antidot | 522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e

Analysis

max time kernel
149s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
22/03/2025, 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e.apk
Size

7.6MB
MD5

8bd73012c635927e05a209cebcedad37
SHA1

5f6e68eea4ef68420876730bd93572778e1fa52d
SHA256

522ecc4feaafece70f6f002a6eccb12dfac066f6e1b350183ca842972b603b0e
SHA512

d820d0fe7a10454da060316ba29725c6418004a9067d4f99c1df7ee2b58d94125d5ee03c42bc1bc3543f58b1d9e494b7d5fd223921febaed4781e1920ca0d36a
SSDEEP

196608:vkhZribESEI+uFcqOPUujsawfAn05Lu0wwP7n:hbEnuFadjsWsLu0zT

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral3/memory/4778-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.befiwiga.multimedia/app_among/sj.json	4778	com.befiwiga.multimedia

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.befiwiga.multimedia

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.befiwiga.multimedia

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.befiwiga.multimedia

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.befiwiga.multimedia

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.befiwiga.multimedia

com.befiwiga.multimedia
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4778

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.befiwiga.multimedia/app_among/sj.json

Filesize
609KB

MD5
9bb70fb2c34812bec0334469a848a254

SHA1
0b29a0b3676f3dc5aeea0110d76004b52fc486de

SHA256
534bfc37bf01bf98ab66fafb718140322c796de0cbcebc28b71f1c7ff31f532c

SHA512
a385741ac663bd31a8038c65ff99eff4c08bcfa1a9265a1941594f77506152187aec791a3f21b0438bf8f452b60e687b6670f401ee9091d2ed15e932d380de31

Download Submit
/data/data/com.befiwiga.multimedia/app_among/sj.json

Filesize
609KB

MD5
d28fb1f3a22cfa55977163be060aedad

SHA1
5914463e9b2fb356bb155cd14b391c505d6fcd45

SHA256
4ba531f18f1086236e74935b2a3d1d7482270837fa767425edaa23c4a679b2b3

SHA512
ce434d5bdb00b9b3f8d365f75f080ccba967ed21aaaaf3037a2a280457a0bb2b9e27029b25dfcc6ccfb743eeff98bf7f1cf6fbce3f314a03e6a1638a9c509f28

Download Submit
/data/data/com.befiwiga.multimedia/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
cd242a0a3254a300899e079ddf379b42

SHA1
aa397ebe2a1f976a0068eb74be434d09394a8f38

SHA256
1000de39434c3f84fc6add5d7d00868d9dc93fb7930eaa61414350eb7329e468

SHA512
abfda917f2dd1804c412ed06c392252ebd6915a2986670c8baae30df87d53e35dc6e923890f394bccbc89373223b2247df0a9c0fb8227a790485ae5798d07b4e

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb

Filesize
184KB

MD5
2ae8f4ee53eab01c93ad078991daa83e

SHA1
388b7454840b5cfdcde7ce8876976bba75a93d90

SHA256
31e3209a905a7cf4775326f5fd8d8fd64e6c384dbf2745f50060e0fc1b6a29b3

SHA512
36c6b68894570ddb31a1724d0157dd56cfb01a0609dd1fe46717357aa22952ee2c70224e95c1adfb41b4fc90cabb62858a6cbe213442219b85b5ee2e5d31147f

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
f941bf07a67667d378c26951096c32be

SHA1
764ddfc58874b8b05fb66a7aced415543199f174

SHA256
12ac417c3e74652bec858b66298794bd04dd89d51f63e9034d30a8dd5f0a0819

SHA512
a9a7fa566bb77e55e9065fcdfba13e5fc2cf2a208109b33d28fb4b27007a1449ce7ea7d366ba53d587c1d32e54fe5e83dde4545a5834b71b31f227cd41737cf4

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-wal

Filesize
422KB

MD5
e018f19a657162d14ec8ea21c11885d0

SHA1
23e8f239bbfd8c55284a02a57ddf8b428569105d

SHA256
19359f394545d049944072264198499974c024f029aa9ea5f35eadb0d673720f

SHA512
c059223ca14fc81463485f7a77ba0c0f25908fc7d7858c7f580676fb0cae2e84eb7c2f7034a7640ab3704f48ccf8a3ded8a2e42ae79504052e7f7fbb22fef683

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
07f1c4267dc405d420f5a3039ef4e221

SHA1
8cd8fc37a4e9b3a6219e3fa576e6e7e7f6f0d60a

SHA256
79135b31004127a17a942224cf2e231318c0eaa2965dcba076ed91525ab955b0

SHA512
10e4260eccf03ac647c556c677e5e1737d247153cc0a2e28f75c5fb1c58dd4d3f8b15acd9625aefd7828e4025052ffaa46517cdd813b90a930d588076ce50fa9

Download Submit
/data/data/com.befiwiga.multimedia/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
b711a75d0e4801a98f744788188e82a1

SHA1
eab5d90913b88b76bd6704806f28a405b4d6999c

SHA256
22831b74d003fb4fa4c8a8a527324b13acbc19ef1e966147d1283334a742dcce

SHA512
8fe559fd8d07c83c6e05878843975275e40726d9d67b09df0baf9e57d32f26e56f473775cb53f52b633be225d5bbd261a3484da3535ec121762917d02f2d681e

Download Submit
/data/misc/profiles/cur/0/com.befiwiga.multimedia/primary.prof

Filesize
976B

MD5
00c451947c7291f82c25d64c0f5d8234

SHA1
4a4666241ab04acb9e46f463ca81072d4a39814a

SHA256
9ad35a299c7606b73930293c822c85329abaab58da77b4c7857b9e49ffedcca5

SHA512
d3ee2fd2202446e61a2071462ef5073b812056fc03209fabb0d67dac0b9cc62bc0bc054715db72a2001143a0c0d2966c0534328f1873d31a9cb4dce508bee22a

Download Submit
/data/user/0/com.befiwiga.multimedia/app_among/sj.json

Filesize
1.3MB

MD5
4711ca15f601ad8cc04938355e12be56

SHA1
8bac0278d20aae4111e6296264367e0df115d9b5

SHA256
0218624520995151223b1376a9c8359985a5c5cd1ad10f5d3758ace3fc0b7d1d

SHA512
4b36044cc8a980d2f93f600c3e2b72eec7c6a3470b9249c051e1860c17e0e7bcd2d7512e9856ff758deebe1838910048abdf9c03133a2d52c1506484be19b921

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads