antidot | 207a4f9076aa04435c532f8d62ff134859abdca31bc0f11fc31aa4f8146ef9a1

Analysis

max time kernel
29s
max time network
29s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
21/03/2025, 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

gubuza.apk
Size

7.9MB
MD5

f90d4de771dcc141e100f811ad918f56
SHA1

f3def8d2ec874c94e2eebc3ec707ee4e3ef1efa1
SHA256

e35b6b6faa11919f72dd9ea82fc74acd07451da43902c7b137296aa7b4f308d2
SHA512

743c07d5ea09cf716dd281a4fec6c2a82f65cba6fd1b3c68f48e841105904811da6a2ae8ef6714497249e6ca85d2a15afff655f4ce1715dbc00a4c6a0b8c4714
SSDEEP

98304:71o/Kr5S91kNhqTKr1aB3eUCtofx+sJfhexflKfN2ieSyeTgnrSsa6:I91kNhw+1e7x1Jpexf0UYErSs/

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral4/memory/4319-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.migadesoni.flash/app_rose/FctGwTs.json	4319	com.migadesoni.flash

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.migadesoni.flash

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.migadesoni.flash

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.migadesoni.flash

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.migadesoni.flash

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.migadesoni.flash

com.migadesoni.flash
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4319

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.migadesoni.flash/app_rose/FctGwTs.json

Filesize
947KB

MD5
fa879b2f24acbcc304f6fdd6ccefa08b

SHA1
252b7372eef87b0a5849ea504997723a5db4607e

SHA256
40cb9837345ef04c974d4f7b7c4c88181a1e1394b7579433ed55776a192abeb7

SHA512
9511a08baa4a93d17e7e8f2dee18b1979a93fbc8ada07d85bacf3679dad94d8241c5e9090fcc8e47919aa8a13fd116688139f466899596575ef995d2895fd002

Download Submit
/data/data/com.migadesoni.flash/app_rose/FctGwTs.json

Filesize
947KB

MD5
e5c64205d7b12e3efa3813cabea19b6d

SHA1
52b2ab984e2e23e366371149481b0eb4997f93d0

SHA256
ebdb530e2f492c160c01b6b5058fe1ea92333edf57dbccda0c8ef3ef4525a3df

SHA512
848b37e89bd1b3731379d7337456dd9a378f9e92b8c3a6fcafe0397ad5064c52eee8e0e371bd46cbafe9201aae305d781c617cb8240b7445046666821d41eb28

Download Submit
/data/data/com.migadesoni.flash/files/profileInstalled

Filesize
24B

MD5
d1b8b4f23cbd2688f4228c02a40f6e99

SHA1
f0e6b25b02a0eb8ccae2a2d05c42ab02cfd2d3dc

SHA256
de56dfb9a7e21f42cf2ac8d0d7bdfe45248b104c67cc8718fee71406fe5dc02f

SHA512
9e1e680c2a7db31ed5af16772b5ffa6f8f5b95cc99c66760a12f23113a1af43fe0197e4ec18f75b14395e64d429a81f9219aa34da0eb40f95da0b185d5f0f52e

Download Submit
/data/data/com.migadesoni.flash/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
7c115e4d8d3c4bea70e3680b37a95819

SHA1
8b93f5d9520c013adf01f75bc27df265c702a32f

SHA256
e167277419a21e9aed87b0215b29118b819e702c1f91d254ecd80500f6df3250

SHA512
90981d61036eff95a240b36d6a37c99bd0aab8db4076c5f1ba6e66942633dc81575c59f3d3e03a310bdaa485fc50b97c10754926bb820561e21b6b41ee11e18f

Download Submit
/data/data/com.migadesoni.flash/no_backup/androidx.work.workdb

Filesize
104KB

MD5
caec5b109e05ca67e551d6843e6feec9

SHA1
9e26b2a86eda51e398452e51e34d777f49a558c2

SHA256
0e9bd05144f44508d4d58974ef82728def549f60bf2fce983f692056b7b672c4

SHA512
0f8776791f435616689deac6303444dcbe9d0307cd6733336597d746b24b2504f8d158484c6814eb7c372f7c029fcaf254e6ab5a9e2bb0b661afad2d1df18ca7

Download Submit
/data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
117d5d51e4119274d901d0b198e5190b

SHA1
5f6e23929ffaef2728a41006d269afd7951b1f28

SHA256
896b909251906121dab8dcc36150fc5408ccf1e3deaa8e7b256a647d9a612f93

SHA512
24b79316cf30c670ccc2a22e261b3ab5257c376b63616d58cf0c4e9ca5717f23bf31322ba1adaed9ce6b50624427464f7412328a1b7e0d5d88081f1573cb476d

Download Submit
/data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
07aa865817d6e587f98797dceb78e153

SHA1
47d28abb32c5b0fdffd1a6d4d1403590c9ef0edb

SHA256
555f5b5466dff39fceff12ef885ae47a4eaf34b4c08d841e41cbb721671112a1

SHA512
8e2ee1872e47b71240b7c52183280f836581ae63d6192773a4d0acb6b2e112d36b6685520deb4f932dd19c0ea30f0ef427327a95ea05454ea378bbbca9c20423

Download Submit
/data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
91640b82ebf50fe1f09b684cc7540e43

SHA1
76c8fdef9f50f03cafef12558588435beb249d2f

SHA256
60c05d1b7857cf3837cc912974d383ab60e47fec1426160a44410b16afca4734

SHA512
2db12e3af92c791b157eaf6a06e7241cb4f94f49f98a9b153b29b90022c55276331d699720a228d022a1f5fe7be8c5a90af84333e0dedb0ff761f4ae5e5160ec

Download Submit
/data/data/com.migadesoni.flash/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
95635a6fd74d33fe2ce500025e1abd73

SHA1
ff87803a03fc2abd93bbab373d1beba2ed6ffa82

SHA256
084dfe0f1edb70a0edc86e37e5f19e5f4ebad243238b3c8a6161772932cac734

SHA512
2837dc1082d270e61a0bf424e25e4289886c6a66790f904a7a9ce0bba5cef965e69506899d6b26141108ac5f2742f9b2bb6bb15165d4792e0697db367613ac02

Download Submit
/data/misc/profiles/cur/0/com.migadesoni.flash/primary.prof

Filesize
1KB

MD5
d7a6934f5661a867ded3903bfd81d470

SHA1
2efa92fb7cf5d2b9b9ee1f41a98f8cd6756fc774

SHA256
b20c6a122f5dca0eac4ca09c28e2f8b3dedd285033a3e3ea7afab8021d94a5b8

SHA512
0ab947697eb21060c1be39b776623d5daab92c828662f59e3ef8067cf7c18bf4c2beeaa33b7fd254a6babdad3431631d5b4ae381b6b8647a85fb75b3f6b62968

Download Submit
/data/user/0/com.migadesoni.flash/app_rose/FctGwTs.json

Filesize
2.0MB

MD5
09f1b6d4c8231a009e9f9a1f4ae21344

SHA1
8cee3e6e6f8f4b5aebd22d4eee254d52df826a60

SHA256
30a7079c84ac70df21f93441a1835e1d18c27d4a2cdb69a26fe404c31bdf3918

SHA512
4e363b1db3766ecc1e9943ea371e77996cba88d9ab803267e7839fe18c01898ebf0483b8bb1e5cfe4af1f8906d7ad3294c9270e4663d181c4e30a51cd9a90728

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads