antidot | de7f3752a820b95fd58fc0099eaf6bb5a825d3d561e03dd5766a64cda456338d

Analysis

max time kernel
149s
max time network
150s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
22/03/2025, 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de7f3752a820b95fd58fc0099eaf6bb5a825d3d561e03dd5766a64cda456338d.apk
Size

7.8MB
MD5

e89c4dceb41be42fe5b85863c53445db
SHA1

48c364929a8fe07c1bdd52438dd0dd031f426b20
SHA256

de7f3752a820b95fd58fc0099eaf6bb5a825d3d561e03dd5766a64cda456338d
SHA512

593735a5f3c4f34509ce735039345b1b53c986a0c8145db55eeecc8ae99ccee36a13ce191f8a4c7c174eb1d1deea560f5f1df078ce8e7cda5eb66614d450e4b1
SSDEEP

196608:v0Z5yUCT+IOCBZGz3urg/QVrHHjvvMMe3ko4HUUOPenRBz:+ZwtbkOrfrOPefz

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4359-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.beluponu.graphic/app_shadow/nb.json	4359	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.beluponu.graphic/app_shadow/nb.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.beluponu.graphic/app_shadow/oat/x86/nb.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.beluponu.graphic/app_shadow/nb.json	4334	com.beluponu.graphic

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.beluponu.graphic

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.beluponu.graphic

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.beluponu.graphic

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.beluponu.graphic

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.beluponu.graphic

com.beluponu.graphic
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4334
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.beluponu.graphic/app_shadow/nb.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.beluponu.graphic/app_shadow/oat/x86/nb.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4359

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.beluponu.graphic/app_shadow/nb.json

Filesize
626KB

MD5
2033a71f100e0b51a8fe1a6d129a5bda

SHA1
ca2e2fb8739d0483b8f4c43cb357d3a13ee923c9

SHA256
a6df4640bd81114916a6ffbf594f1014d83d26798a401794141f63c482100cae

SHA512
006d91405e0082e86bddae8a4789fb44eef94af1073616a4c899596101e3901ccc6b08d7c52294ab52dedc525666eeb7eb5c88af6319ff373ef28218f553c0cf

Download Submit
/data/data/com.beluponu.graphic/app_shadow/nb.json

Filesize
626KB

MD5
9c01ee03a06cd5bd7eeffa55d1259b7d

SHA1
235b8fc611dc47d71d8b821cd38f9a2afe294ddc

SHA256
fd19ab440b48ecd41bf5979078757a3f5a30c1eb6f0351480220ffda8fd42cf7

SHA512
95c7c9cf65bb61837cfb6d505c441b5fea002bb95a1817e7f214474deb8c03b0985d6c860eed67d453f242781b42f0495befad081036f292d2b67ff4d8b89e66

Download Submit
/data/data/com.beluponu.graphic/app_shadow/oat/nb.json.cur.prof

Filesize
2KB

MD5
1567c9ad93d4fded5466ce13409bbc32

SHA1
8b08b4c9d7fbc21ec6c8cb1dd917a62a6115ee09

SHA256
f1aa7cc205d7a6a95840e2ac54db750959f772eccec2240f5b1b6a93ac8f1db3

SHA512
847d1f0e9963e2fcbe98854aaf7acd5b91db8cf4b2800f6f7ca0cb54bc461a6dbd8cf1cb3ac5903f77d9b4a5589654bf3128e9e5f5ec73bfa0bb36cff18be786

Download Submit
/data/data/com.beluponu.graphic/files/profileInstalled

Filesize
24B

MD5
876be1c1a3bbf3bd1bca99283d50bf8d

SHA1
365a53c341b013e5e827e9d08900592f006fcef8

SHA256
5114a9155fedab39eaafc0cc3a98f0534403c3e7bf1c5fb5aa842fd05b605fa2

SHA512
bd28e7fdf5c1781cf63a6074c63ddb430767142b9be9d12261caa8eafd9ac5e65acc675c87439190456d7aba47e01835c9971f2c86b5548a646b30f4c21dcaa8

Download Submit
/data/data/com.beluponu.graphic/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
8788948644903e35a2f9878757d984db

SHA1
314f5312cc4840f37d393019042dd6c5ff9c4005

SHA256
857838f8f0751e89dcb7befa6cb6ee286ff7c3f69fc841e609507c4d9b49de17

SHA512
f6f84f7392b52e148c2990c47adc4d935042241e2dd01254cf43467bdceac28cc92ec4d97f4af9acb10d4c96a307cd7144fceff2791c50943e0c94b5b2b9435b

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb

Filesize
168KB

MD5
07cf0e491525215d9f695507918fde27

SHA1
2a026d203bd0c58af4021d031a47eacd2c15bbd7

SHA256
00daa2d715ea7175a384332fdfbbeca5cb5fcf74e2e360707361e92f55fdbe0e

SHA512
838c34e5dad8e5228d1261cd25206b7dc9278060df85c6dde0199756d24eae8252d59c2d96589d278f2fda041e7dcc16107147536d70438c4088e0450c8cd20d

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
194e031de1363581d0ad206667be8b0d

SHA1
0d3ef8b434692fc5948997aaf3a6798e05f95266

SHA256
bb137038e0948ee4aad068c918f981762009bb4c861d482dd34fbf3d57532afb

SHA512
61c55e6fff06263697872e0d910f0bf7ea03216af7e4fbfdfaa3c916f9f8efa4000f9be855759cd135bab7adc986090f2b3f7cd191d33c5dc687de967cd3cf58

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
ed1369e076282e8c1b634437570bd6e7

SHA1
77ce8c39b9fca1049d960fe629e16e8686854f63

SHA256
f6c2a30353886c878c30953125bfb70d9b59866deec8a45bc0c2f2ddf642e26e

SHA512
8f1443c70f90cf5888772dc133e7a5a4e07567d885940172052c750b0d2076c120b06645ef7b7bb3cfcc12c2d2bcbf76cd61b9aa50503aaf0607e6f3789d7dd4

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
14cc01c4d84948ea643a4b23c5ab57d3

SHA1
68bf509a2c87829fc7a445a0074d4e7a0d32ea32

SHA256
4a58b9a2a01a2ead82f0b747689db4de9fadc19412651facd8215188b557b611

SHA512
cc77039212df38bda6ee3f05962602e7e5e51a6f3b9b166ecc7444073ec1ab99babf092ce356fde343943c26a1593fa001602e99a3f2b1e219fba2e56075e24a

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb-wal

Filesize
434KB

MD5
c949bf0adec50dc2e8161235f7fc33be

SHA1
99b26bb6736e93443e6a6f4f06eb68ba88a3b960

SHA256
4f64aed7b39fd19e8e002cb5e1bd82fba76c784c8389a81ccca78e033349b543

SHA512
6c41059101f5b341e860d48a2ad68c5ba8ae3c94914a73c7191d95cf9934b6f2d584a8056a241bf72ce95fd6bbdc31e2fd0b90419f59c9cc2cfa18f77abfa266

Download Submit
/data/misc/profiles/cur/0/com.beluponu.graphic/primary.prof

Filesize
1008B

MD5
46b39cb95168e14fb8710576661f3d44

SHA1
01560aa6d4c22fd58bcfbf171e59043efe639c1d

SHA256
15380bebae8d0874468071ee3d894e0ab15f6037a160ba768e7ccd6526552920

SHA512
dde28169de09aae1f2807b4cd4adcb8133f231a8e82d11bd0bc22a8549b66412dd80a78c866767178f4c9076b5ff9c14771b718d03c827694cbae3cc07470914

Download Submit
/data/misc/profiles/cur/0/com.beluponu.graphic/primary.prof

Filesize
194B

MD5
5cba8919fb45c1eb2aeca286d94b3b90

SHA1
9333143100b7d7b78fc7fec85f6fda9807c12439

SHA256
d961fe3152d37c27deb3f16aebb8fdd9424a9cc563280dbb28d24f953a02fb3e

SHA512
8e959ad734f49d90909c6e54321fc150e63270c232e7538300c6af16752910e741c09aef707d478a2e8491824ff0f876f7c0f5781efa1350fcbbbcbe48fbba92

Download Submit
/data/user/0/com.beluponu.graphic/app_shadow/nb.json

Filesize
1.3MB

MD5
9444dde2927c8f70a3629435f787eb56

SHA1
4bcb5ce5f04e1926c7fc067e5f837d76d8adefb7

SHA256
e9b39a4719db4e1faafd3fc2b7f059348850f6889ffe07c49173dfca83b04ac9

SHA512
f9c262a5ed93d4c900c3699cb4ddb1b91a3db4b728236fb5b023f743d63403426bc3119958f11c74c8a3931bec86802d871a07a6f3612e066147ed0c0fb02582

Download Submit
/data/user/0/com.beluponu.graphic/app_shadow/nb.json

Filesize
1.3MB

MD5
6e4800e14ae255e00b23ef27e5eb29c4

SHA1
33b451e52d3cbaf3e41543208a88c5e2ceae32df

SHA256
3831a2242ff187e2f3442ccc699421ac29eb84a0b4c092049fda203866e6f37d

SHA512
3c719d9f5694c84c863a53a8b6b721e269c37482b3223948219cbc2557efe6166492fa917014c2655d8c6f7e6b02a977d79ab5661f92f7a74539bbc4cd7eadef

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads