antidot | 522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e

Analysis

max time kernel
149s
max time network
129s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
22/03/2025, 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e.apk
Size

7.6MB
MD5

8bd73012c635927e05a209cebcedad37
SHA1

5f6e68eea4ef68420876730bd93572778e1fa52d
SHA256

522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e
SHA512

d820d0fe7a10454da060316ba29725c6418004a9067d4f99c1df7ee2b58d94125d5ee03c42bc1bc3543f58b1d9e494b7d5fd223921febaed4781e1920ca0d36a
SSDEEP

196608:vkhZribESEI+uFcqOPUujsawfAn05Lu0wwP7n:hbEnuFadjsWsLu0zT

Score

10^/10

antidot banker collection credential_access defense_evasion discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral2/memory/5091-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.befiwiga.multimedia/app_among/sj.json	5091	com.befiwiga.multimedia

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.befiwiga.multimedia

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.befiwiga.multimedia

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.befiwiga.multimedia

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.befiwiga.multimedia

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.befiwiga.multimedia

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.befiwiga.multimedia

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.befiwiga.multimedia

com.befiwiga.multimedia
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5091

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.befiwiga.multimedia/app_among/oat/sj.json.cur.prof

Filesize
2KB

MD5
5a6b29f631046978ffd16a7eefcd54d6

SHA1
56cb9637ca411e74b7330c27e73d2241c1e788d3

SHA256
c9a0da94cdba072c4d0700b8fa4e1296727b95603cbf682e2e8cbd0cf9082b64

SHA512
f50bc7259266c98e43fe6665ac3b4ee5761e0a054da04c0e252055baf8b72085cb0523810ffe893be87a62e65ed72db36a970fff66419de9c53130aa7be6949f

Download Submit
/data/data/com.befiwiga.multimedia/app_among/sj.json

Filesize
609KB

MD5
9bb70fb2c34812bec0334469a848a254

SHA1
0b29a0b3676f3dc5aeea0110d76004b52fc486de

SHA256
534bfc37bf01bf98ab66fafb718140322c796de0cbcebc28b71f1c7ff31f532c

SHA512
a385741ac663bd31a8038c65ff99eff4c08bcfa1a9265a1941594f77506152187aec791a3f21b0438bf8f452b60e687b6670f401ee9091d2ed15e932d380de31

Download Submit
/data/data/com.befiwiga.multimedia/app_among/sj.json

Filesize
609KB

MD5
d28fb1f3a22cfa55977163be060aedad

SHA1
5914463e9b2fb356bb155cd14b391c505d6fcd45

SHA256
4ba531f18f1086236e74935b2a3d1d7482270837fa767425edaa23c4a679b2b3

SHA512
ce434d5bdb00b9b3f8d365f75f080ccba967ed21aaaaf3037a2a280457a0bb2b9e27029b25dfcc6ccfb743eeff98bf7f1cf6fbce3f314a03e6a1638a9c509f28

Download Submit
/data/data/com.befiwiga.multimedia/files/profileInstalled

Filesize
24B

MD5
d52f87f470896c8c69c20c3665ac70b8

SHA1
da56e8a9d1a59885e43144e9916f0482de7c5659

SHA256
9b120561b8840ec4b2d82c3244dfbd910fb83ed6d81aaf1433922e7ce3c547c1

SHA512
5cbd16b80ddc961bd9c4c2a4c79e657c00d02f2bff4cf04ea8379628536c93b3c73fd2cb8a913ad057143d637d0ba447bf7a6805696ef1f4be6ac6d7f5603927

Download Submit
/data/data/com.befiwiga.multimedia/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
a7df4d897b83373a456847322b1f2970

SHA1
5aa300d2b66874d24d6adfe1e509853813ec5d5b

SHA256
a51e1992e9638fbb0d481de5d52ae40a3f2a0ea79e8ed2964ad6b4b035df4f4a

SHA512
18405c62c7a054a693c0625c3ed9b19e8c6b065351347688a17005cff11b59a89b56b0c2ffa3fa2b7048e2fe861b8aa1e154f3a83c88bfeb38cf3b4f06047231

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb

Filesize
172KB

MD5
898599fbd1bf207223f4ea9f0148eee4

SHA1
38aef140314773c6f4da19c154833bdf05d7e8dd

SHA256
922ffba915dfed7db0427c08c9e79c87b8ed9ca37a75d8f20340cfe6292400c2

SHA512
cc96a39c3f0b82da7e6f51f2b908aa9a92fbd630da7aabbb42f33f373e8418dcb6919522377d8602db12ce30f9b0894d2e29fb01937a0c3dc2b088bbe6a430ec

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
6a4a0b6cfaf38a7f20eae6feb3d9e35e

SHA1
b452c2b59133a04d8cd5f1cec22e1a7f445094e0

SHA256
390db8c4d97c7b4dd1a8fa9b8486ee244ff8449de155cfd2b7f54a3fd1be3f84

SHA512
e79b269d56c39d8d81d49051f03f4fb249ec0fa3fc01f5a17c9d294825cdd05dd7adbce47e720b6a2f34ca230bbf1e5a489d290f3a34c687e4eb4ab06ca707b5

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-wal

Filesize
442KB

MD5
be7fa660e9f9436fabebb272693f8118

SHA1
8023128165cc9f0c061f948e3e2b0ae8500ab2c4

SHA256
b2e680a6e076d3d4c4d9063b56941ee8cbc127f0caf3f04febc4a4f81f1d1756

SHA512
565f7484e9d1c7c6f34327555ac2f9fbea06517e100bb09ca58edaaabc8fe78aa4e01a0a0336549d23fb8c66cbc25abdfa9faff5c54ea1b468b7b90540bd6480

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
5d84e3515cca3dbf84712e89c87ef8eb

SHA1
38263935ed20a54d3fa24288d253f4488c106232

SHA256
e7f71e400400830bdc1e408026ff889b3b87b9cbe502c75db41f503081bf4651

SHA512
20824eed9f2ff46c0c2ba44e69ab1545d25f5bb72807dee225034b12223f8c87bfa0bfaf2647980a5864efff21f8b4ec8dd69ff5924f6759c2f1fdcabc9e5edc

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
376bb1dca7109b795df941d91cd01a61

SHA1
cb4e4732e228d8e35699cb920f16d644ec8572f3

SHA256
84cc7a7c82adfc8151542aaef46c569520fdc900fe0625035e6ec97b1edf313c

SHA512
fdde5c93edc9abcee4c4620d2f2d0c59d3f149479f49cdf75c88e935947191567df9ca8af8107ed0e7ce434fd24b2e2a43528a07adb8522fee7fefb65aaf8198

Download Submit
/data/misc/profiles/cur/0/com.befiwiga.multimedia/primary.prof

Filesize
976B

MD5
00c451947c7291f82c25d64c0f5d8234

SHA1
4a4666241ab04acb9e46f463ca81072d4a39814a

SHA256
9ad35a299c7606b73930293c822c85329abaab58da77b4c7857b9e49ffedcca5

SHA512
d3ee2fd2202446e61a2071462ef5073b812056fc03209fabb0d67dac0b9cc62bc0bc054715db72a2001143a0c0d2966c0534328f1873d31a9cb4dce508bee22a

Download Submit
/data/misc/profiles/cur/0/com.befiwiga.multimedia/primary.prof

Filesize
190B

MD5
32b040b8b205d98451f9fdcd269ecb19

SHA1
33a7664bacb841a6e039fb3d41b23ae545473011

SHA256
3f04be31b6b2a6b80c7e43ba7c745c3bb1f207fabdc2a138d0f358ac763cbe36

SHA512
b93adca291ebf1fc8289865a682a03a21f8cc0a3a7d8186d73cd5d043403461399aeb971e6be7b4c2aaac9f07530d7d5a7817ebb67d148bbf58ff6c7e6a0e801

Download Submit
/data/user/0/com.befiwiga.multimedia/app_among/sj.json

Filesize
1.3MB

MD5
4711ca15f601ad8cc04938355e12be56

SHA1
8bac0278d20aae4111e6296264367e0df115d9b5

SHA256
0218624520995151223b1376a9c8359985a5c5cd1ad10f5d3758ace3fc0b7d1d

SHA512
4b36044cc8a980d2f93f600c3e2b72eec7c6a3470b9249c051e1860c17e0e7bcd2d7512e9856ff758deebe1838910048abdf9c03133a2d52c1506484be19b921

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads