Overview

overview

10

Static

static

6

522ecc4fea...0e.apk

android-13-x64

10

522ecc4fea...0e.apk

android-9-x86

10

buzijebe.apk

android-13-x64

10

buzijebe.apk

android-9-x86

10

Analysis

  • max time kernel
    26s
  • max time network
    28s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    22/03/2025, 00:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    buzijebe.apk

  • Size

    7.4MB

  • MD5

    c42140c0a8148c57758f458163ace169

  • SHA1

    077f9b9a58aff46be9f3a5fa01b0e2b6c59d1124

  • SHA256

    8203f6c3e5a40e8fa19e54f8d235083e2de56efbf8f8f31e14af3c893c721843

  • SHA512

    477e58295e6773e831b985a33397576b324cf738d8d965a612b1e54e047df045c6fac2b1c6065928e195a047d3c97391e7f39af3f1cffcf0cf2eada006d91d80

  • SSDEEP

    98304:Qo/Kr68ddHh0yyRLirBcQBU3uCWe+2ieSyeTgnrSs2A5uDa/vGX5RzDlb:iddHh3YLtYErSsPQEvK5RNb

Score
10/10
antidotbankercollectioncredential_accessdefense_evasionevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Requests modifying system settings. 1 IoCs
    defense_evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.dininujoxu.java
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4515

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.dininujoxu.java/app_credit/KqJwjY.json
    Filesize

    945KB

    MD5

    dc3dedece373e7967ed4e54d8812553b

    SHA1

    348b491081ac30a4a1f080f1c6ed0ddad346f3c7

    SHA256

    7a84605ddd46df57b1a52382378dd716e86ec71542d728a966830e553108d29b

    SHA512

    e4ce924c94e2fff240c2f5c27cccbc6ca4946d6bf3da68eb46511dacec4e668c4ee66e693ba0b06bdd800688cb62ce121d239b5c98b456d994ec29f1b456e00e

    Download Submit

  • /data/data/com.dininujoxu.java/app_credit/KqJwjY.json
    Filesize

    945KB

    MD5

    839816a2a5097bc3903870943c1d5788

    SHA1

    8f5e232ba52a8ae92f4359e3331d17897968ec22

    SHA256

    9b79ee512b0efc9bba466722babff8a26e2e334913555f100cfc6ad374b5df2d

    SHA512

    39a07d2b7d53ce9a8d952fe446f94c5a23e001cc0fe7e58ac54933e41bb83d4958bd29d4ef7a5b5cc2d45a6b5582955acf1579769b869053eb90245c94547796

    Download Submit

  • /data/data/com.dininujoxu.java/app_credit/oat/x86_64/KqJwjY.vdex
    Filesize

    36KB

    MD5

    4acd583c6aa521dbcdac4ea3791751f4

    SHA1

    a10c504dd4de90041daa20d6890eebb99acadec8

    SHA256

    e4c642800ae5c33bcbcdd4cce64b85234ef61b8065e37f3f307c9fc26761372b

    SHA512

    cc3a3b0214d2d323abf79831a999f93db1b36649d53883d539472213ee7323585a0be9346b9c1af9c9159fa97994cccef3399816fb562d004f31af2c346aac63

    Download Submit

  • /data/data/com.dininujoxu.java/files/profileInstalled
    Filesize

    24B

    MD5

    34eabd5416fd07fdc860bb60f496a681

    SHA1

    75a138eb39ae880ed1ffea3f2122a55b1e20dc95

    SHA256

    3646a00183f14cb4d1978fd04162b931b562b90bcf38aa86f9d75eae5120ecca

    SHA512

    15af7ffaf9a90a3ed3bf29fd71525d40848443d274688c139c038332fa2b52b06c51f1d8f810ee5a5196e1fcd2be22301ce209ddafea848f7c2c4b106c40cf90

    Download Submit

  • /data/data/com.dininujoxu.java/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    8b9a7904bd8ff561c36329787b643868

    SHA1

    e98b579684a17f81cd803de8d85f21b74c3f8e58

    SHA256

    f587791cc6b8d443734b9ee58a11c6b45e9741471cde3d3e8a366550a59df6ea

    SHA512

    7d69065233d03b707486c64f351ab3cd45c1186bbbc5a19969f22588f75861116e551fe27c6e3a12d343acc5551685e096bdd3b6e41e37d249990d8a09bd226e

    Download Submit

  • /data/data/com.dininujoxu.java/no_backup/androidx.work.workdb
    Filesize

    104KB

    MD5

    d4294c6d14c6261775d2c8a7b3719ac8

    SHA1

    f34a3302c20433558769a4ba96e2b8b70acab0a8

    SHA256

    3f721c9fe16590d709e10f0925a7a1969d8fd67c0ab45ca8b0718dde4cb8b761

    SHA512

    48a7edcebe8e507169ee47578e9fbf8fbdf19c7a85008021db12b97eae27f8a3ac9db0ec604513ddf2e3b2fc883c326a2c8fcf853132c351dcb4d976dc48b218

    Download Submit

  • /data/data/com.dininujoxu.java/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    2769458828961e3b63c15a0518435fb8

    SHA1

    5750ae6d92b152be2e1fa50ec5ab81ce38bef160

    SHA256

    9aaac569e8ddd02fb50cb738330e3b455906093ac81544aec17f8088ded2a5d4

    SHA512

    09ac43cee497968d7c3c0517003834d921b77042f4bc015e34191e557b033b012196f97c7c5314f2ce5f0becf7f0aae04b996b864dacc008ad36d36446db7892

    Download Submit

  • /data/data/com.dininujoxu.java/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.dininujoxu.java/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    7b36ae2b2da268e688fef2dc88e7cbea

    SHA1

    25bdc7c842fda95eee9e85c5ada5cf631c17b882

    SHA256

    d7f00cfeebce3faf02e51f698b5a69dc0f6fbd2b3285f4c8535d9f382c14a4a8

    SHA512

    3b8cdd4c99b23b18234c66a308c8828212c8eecd15ff27467d206564d897a769d27614554f6509b16a4d2573f9f37eff2e953d968c8f92595d1ef18b54a06dbe

    Download Submit

  • /data/data/com.dininujoxu.java/no_backup/androidx.work.workdb-wal
    Filesize

    434KB

    MD5

    cf5f434c117c7f12268cb98e0e8584b3

    SHA1

    66ab7ed1d6e5c2eaa36a219dd1b6518dcccc4ec8

    SHA256

    d05b75e32f3851e9478297ddcb75a4c0dc422bbe15285674b12f772cc897b707

    SHA512

    24b3a05c3f25b8f960f215548b24fc6e89d90d727f46314bbad44cdd8248637124c37d975f04e481cc69f459e20f69083a85d26cd42ff494edbb2190434dd7ab

    Download Submit

  • /data/data/com.dininujoxu.java/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    bf525395306dc5e627840a95f4119be0

    SHA1

    aace4ee054f43aab1662eb595069f391700bf8b5

    SHA256

    c4130a2f034e33e1bef00202753728cfa998f0a85e1258b066893c17835cd2c5

    SHA512

    86722ceffefcc75f40b4e7ceda1bca2abdf45b63b2da43cbf9eb12f36d40596f2f19474b2b8a1556a42878bb88df26473bfd01e9e5f1c146ce22fbfb83c63284

    Download Submit

  • /data/misc/profiles/cur/0/com.dininujoxu.java/primary.prof
    Filesize

    1KB

    MD5

    db6ff7af568eced2866881e888eb6f15

    SHA1

    1e29a21b09a02d895d379821cb54adc3443615ee

    SHA256

    32a176cfba191b0538cb3c62ea0334d37f4bb164103e907b40b9bf01a9bf06e7

    SHA512

    6f65ebf33805ad3c198da2d4b96a373b00548055fc8603da7336e549673d5908e01705f02c0d0a257cfa8513c84a3316915211e7882409586da7e709e0ad1644

    Download Submit

  • /data/user/0/com.dininujoxu.java/app_credit/KqJwjY.json
    Filesize

    2.0MB

    MD5

    039b2f6ea2a3ac6889109e03a4ba6ede

    SHA1

    96aa1b9cfa9c95a1f6a6f8dc3771d5955904419d

    SHA256

    4565aac23e3b499f4e1e01d462f00f5dfe2ce1aa98c8c5cc1346e12c8be62999

    SHA512

    d1596f0e45067dd52b80423297316fc1d92350b6adf2c90bf85d92713ce24ce5622aaa415945dd368168dd07884e062fb0567c2236410aea172c13f902b48f3f

    Download Submit