antidot | 8fd64a79bb82be391831246f087f61e6b7efa91b1088de671b5a0505d74596f4

Analysis

max time kernel
149s
max time network
152s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
22/03/2025, 00:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fd64a79bb82be391831246f087f61e6b7efa91b1088de671b5a0505d74596f4.apk
Size

6.9MB
MD5

08288e2f6635941c7dcf44ca1fc72b5d
SHA1

ace53ea605e8deebe778d8da7f38212807a30b5c
SHA256

8fd64a79bb82be391831246f087f61e6b7efa91b1088de671b5a0505d74596f4
SHA512

4fba748e64dcafe2740fb9fb132f5c66846b26e88650376d5e368b7dd26599c772f3e2c27aa44d26e37d97d28245f8f66dafe635508a95732016002982238d3f
SSDEEP

98304:+o/Kr+167klRoI4fslzEBzyHPxkZrSf/cd96hg+hbj2ieSyeTgnrSsnT:D67klRpaCnHP+ZWf/O96hg+QYErSsT

Score

10^/10

antidot banker collection credential_access defense_evasion discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral2/memory/5106-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.moduzigope.array/app_loud/DuWbiK.json	5106	com.moduzigope.array

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.moduzigope.array
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.moduzigope.array
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.moduzigope.array

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.moduzigope.array

Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs

Application may abuse the accessibility service to prevent their removal.

evasion

Prevent Application Removal

T1629.001

ioc	Process
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.moduzigope.array
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.moduzigope.array
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.moduzigope.array

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.moduzigope.array

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.moduzigope.array

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.moduzigope.array

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.moduzigope.array

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.moduzigope.array

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.moduzigope.array

com.moduzigope.array
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5106

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Impair Defenses

T1629

Prevent Application Removal

T1629.001

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.moduzigope.array/app_loud/DuWbiK.json

Filesize
944KB

MD5
473c56196d771ec58f1b7ca467108559

SHA1
ebab80e23c5058aab2a8706297dab08e0b582fd1

SHA256
0d898506b0e707fb54280d12ceae72e6f73b78939551a293331e66f997144bde

SHA512
2d92645548784730ba744c2598c516d68aca704ea042ff041272c1e961e4ff5201f0f2f1a8456fcdd43d6643d75543c9edfe9e98f5018d8a68f73cfb09d40dd4

Download Submit
/data/data/com.moduzigope.array/app_loud/DuWbiK.json

Filesize
944KB

MD5
7e1e61f33c84d3f1dc0f16dc604acdab

SHA1
e51f8e5ddedba95c5712bd1585f3409278e760ad

SHA256
cb526ba231f422499726499461a026f7a1c38901c930bc235ca48e08356d5dd4

SHA512
c4f45793f11480624b0afd17d4730d0d02c9353029197103ff17384713b25d72f4afd3e78297ce0458c447aea84773fc698c2ac9a33c380a053ef8eb1da92749

Download Submit
/data/data/com.moduzigope.array/app_loud/oat/DuWbiK.json.cur.prof

Filesize
3KB

MD5
eec99479186d71d15ee20ba0c6d27f04

SHA1
1e44f320e32555afa075ae3bc6ffc1bb3f9afd0d

SHA256
361a467d8afe495888a42aa96286b3250f25e27a132c5e8fc30f3d6066cc7e59

SHA512
216e6bbe994d186d3d13bff7e4e6f88a133524acc0c4a650caf276a9547bbfe5dc2244c305b47a518b2ba1fcc019028534323d795e353e311ea6b9d44aa3afb7

Download Submit
/data/data/com.moduzigope.array/files/profileInstalled

Filesize
24B

MD5
18f326d68e63577cb3331dbc137e2859

SHA1
b80f970625319d480d082206bffdc41909e32e9f

SHA256
32aae230d356a3cc6e4bfd0e91b31b067923262de1b528b87587258af942bc72

SHA512
a600a868a0e5128163d3d6dd1b8c8268c58a5d46f67f8b993e6444a62840c6f712455524ff7245add4d47f321d7a7a1f96e23567a51e11ce24179f9b5f808542

Download Submit
/data/data/com.moduzigope.array/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
fad0d9e20fa0ad1a93d7792b97c8c9c9

SHA1
671d9c838a9f54eb562b816b5fd850c13565bbf1

SHA256
d3c606928fdb5a3f85177db736818ddcb4775780675d2a80834985bedbf97427

SHA512
11f5512bf1d1f4a472f189ced4a70668d800b49ec60240001b86726f8a30b4e6530ea9a6e5ac4f69bc3b116119b5463e8f53422d7b72ea7063008d0e1f553f91

Download Submit
/data/data/com.moduzigope.array/no_backup/androidx.work.workdb

Filesize
104KB

MD5
c088a9f19e4f714b4bfa267b42434674

SHA1
d382e260e2443023444e6f674c104c80250eb069

SHA256
986aa8891a7948b695c37e2b3d947e2d3bfddf75422b37182d76e1be5fba2394

SHA512
ffd8f85047f96bd1ee0796c2ab49da8198af10536c2f34b44df3e40b8fa356f17d5de7cef857187a7c0e3bd87001344cb3a4a92267c7c1255c945e5da383ec4b

Download Submit
/data/data/com.moduzigope.array/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
87bef819c90773d58476712589e8e4a9

SHA1
4fd9d1f2132932ba9d72ad094e9de4ecfc4a8bbf

SHA256
c90cbc7b0dfba973e8255516657b57e1d104bfe4f77e9d170dc1877281f3eaf0

SHA512
397c063f91f555e6a8585ab34f79968adad693b85d6ede08073dc542261fb3b6162b45fd297157db9cb96ac3f300d7fd5db933c3b50294443fd5a4f02696daec

Download Submit
/data/data/com.moduzigope.array/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.moduzigope.array/no_backup/androidx.work.workdb-wal

Filesize
446KB

MD5
449a5e381023832d2e4eaec21ebeac84

SHA1
3df57407f76b9d2d8bd1a025dd3ad45dbe253a26

SHA256
548b9b9df6d207b7e02dc1cb2e6d1b2d91a1fd039843f446199939b4281b94ea

SHA512
5425525e5a7414f43d718d82ba05abc9925a95b1f1218fac34da46b72dc08dc5d4cc7e9053aa5b5045ad0137055136d36c9fd8423895d709c0f03f0b2fe6626e

Download Submit
/data/data/com.moduzigope.array/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
75cbf7ac5c0de99e15b3443f8fcdfa37

SHA1
07011867820626b1c4fe40ca2e40fdeb8c674f62

SHA256
df6a3e75127b089bb3ac75a44502661997c69149d169bc8ef53397e00af67054

SHA512
8187233876a695afec3a5f1460135cae986fb01adec5e66cf724dd93f822aa5ea945f2bfb461eb1987eef7d7161a8c3687d7099e292b2cd6adc66c9e5cee2e37

Download Submit
/data/data/com.moduzigope.array/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
b1dbc635d8b897b70fc3b7c450e287f5

SHA1
3d0275b363f4610eb6b925a2bffb39efe599ab9c

SHA256
412c5c6ab685d6e57d02f93b9a5c5341ccbad65c55fd5af22ef1865e8ffa2f73

SHA512
b7f48837950b68fd3e7b81e261ae718b4407f7c7bf401671a1852bafea0bae7c9c3e91a8b8ac6126a6c0020d7ac2f5e52967fb0dd0b35fcfbeaa583e3a1d3f2a

Download Submit
/data/misc/profiles/cur/0/com.moduzigope.array/primary.prof

Filesize
1KB

MD5
e0d99945dbafbcc2e474862af8a4ad61

SHA1
759d6db9d7b7ecd3769eeb03054db5f48a44955e

SHA256
1900d5877f50b7ef892621d186b57cea9a98aeb558fb059c95fa45eb69787661

SHA512
173063e904bc1ca33eaf525be8e9664c3ebd329a2e948da8015877cb4a2c91a3871f332d91a22febb8913bf9b85d05d4ce14e939754eb8c7f89b32b58b87153c

Download Submit
/data/misc/profiles/cur/0/com.moduzigope.array/primary.prof

Filesize
25B

MD5
b9d9e0f8902d129e1aeebff0ae7b725b

SHA1
cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781

SHA256
25a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91

SHA512
f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6

Download Submit
/data/user/0/com.moduzigope.array/app_loud/DuWbiK.json

Filesize
2.0MB

MD5
9fea90da834e82079c6e16b94c23bab8

SHA1
69473ba6eac095ee8a9abc845264c01a09a77a9f

SHA256
5d62db5294944a1d824b159f1d3d829ec294d18e8447ceb56305d8f6801b7527

SHA512
663ea4c65778002a1845bbc9c4f80925799771585fc36a5a238bee233d3de6c36194882d813f122bfb303ddaad0abfca906a295b40b329d28b7225a13f280d98

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads