antidot | 522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e

Analysis

max time kernel
29s
max time network
29s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
22/03/2025, 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e.apk
Size

7.6MB
MD5

8bd73012c635927e05a209cebcedad37
SHA1

5f6e68eea4ef68420876730bd93572778e1fa52d
SHA256

522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e
SHA512

d820d0fe7a10454da060316ba29725c6418004a9067d4f99c1df7ee2b58d94125d5ee03c42bc1bc3543f58b1d9e494b7d5fd223921febaed4781e1920ca0d36a
SSDEEP

196608:vkhZribESEI+uFcqOPUujsawfAn05Lu0wwP7n:hbEnuFadjsWsLu0zT

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral2/memory/4403-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.befiwiga.multimedia/app_among/sj.json	4403	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.befiwiga.multimedia/app_among/sj.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.befiwiga.multimedia/app_among/oat/x86/sj.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.befiwiga.multimedia/app_among/sj.json	4379	com.befiwiga.multimedia

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.befiwiga.multimedia

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.befiwiga.multimedia

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.befiwiga.multimedia

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.befiwiga.multimedia

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.befiwiga.multimedia

com.befiwiga.multimedia
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4379
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.befiwiga.multimedia/app_among/sj.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.befiwiga.multimedia/app_among/oat/x86/sj.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4403

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.befiwiga.multimedia/app_among/sj.json

Filesize
609KB

MD5
9bb70fb2c34812bec0334469a848a254

SHA1
0b29a0b3676f3dc5aeea0110d76004b52fc486de

SHA256
534bfc37bf01bf98ab66fafb718140322c796de0cbcebc28b71f1c7ff31f532c

SHA512
a385741ac663bd31a8038c65ff99eff4c08bcfa1a9265a1941594f77506152187aec791a3f21b0438bf8f452b60e687b6670f401ee9091d2ed15e932d380de31

Download Submit
/data/data/com.befiwiga.multimedia/app_among/sj.json

Filesize
609KB

MD5
d28fb1f3a22cfa55977163be060aedad

SHA1
5914463e9b2fb356bb155cd14b391c505d6fcd45

SHA256
4ba531f18f1086236e74935b2a3d1d7482270837fa767425edaa23c4a679b2b3

SHA512
ce434d5bdb00b9b3f8d365f75f080ccba967ed21aaaaf3037a2a280457a0bb2b9e27029b25dfcc6ccfb743eeff98bf7f1cf6fbce3f314a03e6a1638a9c509f28

Download Submit
/data/data/com.befiwiga.multimedia/files/profileInstalled

Filesize
24B

MD5
bfa7a1c81b324a551651472997068f9b

SHA1
530e72cd6d2daedc7151e1f40e992c8f68d7ba08

SHA256
78bc516b522b5ce90f62170b3df8333c34009a8c25811069b3240fad3047a0bf

SHA512
63719df7597427d367919fb08cee3b1d75dd5a4b5fd630f6e8f47197d58c3ec9d9f3915923c0c731d092f893265e90ab5f9b1e899c3a5e2d50c06d06cc38c13b

Download Submit
/data/data/com.befiwiga.multimedia/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
54c10fe2fbc3abfe4c573b25e501362b

SHA1
5c99b1b23fd5ab5ed94b1b02a5f8435f0379004e

SHA256
e119781c15adf708cfd234baaae9cac6bd1b5d6f7a47b17c52450f0c0a3a59d0

SHA512
ab38c6f1b8d5ec454dd181d3b2786f6d89e79f10f7d2f611a8b998634eb3e3cfff88e0212b18990d5e489b540caa7762f38813c0cb7dd8c336843d2dc7654806

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb

Filesize
104KB

MD5
6370205399fdafc6dd412702082bd010

SHA1
5d22b75aa1344e693b73a3d930a7f90eb5baeb19

SHA256
e9780bc0a00dba620828707e085f13d601a4a562819c3b5c4aa4fb66a839f68f

SHA512
5d12e2fa4355d36135deeb7ae7a2d1be9731a3d9db4a4a8d85b6114d63401b6c9e662705fc747e7dc86b803a79d0756108c0ce5a80f860084e7e464ad72632b1

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
15e38c85f6198cfb2ccfc30ac0beacaa

SHA1
7893b2d7accaf65554fe59378d602d04b870d2e8

SHA256
372b1b107e76366ff545fb8477ed667fd01d4f0c588510c3d47d4787d98e0483

SHA512
c110b13f058319f0ab72c14f52ac48d64e60dd1ad56e5ea400d3deb9247aa2b84e37d2c262744acf0372cea4333ee35b0f22c5b4f7cc7179c1f3b5402f94ecfe

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
696c7449720d57d85feb4b08e2400ba7

SHA1
066f8bf8cf474380364ab42afe1592c23472d560

SHA256
2f90ef5006f6174d7454b707224faf2d0eb2b5250d8e37518cb4f84bd3b63145

SHA512
7dbb8769b00802ac96ba0341ba589fa1afccd18529d32d8a4c7bcdc46730fc1327d9fe4c6e03c9a09a2441a125d20c8b1ff811e2751055a32b6fd0ba9f78cc98

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
43c70ca64eee478b4e2a1a9810ea0331

SHA1
57271ddb85fc34d61b6008392c89054ea4778552

SHA256
9162f52bbdff6d654aa4feb6d4de73d143a1c768687c81e1f6736a6f30877eab

SHA512
6d49d983337a17f895a701b4296df480e550bd9fcad60c9e0ad857ddd9c5c2854964c7360a8bebe6ee5df844824439f4112d3f659c2f5dfed91ace9c2b35bb00

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-wal

Filesize
422KB

MD5
0c0467acbf00b5f01a148439220ac606

SHA1
f871884d8ec51627828be475e241723573faa6bb

SHA256
a3236ddc3db1e493e3733a7606ecf278d3de01ba7cfdbdafb1fdeb8b06fb0ddb

SHA512
91136a6c7ac30e595d4e434c566ab97518e5ab47caa363dbf9bb54d80d15346f5f3781c1dd0ff1de20f3caf92e88100ce804a740c9dba866be27af5cdfd26547

Download Submit
/data/misc/profiles/cur/0/com.befiwiga.multimedia/primary.prof

Filesize
976B

MD5
00c451947c7291f82c25d64c0f5d8234

SHA1
4a4666241ab04acb9e46f463ca81072d4a39814a

SHA256
9ad35a299c7606b73930293c822c85329abaab58da77b4c7857b9e49ffedcca5

SHA512
d3ee2fd2202446e61a2071462ef5073b812056fc03209fabb0d67dac0b9cc62bc0bc054715db72a2001143a0c0d2966c0534328f1873d31a9cb4dce508bee22a

Download Submit
/data/user/0/com.befiwiga.multimedia/app_among/sj.json

Filesize
1.3MB

MD5
e7024e2b4fdad6e4774ac6158a18bf11

SHA1
68b2d3dcb5a351e7440bde6794018d8ebdc90b50

SHA256
b5877eca544ca0540e552a552b94625859694c4c790b796e1c2e6491ab25df93

SHA512
2aeb4220f27a69f72dde685da81392960e41136054bbb374089dc02ab0d6a37d0f9ec9c8d5d1e49629b97c31ec862013a5e16db7ee8ab8a46ea36f968f4ce6c9

Download Submit
/data/user/0/com.befiwiga.multimedia/app_among/sj.json

Filesize
1.3MB

MD5
4711ca15f601ad8cc04938355e12be56

SHA1
8bac0278d20aae4111e6296264367e0df115d9b5

SHA256
0218624520995151223b1376a9c8359985a5c5cd1ad10f5d3758ace3fc0b7d1d

SHA512
4b36044cc8a980d2f93f600c3e2b72eec7c6a3470b9249c051e1860c17e0e7bcd2d7512e9856ff758deebe1838910048abdf9c03133a2d52c1506484be19b921

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads