antidot | 207a4f9076aa04435c532f8d62ff134859abdca31bc0f11fc31aa4f8146ef9a1

Analysis

max time kernel
149s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
21/03/2025, 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

207a4f9076aa04435c532f8d62ff134859abdca31bc0f11fc31aa4f8146ef9a1.apk
Size

9.4MB
MD5

584af941017f437f35e4c0d457c22c0a
SHA1

b84b59337eda585de666038d9f1a051440e2018f
SHA256

207a4f9076aa04435c532f8d62ff134859abdca31bc0f11fc31aa4f8146ef9a1
SHA512

38526099969861bfb8a87728e17bf929aea606af79357cd172931734f1cf24afc9e15322d00611ce25b241acb412921c5ad87d13965fd134e2ea16ba8df523c7
SSDEEP

196608:Ns+q4ar9v0IaVbJTcPZq/oMziAsyTPE29w87PA:lq46wVbpcPEJzi07E0To

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4332-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.xunewuzo.constant/app_misery/kxUOH.json	4332	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xunewuzo.constant/app_misery/kxUOH.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.xunewuzo.constant/app_misery/oat/x86/kxUOH.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.xunewuzo.constant/app_misery/kxUOH.json	4307	com.xunewuzo.constant

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.xunewuzo.constant

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.xunewuzo.constant

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.xunewuzo.constant

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.xunewuzo.constant

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.xunewuzo.constant

com.xunewuzo.constant
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4307
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xunewuzo.constant/app_misery/kxUOH.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.xunewuzo.constant/app_misery/oat/x86/kxUOH.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4332

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xunewuzo.constant/app_misery/kxUOH.json

Filesize
609KB

MD5
a4265e4273b80945a1067171908372ed

SHA1
a0a75068b29cb24eb5f11f2e0bad68bc5cef0d5a

SHA256
8351f77534974d0958e4185e9359b2fcd3d56d90e01b8865b4d144d884267b3b

SHA512
447157c4c699dcf1a8ce8ef19198ef13b910208b720989e2a2a9a2a110c5a3d5eb9b04c5b9717467429231b5c48452c81548b384cbc4a43e9806d4eb3d72f499

Download Submit
/data/data/com.xunewuzo.constant/app_misery/kxUOH.json

Filesize
609KB

MD5
65aac637e04286bdb9f4c489fb51cffa

SHA1
1552eddd28f7707edae696ee4f7ca2f733eb1d2f

SHA256
b5bcb58d2fd5b1feb25b58dce17038c672a365fa17908e5627a376002b0d6434

SHA512
2c43dc7e5e96119ba252dfcd734641367fb5f1f58f6c894deec2d290f5af6c5932ce5c34c142313cfa50eaae6625ed8228db64fab5c5c1523d0b4b033072a336

Download Submit
/data/data/com.xunewuzo.constant/app_misery/oat/kxUOH.json.cur.prof

Filesize
2KB

MD5
854c5791fd4f73bd8bee4264dc2c9ab7

SHA1
7826bef09bb66eedcc6f1930b6c5dd2cd431b990

SHA256
750fbbfa0742b65b51a9928274ef6dcf3c51ac11b040d5511d8ee5e26e240cf1

SHA512
87e39247f3c11ad88d18743b899934ba8fd78538bec8bd86f5af437217f157916419cd8af8fd577bc9c5294464461e314ed9e20d8f88f2e71bbf1dde95b50ae2

Download Submit
/data/data/com.xunewuzo.constant/files/profileInstalled

Filesize
24B

MD5
1f98d24cc3ddb201793cdee3dac1016c

SHA1
3a3c7542aaba6e521c347c1a34860ae9064332ac

SHA256
2a5f64f251e4e5c442ca93855d0b0977b2f43698594b02c47ad259a5534a5a9b

SHA512
47bc1c9983d75df13c4b2cb7105f618c75aebece998d07a05c43252b631daa600fc8f0716308f36fb1dfa878e3dc379348f0d041c12fba44b2cea96bb8beb435

Download Submit
/data/data/com.xunewuzo.constant/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
2c6fcb795054a931dbb6ae6fa612290f

SHA1
94980165415602257bf1b00b32f1fbbb742b8416

SHA256
5de4a12c888ccd16fe409ebc69d92d671300c8c99fcd50f335edfd957142091b

SHA512
ac90e71ed3f52b0f0e17b7b8875ab3a835a24f5f9d59c5e4e2ff88af77e1871c844af35cd3fd18c19102e4d0d087e116813b4f63f91973192038ed84018c0528

Download Submit
/data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb

Filesize
168KB

MD5
29d236f57ad61ecfad2e8834e4a98101

SHA1
4431c9b74776c29e69780a9dbdb8330ba2643d7d

SHA256
e8c08e4131c47e8436e35850130136c4b105ee3435bb64763fdfce2cb0c0d7ff

SHA512
c84a82c5e32beeb4103e52e69e3f7aba167406c36a1c2f9cacdc561a657a15aa3a7df715ed593f6c3bcea87261b85217d8e2e166abb6936ce7dbf86cc570f6d1

Download Submit
/data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
6478ca661507d6d0757d6495414d6f65

SHA1
611b529f5c2bbd029524c1689293edb0cf8b9911

SHA256
0fcc89e8f470bbfdfe1a227f7a018918ec4aa8596047937f786c1f59d986dda8

SHA512
85327f7514469c1eda775befdbff3b062d85f80e9aa562a22b896974b5f9a39b19cda665eb74af7df637386193fb80f4a332b4526f80607c8265823dff8e9c80

Download Submit
/data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
897fe3815ec1771d573b19b3ce8ae882

SHA1
5b203810e77991f03757fb491cef3be78a272ba3

SHA256
39af85c72c5e80dcdb888cfa2fed4b827722a80d8b342ae8540705ecd03a66f6

SHA512
ccc5f63888ad5801e8eaae586517e4fb18ebf000278ed762c41ba6f1834a40858293aae267d6f41e314e3e3071a1fd9733e42fe2a77507b224a5826ab98cfbb7

Download Submit
/data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
6d5c1460aae456bffbe753075bb56d33

SHA1
6757dc8a56f73b75fa84d7b825b763533637f6f1

SHA256
b545117f62b740d7f0e85e340397744b6c37d3f42c6a676002895c58ff1b3240

SHA512
efcba658548018a51ec1390583418baa3c5bc661c645355a6fd1cad0424cd45afa85d6eb2260cf6b96408c4f30233aa96789f254f7ce8352e8b6e301594a5f1a

Download Submit
/data/data/com.xunewuzo.constant/no_backup/androidx.work.workdb-wal

Filesize
426KB

MD5
c52343f5fa3779d47182f85e4dac3e79

SHA1
a09d5ef59e8c227e2db58b39a3ef07c6e944c047

SHA256
24b075ea6073488042dd2df0a39fd491595fabd37c2b74cce268e7c50364b921

SHA512
f260638d8441537678480f706534157633eee9a61be521e158a3a31c75cac027fa129fe9a4a04e48e59a4897c88f3d81db783c346b1900a5427ee4f0033587be

Download Submit
/data/misc/profiles/cur/0/com.xunewuzo.constant/primary.prof

Filesize
985B

MD5
28579e52c6c8a3c1b58a8353095ba787

SHA1
ebe531043cd315d1fa33f05e54611a5ef46626b2

SHA256
92e0d8652e1878ff31e1e711442393a9637555dd71bd2e9263d48d769028ccc3

SHA512
812ac839358e0be826452de8c64c1d4a1cbec7aeafdd78b4bd385127019c2519d17a54e60917920e6d833da45fb1897cc424d003612a3eff0ff13469cf2903fd

Download Submit
/data/misc/profiles/cur/0/com.xunewuzo.constant/primary.prof

Filesize
185B

MD5
0c0ec4d3e151f3933344f7efae9d1b92

SHA1
5ba0413b283ae5ef18bea06d1e8fbc0b7caa43d3

SHA256
1c755a5f5640b131c1156b37ca8c38ebe52c49ceeb83cb2f2d4ee99e559f4a80

SHA512
3b0b8659095d518d037b15fdf17970ae3e7d0e4fe183426cf3457c05291be4fc952bbb6e4464ec43a9b8501e5fedf1477acdfbe6c7ed4123bff13f17295afdf2

Download Submit
/data/user/0/com.xunewuzo.constant/app_misery/kxUOH.json

Filesize
1.3MB

MD5
1fca42e426ccb9d43f6e56b04acdd492

SHA1
84a3e9f5d2344e598ea5fdc9c5234a5008b378b6

SHA256
919cf411255abd947e9e97badb2f02591f4839e7f26a2c44df50e8d9161e98ef

SHA512
8d2b32a29aaebb60db33feee54ada14b7799f519c37258caa5d1ad03b5f4778b89ebe2372ed3f39c17ed9bd854f78a7bd53cd0ff256a86cca4a3681b012e5104

Download Submit
/data/user/0/com.xunewuzo.constant/app_misery/kxUOH.json

Filesize
1.3MB

MD5
1a95ce3282b03d5794fc39d38bac781f

SHA1
57a00c556b4a13b41dc212622652116d4974072f

SHA256
3926e26b0c6b87a7e5cf9d8c8337d1205a2fa3f6f6870d74376996a3b9de798c

SHA512
b5f40cc64adef556f64be055e4f88371539144fa9ea5e924041c0e5f56d97ae9f91c32561a481bcae1b8859a7f90d01fb83c2d70754f22733478644427dba50d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads