Overview

overview

10

Static

static

6

09018457e7...33.apk

android-13-x64

10

09018457e7...33.apk

android-9-x86

10

risezikixo.apk

android-13-x64

10

risezikixo.apk

android-9-x86

Analysis

  • max time kernel
    29s
  • max time network
    27s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    22/03/2025, 00:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09018457e7366d2b54ae1ce19ad5ea61ac0f58464d6858c41b358f0a37cf3233.apk

  • Size

    8.1MB

  • MD5

    ce089137681025986be62b70339bbacd

  • SHA1

    e81dc0f6b2df641c3d58e54c77a20438fb14b24c

  • SHA256

    09018457e7366d2b54ae1ce19ad5ea61ac0f58464d6858c41b358f0a37cf3233

  • SHA512

    3cfd5642eb535fe7148c073d6d67b62f0afbd043f1d00508495816c84645c7fd29393113d0384737f148ade65fa1ea00683b8698ae46ad8b4cfe6c9aa5bb0240

  • SSDEEP

    196608:tp8YoZUkjZlU5u8ZLpqIFuAn3oE3TUbHcSjIsGscvdX:/oZTFA3dbu0ZUYUrBa

Score
10/10
antidotbankerdiscoveryevasionexecutioninfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.soweba.bandwidth
    1⤵
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4339
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.soweba.bandwidth/app_across/rWgRsgu.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.soweba.bandwidth/app_across/oat/x86/rWgRsgu.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4364

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.soweba.bandwidth/app_across/rWgRsgu.json
    Filesize

    593KB

    MD5

    c58c90d609f67f71baa4f3328869ff07

    SHA1

    e2411531cf2173ec5de111df1cfd4528ea1f414b

    SHA256

    2fc28945cf354f15bda5a429ee37be36227ff337349e1ba17e40e0e6a7927f8d

    SHA512

    ae5670b7cd6257be8b260b508e4038195ee25df105a4e9c130face5644489e2b8b03872e5aa45a70b970486f7f0348a9296bcb37e37fdd2102703e21f0c421dd

    Download Submit

  • /data/data/com.soweba.bandwidth/app_across/rWgRsgu.json
    Filesize

    593KB

    MD5

    9b8ddaa3f46352596c2b8d54f10af656

    SHA1

    8647ea0467c4540edcc39eba3aca703f152bdded

    SHA256

    29e328a62f867e98fb29201606d93f6f4b3956cfe1b9f1246e7482f03dc2cb59

    SHA512

    8f9266bd741253bbedcdd1444e9e9f5924e8f253b6c14e11b2c18b1f4edfbccbc4db772633323f561af6a33c65879d67be4b43181ca702407e8938e7abe65e2c

    Download Submit

  • /data/data/com.soweba.bandwidth/files/profileInstalled
    Filesize

    24B

    MD5

    8b098221bae932b8071a2e276e431910

    SHA1

    c187b631d831dd31c04f83318253e8b247844807

    SHA256

    927d9a562c784f3810110503ae05b61d7e4a7f25bbab9b7b07c74f77700c886d

    SHA512

    ab5adff3b15bc4e17bd79bcfd89fd3f661f8089c51ad5669ba7b3a04b06fabde951b1063c8f6e1c0a6f12c2f450806c164cbf2d79b13eb5f3802f8b0e4ef284c

    Download Submit

  • /data/data/com.soweba.bandwidth/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    2b2ccd14dc543deca397d89e20fcc38f

    SHA1

    6bd194b8c84163751c8bb0c413ff75b405fb33b3

    SHA256

    84f1a8fd58be60baf8bf08edc8ecca74d9e5dd672fb56c6c2a8a8a3a1b2631c2

    SHA512

    faf165c18bec95d0657713fd3d472301791511a6b1b01ff1da43650fad667fd108cb181d80af0cbac9f1cec4198271ff11a11b16af4a981fc3b445c923014984

    Download Submit

  • /data/data/com.soweba.bandwidth/no_backup/androidx.work.workdb
    Filesize

    104KB

    MD5

    17e6076174b3fe69f38d783ef1a6d3ff

    SHA1

    ae8a1d549dc5ff3b235c71a5b9b98ef32bf2fbb2

    SHA256

    4f4a3a0ac12cac36806862eb5285c14231f2a4715227b8d74eb47760dcedae79

    SHA512

    2bbad766811ae76763bca06957c6351fb81bcf73fe20facc7bb0f0f354ec90376afdc1fdb8857907d59d992ec7a103e9928f9b138a1783ff80f6b81e3140e144

