antidot | de7f3752a820b95fd58fc0099eaf6bb5a825d3d561e03dd5766a64cda456338d

Analysis

max time kernel
149s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
22/03/2025, 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de7f3752a820b95fd58fc0099eaf6bb5a825d3d561e03dd5766a64cda456338d.apk
Size

7.8MB
MD5

e89c4dceb41be42fe5b85863c53445db
SHA1

48c364929a8fe07c1bdd52438dd0dd031f426b20
SHA256

de7f3752a820b95fd58fc0099eaf6bb5a825d3d561e03dd5766a64cda456338d
SHA512

593735a5f3c4f34509ce735039345b1b53c986a0c8145db55eeecc8ae99ccee36a13ce191f8a4c7c174eb1d1deea560f5f1df078ce8e7cda5eb66614d450e4b1
SSDEEP

196608:v0Z5yUCT+IOCBZGz3urg/QVrHHjvvMMe3ko4HUUOPenRBz:+ZwtbkOrfrOPefz

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral3/memory/4794-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.beluponu.graphic/app_shadow/nb.json	4794	com.beluponu.graphic

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.beluponu.graphic

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.beluponu.graphic

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.beluponu.graphic

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.beluponu.graphic

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.beluponu.graphic

com.beluponu.graphic
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4794

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.beluponu.graphic/app_shadow/nb.json

Filesize
626KB

MD5
2033a71f100e0b51a8fe1a6d129a5bda

SHA1
ca2e2fb8739d0483b8f4c43cb357d3a13ee923c9

SHA256
a6df4640bd81114916a6ffbf594f1014d83d26798a401794141f63c482100cae

SHA512
006d91405e0082e86bddae8a4789fb44eef94af1073616a4c899596101e3901ccc6b08d7c52294ab52dedc525666eeb7eb5c88af6319ff373ef28218f553c0cf

Download Submit
/data/data/com.beluponu.graphic/app_shadow/nb.json

Filesize
626KB

MD5
9c01ee03a06cd5bd7eeffa55d1259b7d

SHA1
235b8fc611dc47d71d8b821cd38f9a2afe294ddc

SHA256
fd19ab440b48ecd41bf5979078757a3f5a30c1eb6f0351480220ffda8fd42cf7

SHA512
95c7c9cf65bb61837cfb6d505c441b5fea002bb95a1817e7f214474deb8c03b0985d6c860eed67d453f242781b42f0495befad081036f292d2b67ff4d8b89e66

Download Submit
/data/data/com.beluponu.graphic/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
8fecddb45ecb40139e944af85b01b919

SHA1
d67e12b2335fe8967d027ceca4330411af833448

SHA256
ec916cdfbff575d08963a00dd097c1c8d5077b603d072e7bd3fd9a4912cabc7d

SHA512
c85f051290fed0aa2bd746286cbe67b699d2af7247ecc43e9ab68ee0879709c83191dda5fbdf476db0aa72f4252967f2017ae8b05453717a531f9e5b726b46bb

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb

Filesize
188KB

MD5
dc843dcb8cee2007e9d75c3080395a41

SHA1
6d361423670852e24bfe9f3d8aa2f3ab6f6a9187

SHA256
1edaf375ce4bbdd265defe5cd7c17dbc67729d2c38531f0fc4fe0b657da33c4d

SHA512
18691252054af2da64703adc08333d536a8d1c38bc1760bde9bf73547b9b251b3026472e91d4b5613e1d2601981ce378905dfd4a3c461a4722885bc6716f0f27

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
50c226f7811ad2f90938b6bcbd6f34d0

SHA1
598e4307a4f13e3b68ef90336eb5a6a0a150b39c

SHA256
9146f1226c72702dd728de4727f98f624880d7ea61da30590c678edcc452143b

SHA512
102f065360ba4f480a173658f65f619e2639491c2b8e43ef4f87d8ef4e98f26e23e04ae3761e65e82bea10b747ff088654d079c98416fdee2d9b49df34d491ac

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb-wal

Filesize
422KB

MD5
eb313b2ee5f6b5cb218558bad2b06c4a

SHA1
00ec669788b4ff8db24ee5b17ee004550242025f

SHA256
0eef016df45f47e0d20572aaf6a9bfbd7178e5d0f6c04874039944d75b8c1d39

SHA512
0733e0a9598867cce754626a687dc8048d5ed4284443ba786ad02507dedb3cf204c88cc8b85cdf0472b6c1ccf694b88a08325f9b6370da9c8749cc11ce3be59f

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a4d9ff6d10476d402ca64a05a48ea671

SHA1
92a7751996375584e802093183937b562494cd0c

SHA256
e3e912212ed71e4d800e0ac89de98a19b34222f61916c6b7393a75af4fe3e7c0

SHA512
69e50aa3400aa86d0e37953505221ab5e84d738a9e8bf160e60574233f7290d0351b8f1df2e6a579999c75e3338a74acee22f79755a80a71d08c73d27d109a5d

Download Submit
/data/data/com.beluponu.graphic/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
4cb298a0f1a77c78445e7add4f1a4575

SHA1
59cbb666c2d24e599998d1cf5832ecf9951a9fe3

SHA256
5dbd08372659130351fb114a73ad73503038ebbfee7722005afd8b8bd1c67851

SHA512
78f6a66979be0be67240d73755ce0b06520b25c936957f0b5a89639d9e48789cb51ac05275e7a5d91eda5ba165a6d972558f347d84599f884b3f7220c0b6c357

Download Submit
/data/misc/profiles/cur/0/com.beluponu.graphic/primary.prof

Filesize
1008B

MD5
46b39cb95168e14fb8710576661f3d44

SHA1
01560aa6d4c22fd58bcfbf171e59043efe639c1d

SHA256
15380bebae8d0874468071ee3d894e0ab15f6037a160ba768e7ccd6526552920

SHA512
dde28169de09aae1f2807b4cd4adcb8133f231a8e82d11bd0bc22a8549b66412dd80a78c866767178f4c9076b5ff9c14771b718d03c827694cbae3cc07470914

Download Submit
/data/user/0/com.beluponu.graphic/app_shadow/nb.json

Filesize
1.3MB

MD5
6e4800e14ae255e00b23ef27e5eb29c4

SHA1
33b451e52d3cbaf3e41543208a88c5e2ceae32df

SHA256
3831a2242ff187e2f3442ccc699421ac29eb84a0b4c092049fda203866e6f37d

SHA512
3c719d9f5694c84c863a53a8b6b721e269c37482b3223948219cbc2557efe6166492fa917014c2655d8c6f7e6b02a977d79ab5661f92f7a74539bbc4cd7eadef

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads