Overview

overview

10

Static

static

6

a5c27285f6...33.apk

android-9-x86

a5c27285f6...33.apk

android-10-x64

10

a5c27285f6...33.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    21/03/2025, 23:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5c27285f6430c0b0550fdc6040795e772246458e33aed4c0dc263dbcf4c1133.apk

  • Size

    9.5MB

  • MD5

    024e9e7e1c50c32b84a48a5e4d0db0fe

  • SHA1

    7e699eb65a644a076aca47f55d76d747efb3fc2a

  • SHA256

    a5c27285f6430c0b0550fdc6040795e772246458e33aed4c0dc263dbcf4c1133

  • SHA512

    d5bd18194edae257c31a0913c3e6f4e9295de64a09df96a9857f24d68960fc7008968782f9a43853259e6b728cac88d2f410292e1acee219a89b09d3586e3ad3

  • SSDEEP

    196608:s9WPt+jBDpRqOOvyBs1zNn48YErSsFhoq:DqvqOdszNn4irSseq

Score
10/10
antidotbankercollectioncredential_accessdefense_evasionevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Requests modifying system settings. 1 IoCs
    defense_evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.sulapije.cpu
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4621

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.sulapije.cpu/app_tank/oat/trHY.json.cur.prof
    Filesize

    3KB

    MD5

    54eb314e282f4ab30a3756569dfecc43

    SHA1

    c44c00d030d43fc5c24e52c9d63a3a5ed769952c

    SHA256

    b2ebe72c1be59800b3ffb6259930640ba5988632fe6460a35a907aca2296ca9e

    SHA512

    28446ede66ed32fa7705af5d3776181adabb137caf3f1d280f650f5917ef438ee14df17492baf72f57a956367a4523d5d314b2d44c570320ea39df25f443e7da

    Download Submit

  • /data/data/com.sulapije.cpu/app_tank/trHY.json
    Filesize

    950KB

    MD5

    62b3c534f4db0a8b10347a35ab6ebb60

    SHA1

    7177a7994c781d36face4e8c7157b13253a75648

    SHA256

    7af7e184ec1be876b41e2f7909460a74ba142fadaadfdd8696bc09f151e863f9

    SHA512

    c9cba8e878938996e299b7e8b4a22d4f83319604c8e8c12e2782e96ec0221e4a6cec77b5de03f2ff5c29f67efa3b32b6e48fb612531712d195ecf80436963aa8

    Download Submit

  • /data/data/com.sulapije.cpu/app_tank/trHY.json
    Filesize

    950KB

    MD5

    b280324c767dcaa9f90286034c623601

    SHA1

    808ea70b641618b7d28a729f6fdee8dd19e87a56

    SHA256

    99f8042e338249ddb79c07367b777b3421b4d56d0b504be974e6ff322abaa11b

    SHA512

    904c47c43539b1d12a2f996e45b65abe6669fdcb1e8f64dc36008b647c9607c203e642ad6dcde78ade4bf5a3f051c261c4a3a06eb6242bc16d0eec2751abad2d

    Download Submit

  • /data/data/com.sulapije.cpu/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    a7466ee47fc3253b9e86e256b7d02c54

    SHA1

    dcfb8cb42adfcf01f8e42e69506a089082aa1c79

    SHA256

    5f9287782ccb792ba6187b974c65aad33f141d35643e3868f36705ab5a0727b2

    SHA512

    0da2c13c2528fef7917019f4e659369eb17b5dd950badfc35f3e2377f9183f3eeaf8aa246800a98eab5699e48edf76ebd04914f61ff2ab393a36e045ed776336

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb
    Filesize

    104KB

    MD5

    125c53b7a59284bf410d6b1df0910d50

    SHA1

    b6d440551c46a681a2ddb65f8ad2e561f753074c

    SHA256

    559e0f090f4adf8371acf69ab69c406cce09d97eaf13e0129e7962481b8d3de3

    SHA512

    0cc712f37358f987664d30c27999794c8864e10566b47cbbdd0f0a14e32a774aeb73e1bddb85b1963a13ff2b19af7afe0c17f3ae1e83834ca00489bc29a2b1cb

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    ed4eed11e71de86bf1ab5333a7fd38cc

    SHA1

    a4165d8e663548464eb8df1c37090fd07a4da5d1

    SHA256

    988977a56deb7a03d34a806c8c0354150e709f2735d90e3bf3fbce7444b8df00

    SHA512

    b4fa074d639442a73c77d032ab3e8bdaf7a11f7fe86679079d19580b3bfd3adeb361205aa703997ba75399556a2436b994a2732c95bb1be00758e5ab296ab757

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb-wal
    Filesize

    426KB

    MD5

    00f9cb98cad4de97edcee37c44e589f7

    SHA1

    e5d627bb96b5b0edd0bef777a88bef7987aba5bc

    SHA256

    e4793c19fd28454964325bad277d4ea494d9e8fa8ee152abe99772cc074bb5ab

    SHA512

    6a1f52520550e6591f722535029b41e59568154c25c38d17304aa3abe89dada2bec37372883ba057f8e19bd7dcce17b9cbefb11ddd1ad249834c212641c29129

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    df87e2cb3e49a188743e76ae53349509

    SHA1

    8c90c9c56cddd98590e19408f1436677d317d23e

    SHA256

    d016485eb9ae5761a7c25d266ac19bb011658c534bfbfaf254d65d251392dfc8

    SHA512

    3172ab81e3b06b10b219b30412a4cd3f633eb02c6a82eb7f231769e56a9e0a88d84c8d8ac18285a60560d74f8ce569d2c7f05cdd7c5695d506e00c9bed165c57

    Download Submit

  • /data/data/com.sulapije.cpu/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    cdd6011a591a38515a3468cc2ce92c6e

    SHA1

    3b0ad1fe62fb462631164b1280e8b6e04014db1c

    SHA256

    aa950320311a5f4d8b7a084cd7b55433a3489746805945e91dfb2b35036790bd

    SHA512

    b9f67d4eecf2b4c202fb225880b21d1c3dc10863891e73b2b98f19aeaa5724b197e211c28f40a16657a6db1a0fa0ad3c298fcd6960de67a003cac6520b181566

    Download Submit

  • /data/misc/profiles/cur/0/com.sulapije.cpu/primary.prof
    Filesize

    1KB

    MD5

    1683a52ac6cb9678ccf86b97b0130ce2

    SHA1

    cd37caec777cb847bbecc519fd026ab753e38957

    SHA256

    43909aab18ace2ce0fb70e245b08d64d54725fbe5ec767d10d69b63c32cc3506

    SHA512

    b96d42de01f6ee72256215b7f6234b00bdb5102b89dde2af953f5490b59d3f9607c461e17099e5d1ee78d89a30a3bc96a91dc33071b79becb1b7d0f72ae0d758

    Download Submit

  • /data/misc/profiles/cur/0/com.sulapije.cpu/primary.prof
    Filesize

    184B

    MD5

    453e9364e4f88c2c278d16b65b0457f6

    SHA1

    f69088a3dc8c010f3a76e4c90ad8ddddf0507191

    SHA256

    8a0ad538e071e8880b406d77f25decb16a1cfc60b18839019da25b2b211f6e69

    SHA512

    eec9ead82ca4acda6ff54b164a47658e1ff12b17cdbd5a080bffcd1fb2f6057038c2b20f43687c5bc93e09a18ac529ca1578a24bf366e77f82f65571b73f3b1b

    Download Submit

  • /data/user/0/com.sulapije.cpu/app_tank/trHY.json
    Filesize

    2.0MB

    MD5

    7af79a136585b0185331bf5064bb6b0c

    SHA1

    ab77421e5b5fe788fe303af3062bec71897686dd

    SHA256

    8fa0d8d95ca4b0dd3217d105550ec60d31c22935ed3b18cd1fa83be9ce5c5ac6

    SHA512

    1572d67a9246b9abe80906a9202137acaf9ce95889a59f9632687be2bb2953733e835454d11394665dafbfe92edb8d83575b06efe2b8136f363de91febf62df2

    Download Submit