    Download Submit

  • /data/data/com.soweba.bandwidth/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    5169556494c0b1ea819bcfcb6c1cc1f7

    SHA1

    4b2679ca5bc3484755306677ed491e7f2d66c351

    SHA256

    058e7116827913eaa19e453abd9be696ac0e0121c605dafa610cfd540c01b788

    SHA512

    53822c690cb360cc272d0240928fc5ac8e795c2241ea6d3c5f18fe7571f7de6bd754a338ec277f3d879c7974fee9b8fc8922c889840d91255a56b8a6f20f318b

    Download Submit

  • /data/data/com.soweba.bandwidth/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.soweba.bandwidth/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    88b244717bdd1c15803b9d0632e9b1ea

    SHA1

    313773b50b4aaf1e2efa6ca41f91927a6fb2a9cf

    SHA256

    a9032397054a8bce3be18a0bb53e2c786a00ce406f479035cb97570d73331ce4

    SHA512

    c80a1359f1888744a6c9e91add37ab5170f921d11ab6fdae5902cd73721b85769c4b088b7a22d13637c75504a1f99eea4486c42cb753a861299cadd420b946c6

    Download Submit

  • /data/data/com.soweba.bandwidth/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    5505ff117b3c4ad9ef2744e31a2d3db0

    SHA1

    bc231084f14bab5786e5766b115d082998eaea7c

    SHA256

    2852bc81b848a944341dba23029137a46bdbc28361f957cd6772e0e146b0b6ca

    SHA512

    c8adc7add7b8883d7346aaf87fd3eabae131667d927ffbc5ea2cddedc46c3a634bd3fa44f342c03f659832449ce28a74fe4605aa2c6aad52d0bf36c01c8821b1

    Download Submit

  • /data/data/com.soweba.bandwidth/no_backup/androidx.work.workdb-wal
    Filesize

    406KB

    MD5

    cdb1389b6d3dc9bc8c9d7ff6d193ecbc

    SHA1

    f444c4c87952ace8d5c501c26ab0270b95a56be5

    SHA256

    1e8e0ed4d6757eccbd89e8faed51a3d4994cf95a44151b9af3df2d63ecbf5e66

    SHA512

    b6eb2c16cd8e99e5078ead03596b3daaa41d98cd3058431795aa542f91a9be1b48fdb133bf3295876d4728472900fc1393e98ef32a34a8e391304efa03690c5f

    Download Submit

  • /data/misc/profiles/cur/0/com.soweba.bandwidth/primary.prof
    Filesize

    1023B

    MD5

    d9e947141ffcee38b1ed8f401c18a9d0

    SHA1

    68fa07fdd7975d75d5b07798ab5a57376f01f78b

    SHA256

    0d5db31931ba19d75ed7423816b63cf636e7aa627165b7584467670c62c04eee

    SHA512

    f35fa99db2b0a48951da99e0b09635c9569d4ba8542a988f0f059245cba712f2dc0fbc2572d56ad3fa2c95bbe7285d2a1008a31c7ca39512f5883137725a0c8b

    Download Submit

  • /data/user/0/com.soweba.bandwidth/app_across/rWgRsgu.json
    Filesize

    1.3MB

    MD5

    d7801719abe58e475d806d1306022a22

    SHA1

    27dd4839d808f32f8e3ca0f12849d29fc6527382

    SHA256

    24ff3f684112276658700863300fdaa72f058548bd4531a789912ab702b48783

    SHA512

    028fe31a4e8a657467522e4e7e4ebeeca98156e6ad55c563a5ce7c547367a9e1332b536a1eb729b7cc678693e8b793cf48bf982931a720adaace9aaa67ea6a13

    Download Submit

  • /data/user/0/com.soweba.bandwidth/app_across/rWgRsgu.json
    Filesize

    1.3MB

    MD5

    33446f61a80b5b52abc0770fe6c64a27

    SHA1

    15f715e614c100e0f602be9c473291fd46f394b6

    SHA256

    642063b0569224fbbe68485608a6586161662d906c36578b30ae709237a3adba

    SHA512

    e21793fa455726866a89425e62005a0e1871b3baa004c7b12d5ba77911c4a1c42c4a46594cbb93944b5214c857d744e45f322975d14a2d1045e99509d0af34c5

    Download Submit