Overview

overview

10

Static

static

6

522ecc4fea...0e.apk

android-9-x86

10

522ecc4fea...0e.apk

android-10-x64

10

522ecc4fea...0e.apk

android-11-x64

10

buzijebe.apk

android-9-x86

10

buzijebe.apk

android-10-x64

10

buzijebe.apk

android-11-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    22/03/2025, 00:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    buzijebe.apk

  • Size

    7.4MB

  • MD5

    c42140c0a8148c57758f458163ace169

  • SHA1

    077f9b9a58aff46be9f3a5fa01b0e2b6c59d1124

  • SHA256

    8203f6c3e5a40e8fa19e54f8d235083e2de56efbf8f8f31e14af3c893c721843

  • SHA512

    477e58295e6773e831b985a33397576b324cf738d8d965a612b1e54e047df045c6fac2b1c6065928e195a047d3c97391e7f39af3f1cffcf0cf2eada006d91d80

  • SSDEEP

    98304:Qo/Kr68ddHh0yyRLirBcQBU3uCWe+2ieSyeTgnrSs2A5uDa/vGX5RzDlb:iddHh3YLtYErSsPQEvK5RNb

Score
10/10
antidotbankerdefense_evasiondiscoveryevasionexecutioninfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
    defense_evasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests uninstalling the application. 1 TTPs 1 IoCs
    defense_evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.dininujoxu.java
    1⤵
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    • Requests uninstalling the application.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4211
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dininujoxu.java/app_credit/KqJwjY.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.dininujoxu.java/app_credit/oat/x86/KqJwjY.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4236

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.dininujoxu.java/app_credit/KqJwjY.json
    Filesize

    945KB

    MD5

    dc3dedece373e7967ed4e54d8812553b

    SHA1

    348b491081ac30a4a1f080f1c6ed0ddad346f3c7

    SHA256

    7a84605ddd46df57b1a52382378dd716e86ec71542d728a966830e553108d29b

    SHA512

    e4ce924c94e2fff240c2f5c27cccbc6ca4946d6bf3da68eb46511dacec4e668c4ee66e693ba0b06bdd800688cb62ce121d239b5c98b456d994ec29f1b456e00e

    Download Submit

  • /data/data/com.dininujoxu.java/app_credit/KqJwjY.json
    Filesize

    945KB

    MD5

    839816a2a5097bc3903870943c1d5788

    SHA1

    8f5e232ba52a8ae92f4359e3331d17897968ec22

    SHA256

    9b79ee512b0efc9bba466722babff8a26e2e334913555f100cfc6ad374b5df2d

    SHA512

    39a07d2b7d53ce9a8d952fe446f94c5a23e001cc0fe7e58ac54933e41bb83d4958bd29d4ef7a5b5cc2d45a6b5582955acf1579769b869053eb90245c94547796

    Download Submit

  • /data/data/com.dininujoxu.java/app_credit/oat/KqJwjY.json.cur.prof
    Filesize

    3KB

    MD5

    6d250926573e82a8bf8f7b2088c0facd

    SHA1

    6a4a325431d4638e1e6fe28fd00429fa06176dd0

    SHA256

    8523851f343575d9075de8797180480970c6c040908f23ed224e5d694178d7f5

    SHA512

    75db5a9fdaaba4cdab4568390aec60f529efe1261a4a6d5ef0a383072b5a38bbcc890247b68eea9c499294359cd614000109cedd997cb2a72902156993da60cb

    Download Submit

  • /data/data/com.dininujoxu.java/files/profileInstalled
    Filesize

    24B

    MD5

    8b5e4a671bc2ae08ae82e7813d0e0d9d

    SHA1

    1e6505f9f94d1bf27025a6439c3ecfaeb6b6d926

    SHA256

    332b686e118b99b6fd572d23c51e63fec412a159192fbc86626d1ecb19625008

    SHA512

    3975be64344de433028fcb5d80acd51cd0e7155d5ecbe20dbb7b96de716bcebbd9125d4dde24368689ff9db2c3cfcb8e70a5271bc6b498c872bb5a7a2a50c198

    Download Submit

  • /data/data/com.dininujoxu.java/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    ce374e9882b481ad40087cf51f881ebc

    SHA1

    04a1d279660beebc7654d7ff2e6ed9dd5abe45c9

    SHA256

    1be5c1be97225ed9b80cca566aafc679f77ff17509786f9aff06208fa5cf29b6

    SHA512

    7df5ede7f8980da422518dc6bd45194f5991847e4e0bbc519f7a5077b1d94d607a66ec47bb8e35664e8cdb6cfb17e86b20f9ba0e2b58c5f9636877766f7322b0

    Download Submit

  • /data/data/com.dininujoxu.java/no_backup/androidx.work.workdb
    Filesize

    104KB

    MD5

    d657d9778468d233e4804f633ace3103

    SHA1

    ec5483dd9e0f64179923666219b0addb0c78537b

    SHA256

    113845b1c101affd6e2f7467c3f263065cb50e1b75876d364c8e1c8add556af1

    SHA512

    e4240e29586d386010886021edb7b4f659409b59575fe71097a9583b4ead1b82005611960811ca49d756acd6ff3f1ae613caaa60da9b0850e4024b5b2e6eced1

    Download Submit

  • /data/data/com.dininujoxu.java/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    f6e188c219f96e282e011a41dbdf8a5f

    SHA1

    a6304e69b840512685e2d75036a303c3c0c8cbd4

    SHA256

    1c3d8dd5bc6946ad986b2410219cafdb97dedc5bbde80719934e43788a11f03d

    SHA512

    9acf6f02a27ffc3e0e3b6282afe75283a6569d69c550388e450f747d240c580379e597db27f84ca3a08ad5a1d7e9f1aaa8d470dc914d77612e6a4bf689c1e1ee

    Download Submit

  • /data/data/com.dininujoxu.java/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.dininujoxu.java/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    67597e096f25104eb470e77af0f4e500

    SHA1

    a678bb710a9b80a770e8f9e2f9b831ec2d5b2472

    SHA256

    37effd9727da25421979a55ff5852bb3fabc1245bbded1895032f144558acfa3

    SHA512

    1ca6f19d762fbdc8a1bddcb774e3afabfa6c313b37cae5961fe7882b7ee22483d9db27fdc42376074f609f57ce2238aa9e6cb8ff8845b4ca38bf4dea82f87ff0

    Download Submit

  • /data/data/com.dininujoxu.java/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    7c78b0aed6b83526b813d4001d526de2

    SHA1

    1d02bde9f270887c46b87835066df0b6a25c6dc1

    SHA256

    e3530a3dd76a54d0493c2e8f07dec916f62922f208fd5f56b43203e1a4c3dbfd

    SHA512

    94cd8036cb2ed1cc113c3ef139bfdb6976c4d2c6bf9c2c4fce406190c60d31c385a45c46fa864518a104b5f3132a216997a0b760793e10bdf7d2a9af5ab36096

    Download Submit

  • /data/data/com.dininujoxu.java/no_backup/androidx.work.workdb-wal
    Filesize

    430KB

    MD5

    d379110c7ca12d18ea2dd483805d707f

    SHA1

    930237a75290fa818f79bba0ebdd48b9179a5a25

    SHA256

    867df05dedcb4b5b7365d06a90bebb294ff14cfb2094218b314db20d00aee599

    SHA512

    d09209ea865fe7d426fdfe94f2e840ca6dfc6595fcd9117e6791aaddac75aac981342353001f08310b6bbc57c9612e3d114e32ba43bccf4fc7c81776455ebec4

    Download Submit

  • /data/misc/profiles/cur/0/com.dininujoxu.java/primary.prof
    Filesize

    1KB

    MD5

    d78de0bd970fc6ad104935c207dcd2d9

    SHA1

    d4402135fb0d5f5b873bf15808768833b165941c

    SHA256

    e2d08991644cbcc367aadd4b88a93a682b1b1035499424bb1f884045c2c7f283

    SHA512

    99eff0e2f5c47e619c9fd579f6056259381d8a771b96fb24ba7dc6360c64433f9c294adf4a69166b61ffcb685b6a42db4bb77a4fa7462471e475b693565fa1c3

    Download Submit

  • /data/misc/profiles/cur/0/com.dininujoxu.java/primary.prof
    Filesize

    176B

    MD5

    a70eba70d62e636099591feefc4f9385

    SHA1

    3b1c22be922fa5042a356e223e28a9b562ad1908

    SHA256

    f92dd643d3b9f85edb62e05382ae48765125b2817705b4a20819b16679648e47

    SHA512

    eeee234c5ffefae48692b00588f208f2f33f75e4a86dd551848b3d252d0e1239a501e98b22374e0e968e083f28598dbe765dbb68d602947d24173fb1a75687a7

    Download Submit

  • /data/user/0/com.dininujoxu.java/app_credit/KqJwjY.json
    Filesize

    2.0MB

    MD5

    98c01dd8cb3804a2e9855aa89b4dc0a4

    SHA1

    4eb7072e2d6effd34151a469616f3674f7a9cdf8

    SHA256

    dd63d9c22d2a7a469600f4a2f9f1cfbf29c80681135b4b465f67f4b260396b3f

    SHA512

    3554fcf3ecd7e9a43092e2f0b0f2ad3bc014c8796e58b806cad89506b6c0dd9dd90c8d801a54b94da85cb67a0c5f60ba18735fede1df0dc542e0f827d32c5375

    Download Submit

  • /data/user/0/com.dininujoxu.java/app_credit/KqJwjY.json
    Filesize

    2.0MB

    MD5

    039b2f6ea2a3ac6889109e03a4ba6ede

    SHA1

    96aa1b9cfa9c95a1f6a6f8dc3771d5955904419d

    SHA256

    4565aac23e3b499f4e1e01d462f00f5dfe2ce1aa98c8c5cc1346e12c8be62999

    SHA512

    d1596f0e45067dd52b80423297316fc1d92350b6adf2c90bf85d92713ce24ce5622aaa415945dd368168dd07884e062fb0567c2236410aea172c13f902b48f3f

    Download Submit