antidot | 522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e

Analysis

max time kernel
29s
max time network
21s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
22/03/2025, 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e.apk
Size

7.6MB
MD5

8bd73012c635927e05a209cebcedad37
SHA1

5f6e68eea4ef68420876730bd93572778e1fa52d
SHA256

522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e
SHA512

d820d0fe7a10454da060316ba29725c6418004a9067d4f99c1df7ee2b58d94125d5ee03c42bc1bc3543f58b1d9e494b7d5fd223921febaed4781e1920ca0d36a
SSDEEP

196608:vkhZribESEI+uFcqOPUujsawfAn05Lu0wwP7n:hbEnuFadjsWsLu0zT

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4499-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.befiwiga.multimedia/app_among/sj.json	4499	com.befiwiga.multimedia

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.befiwiga.multimedia

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.befiwiga.multimedia

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.befiwiga.multimedia

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.befiwiga.multimedia

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.befiwiga.multimedia

com.befiwiga.multimedia
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4499

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.befiwiga.multimedia/app_among/oat/x86_64/sj.vdex

Filesize
29KB

MD5
89ff7b11197705aef2a2eeda5c7e5f38

SHA1
2d12f2cd939a63c269c2d90fcf6fcdc8e5659444

SHA256
e11ac86fd27c04cd870a12dbf29f0cd71f0b283942d206ff6ecb9f6e27f78bea

SHA512
a3b8b384ec06fa499aabf11e4a3f62592ccfa3ee60ae0bf1796df7cfe6ab94f085668dac5a2ee67ee64fd4649e4874b4b0b659a6781ab5f752dbfe44704e2b37

Download Submit
/data/data/com.befiwiga.multimedia/app_among/sj.json

Filesize
609KB

MD5
9bb70fb2c34812bec0334469a848a254

SHA1
0b29a0b3676f3dc5aeea0110d76004b52fc486de

SHA256
534bfc37bf01bf98ab66fafb718140322c796de0cbcebc28b71f1c7ff31f532c

SHA512
a385741ac663bd31a8038c65ff99eff4c08bcfa1a9265a1941594f77506152187aec791a3f21b0438bf8f452b60e687b6670f401ee9091d2ed15e932d380de31

Download Submit
/data/data/com.befiwiga.multimedia/app_among/sj.json

Filesize
609KB

MD5
d28fb1f3a22cfa55977163be060aedad

SHA1
5914463e9b2fb356bb155cd14b391c505d6fcd45

SHA256
4ba531f18f1086236e74935b2a3d1d7482270837fa767425edaa23c4a679b2b3

SHA512
ce434d5bdb00b9b3f8d365f75f080ccba967ed21aaaaf3037a2a280457a0bb2b9e27029b25dfcc6ccfb743eeff98bf7f1cf6fbce3f314a03e6a1638a9c509f28

Download Submit
/data/data/com.befiwiga.multimedia/files/profileInstalled

Filesize
24B

MD5
9e21af0effe87e261441883b9a429a1d

SHA1
19415b7674615c01691f9f8a1f51c9a3debae12f

SHA256
6101aca9488bb59e1eabae6fe8bc4285193e57e24e03073b40af2e9715faf306

SHA512
02cb776d0eb3490d62ee6db43e062157aececa254a69e151c46db04c27d1e3a528d112a4d1d35ab63325cd258d61060f9935e3a8b75d63255098ead3e0104c5d

Download Submit
/data/data/com.befiwiga.multimedia/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
8ddfbbee7db125bdfa8b6f8e5fe38c10

SHA1
1bbc4d70849b944d4449dbc7d3f2e9316cfe25a0

SHA256
206f97e66be062b0571b09ac3878ae4f7a541d9e3a409fdd1759da3971d27790

SHA512
83a9186be8fcabc75287a1f0c58b555413662a4865ac461b7fd75dc2983f6a1b4648a37ea8f8149d74598a18b122aa0ffc01be9bc8e9ec4dd47d22b2e341fb45

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb

Filesize
112KB

MD5
6ef1891f625ed4e4600ed7153a8b442c

SHA1
d5b572fc26e9548ecf6f0f4f65f5c059cad53192

SHA256
7889cfb55655fa2db4dca0053be32975f70a4454f605ca0ca961066b7b4579e1

SHA512
41a05dc871c369f8b849e21b8dd355ea62ae06907ef10fe6e6918875a51fb7203b6850a716d0ec34cbe5e470a653e08f6ec48f6113d46dcc345d518b65e1af0d

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
778fa440d667b4b79a03f1ef385e76b5

SHA1
a81070b39d13d2f34073c64caab516d5daa897fd

SHA256
1b3ad260a6c923fbcc04ddbf12fe88e8d63ee510fe5d139b6206e42ce43ccbc6

SHA512
5924036920626a56ce217217650e1d974c1e8cc898558662c30ce567140c5a41105c0492df18e3e77ee077d365fa948e34a626ebe4b2b906ab5741d1719ace6b

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
7ea3f8966ce7f2e7b70cc34af3d69b22

SHA1
93b39053b09701841a6df8bd9d79d7469fc8cb5c

SHA256
b849daceba0cb61a6c48da171bedf1b9c164dc2b0ca684cfbdec092f691b586b

SHA512
c563159c435d3cbc6b5c2768ad7e33789af470dd722f4a5b6232792939f9ace438b7defafca7efb501c429be316b5d65ef5cf2919aba9c6421debca0a0a8bc56

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-wal

Filesize
426KB

MD5
97ede6d5ef928fbd2ef34f8b9c72d7df

SHA1
3d8916caccc970af4152fbd119163a5a18de5b01

SHA256
0d40d661dcd13b4b7ddc0c9f5ce88e8050b0e1af7aef91627f72a0abdba3cc43

SHA512
31e358a4974953caea73067af1283ae808255fad749a0735ba733465eaeb81aa204ca485c6389bdccdad7dfbfed2b2d8f11f99911a21a1ada56685081a8ca5d3

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
73ab5bb1a5b2906bb9e96987be81de90

SHA1
c37a4627b6cbbe081b435aef7f5b780e8ca777d6

SHA256
d743597375798eec50fc2cbc80e40b4ccf878ef59a6ab9907686f677c75dc92d

SHA512
13dccb0c1d2da4aae96ab2f8519e99b8a0f8cd46e0a6a11f9e390ad99e24d1fa66425ac85833bab37fef4e9209caaa859dd3c52b9a496ff4e2ce8e0836cbd031

Download Submit
/data/misc/profiles/cur/0/com.befiwiga.multimedia/primary.prof

Filesize
1KB

MD5
f5d78d41bec91ceb2c0ba6c5a1003917

SHA1
ccd743006cc70787520cace8c0be14b78bbb92df

SHA256
85cb037ae5df7f8a2a0382eddf07959f6e47394b1232e30a6ccd9a6ad7e4f484

SHA512
b5803c7d7a5f727c69ca735990e17cea97747ee0c437d7379db59efb4515f0536a095171a398d18e16e19420760b8fb53bedcc82b2d223c18ea77ca6f75d2f55

Download Submit
/data/user/0/com.befiwiga.multimedia/app_among/sj.json

Filesize
1.3MB

MD5
4711ca15f601ad8cc04938355e12be56

SHA1
8bac0278d20aae4111e6296264367e0df115d9b5

SHA256
0218624520995151223b1376a9c8359985a5c5cd1ad10f5d3758ace3fc0b7d1d

SHA512
4b36044cc8a980d2f93f600c3e2b72eec7c6a3470b9249c051e1860c17e0e7bcd2d7512e9856ff758deebe1838910048abdf9c03133a2d52c1506484be19b921

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads