antidot | 3a67cd052d4489d80b891515fb628bb1055d1d36f1098f2e1f8d531f37495239

Analysis

max time kernel
29s
max time network
29s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
22/03/2025, 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wilacayuzeti.apk
Size

7.6MB
MD5

42bdb83e42a9fada855b991c7cbb1c86
SHA1

d363089380fb259c3fc071ad04cbd2662ffd53a2
SHA256

f5de4bc0a114ad6e47beb3ed90df7071326d87976b9bab6670ecaab6222e6850
SHA512

c1d01c7a393ca2b936da476bad5abe3faea517a4683fa48275e4c70d28814050a00c379c944576651b830028f99c17cf40fc640b0103492ba81c1b1d68ad8cb2
SSDEEP

98304:qo/KrTKdFp/WvLPzQlNmxbi3K2ea76TIyIIiB2ieSyeTgnrSsnrBQaOVTXMyebi8:/dFp/KLPzZBUgIydYErSsrixdwiaLt

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral4/memory/4293-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.zumaju.dynamic/app_shield/FtbPN.json	4293	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zumaju.dynamic/app_shield/FtbPN.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.zumaju.dynamic/app_shield/oat/x86/FtbPN.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.zumaju.dynamic/app_shield/FtbPN.json	4267	com.zumaju.dynamic

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.zumaju.dynamic

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.zumaju.dynamic

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.zumaju.dynamic

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.zumaju.dynamic

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.zumaju.dynamic

com.zumaju.dynamic
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4267
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zumaju.dynamic/app_shield/FtbPN.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.zumaju.dynamic/app_shield/oat/x86/FtbPN.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4293

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zumaju.dynamic/app_shield/FtbPN.json

Filesize
993KB

MD5
1dc773b6acf83071f6516d605bc63d10

SHA1
a31d6a0cfb1cb020cdb87ee6f1a8d36160b85715

SHA256
040ef48945c9df2e08d495db83a6f47351e44dc5f7f05979c2e39c6f98b927ba

SHA512
7bb039958532b3b6cbed3a4fd3a9fdd3bfb6129bf8e2966ed57f4605437f3a85b9422ff29c51a7b5a5dc83052266bf9cf875289e028190afcc6177124b0dac6c

Download Submit
/data/data/com.zumaju.dynamic/app_shield/FtbPN.json

Filesize
993KB

MD5
8c52882e3cf4ca705c3164c40c9d1e96

SHA1
7ffdbff27a2ad5cb0c076b332849ebfa2ffecd31

SHA256
c6d4eee4725eae1fd5577c6e5642c551a0aa4347c6d3c195c124237a48fdceb7

SHA512
afecdceb4857d8e12100d8d3c4a39beb460d93bdb5026eead2a3ac893238ce1c16aa24d0ae27f3eee5283a6bba2de2d0f60c8dde59c01ee0330772bc4fdecb44

Download Submit
/data/data/com.zumaju.dynamic/files/profileInstalled

Filesize
24B

MD5
312f4f188944c1f71683e5c4ae541150

SHA1
44afc226ed172f82a58d8c2eba839a34dbd18a47

SHA256
4939b03cc500249fe54b5c78f1a12c508ced33e967ead428c39076c2dd5bedef

SHA512
531862e87d50b5a9ac0ca574d691bb99ff45008b49837f466cd22a648fcbbe7fdc5870955b0bd407e943e17c355d1e2841aae7b72ba6cf552b6426ccf29d314c

Download Submit
/data/data/com.zumaju.dynamic/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
2cf5f9155676e1a3282e8b6b584f8d20

SHA1
43e9b3b6054b2fd5ee30a07d9723f42c782c685b

SHA256
3aaf6e0d2867cb7265ca320ba2d46daacc4fa42a10167031fc2e655c8c6a0046

SHA512
87b77d9f9ed49011182dedfe64e6c8758688abc40346a4c2ece3cb52fefb1fd7cc094999744396de7b51e38cc493ccaaa2afcfa8f409f9c4a83a8203a056fc85

Download Submit
/data/data/com.zumaju.dynamic/no_backup/androidx.work.workdb

Filesize
104KB

MD5
bd53953682d712d79a6a5e7e234567e5

SHA1
8aded18a04fc0229ce8040387e10e3d2f34d855f

SHA256
2b5eb6e1063eb4d11caf6019f637f19a697ee2d6c614c0555980dfd532b9e5c4

SHA512
c8d5364a8e6c9ce755b908b2c6c1f20c544b4f5df91274bbebb46ef8d9ff923b0cf36a83b527e1000c0dc0e71718ec32b99b76d4a23b861e82ba564763548d5d

Download Submit
/data/data/com.zumaju.dynamic/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
12f1a08a030ed70a16e286ba0e7bf56d

SHA1
1745e08733e5811a972e7b1888f228fb155fb1b2

SHA256
f716e162ba80b04bad92c29f55f95beabee2eeee0b4b8119317e2381ba8141ef

SHA512
08abf81d8d45aee36b9333fc9d6951b1d7e6a01ccfc472a750bd556392a3aa75f9e47f27e2ce421037e44556d875337d9d55b3fc844d461014a7da9a89a9117e

Download Submit
/data/data/com.zumaju.dynamic/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.zumaju.dynamic/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
360acca2b440dda73f5fa633160bf272

SHA1
b5289282a4624824f79ccf54500a1b0ff12072f3

SHA256
c29199902c06e137480ab6c90400cf0835e4396570c990f3b0f4f079ca344290

SHA512
85dc4b42726f45bb76a16393cdaabc00b4565398c935e46b2c1a1e14c8e8cf0b81f92044707eb06d9ddc7caf515b9a357002bad241576df5b63a07b1b2263d6f

Download Submit
/data/data/com.zumaju.dynamic/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
c9d09edd2e8c59bac67176501bc3d7ab

SHA1
ad5c0555c477dd13b16293440fb4a24becf13628

SHA256
8e1a62fd9619f98ee8f9922bc70ab9740741b6d7379a6f692bf03331ef691d7e

SHA512
300134e3f057771259b6bc121f075c8c1fbefca594b5fa4155f2e56e6e14802a6e6fcae26790a37a21fdb52716726988ec1c8a7d27c232c8743b85d1a8086b07

Download Submit
/data/data/com.zumaju.dynamic/no_backup/androidx.work.workdb-wal

Filesize
422KB

MD5
a8661f38b84f8afe74e5e14f47bc6b84

SHA1
e738227ca23fa8cced6f189ef4efa72d0a4a445a

SHA256
377d0e1f64a9869ac15dbd182ff5f85d56a39c2c486144995485e43fc233b20a

SHA512
9c11269336b1c2e2b83a116510159d89b8ae3d4c9db7d4e3e3514a6d1085e140747c45e060877f530555684d3295d93ede6bff4004d8b2f9ca4739258951fd05

Download Submit
/data/misc/profiles/cur/0/com.zumaju.dynamic/primary.prof

Filesize
1KB

MD5
cd95702fcf186bb33493c17508fd711b

SHA1
517cf7916e1dcfc6bea4d637b7a97b177e8057c7

SHA256
44bb217cbe60317fa024590c7d1bb9dc1bdd755abf0df770ddceddd4ea7ed716

SHA512
dbff21e3cc5909dac2a69a7c88c61e78d46e31786efb9f7ddbdc037cdd98e9395afb9923ff803a85131b16d43aff9b246c9e6d3f1eece0ac2e6df070790f2db5

Download Submit
/data/user/0/com.zumaju.dynamic/app_shield/FtbPN.json

Filesize
2.1MB

MD5
3c5861af6e2a4e6dcc4601d4f813796b

SHA1
79f935e5cf9677b6be43b785ecb45fb2b5dbd200

SHA256
e33f3fe1b02ea5ff129f5c8cedeb57eecb8d9d42f21330e513af63188dc4e149

SHA512
2a2cf39b3bc0841d1ac5dde615849b6488c7d2a5236bf1eef8d916dbc20d35582256fd5a00a24702ddaeabe195b6765394ea7f548b6c0b5c6cdf12b5249bbf7b

Download Submit
/data/user/0/com.zumaju.dynamic/app_shield/FtbPN.json

Filesize
2.1MB

MD5
94c30eae3921878ae3e8a3a495b7a85f

SHA1
9606d33fedfcfa807474c035b3aa0c59b1621166

SHA256
f215e32736c7d47be0b97ebc3292b4767c1e439ddb65a41f09d7e97de39e21a7

SHA512
634401055fd3c9653727b6ad32cddb3e605222b6f521b544ba6f148e2ce8b84a5d8e9f0b7218e979395f2fed59b3ba90a99ff66e88ad76413b43e95aacfeb8d0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads