antidot | 3a67cd052d4489d80b891515fb628bb1055d1d36f1098f2e1f8d531f37495239

Analysis

max time kernel
149s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
22/03/2025, 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a67cd052d4489d80b891515fb628bb1055d1d36f1098f2e1f8d531f37495239.apk
Size

8.1MB
MD5

f33f2bb4a55e8e4d1d0d06b4c1d0a9b9
SHA1

237c8a41e0a5b60ac538e5aa14db0d842348f963
SHA256

3a67cd052d4489d80b891515fb628bb1055d1d36f1098f2e1f8d531f37495239
SHA512

88a5ff8cf47289277e423951d85fe50a03afa33e299c5b33f6a71ba67e7905c6c57541624a344af2db41edfdfe3351d024905a60ea6642233ff722d310241325
SSDEEP

196608:cKw334mHj8u4o1S3oR1h7fSbjTucAW7pHbYw1AaUttl+QUbLs:k34ijwo1NR1VfCxh7b1Ajtlrf

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4361-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.ziwukeji.method/app_dish/aJP.json	4361	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ziwukeji.method/app_dish/aJP.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.ziwukeji.method/app_dish/oat/x86/aJP.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.ziwukeji.method/app_dish/aJP.json	4336	com.ziwukeji.method

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.ziwukeji.method

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.ziwukeji.method

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.ziwukeji.method

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.ziwukeji.method

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ziwukeji.method

com.ziwukeji.method
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4336
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ziwukeji.method/app_dish/aJP.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.ziwukeji.method/app_dish/oat/x86/aJP.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4361

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ziwukeji.method/app_dish/aJP.json

Filesize
660KB

MD5
eb7a90b4d32f26eb63f0e3662eaac844

SHA1
a1bdeb05d35d99c3aa9e36216aaf161170a4cdaf

SHA256
a7342a34ced20a6143a5dcfe77a2728a6dfb9dc733dc18f6b5c06f3943a3163b

SHA512
19228fd98f1777b1bd462bbec9f829a62e3378bab45dcae643cd838a269e8a5cdc76e11595a5a8346acfce2d5436786ee880ad60e9c2bd8e75b8d55822332c46

Download Submit
/data/data/com.ziwukeji.method/app_dish/aJP.json

Filesize
660KB

MD5
6bcbcfd2021b05b718cfb5056f412cd7

SHA1
1d7252a512ef5bed9ccef15fe56911376c28d66e

SHA256
fd09ebf785fc852dba1290603806fc7654ac4e6627745c20209cde16bda741c6

SHA512
08ee2b38bb817fa09ba575f1f8f969e138b4ff6b4c0dc9cc4270393c1454385ec25d132f0053dc1e5dfcc2612152fd9d56cb85f0588a7a7224b0aa01c0297009

Download Submit
/data/data/com.ziwukeji.method/app_dish/oat/aJP.json.cur.prof

Filesize
2KB

MD5
0660853298c2749a22056b1960486c54

SHA1
74a181695b35823cee78b2bb91a686016deaa879

SHA256
defdab8f61e2c8beaf0c643efdb0965b067bf15b404c2c1065c79ef221691979

SHA512
afa2b158995634384fea6df9d8275d8c4b7dc14a0979300eb7274c3dfe347b9ea309799416a720933d12dfe2b10400c76ad8e627b7ec9927cf5149ebce9cd40c

Download Submit
/data/data/com.ziwukeji.method/files/profileInstalled

Filesize
24B

MD5
0f9c8091aa1612720bc913a28c55cefd

SHA1
44753a5635eb171533a6d311a1e98d9c5d4caff7

SHA256
b4818483aa5753140c8e66f851d4687903e3656949f7b2040ea62af290276154

SHA512
3b376f3c4584df92dc2fa9778e7b12827a071faffc2f60aea154c3f879dc4d661c41fdf9a941592adacf3998c63766a25f07ba950e08e62e2abf592a05c26e64

Download Submit
/data/data/com.ziwukeji.method/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
45059a186d02b6d6b370c5343225b63b

SHA1
023c0bee0135ea22ae63fc3d322033d6ef756ec6

SHA256
2f604e526e01ded851c15d2fec82782a7f13b91a80e6665e0349c0cf14c41377

SHA512
caf17eb5bd7d144fe1d96da741cfdd6d3453a0441e54e40dd88a7f982596ba867d04e3cc9026f8553d0ea7a5861f839301f9200cb27a94102410cff4a630bb47

Download Submit
/data/data/com.ziwukeji.method/no_backup/androidx.work.workdb

Filesize
168KB

MD5
2fd63272767a3198100ffa25d30bbe24

SHA1
12466b164143e552f869209c1b32c603cc3db9c0

SHA256
88efa00772865b40147be71240df26aefd07a79bc24d2f1339ea696c2f2a9151

SHA512
bb8cf64c486c6e8d5d171403eba359a456e23129710da9ce7b31166387f91f2bcc2092eb98f07017f17ab66acc563acbbe5b006ffff44701f91ad92d787a92b0

Download Submit
/data/data/com.ziwukeji.method/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
71b185cea6125dd1851e72c0a941e1d5

SHA1
bed82b3554b0620b4eb72a1941941ed08e6f9e57

SHA256
31cf20a16ff65a4fcad0edc72b57b7028fb6f1e30602fe0c1bbe0c6dca615f97

SHA512
5515ce397f229f409c0e202581f5dc2ad2ab31cb170c5c4a3729ea0e426e55f6ac51bbc0b0f6a8b14ddfea342ef1fe3ce819e3f8622e88aaea48fcede18fae1c

Download Submit
/data/data/com.ziwukeji.method/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.ziwukeji.method/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
9f21ddc26756f749011c02604f927599

SHA1
9542e2b085fd17d384c4945182ec43ab5cb05292

SHA256
d6d5adca773998ace9e98abb48c8b076104204636a55ebfd1cc00cd549ce8219

SHA512
973a2744c6c4a2725ab065d493a90c0f9d6d96808b95ca1d48606c2ca27c56b53fdbf010153b135372c1f53980f9ad0ae4630f00b4521b789221308de08d2e62

Download Submit
/data/data/com.ziwukeji.method/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
64fd6acf37bf34360d0768d6991209a5

SHA1
81a69e13ad0494e29c9b8a4ee029e1119097111e

SHA256
649c4bde9e81d0a4fa96726cf59a2f56588591dd40eb2fac2143a5398a43b094

SHA512
c42311a3e9e4ae09531926c65fbd4ec54e816a9904ef868589084b37d545550dcc568f9ecec747bd87097001a626f323ce7d40e137be0fdb5b8a9942c919941b

Download Submit
/data/data/com.ziwukeji.method/no_backup/androidx.work.workdb-wal

Filesize
434KB

MD5
43d81d2338ebd63eb015c15e3de92c01

SHA1
296ade1ef45d313f8bf1faccc85780b07e755f3c

SHA256
7d5e27c048f4509c8a2e063f8524cdbb222df1f19d55b3652935cbd579ac663d

SHA512
9a87f00ea04838272e996b5ad7c82f0c02d8f48eb903867212c10ff7f75ce8e52168c9b67b81b3c0361935072dbb1286050e068cbd00a49a88007a4c437d6b1a

Download Submit
/data/misc/profiles/cur/0/com.ziwukeji.method/primary.prof

Filesize
1KB

MD5
222aef0bbf6112f68231a800df22aa48

SHA1
397d92202723eeab7deac45a2f374a452376c4a6

SHA256
fa53913fb9c01c107822611017186642e2ef2e86f862402ee31712704a10c392

SHA512
85ed326e5d66c959856f057ead9ecd8e6eb8237f2941cad458b9f11f39ed91fb627ab717ffc68b42080f9ec363d91fa907a6f248e7c53721c1c86c5f900fa077

Download Submit
/data/misc/profiles/cur/0/com.ziwukeji.method/primary.prof

Filesize
196B

MD5
09852f4387fa65d98749358a1098b4fa

SHA1
87e0e9d037f4082e8b53973749cd9370573c536e

SHA256
0c87090768a18b73251e08c36ea089e2d4e3cb7de8cbf97a2ffa87f67e144826

SHA512
74a24205bc9ec53f42e5d477b2ef3366041b553cef148cd7e31a1a9222bcce919099fb0c9be69bc2e2579fb98c93f06173c17bcb5e895b1d10ca4e5903b00479

Download Submit
/data/user/0/com.ziwukeji.method/app_dish/aJP.json

Filesize
1.3MB

MD5
f66fc790244a688d72b8e14519d59ae6

SHA1
fd186ab0234a9a017c0f8d4946fff861122df95c

SHA256
02562d3b557470d82260bb61c424e81d42bb66f6f273aebd921691b375b28849

SHA512
1c3a3a1037a229238e2679add4e15e819ba149c83bebad8a0e3c863e406b374eea7a1b14be002f7aeed341817cfa42b0ac2946bc78a275f464e9aeaba10ed4eb

Download Submit
/data/user/0/com.ziwukeji.method/app_dish/aJP.json

Filesize
1.3MB

MD5
9b1dc8c345efcd6d665cdc441b0742f3

SHA1
e993a666e7905bfe05a6ec01e5cfbb075d2b032a

SHA256
a624e32b4de5914490569479feca4ab96ae1320f733befe6b15518d560fc05b5

SHA512
e9f2455e6211daf1a77ac28b5bdcd798b5cac71a1694b10794a9dcf78da836e00c68c7dbcab3acce38a2314085c64ff154c1bd1555f58af2ee6e36d71520e005

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads