af378c1901c5b4f27

    Download Submit

  • /data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    1b2b2d8143d6f19386b5ae6202abc8e7

    SHA1

    e4da6321fd0c793964206de3485da2e654adea01

    SHA256

    05e4f2d9cf9285a930879103d7ddb7517d4f2a79a309c3b55564f1451faab977

    SHA512

    de56ab416c250ded51434a4e4a9a6f63b38979607018c35f85e016791488fbe91c1f9349f1f113a49f33c17e33e6431658b65570a8a963686ff00173d9839d53

    Download Submit

  • /data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb-wal
    Filesize

    410KB

    MD5

    a73b16fd3829f6ad28a5a593d985f421

    SHA1

    758d4f0632a29c5e9536ccb9c4fd01acea8ef6bd

    SHA256

    307603003c753f6a1cfefa640727fd0f3846458dbf542b2c0556967b592b0fee

    SHA512

    2dfd87cabb58d13cc63d7544dcf5d63a59ef42f282c42bc088a4bb785d882268d357dc872f11393f3a1ca4e9bfeaed425432e96a60211697344b00c72d11c593

    Download Submit

  • /data/misc/profiles/cur/0/com.xunewuzo.constant/primary.prof
    Filesize

    985B

    MD5

    28579e52c6c8a3c1b58a8353095ba787

    SHA1

    ebe531043cd315d1fa33f05e54611a5ef46626b2

    SHA256

    92e0d8652e1878ff31e1e711442393a9637555dd71bd2e9263d48d769028ccc3

    SHA512

    812ac839358e0be826452de8c64c1d4a1cbec7aeafdd78b4bd385127019c2519d17a54e60917920e6d833da45fb1897cc424d003612a3eff0ff13469cf2903fd

    Download Submit

  • /data/user/0/com.xunewuzo.constant/app_misery/kxUOH.json
    Filesize

    1.3MB

    MD5

    1fca42e426ccb9d43f6e56b04acdd492

    SHA1

    84a3e9f5d2344e598ea5fdc9c5234a5008b378b6

    SHA256

    919cf411255abd947e9e97badb2f02591f4839e7f26a2c44df50e8d9161e98ef

    SHA512

    8d2b32a29aaebb60db33feee54ada14b7799f519c37258caa5d1ad03b5f4778b89ebe2372ed3f39c17ed9bd854f78a7bd53cd0ff256a86cca4a3681b012e5104

    Download Submit

  • /data/user/0/com.xunewuzo.constant/app_misery/kxUOH.json
    Filesize

    1.3MB

    MD5

    1a95ce3282b03d5794fc39d38bac781f

    SHA1

    57a00c556b4a13b41dc212622652116d4974072f

    SHA256

    3926e26b0c6b87a7e5cf9d8c8337d1205a2fa3f6f6870d74376996a3b9de798c

    SHA512

    b5f40cc64adef556f64be055e4f88371539144fa9ea5e924041c0e5f56d97ae9f91c32561a481bcae1b8859a7f90d01fb83c2d70754f22733478644427dba50d

    Download Submit