antidot | 522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e

Analysis

max time kernel
149s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
22/03/2025, 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e.apk
Size

7.6MB
MD5

8bd73012c635927e05a209cebcedad37
SHA1

5f6e68eea4ef68420876730bd93572778e1fa52d
SHA256

522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e
SHA512

d820d0fe7a10454da060316ba29725c6418004a9067d4f99c1df7ee2b58d94125d5ee03c42bc1bc3543f58b1d9e494b7d5fd223921febaed4781e1920ca0d36a
SSDEEP

196608:vkhZribESEI+uFcqOPUujsawfAn05Lu0wwP7n:hbEnuFadjsWsLu0zT

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4435-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.befiwiga.multimedia/app_among/sj.json	4435	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.befiwiga.multimedia/app_among/sj.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.befiwiga.multimedia/app_among/oat/x86/sj.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.befiwiga.multimedia/app_among/sj.json	4408	com.befiwiga.multimedia

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.befiwiga.multimedia

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.befiwiga.multimedia

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.befiwiga.multimedia

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.befiwiga.multimedia

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.befiwiga.multimedia

com.befiwiga.multimedia
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4408
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.befiwiga.multimedia/app_among/sj.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.befiwiga.multimedia/app_among/oat/x86/sj.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4435

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.befiwiga.multimedia/app_among/oat/sj.json.cur.prof

Filesize
2KB

MD5
c32e1e6fd0c4b1c860f30589a7fe1bc3

SHA1
e8420fe49385bd63724c29debad78336444c55ec

SHA256
c655c6960c45205b01c7a9bfb73f3a3528967f5cbf28228340a8e2f544ec4afd

SHA512
e5d0cca902f540bf598b3d026ab871770395fb10c0af985ae28a1930b7762b7817f8d48f71b364d21eb8b52d9db5bbb357fc111bcd4fb916e73191e67b5b610f

Download Submit
/data/data/com.befiwiga.multimedia/app_among/sj.json

Filesize
609KB

MD5
9bb70fb2c34812bec0334469a848a254

SHA1
0b29a0b3676f3dc5aeea0110d76004b52fc486de

SHA256
534bfc37bf01bf98ab66fafb718140322c796de0cbcebc28b71f1c7ff31f532c

SHA512
a385741ac663bd31a8038c65ff99eff4c08bcfa1a9265a1941594f77506152187aec791a3f21b0438bf8f452b60e687b6670f401ee9091d2ed15e932d380de31

Download Submit
/data/data/com.befiwiga.multimedia/app_among/sj.json

Filesize
609KB

MD5
d28fb1f3a22cfa55977163be060aedad

SHA1
5914463e9b2fb356bb155cd14b391c505d6fcd45

SHA256
4ba531f18f1086236e74935b2a3d1d7482270837fa767425edaa23c4a679b2b3

SHA512
ce434d5bdb00b9b3f8d365f75f080ccba967ed21aaaaf3037a2a280457a0bb2b9e27029b25dfcc6ccfb743eeff98bf7f1cf6fbce3f314a03e6a1638a9c509f28

Download Submit
/data/data/com.befiwiga.multimedia/files/profileInstalled

Filesize
24B

MD5
a36623edcd272af33878fdd0243fe7ce

SHA1
8840bff955cc13ac6d1202a45592edfab38c5572

SHA256
91b32f596120cec672ccc0420002f507f78c1653889346c75f9b9a7be677b67d

SHA512
fea7e001ead0f25475bd36e33f4e0400f3a2a047ce1381f465c8aab307dd0cc95d792b47c5501e7e51185072425cc2e59e2c38a12bafe6101f7549a8f8c96769

Download Submit
/data/data/com.befiwiga.multimedia/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
e7ec21710364152fc9a28739a0acd305

SHA1
281015325dad38f18f8a1336e4fff2ffad1b08e3

SHA256
17aca7dd9a0a269048e4d0b33be9faac5b242fa978007f02f661aea9de80cc4d

SHA512
2c6e7e8f44abab20f16424fddca5608be783e5c6f9d5b5530a3470a96c4aa3cc966cf23444f94bda9063bf45e1b96bd55d6d94736d8a98ecb992bc45fd7eef45

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb

Filesize
168KB

MD5
1e9d61859a8ea00c1a73d458c603ae62

SHA1
ea1e667c07e8e0714ed20056b5dd5e6714ddcc79

SHA256
fe9e664c1374d448deeba692ea5546b64b981a3b246c0a045024ae539c538381

SHA512
1c345a4a60d0e2b83380017f358920ae2a3f77908c50dfa0eeb1192b48d0aac3793f863129c931d5f1a25a39611cf95e66baaf9e053161981006547499500bd9

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
28f523e8d6290a5c93a3070068c45e4b

SHA1
8606effb5042c6177a23640105c9d44efcba0259

SHA256
94da5336510ec501076a68781a00a5549d26583da69b4568a8159ee8babed184

SHA512
d42d6804add21926a6f63f27c36b237e359b9475808c203383026ea28012a60788db33d5a9395e5d130a7b805e62f20262ce3b2c24daea92647af690522813df

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
231448fe6c2d08e7cf1dbb3811002af0

SHA1
8a114b6f6d7d63902ac6902e07ec720a3887a0a1

SHA256
f847154142039c4dcbe4ef5bdef9b16408fe90a3c2348bd501bff255e474bee7

SHA512
184393267508495e02ece0b3861792eff18abd9da3f8a26a5b937044c6889c9cb31a2fe1c100f8022b9d23686d69fc7ba3e84e8e967127d5f9bf99130a53c1d0

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
2e7d828eec870dd5107fa8b60bc51081

SHA1
9710450428a0a0dde4e58b689b161c0b69158850

SHA256
9dc0840988feb9b8d2333a09556df8ea8777e8d7bbe81820222df0c61ddc203e

SHA512
6228e7f5328ee48a31c7a49f21b937d61679ad7ac3d584e654bdcd09464ae08e3beb87a7de511e821fefabd817d16738d18d8ef71dd651ed47cb22d0529af4f7

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-wal

Filesize
434KB

MD5
df8499ad6eace1b9822b7fa31c9da66e

SHA1
51614ede73170e5fe9f5d725c7f3b9e1c48becc7

SHA256
86e85698d4527fa20a512cf5eafd929914f24c69ee3f5aa006733ac047f62c7b

SHA512
92be8d111fdec11e574c8f66e1318449289c1cf772c80ff204adf26297579a321da6d681cd0e9a1f479d0847288eaf9c2e1476d2e6ff582241caf62654f06a4c

Download Submit
/data/misc/profiles/cur/0/com.befiwiga.multimedia/primary.prof

Filesize
976B

MD5
00c451947c7291f82c25d64c0f5d8234

SHA1
4a4666241ab04acb9e46f463ca81072d4a39814a

SHA256
9ad35a299c7606b73930293c822c85329abaab58da77b4c7857b9e49ffedcca5

SHA512
d3ee2fd2202446e61a2071462ef5073b812056fc03209fabb0d67dac0b9cc62bc0bc054715db72a2001143a0c0d2966c0534328f1873d31a9cb4dce508bee22a

Download Submit
/data/misc/profiles/cur/0/com.befiwiga.multimedia/primary.prof

Filesize
190B

MD5
32b040b8b205d98451f9fdcd269ecb19

SHA1
33a7664bacb841a6e039fb3d41b23ae545473011

SHA256
3f04be31b6b2a6b80c7e43ba7c745c3bb1f207fabdc2a138d0f358ac763cbe36

SHA512
b93adca291ebf1fc8289865a682a03a21f8cc0a3a7d8186d73cd5d043403461399aeb971e6be7b4c2aaac9f07530d7d5a7817ebb67d148bbf58ff6c7e6a0e801

Download Submit
/data/user/0/com.befiwiga.multimedia/app_among/sj.json

Filesize
1.3MB

MD5
e7024e2b4fdad6e4774ac6158a18bf11

SHA1
68b2d3dcb5a351e7440bde6794018d8ebdc90b50

SHA256
b5877eca544ca0540e552a552b94625859694c4c790b796e1c2e6491ab25df93

SHA512
2aeb4220f27a69f72dde685da81392960e41136054bbb374089dc02ab0d6a37d0f9ec9c8d5d1e49629b97c31ec862013a5e16db7ee8ab8a46ea36f968f4ce6c9

Download Submit
/data/user/0/com.befiwiga.multimedia/app_among/sj.json

Filesize
1.3MB

MD5
4711ca15f601ad8cc04938355e12be56

SHA1
8bac0278d20aae4111e6296264367e0df115d9b5

SHA256
0218624520995151223b1376a9c8359985a5c5cd1ad10f5d3758ace3fc0b7d1d

SHA512
4b36044cc8a980d2f93f600c3e2b72eec7c6a3470b9249c051e1860c17e0e7bcd2d7512e9856ff758deebe1838910048abdf9c03133a2d52c1506484be19b921

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads