Overview

overview

10

Static

static

6

09018457e7...33.apk

android-9-x86

10

09018457e7...33.apk

android-10-x64

10

09018457e7...33.apk

android-11-x64

10

risezikixo.apk

android-9-x86

risezikixo.apk

android-10-x64

10

risezikixo.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    22/03/2025, 00:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09018457e7366d2b54ae1ce19ad5ea61ac0f58464d6858c41b358f0a37cf3233.apk

  • Size

    8.1MB

  • MD5

    ce089137681025986be62b70339bbacd

  • SHA1

    e81dc0f6b2df641c3d58e54c77a20438fb14b24c

  • SHA256

    09018457e7366d2b54ae1ce19ad5ea61ac0f58464d6858c41b358f0a37cf3233

  • SHA512

    3cfd5642eb535fe7148c073d6d67b62f0afbd043f1d00508495816c84645c7fd29393113d0384737f148ade65fa1ea00683b8698ae46ad8b4cfe6c9aa5bb0240

  • SSDEEP

    196608:tp8YoZUkjZlU5u8ZLpqIFuAn3oE3TUbHcSjIsGscvdX:/oZTFA3dbu0ZUYUrBa

Score
10/10
antidotbankerdefense_evasiondiscoveryevasionexecutioninfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
    defense_evasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.soweba.bandwidth
    1⤵
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4215
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.soweba.bandwidth/app_across/rWgRsgu.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.soweba.bandwidth/app_across/oat/x86/rWgRsgu.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4241

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.soweba.bandwidth/app_across/oat/rWgRsgu.json.cur.prof
    Filesize

    2KB

    MD5

    f39f3ec4cf8f6d9d7e2820e7a621224f

    SHA1

    e711805c85403f5a00c36f575b327cfd95874635

    SHA256

    1c9a655595d3269fa3460e3bfc72d817571fdd88b3be6486f81cee59f306ab53

    SHA512

    16808c08ea10245f11541c1138c0a62505e2e54c402c961c85a207e79893df1cff9a036362047c7cd687779089dc7c64a06da8a9d471bc4a03b327fe6bac2120

    Download Submit

  • /data/data/com.soweba.bandwidth/app_across/rWgRsgu.json
    Filesize

    593KB

    MD5

    c58c90d609f67f71baa4f3328869ff07

    SHA1

    e2411531cf2173ec5de111df1cfd4528ea1f414b

    SHA256

    2fc28945cf354f15bda5a429ee37be36227ff337349e1ba17e40e0e6a7927f8d

    SHA512

    ae5670b7cd6257be8b260b508e4038195ee25df105a4e9c130face5644489e2b8b03872e5aa45a70b970486f7f0348a9296bcb37e37fdd2102703e21f0c421dd

    Download Submit

  • /data/data/com.soweba.bandwidth/app_across/rWgRsgu.json
    Filesize

    593KB

    MD5

    9b8ddaa3f46352596c2b8d54f10af656

    SHA1

    8647ea0467c4540edcc39eba3aca703f152bdded

    SHA256

    29e328a62f867e98fb29201606d93f6f4b3956cfe1b9f1246e7482f03dc2cb59

    SHA512

    8f9266bd741253bbedcdd1444e9e9f5924e8f253b6c14e11b2c18b1f4edfbccbc4db772633323f561af6a33c65879d67be4b43181ca702407e8938e7abe65e2c

    Download Submit

  • /data/data/com.soweba.bandwidth/files/profileInstalled
    Filesize

    24B

    MD5

    8593255e1041bf61e3d145b255b15ad7

    SHA1

    7b78a10384bc47b58f725497289729737bf4ca23

    SHA256

    98360266af12337eff4838df813bd254c860d329eddc562c0fd41339db6a8953

    SHA512

    a26013952e1d865e5b2b6a5ea10e934c77b1aa5cbefa33570be2437d47e5127a002d8a1b0955e8bbea7d8155d76d75ead373857a9528f81758209622d69fb99d

    Download Submit

  • /data/data/com.soweba.bandwidth/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    67197d319066d0203e8c4e9d8793394d

    SHA1

    b1d36e26a2d5628e3a3d470bd65f21f4349ed24b

    SHA256

    9c7d964abd2d133fcc5a80f581cabb948511704d9a06ff703a05869335545e9a

    SHA512

    fb05ea7f135d5f14adc36ca6a0ba93c6b733af7185d074a9336b3dfb8cdefc73df52d11c7e20714f448e96c6ef8a70f4efe9a5ab0e79579f4d188a050bc78f80

    Download Submit

  • /data/data/com.soweba.bandwidth/no_backup/androidx.work.workdb
    Filesize

    168KB

    MD5

    1c4f1b8b6f87446180e7e61fb7f12ca5

    SHA1

    d2a198547b441f68159bbe9043e22491c2e0896d

    SHA256

    2bec388f4ee7a4131b67c641b93b7c1e5b4f9c7f00ef867e18863f7dfb00a718

    SHA512

    8fdebc4c300011c7f7f62350d9f40e8279975f87e0a9104709d0b982654ff97b2556bc31401db39035e1d6f9162d2d28ee4db809052ca67fdb31cde6b8d96e67

    Download Submit

  • /data/data/com.soweba.bandwidth/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    f9e91733c47103cd71b5a1ce6987d020

    SHA1

    44569c663a721d9d6d0755e121d1f8facacb1781

    SHA256

    8f67efb30ae6ae149b5583dfd2c09d5536db38f2d1dfed2d0d9352ffebd13b57

    SHA512

    f17c1e12be20e05a36d28f9ccf60ed09f12fbde6e787c4286d8cbf62cb71f44bbee9f19ab75dd8b0eceae4545a7c105bf4f4c213e6e347e2953885fae5920c55

    Download Submit

  • /data/data/com.soweba.bandwidth/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.soweba.bandwidth/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    31ed1a12272c075556ca7119707f43f4

    SHA1

    89f7c3b6f7ffab40c0344f8a3a750a5ee6117ba9

    SHA256

    4b5f72145996564f13ab9bba9b0c26c81cc1b9cbd764444551d46df581d06dd8

    SHA512

    8ceda8235d1e2ab1b613b9520f82aa305b0d4bb5838ee909c3a5db8cccd1d50124d8cc197fc56e56edc4b3dae615aebfe73599822cf061af8e30e6276fb61b16

    Download Submit

  • /data/data/com.soweba.bandwidth/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    807c470de7b7025aafbd43ef8d342da0

    SHA1

    9f97f4648c9d30441c620a3fa067a5971fc6af68

    SHA256

    be2d2a63d2259e3295448738946d04a108caa7ea026d5e3f6024e4abdca8abe9

    SHA512

    1ae26278fdf99957f6c6ca6ec1e9c9579e13eb9d8b2022171805b454dc9f7769dbd230d785d0c507265dc184b8383dfdbb3517457267979671d828f7d58a739d

    Download Submit

  • /data/data/com.soweba.bandwidth/no_backup/androidx.work.workdb-wal
    Filesize

    434KB

    MD5

    6b8ad6cad8c8c0bc0e82af8037326666

    SHA1

    1524d6f42957c11b0aaed8338d9f2b4b3f390f33

    SHA256

    8439bf5eaa308d70bb53a5d649dc71066d6b8862e941d2793853e1b6648fb5ff

    SHA512

    4b7d211682fba3e3e8dab2c57ac9946a28c4ac9958e7aaa1177f3fb08bcc13368fce671f06b6d1a9f4093bd7245dff403e04aa11bb2b040840448132494e28fd

    Download Submit

  • /data/misc/profiles/cur/0/com.soweba.bandwidth/primary.prof
    Filesize

    1023B

    MD5

    d9e947141ffcee38b1ed8f401c18a9d0

    SHA1

    68fa07fdd7975d75d5b07798ab5a57376f01f78b

    SHA256

    0d5db31931ba19d75ed7423816b63cf636e7aa627165b7584467670c62c04eee

    SHA512

    f35fa99db2b0a48951da99e0b09635c9569d4ba8542a988f0f059245cba712f2dc0fbc2572d56ad3fa2c95bbe7285d2a1008a31c7ca39512f5883137725a0c8b

    Download Submit

  • /data/misc/profiles/cur/0/com.soweba.bandwidth/primary.prof
    Filesize

    192B

    MD5

    ff6c5da0104f95d36f487c19a41cc5a9

    SHA1

    52557fad5c9bd26d0fee63e8994f20611ad3c4a2

    SHA256

    cc8a0c9bd49aa4c6bfb645900ec407556e05dc29f2288b5ea831c4be3394925e

    SHA512

    7f838678e3b723a09d93a565178453130ae4e8200752056279d302b452bd7e457a287aa2b58ac1572676f4e9a85f1c6710a78034117dafdb3bc8f81a3d2505e9

    Download Submit

  • /data/user/0/com.soweba.bandwidth/app_across/rWgRsgu.json
    Filesize

    1.3MB

    MD5

    d7801719abe58e475d806d1306022a22

    SHA1

    27dd4839d808f32f8e3ca0f12849d29fc6527382

    SHA256

    24ff3f684112276658700863300fdaa72f058548bd4531a789912ab702b48783

    SHA512

    028fe31a4e8a657467522e4e7e4ebeeca98156e6ad55c563a5ce7c547367a9e1332b536a1eb729b7cc678693e8b793cf48bf982931a720adaace9aaa67ea6a13

    Download Submit

  • /data/user/0/com.soweba.bandwidth/app_across/rWgRsgu.json
    Filesize

    1.3MB

    MD5

    33446f61a80b5b52abc0770fe6c64a27

    SHA1

    15f715e614c100e0f602be9c473291fd46f394b6

    SHA256

    642063b0569224fbbe68485608a6586161662d906c36578b30ae709237a3adba

    SHA512

    e21793fa455726866a89425e62005a0e1871b3baa004c7b12d5ba77911c4a1c42c4a46594cbb93944b5214c857d744e45f322975d14a2d1045e99509d0af34c5

    Download Submit