antidot | de7f3752a820b95fd58fc0099eaf6bb5a825d3d561e03dd5766a64cda456338d

Analysis

max time kernel
149s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
22/03/2025, 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

doceniyobino.apk
Size

8.8MB
MD5

b07c3dad4ebf2fea0be071b21d3a35b9
SHA1

055c9c361f242fcfe37d349390b407fbe5fb38c0
SHA256

185c250c0d6db60ddd9f16c48e733e358b81c9fc277710c20a236cbcdc8a86e7
SHA512

120e6892445604b1561555b93c15a4f204f44d2f2272d0ba28b9efc82ad25001fef427d8212ceae1259129cb41c94762edae9eb2d2c88a9b956b1e5cffdd2452
SSDEEP

196608:GF9loJeYwPGzyIr9FTLjvsI7a+s/4sTeCXuXT:G6yPGzN9L2+UuD

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral6/memory/4743-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.reguvukavi.cpu/app_anxiety/DKrQd.json	4743	com.reguvukavi.cpu

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.reguvukavi.cpu
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.reguvukavi.cpu
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.reguvukavi.cpu

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.reguvukavi.cpu

Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs

Application may abuse the accessibility service to prevent their removal.

evasion

Prevent Application Removal

T1629.001

ioc	Process
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.reguvukavi.cpu
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.reguvukavi.cpu

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.reguvukavi.cpu

Requests modifying system settings. 1 IoCs

defense_evasion

description	ioc	Process
Intent action	android.settings.action.MANAGE_WRITE_SETTINGS	com.reguvukavi.cpu

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.reguvukavi.cpu

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.reguvukavi.cpu

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.reguvukavi.cpu

com.reguvukavi.cpu
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Requests modifying system settings.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4743

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Impair Defenses

T1629

Prevent Application Removal

T1629.001

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.reguvukavi.cpu/app_anxiety/DKrQd.json

Filesize
952KB

MD5
1d41f63f904cf38897338db0c74e000d

SHA1
ae3d18a2707bb5a4790c225668a66ab2e2c5dc26

SHA256
56946726ad413b3f0689d7ce748a9926e689a75d369f4f63121e6583cdc116ea

SHA512
4deb908dec81cc1f45129ecf184f7f8b66d707634dd79e324da11cb6dfe804a25dcabde7a94f01e3cd54e6d325313d81d2b941d3bbfe4eab2de21ad873844572

Download Submit
/data/data/com.reguvukavi.cpu/app_anxiety/DKrQd.json

Filesize
952KB

MD5
5daaf56647cc976f95d181ac7187898e

SHA1
0b1e53213d975305f5b68e70700c42f84d37e4f7

SHA256
a79b462b811ef20843d2de8b6ddf574e69f3fb97eecfd4abbedf8b65eb50f190

SHA512
0ee32b8e570389f769f24d0e6f4a805648bc4c949effe6b44dac62d98c5847636922f08f20aa5ebe2febfad40c5d80f076eb37d491410593044c6e0b81e8ff14

Download Submit
/data/data/com.reguvukavi.cpu/app_anxiety/oat/DKrQd.json.cur.prof

Filesize
3KB

MD5
2b92412b37b83e472665ab8943ffeb13

SHA1
ba0aa067f18c8dbcefb4fb489e413bd798853240

SHA256
c806922369c0788042de82cd553ebdb0b012b741748b6001ee3ef96c41a52fc4

SHA512
a48e18e19267692f8e7b6118fbb88c1083b8af03e8e19c33a0cea2b5feb6aec948c7e6d9e1cd0e73cfa53e98c455dc248c52a5271f62b142baf0018281b59662

Download Submit
/data/data/com.reguvukavi.cpu/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
e7c607d5f1713b00c137d48fdff63707

SHA1
340f09fb18c1cc64d5cb235f90dfdc1208e05a04

SHA256
d802357c5acf0d1a16f37ef8c66cbc7149152dc2568863acd0512dc2083a0772

SHA512
ed8d20b6710ba3af5211d1c03f81de96524dc862cbdda1c065a8ac64a4d77fdfd8fe5ec9ef2bccaa509ce800508b6d78266c68bb5cd9ee0e06cd75df41ce1f00

Download Submit
/data/data/com.reguvukavi.cpu/no_backup/androidx.work.workdb

Filesize
104KB

MD5
ed08d3ebced7612bb36f0047189d372a

SHA1
5c642d8460f0a8227adeeed3fb6102d8a56c8528

SHA256
f9e40b2798070e27aebd88928e3839f9bf4cc7e020383ae7e5012012bc464127

SHA512
4e5782165abd5ab2959a13c6f8bba19dc9fca46d5aa207531b6226ee9e26031eb88effa12c3b8fcd8ac7378319b62c80876c60acdde466d739ffb381ba227cc8

Download Submit
/data/data/com.reguvukavi.cpu/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
3f0f82e945d364cb62c2c8f7eb7848d7

SHA1
77fbb953c183c9defec01a5f3f41a2d24f1206fe

SHA256
3daacbb59305c659cfff846303dea53916d32316553d1ac274e54e636fe1d447

SHA512
50af3eabfaf17f4aa1e8b6a4f0dfcd589ca33b59227823ae054ee7fbb0f70c3dacee7ac5b01e5f5479c0563bcb4b5b634bd4c52cc1a902e631220bb981afd56e

Download Submit
/data/data/com.reguvukavi.cpu/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.reguvukavi.cpu/no_backup/androidx.work.workdb-wal

Filesize
426KB

MD5
0820fc40ec1ccd132cdfdf427ef1eb25

SHA1
7acd4c017cc7b29f8a632ca1ca0a3622e8887651

SHA256
1f7598aab09f176e104854fd1c3ed8f00f235b61c95bea5a57bea313f3f96c77

SHA512
11b52398de0f72ba8b9b3a3e813a0aa4075ca823288c445a8b82274f570b6c860a2f7c378e11cf3f5e58e340eb74421611d45345d18c1a176549801f5f4e5f09

Download Submit
/data/data/com.reguvukavi.cpu/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
2207bf954c154542ac6ad27957965187

SHA1
dcb4f58832c5c3ac7903c8c3933b34f016f654f4

SHA256
721ec2bacaadef3e2b8009a7ba007f267a73806dba838f357ab7fe42d3699d6a

SHA512
d0c8a767724d5b0dfb50f4d631a5f8aede5d91df25648d8291ee5b803807992e617ee292257e959e78c406d40b671b89a61b5d100bfdbc1593352fe1f6f7ddc8

Download Submit
/data/data/com.reguvukavi.cpu/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
d7175ec623ee3ac548eb333839d49f8e

SHA1
e369bf33d0c262e9bf5fe8a6bd9028f6dd33e886

SHA256
aefe0932c21798fadf6db484d1b096c4df22ce9f5b4a80cd49f85e0ca701600f

SHA512
6883229947f40c3ded03e6e3402d6f3f2e9f969461a06a58c0cf2fd946767cf5bc5ea3f7cb56c2c1ca56d358866ecd8448247566724dc0b85b72ed146ca34250

Download Submit
/data/misc/profiles/cur/0/com.reguvukavi.cpu/primary.prof

Filesize
1KB

MD5
231f086bec6ef79f91401d368d7121eb

SHA1
699f48c1fd5428718d4bcd90e95af1b2409b4b2a

SHA256
46f0561fa6b5be4bbe345f766f7589eb560c52ddb0ee80105fead1713be06192

SHA512
0442767443d1c64c751997891c7f6c3f35f7fe580a2d82de9092b67df710665ca451e59925370061132c04e2321d2a55f55d92aa2d816fb2c85f7d3aef4746f8

Download Submit
/data/misc/profiles/cur/0/com.reguvukavi.cpu/primary.prof

Filesize
179B

MD5
5dd1b76433d18733dbe889cfb781d8bb

SHA1
8083fdf5f429910f7e05d8be9528eceea39c57e6

SHA256
78f21d1d6c597dfa0647cc489db574647bbc6ebd0e4938c629ce74e7ebe3e496

SHA512
6883b455dc903ed176debda6ac2513ff6f8fa81ce6b414d7e77d33c966f166005f7c5a7b34ae3cbecb936ad881624e8181a98fec20017fb4c05cc72bee393f4a

Download Submit
/data/user/0/com.reguvukavi.cpu/app_anxiety/DKrQd.json

Filesize
2.1MB

MD5
94af8efe738b7a42b031ee0d363b63dc

SHA1
8769376fb22ed6dcc7b255d2df1b76b620c55bbd

SHA256
50d64bf33ccd94c178a8b8ddd2ab240dce8355deef8b5b0e657bb688e1d52eb8

SHA512
6618c383559c61507117c66ee5507a9499d4b2fb1e0459173ae757b533eebea7179a525c466459bbf562da0388c4c6bac17ea62683218c1ee9c3146cb93bcd1c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads