antidot | 176c15abd8129000e3aca8533e284861787a531e33ea0880de5653769ebaa218

Analysis

max time kernel
145s
max time network
156s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
21/03/2025, 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sitiriviyapi.apk
Size

6.9MB
MD5

37b18d5c27edaf96d3d23f0dc6db55e3
SHA1

c1c9d6f407eeb159ec90c1601d5486375aa9314e
SHA256

65e49b30e5a3ed351a2e9fd2ec40ced992136a19451a2af6322c7955f64458af
SHA512

070b2349ef41ffe17788b801d18296fc74308003e86fbc392884b9631f3dd359a1e03098326776f5966b04cf35411f079893a27b2b5de50c934c3f0a5624b79a
SSDEEP

98304:sD7Gt0stmNCpTrVJBQ8vDo/KrZLeRxGm/ttVJyCw7OR9:U3ApFJ1eRxGm/ttV47O3

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral6/memory/4592-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.hejanuni.backup/app_raise/hUAobM.json	4592	com.hejanuni.backup

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.hejanuni.backup

Requests uninstalling the application. 1 TTPs 1 IoCs

defense_evasion

Uninstall Malicious Application

T1630.001

description	ioc	Process
Intent action	android.intent.action.DELETE	com.hejanuni.backup

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.hejanuni.backup

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.hejanuni.backup

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hejanuni.backup

com.hejanuni.backup
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests uninstalling the application.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4592

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Indicator Removal on Host

T1630

Uninstall Malicious Application

T1630.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hejanuni.backup/app_raise/hUAobM.json

Filesize
962KB

MD5
13612ae6116ccc34a1de83aaf8e77383

SHA1
1e752ee8836e370d7c7d5f8da6cafc9081396990

SHA256
f97dce87958361004a06cb8b24b396244a7e7107cca818d54f6b1947e14f9499

SHA512
3b29cbe1675cf553a132bbec1f7a10a244bca847a80f8ea5411bec361050c4925a1c038e50075319aa0675b316ebc603c685a45e9f4446f0992db1b05097b8d4

Download Submit
/data/data/com.hejanuni.backup/app_raise/hUAobM.json

Filesize
962KB

MD5
3e5902eec354c14bb41fe724e3ce2b2b

SHA1
0bded00aa749a535109df79aca75818e64e0c07e

SHA256
78e92dbad031b64dd16c6cb101603931f2607e1dc7897bd0e559769d6a4e615f

SHA512
10b4f721effc0674876d6a5646defe51edead1bb5bb96b6749221e1645d56ea4db916360f84fe5e193c7b4ff2bd7ea7c98ec279740a8c9d585d165d8bc59247e

Download Submit
/data/data/com.hejanuni.backup/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
072aa6ac079e4684cdde3ec647c9445a

SHA1
0636b94984ef55da6b6a4f2a0c721e801de77c25

SHA256
89d9aaf256e7312362ff072c1968b1d059b78f72fb80042cbd7c8785b8ddf457

SHA512
c79aa97de9a68c413355bfc120525d975d490a32f43e33a78b99863dfe31a8a52de7ffa5d25816a6df59ead6596c809aa38a706783d899e0ddb7ff4b52256216

Download Submit
/data/data/com.hejanuni.backup/no_backup/androidx.work.workdb

Filesize
104KB

MD5
460b2afaefc1cfde6d9e4073fd98c8b7

SHA1
227577503256e8317acb0a0313b4686f16aa3093

SHA256
c7ffbe90134214c68836e1d8f4461877d41d90cb705fedf8121642aa3e930bc1

SHA512
f50ca754adcb9f2fd64b8358f0413d1ad6acf7e96a350974e8f5b94862c790bf5d506723788d671a8f81d882afc348328c429b9458ca574af2726acddf1c8b00

Download Submit
/data/data/com.hejanuni.backup/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
8ea7a7c439b5743550a4dc7a038ea6b0

SHA1
0432d43795dcdcf7c15e80b709bcfe6b115a8a9f

SHA256
6b70809c36756a93982f6782a8292985e40318865dfddef2e79d74cffe8a4d44

SHA512
c5b3c8feedf581a9f9d3c7a99fdd6aa9641272d140cba3c899c5d1b4a75a359d18640c2154b5d2d14d90281fc54997f321c215e0d08c6a06c8557ad2608a762d

Download Submit
/data/data/com.hejanuni.backup/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.hejanuni.backup/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
6b56261309c0175824c57d25d0380dcf

SHA1
6b5633ef308553c757e7cd64e9ec88da3c6c59b5

SHA256
6e3953ecef68dea5392e5a8567827d8fdf444482440f208e26723202f93fbfdf

SHA512
220683c8263a78d025166df7071123457bacee3dc3e343f251597183aae42f4f5cf45153c4532b9746963f03b42a2f24b372d45dc9f7634f588bed169ec0020e

Download Submit
/data/data/com.hejanuni.backup/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
83a05450d0a3b8f7a0d3f8ad933e9c2b

SHA1
9b023c5a24d81f5c62f36191cd452d6e2be49a78

SHA256
a1488da604ceca8f605719a66fcb58ca62e7c9abb7284abf99e11eda419cc78d

SHA512
f0c5d24c6d4f941662eff8d5d740beeba4424bee7ae54d3de25c3fcd72992ff5884485e512350e47d23e20fbef7d9a9622ae2d2ebddb5247447972451d5fc3fe

Download Submit
/data/data/com.hejanuni.backup/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
6a447ea6f44bc9d4ec49b979ba691724

SHA1
bc1d2e5817aa86d7582e0fc1f92e02b79bca7dc6

SHA256
5645c8c37328b0fa70e509b070fe906346eb54c0f9c48409886797b52714e03d

SHA512
b1b03f403c1778b0443aaa8f73c2f909c26325f4c5463a6b0fdaebb0275cd47079257d2f896e0a22a3b38d152a445e29359406d70d13bc2d38c19c1e5656c152

Download Submit
/data/misc/profiles/cur/0/com.hejanuni.backup/primary.prof

Filesize
1KB

MD5
688ef10276f7f5d67b82e101c4466c2a

SHA1
e26910aee147cfdd1686b319c87987b747ae1699

SHA256
35255d11d6bf0cde7a26e3c152b65516cfd369b422205c4755bb0a346d9c337f

SHA512
49757bf19727020cc9fde9963a31e4583d373c4758aa8258760763a48998a582f5228dc339a6420ccd34034e7bdcba76fb7e423766d376d33ea24aa9594e4e06

Download Submit
/data/user/0/com.hejanuni.backup/app_raise/hUAobM.json

Filesize
2.1MB

MD5
9ee668485e5a11a95d70387de47094d5

SHA1
45308543ea23c1dab4a8e81125c47dab2a79d66c

SHA256
e18f1a1eb718eccc8fe2562d123a82554b83eac3eabfc73775efeb222b5649ed

SHA512
96c6e26af80d9ddd5fde7f4add3817af28bafac756a1134c40d4304e177a16455a5978ffa782f4dfe2bf3f289ca561e8245e822c322d09c4188733973e865f5b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads