antidot | 176c15abd8129000e3aca8533e284861787a531e33ea0880de5653769ebaa218

Analysis

max time kernel
29s
max time network
28s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
21/03/2025, 16:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

176c15abd8129000e3aca8533e284861787a531e33ea0880de5653769ebaa218.apk
Size

8.2MB
MD5

55b16a8cc81fca626083e08630c79f73
SHA1

cc4446fc2563a72f3a1174ae950a8de27f7a72c9
SHA256

176c15abd8129000e3aca8533e284861787a531e33ea0880de5653769ebaa218
SHA512

c909ccacfee40f677ed89407248832e53fdb0c135e5dda375201b45782fdf357d411fbe5f1609926edb3283c46c16a3905479a68fe3589e9a8ea59ac78564a14
SSDEEP

98304:IT3Azfy9xAcCJla+YmAtgOJvIK2RRb8OpRTqiaWG9Mt8sraryz9Hhuww/IC/vS+G:pfEqJoLftgO1Qj98Nz+zzuwi/q+96iK

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral2/memory/4322-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.fonajo.encrypt/app_giraffe/PhfdZ.json	4322	com.fonajo.encrypt

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.fonajo.encrypt

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.fonajo.encrypt

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.fonajo.encrypt

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.fonajo.encrypt

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.fonajo.encrypt

com.fonajo.encrypt
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4322

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fonajo.encrypt/app_giraffe/PhfdZ.json

Filesize
593KB

MD5
85f35c08e102fb2a9d1451a408d5d973

SHA1
88b9244d1f245ccee803a386db9ba1e09a2f49c7

SHA256
23294ed9676ecb2a60c111176c39cb49c177399f6ce0cd5e3a3fb6584886bf17

SHA512
fee9ce329e3c4ec6e8cc8338e99c2a16e9e5d9578c46e7949a7e13233b6a844177be84cdfdebd976613af1b80c15bc4f01b9c4ad70164b2f749d9e371752fb1c

Download Submit
/data/data/com.fonajo.encrypt/app_giraffe/PhfdZ.json

Filesize
593KB

MD5
329d7b99cecd798fbe4e4885296b14c9

SHA1
10c820e42ae340b3df4ecc31149402169b62dbd4

SHA256
607ce1608b77c6cb99af104864408c0d76e7541ef35344f174d74e9034f2aa97

SHA512
50ce84b9aa3915a250a8140e5d28a09c6e43c97013dc4d254fda70ccbc1f5b70010c93aa7c8f4fa5bfd6a6c5d94d523f7167d4866a0fcdce298f06539038d626

Download Submit
/data/data/com.fonajo.encrypt/files/profileInstalled

Filesize
24B

MD5
cb8c150def3da513f9d959d3e2ab5471

SHA1
54607e206011f85666928023d8b2df8e8f029144

SHA256
e99839c54032e30f43db9429e5b9e9101f67a100e0d37dbf3294a5acaa537c69

SHA512
5eb97b683824eb0ffc99458ddb629e0acfb531351d8186acbc2d5c70c3e805d72f8ba35de5a6754f9f33991dc8405c83069e3f58e1e44f5de11ab77b026df66f

Download Submit
/data/data/com.fonajo.encrypt/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
dbbc1a787021875049b600555b2ab05f

SHA1
e4ab6743a2a77e1c8cd4d5d83a5d7296f86af244

SHA256
0c89f1f4fa4b9e152da47753e248e47d7e596012ea9ebb47cf21927ed7a41016

SHA512
e3597a1d0caffbd999d1f26c0e7f0012bfcb08929172a104a636c292a204f4b38ac94159911dcfa959a9c9fbed75afb0f10679e19a9273012c5a74f96737f155

Download Submit
/data/data/com.fonajo.encrypt/no_backup/androidx.work.workdb

Filesize
104KB

MD5
a205230b67011215e4e02471fc0f8583

SHA1
239a951fcaa1065e881cc42e7ba978d793b85289

SHA256
16b2cfc8688c19e2765d8f4192636d7543112ea676dccf2e36e979104ab41d2d

SHA512
cef0c291439622a45f704abd41b683a18582050dad54155cb9181c692001e60eae41b30ee43d6149e55a2c00c94810ded75e82bf80aa5b77c616578926544eb5

Download Submit
/data/data/com.fonajo.encrypt/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
e66be241a430c16ef92e6fae9a11afa0

SHA1
1b30e2ac520903e7d8d0db4be62a0d97b99e0c34

SHA256
2639989068f0381a5477cb67c4838abde5148cd5f6597c5b6ebf74ee286488cb

SHA512
f7097f08cf24bb147ac6c8fc39e621fccf6273e840c903b711dcd6185f9ed6db675eddd33dea0427239bea2cf0f72b92d61ae4a3b0a1f47200a57c0592184364

Download Submit
/data/data/com.fonajo.encrypt/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.fonajo.encrypt/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
3d23a8c4ddbd20fc4b583c45585806b8

SHA1
62059086f7e444a73c413b18803ed54514003b4f

SHA256
3dc3a6dec18976cc5ddd7d9631009b6437be5e42788a43819b63291c57bd6474

SHA512
4d527a4d0fc7a5641c56d1084650a209f8c6eb3279bdce62d7a1e4ffd2993cc183b5fbaf48f877800fb1dd30a3f8476d0bf8381d83621f3fbeaf15a37bb270c3

Download Submit
/data/data/com.fonajo.encrypt/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
c79cf658119d0fdd9001f14b414c5ac7

SHA1
f26f2459763badbc68c725c8b9d462db544fc801

SHA256
5560f19f966b41f32985fe5f27622371337a9d4610ca89290e60f6fa8f8d1378

SHA512
e9802695c4afc4de075be829756a41a337e870f646bf23608463aa982b808bba2aee8f559bfd8dde6949f196740afa333fcb9d1c2f048203a63fc32ae6006188

Download Submit
/data/data/com.fonajo.encrypt/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
643e5c425099afd4b1edc5ff7fb030f3

SHA1
4e2efc165f2551f64125f12a81f3d63f1c3eed77

SHA256
e2ae2ce6f00c807688abaa05c83a5e9e010032e58e9aee2f717b14cb4926df78

SHA512
2b4bc10ab2152ff382a07f9471f9cc5c2e49a3162650de178fb030aae7001029450178b49205ad3e89b0596541d86297c4672a7186465580ffd4488f55e51561

Download Submit
/data/misc/profiles/cur/0/com.fonajo.encrypt/primary.prof

Filesize
1004B

MD5
210bf258dd5d3b323f5d2d0c092e630a

SHA1
b78713669eebd9b495ce45ec5847e13ed517ccf3

SHA256
970530fbfea991d8ff48c10cd2947b8973e4902086f08d80f793262bd5101eed

SHA512
0fec4a63f9f051037f609c279b11a610c0764d76d33217b1b87450131c2b090830d66300f0b0916ecb22a9824f2ddd12e1916bed60081f5091773b35b57738f5

Download Submit
/data/user/0/com.fonajo.encrypt/app_giraffe/PhfdZ.json

Filesize
1.3MB

MD5
57184c2ed638d075817a9821087f71f3

SHA1
14057a7f5bb31232d4a7ad8307e3dab740b8bc96

SHA256
c62f01e5df2309e9f4ad21cbcbcc7868e73085fc894ac9d6860a931c4adf4b4a

SHA512
d2383bf284b3231f977005f66d777592500e21916bd938b5e36ab18a6e27c36a713ec636615750c10bfd5d9a2ea7186ef2892df1cdb36ba794ebc1a12f96a768

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads