antidot | de7f3752a820b95fd58fc0099eaf6bb5a825d3d561e03dd5766a64cda456338d

Analysis

max time kernel
149s
max time network
129s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
22/03/2025, 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de7f3752a820b95fd58fc0099eaf6bb5a825d3d561e03dd5766a64cda456338d.apk
Size

7.8MB
MD5

e89c4dceb41be42fe5b85863c53445db
SHA1

48c364929a8fe07c1bdd52438dd0dd031f426b20
SHA256

de7f3752a820b95fd58fc0099eaf6bb5a825d3d561e03dd5766a64cda456338d
SHA512

593735a5f3c4f34509ce735039345b1b53c986a0c8145db55eeecc8ae99ccee36a13ce191f8a4c7c174eb1d1deea560f5f1df078ce8e7cda5eb66614d450e4b1
SSDEEP

196608:v0Z5yUCT+IOCBZGz3urg/QVrHHjvvMMe3ko4HUUOPenRBz:+ZwtbkOrfrOPefz

Score

10^/10

antidot banker collection credential_access defense_evasion discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral2/memory/5139-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.beluponu.graphic/app_shadow/nb.json	5139	com.beluponu.graphic

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.beluponu.graphic

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.beluponu.graphic

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.beluponu.graphic

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.beluponu.graphic

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.beluponu.graphic

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.beluponu.graphic

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.beluponu.graphic

com.beluponu.graphic
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5139

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.beluponu.graphic/app_shadow/nb.json

Filesize
626KB

MD5
2033a71f100e0b51a8fe1a6d129a5bda

SHA1
ca2e2fb8739d0483b8f4c43cb357d3a13ee923c9

SHA256
a6df4640bd81114916a6ffbf594f1014d83d26798a401794141f63c482100cae

SHA512
006d91405e0082e86bddae8a4789fb44eef94af1073616a4c899596101e3901ccc6b08d7c52294ab52dedc525666eeb7eb5c88af6319ff373ef28218f553c0cf

Download Submit
/data/data/com.beluponu.graphic/app_shadow/nb.json

Filesize
626KB

MD5
9c01ee03a06cd5bd7eeffa55d1259b7d

SHA1
235b8fc611dc47d71d8b821cd38f9a2afe294ddc

SHA256
fd19ab440b48ecd41bf5979078757a3f5a30c1eb6f0351480220ffda8fd42cf7

SHA512
95c7c9cf65bb61837cfb6d505c441b5fea002bb95a1817e7f214474deb8c03b0985d6c860eed67d453f242781b42f0495befad081036f292d2b67ff4d8b89e66

Download Submit
/data/data/com.beluponu.graphic/app_shadow/oat/nb.json.cur.prof

Filesize
2KB

MD5
e82ee17bc13bca5a02c149bf5b0b323b

SHA1
c2dba7add55b35d1f81d48cde59af19a8d077c53

SHA256
bc3cf7fd98b29b114f9925191de552f4fe8efdb9b5954cd9817599f970f7430b

SHA512
b7a27f9c89c8e7aa4abb5b2fa7a7e8afe44755201c201e14782a4dc5ff4de3f2c5131f824818d6dc04765678bb8f26f840f3d0601c596ebb849283fff148e187

Download Submit
/data/data/com.beluponu.graphic/files/profileInstalled

Filesize
24B

MD5
6027e217e30ab4395decedaeb76be22f

SHA1
a89c16abc4312c925485f8275b89399ebfde81c5

SHA256
d6b60325c87b0409bb2a5c07a17764c0b7327f1db581fd8711562cf4e821757b

SHA512
f674d5b1be0cc25a03caef07a33ac86e7f9695b003ef4b514627231477d45703ac87c25b59acaef07076678654c4bd81d62e499bbb89ae64dde6a88f365396a9

Download Submit
/data/data/com.beluponu.graphic/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
dc9f72626a365ee4a285713439630742

SHA1
d4f01ac6c2a3c0421a775ac439b9d3fad1881c50

SHA256
7d20914c2f5bf04b664870c4c97a051a00207a2f17473ab8c34c482243e39667

SHA512
4c542165fc943e3dbeb501c7f0477f4c90c9e05a75cded05d2569d1ae16b43415a355bebeb7c926d136aa04fd9897c2ba6120c53663ac34dfff0c2a3c87db663

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb

Filesize
172KB

MD5
50d1df280941d87c99460b1f2bdf1423

SHA1
60eb1ecaccdc10dd47ac0c5f57064e6bbd8bf4ed

SHA256
3f4cc99a305e5a5708eb2c9c18058e0685e20e9d45f3bba34ef252168bccbd8f

SHA512
cbf0c43fac7738c2be091ec5c32bc8dd587aed33b96b1671f0946046ea0afe6a5de8b1cd8154fd3255ec7d8d8560b6d10d58d0d5b2addeff522c2c5a4486cb58

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
bb79c1f002784624996a3e3cff775bcd

SHA1
c42816b9856baa13b755d00999bf61f56462c5c9

SHA256
9056523e89d64a8f75ff9b3a43a936f52ed9692cea7989c30f4c15ee666e8e9d

SHA512
1c4f89d8915725ec333bc5e9b5e8abc3ff2d64c6310d977a5ac450912331de4677e9d3773e13bbd2a0e5ff9d5ec0f70e43bb3b6bf62109fa35904e8fcab84ce1

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb-wal

Filesize
422KB

MD5
7259f6f027adbd4a0ca1cff32b7301ef

SHA1
8bf11626deaecd21d67464ee81758e5fe22e6c01

SHA256
535f3baae09cf3b9dbfd50ed706779d3bc482ab983e6bb44732dda9d13a67d3a

SHA512
5c18c27f50ceef238d604893baf98d3aa94ef3f9435d958a5cba922bd2606d5c122ebf0c855cb8c5cd8448f3147e0ba4fa857f0d4ffac5815849233972b6772d

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
610c46c6bb770172242f844a72b0d04a

SHA1
20951b3f4d17e4ed2da20f6058451021e8f965da

SHA256
edfa8baf285dab2867a641ce4d98bcd422b599d14c056c180ed5e483da5e2697

SHA512
0e2890343bc53096d02376932628f2de7173dcd89fc26d7298629d97ff0ce85a7c1f1f7d6e2e6aacb12ac426993fbda34002d020cfa625038b95e3cd19695505

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
442fab7067f6618a2f1d5ef30c66977b

SHA1
f8168f6e9fab231380b1bd51bf6299a192885178

SHA256
e4544888ce8247790b86f18030dc3a54e004fbd7dee6ddebfe06ea48baf8ae4c

SHA512
f4c63762e223f7dc4c770cff55a5d6f389fb700b4075cda63f93b68040301c8b036b411cb8ee6dd580e20c5924e22a40094eccb603eec74f0183fe6a126c8394

Download Submit
/data/misc/profiles/cur/0/com.beluponu.graphic/primary.prof

Filesize
1008B

MD5
46b39cb95168e14fb8710576661f3d44

SHA1
01560aa6d4c22fd58bcfbf171e59043efe639c1d

SHA256
15380bebae8d0874468071ee3d894e0ab15f6037a160ba768e7ccd6526552920

SHA512
dde28169de09aae1f2807b4cd4adcb8133f231a8e82d11bd0bc22a8549b66412dd80a78c866767178f4c9076b5ff9c14771b718d03c827694cbae3cc07470914

Download Submit
/data/misc/profiles/cur/0/com.beluponu.graphic/primary.prof

Filesize
194B

MD5
5cba8919fb45c1eb2aeca286d94b3b90

SHA1
9333143100b7d7b78fc7fec85f6fda9807c12439

SHA256
d961fe3152d37c27deb3f16aebb8fdd9424a9cc563280dbb28d24f953a02fb3e

SHA512
8e959ad734f49d90909c6e54321fc150e63270c232e7538300c6af16752910e741c09aef707d478a2e8491824ff0f876f7c0f5781efa1350fcbbbcbe48fbba92

Download Submit
/data/user/0/com.beluponu.graphic/app_shadow/nb.json

Filesize
1.3MB

MD5
6e4800e14ae255e00b23ef27e5eb29c4

SHA1
33b451e52d3cbaf3e41543208a88c5e2ceae32df

SHA256
3831a2242ff187e2f3442ccc699421ac29eb84a0b4c092049fda203866e6f37d

SHA512
3c719d9f5694c84c863a53a8b6b721e269c37482b3223948219cbc2557efe6166492fa917014c2655d8c6f7e6b02a977d79ab5661f92f7a74539bbc4cd7eadef

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads