Overview

overview

10

Static

static

6

a5c27285f6...33.apk

android-13-x64

10

a5c27285f6...33.apk

android-9-x86

Analysis

  • max time kernel
    25s
  • max time network
    28s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    21/03/2025, 23:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5c27285f6430c0b0550fdc6040795e772246458e33aed4c0dc263dbcf4c1133.apk

  • Size

    9.5MB

  • MD5

    024e9e7e1c50c32b84a48a5e4d0db0fe

  • SHA1

    7e699eb65a644a076aca47f55d76d747efb3fc2a

  • SHA256

    a5c27285f6430c0b0550fdc6040795e772246458e33aed4c0dc263dbcf4c1133

  • SHA512

    d5bd18194edae257c31a0913c3e6f4e9295de64a09df96a9857f24d68960fc7008968782f9a43853259e6b728cac88d2f410292e1acee219a89b09d3586e3ad3

  • SSDEEP

    196608:s9WPt+jBDpRqOOvyBs1zNn48YErSsFhoq:DqvqOdszNn4irSseq

Score
10/10
antidotbankercollectioncredential_accessdefense_evasionevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Requests modifying system settings. 1 IoCs
    defense_evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.sulapije.cpu
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4465

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.sulapije.cpu/app_tank/oat/x86_64/trHY.vdex
    Filesize

    36KB

    MD5

    710acc5cfbb23fd5e00fdf1206de9fd9

    SHA1

    e5af491194b06676a6a0ba7426de3afe3c80d14a

    SHA256

    d4a61518bbc098531a90c766a0c44ad46d381087f188b00c1819fa7074cb8100

    SHA512

    4149453118136cf435b1e94a63cc722a4149bcce5acd8d771f8c59343192dc7a71a1e7ebbf2caa099faff29a6efe660438e399b9f6a8ac0eed2aafc04607e660

    Download Submit

  • /data/data/com.sulapije.cpu/app_tank/trHY.json
    Filesize

    950KB

    MD5

    62b3c534f4db0a8b10347a35ab6ebb60

    SHA1

    7177a7994c781d36face4e8c7157b13253a75648

    SHA256

    7af7e184ec1be876b41e2f7909460a74ba142fadaadfdd8696bc09f151e863f9

    SHA512

    c9cba8e878938996e299b7e8b4a22d4f83319604c8e8c12e2782e96ec0221e4a6cec77b5de03f2ff5c29f67efa3b32b6e48fb612531712d195ecf80436963aa8

    Download Submit

  • /data/data/com.sulapije.cpu/app_tank/trHY.json
    Filesize

    950KB

    MD5

    b280324c767dcaa9f90286034c623601

    SHA1

    808ea70b641618b7d28a729f6fdee8dd19e87a56

    SHA256

    99f8042e338249ddb79c07367b777b3421b4d56d0b504be974e6ff322abaa11b

    SHA512

    904c47c43539b1d12a2f996e45b65abe6669fdcb1e8f64dc36008b647c9607c203e642ad6dcde78ade4bf5a3f051c261c4a3a06eb6242bc16d0eec2751abad2d

    Download Submit

  • /data/data/com.sulapije.cpu/files/profileInstalled
    Filesize

    24B

    MD5

    9d4ac11e176c2c5ea574434fc725b64e

    SHA1

    9911e5f0777428f042ad446d62d42c791371aa9f

    SHA256

    f64f512b6f3aba74718e881b50426f81ae83525211f654fa5b332ba60952aba9

    SHA512

    c273a11d476be4d90651a2b03776555903b77a161c257d97bd541abfdc2e7f02105a1b2629cf634dc6fddde9358a5bb149e40babf8c11175f2ac8101897b511a

    Download Submit

  • /data/data/com.sulapije.cpu/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    55c5df9e0ec04c0c61a4559d6a713248

    SHA1

    0ee8bf6116a76ef060641d6c26ee225a3b1db297

    SHA256

    f1a38d052fe5f4421334409528a815a76639eb46dd27fe011ef9965d2517a96a

    SHA512

    7005927d96f4b9b01fcbc2982dd7f614718a26b383bf68d57ff151cf35b76488fb571d9967a1a568221ff29cbccf1aa9466aa6bd72640fc141fbe24f04e8d0c3

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb
    Filesize

    104KB

    MD5

    c5e777e0338c636a19ca8b0db544acea

    SHA1

    bb27b9f47883e4bb22a4f84c5d8b360701fdbd47

    SHA256

    893da27dd00bab164549f2a7c20f54eec824ccd3850ddc895d8e9f4d4e17de55

    SHA512

    1326b90546cc8556ea970fa97d7f77ca5450debdfc3168208db1cb3b2fbf6931bf99a9ce8b7a52e27e683ea032c9dfa5c8604c4e04e012d1c18f08db7c21af1e

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    134be8236a5df7936ac3bc824a26281b

    SHA1

    6acb1b3ecd60284920fccc9a10e3948dc1ac296b

    SHA256

    79e84020d28a4986a94fe36becc1022dad319e1393c7f2ccde969c1b65f84281

    SHA512

    4632e36cf481f051de581481a83e77fc3b64bc2ff5cb02d08b7618d38efcdd61a7e4128a57823419b5ac1adfdd42af6a8946fd2b6ac9c224be1eb171c2cdbdab

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    96c6ff106b650ae903d37c2ae6827958

    SHA1

    41a278fe976baee1eebbbe2ea63dea929173bdad

    SHA256

    976881f9f9ac45bf5e8b59a4ecdcabe947ea37ea735db1db9cc565632a9a4481

    SHA512

    c55da52885ce336a09278c7afd0c4fcf10719b898d4ffc72b2e74797a5c28e82de4cae66ded4bee72e396c535b122c9784e42e0c6b0ce0d32c8360eb9bce1dac

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb-wal
    Filesize

    434KB

    MD5

    999c5c19a873044511c403580358246c

    SHA1

    8dcafba2238f15a2043145c32d9bc5ec5e697fc8

    SHA256

    6d93e398c619aa9931831b82dab12aa009ac5649ce220ca46a15d216b4b29075

    SHA512

    79871196aa3d4932b4011cd49b6dd72b647e71c1cec3ff64cd637fb8efdcea7fb48b9c595cf49b1c96af39022b6cf03fc6aa84964cf0933290039c65c4c65b4f

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    b96d109ec59da0d599594e651b2f9e7d

    SHA1

    8636b365d4c9ee4cf69a3bd91f2f1c580bfb97ad

    SHA256

    e0ff682b3d018d6177fdf74730bd36b2fd864a220f5b3cc321344869272aca5d

    SHA512

    4bbcb322d305c48e7952c138c15270c1e6eb8fbef0cb351360884deb8614ca4d7f5454339b6ad9d1d8f24734122163aa1c6cbc6747027887fdb7817956c26204

    Download Submit

  • /data/misc/profiles/cur/0/com.sulapije.cpu/primary.prof
    Filesize

    1KB

    MD5

    2da9783980333625d2a506ea8a2de720

    SHA1

    db727af737b763157a066626809d332a3fe8909b

    SHA256

    32ae1b104dfa68445e55298f5435f551b516400fa2eb024328f7b02ff860b4f4

    SHA512

    221248d81c7c23bd25ab106ab0eef24013d517afa513f258a5f867af43a484229164f4b1511d018d25bf906f955857c1ea6d30856357a515ad65c8fd2c6c908f

    Download Submit

  • /data/user/0/com.sulapije.cpu/app_tank/trHY.json
    Filesize

    2.0MB

    MD5

    7af79a136585b0185331bf5064bb6b0c

    SHA1

    ab77421e5b5fe788fe303af3062bec71897686dd

    SHA256

    8fa0d8d95ca4b0dd3217d105550ec60d31c22935ed3b18cd1fa83be9ce5c5ac6

    SHA512

    1572d67a9246b9abe80906a9202137acaf9ce95889a59f9632687be2bb2953733e835454d11394665dafbfe92edb8d83575b06efe2b8136f363de91febf62df2

    Download Submit