Overview

overview

10

Static

static

6

a5c27285f6...33.apk

android-9-x86

a5c27285f6...33.apk

android-10-x64

10

a5c27285f6...33.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    21/03/2025, 23:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5c27285f6430c0b0550fdc6040795e772246458e33aed4c0dc263dbcf4c1133.apk

  • Size

    9.5MB

  • MD5

    024e9e7e1c50c32b84a48a5e4d0db0fe

  • SHA1

    7e699eb65a644a076aca47f55d76d747efb3fc2a

  • SHA256

    a5c27285f6430c0b0550fdc6040795e772246458e33aed4c0dc263dbcf4c1133

  • SHA512

    d5bd18194edae257c31a0913c3e6f4e9295de64a09df96a9857f24d68960fc7008968782f9a43853259e6b728cac88d2f410292e1acee219a89b09d3586e3ad3

  • SSDEEP

    196608:s9WPt+jBDpRqOOvyBs1zNn48YErSsFhoq:DqvqOdszNn4irSseq

Score
10/10
antidotbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.sulapije.cpu
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:5098

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.sulapije.cpu/app_tank/oat/trHY.json.cur.prof
    Filesize

    3KB

    MD5

    14f31cc4fb53e6b845710049944075c7

    SHA1

    6cb3db13bdea2761bf220970ebc4ac02d3ae9a39

    SHA256

    8d05370c72402f4adeeb41e2e714c16210e0dc159b839b71d525ae222246fa2b

    SHA512

    b23902ba4e6335bd69e3a7ec3a722569b0bada61eb4f6d222736851b649fa942ee4a398dbc011d2af613c598fad5f3241ab4f7d5aefc99b5a08d64e171651fcb

    Download Submit

  • /data/data/com.sulapije.cpu/app_tank/trHY.json
    Filesize

    950KB

    MD5

    62b3c534f4db0a8b10347a35ab6ebb60

    SHA1

    7177a7994c781d36face4e8c7157b13253a75648

    SHA256

    7af7e184ec1be876b41e2f7909460a74ba142fadaadfdd8696bc09f151e863f9

    SHA512

    c9cba8e878938996e299b7e8b4a22d4f83319604c8e8c12e2782e96ec0221e4a6cec77b5de03f2ff5c29f67efa3b32b6e48fb612531712d195ecf80436963aa8

    Download Submit

  • /data/data/com.sulapije.cpu/app_tank/trHY.json
    Filesize

    950KB

    MD5

    b280324c767dcaa9f90286034c623601

    SHA1

    808ea70b641618b7d28a729f6fdee8dd19e87a56

    SHA256

    99f8042e338249ddb79c07367b777b3421b4d56d0b504be974e6ff322abaa11b

    SHA512

    904c47c43539b1d12a2f996e45b65abe6669fdcb1e8f64dc36008b647c9607c203e642ad6dcde78ade4bf5a3f051c261c4a3a06eb6242bc16d0eec2751abad2d

    Download Submit

  • /data/data/com.sulapije.cpu/files/profileInstalled
    Filesize

    24B

    MD5

    51e24e426d7b8732480cd5a01e166174

    SHA1

    d7acbb8f10e402118d80999d35410195b7991133

    SHA256

    7dcf2e3d03e54c9a434bd1ece225ed52b0aa85ba7492efa880faaf760a2cd3f5

    SHA512

    d8ab08f2b062e2e2342122ba2c33e9b6792d97e28315915658c0340708921d9419102903707234d34c572ea765b063696fdb30bab2bd04d3fa597b19c804be21

    Download Submit

  • /data/data/com.sulapije.cpu/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    a7466ee47fc3253b9e86e256b7d02c54

    SHA1

    dcfb8cb42adfcf01f8e42e69506a089082aa1c79

    SHA256

    5f9287782ccb792ba6187b974c65aad33f141d35643e3868f36705ab5a0727b2

    SHA512

    0da2c13c2528fef7917019f4e659369eb17b5dd950badfc35f3e2377f9183f3eeaf8aa246800a98eab5699e48edf76ebd04914f61ff2ab393a36e045ed776336

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb
    Filesize

    104KB

    MD5

    861cd3bf1b221d4dd32dc15c23489a1c

    SHA1

    7cd1f4820fdbaa474d67efded934d25c28d2973a

    SHA256

    cf2dabdffd46dad946a9d73ac734fe0feed8f6d2c79f44fc397b2188ceca0bfa

    SHA512

    2ec1284189eaca5077352e43f37d60ef3cc1af73e99f3b44a241e0f129e6d55c5339703de877e0c9987422616067f8cf1c64ddb3f6253ea5bf6be3f8633c8a68

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    081c37a2f77c7053da728f18a26fe0d4

    SHA1

    b4b25e90a4087cc5a19a089295159c45b1df1c06

    SHA256

    a765a65b3f062f95a6184de3bde46e5dbb9a99ed83afa13c11f82a23987fb411

    SHA512

    d7be124ab7969e60733d085ad0fe04f9b29a33a5030f8efe908b9de81e8e7fc19b22d23ea170950f8e443a6b36d2fc34deb87addbfee0f7970b6b2bce9fdb5ed

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb-wal
    Filesize

    442KB

    MD5

    108bfe6ea0ba0b84c9c351d8df26af30

    SHA1

    301e05343b5f0771283099bd01e7d9a96df4b17e

    SHA256

    de03aba6d3e7b76c35af6d45a69d0bcd04ba304407473e357747939d7afcac12

    SHA512

    e304487e02ff41d8c0cf9f3714f661cdaf1daa884424943ea6509a73c2ec0833e25d3d2e93e42dc51418e5968029e371a4eb75b01d700903f75fa8679f2a0202

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    2b4716c5df0d838ef9e55ba25ff52a01

    SHA1

    ccff2e964d8801ced405273a1607df3707562001

    SHA256

    489a10c2a57915a0c346d7e1cfd2af9956a164e782d7eaccf821fcef848850bf

    SHA512

    bdfb0cf267f9204a9a2731f199e9456a61499924394ee73ebc5dd12cf5df94c55aa965df4600d76de79662aa1204aac7dc7e645081ea39a4bef16cb2bf9400aa

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    514f5e384202cfaecb5558cf1a078e0d

    SHA1

    260200252b7e2b0e05cdae6f7427b2bea3667ee1

    SHA256

    c48e5b5c87eabf1f58881c4170dd685560712001aeb9b42987d9614e1b760c44

    SHA512

    d0df5979ca249bda1dbe2285be6fad76a8ad65d17b29968d995a47fc7d2fba4ba748f5e4eb3b3e3f0489a58a38de59a700bc62638fcc389b608809d5b3155885

    Download Submit

  • /data/misc/profiles/cur/0/com.sulapije.cpu/primary.prof
    Filesize

    1KB

    MD5

    1683a52ac6cb9678ccf86b97b0130ce2

    SHA1

    cd37caec777cb847bbecc519fd026ab753e38957

    SHA256

    43909aab18ace2ce0fb70e245b08d64d54725fbe5ec767d10d69b63c32cc3506

    SHA512

    b96d42de01f6ee72256215b7f6234b00bdb5102b89dde2af953f5490b59d3f9607c461e17099e5d1ee78d89a30a3bc96a91dc33071b79becb1b7d0f72ae0d758

    Download Submit

  • /data/misc/profiles/cur/0/com.sulapije.cpu/primary.prof
    Filesize

    25B

    MD5

    b9d9e0f8902d129e1aeebff0ae7b725b

    SHA1

    cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781

    SHA256

    25a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91

    SHA512

    f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6

    Download Submit

  • /data/user/0/com.sulapije.cpu/app_tank/trHY.json
    Filesize

    2.0MB

    MD5

    7af79a136585b0185331bf5064bb6b0c

    SHA1

    ab77421e5b5fe788fe303af3062bec71897686dd

    SHA256

    8fa0d8d95ca4b0dd3217d105550ec60d31c22935ed3b18cd1fa83be9ce5c5ac6

    SHA512

    1572d67a9246b9abe80906a9202137acaf9ce95889a59f9632687be2bb2953733e835454d11394665dafbfe92edb8d83575b06efe2b8136f363de91febf62df2

    Download Submit