antidot | e893374ee1f3e1a7ccabab85d2f47c64d7cf0781f64f5e0bb7a96368327919a9

Analysis

max time kernel
149s
max time network
152s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
23/03/2025, 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

new_chrome_v8.4.35.apk
Size

16.8MB
MD5

4d7c8b05b2af242297137a70f9f6216d
SHA1

b2cd4d335ac946bdac5b02a215f649f35c57464c
SHA256

e893374ee1f3e1a7ccabab85d2f47c64d7cf0781f64f5e0bb7a96368327919a9
SHA512

2f6a50a9362ce29a617b078eed0c660a096a6e2d633dc3aaff144316ca6065f6a2971161168ca4a1d82d1fd93e222238804e371a706948ae8bf1bf8bbe30ce5d
SSDEEP

393216:HcowMPJkvcCCthgGKztNk+s/kUIOgWRfWnDv45v62D6:H3HkVGytqLkU6WRfB5vlu

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-3.dat	family_antidot

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.luyabikone.development/app_dex/classes.dex	4331	com.luyabikone.development
/data/user/0/com.luyabikone.development/app_dex/classes.dex	4357	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.luyabikone.development/app_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.luyabikone.development/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.luyabikone.development/app_dex/classes.dex	4331	com.luyabikone.development

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.luyabikone.development

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.luyabikone.development

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.luyabikone.development

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.luyabikone.development

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.luyabikone.development

com.luyabikone.development
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4331
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.luyabikone.development/app_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.luyabikone.development/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4357

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.luyabikone.development/app_dex/classes.dex

Filesize
1.6MB

MD5
c503da310e142896a749aca634caade2

SHA1
64053a2ccc6b01c6f5a74b9deaab5e115c940d97

SHA256
357456db5e3af73ee9de8a521fb93612cd08f340b5b0c5f398cb9713b9bd5d08

SHA512
d0ef906c5548ca5c62af8043c39af715f8a1b72186c31fe7bc5b1ed19e886a4261861b536f3875ec8d030a56295872396bc745b8939a0aca86ee38d4124a3c5f

Download Submit
/data/data/com.luyabikone.development/cache/classes.dex

Filesize
783KB

MD5
02f9cd4e8d6fd5272a9aad12ef61d9bf

SHA1
44554b9ac65b0fe1319ac48b07bf525738ac3d57

SHA256
9a303da645f0ea04b04dcf655328c0c5b771025b0dcefa7e4e4cc146e02edee2

SHA512
4b752a4a5e9c54a112adbfac512c86ac0647d1101a75af3fb085e5c25eb07cf68734b937651c4c831ebe71229d7e82a881f825c7d358f1719c7b8626aea790e9

Download Submit
/data/data/com.luyabikone.development/cache/classes.zip

Filesize
783KB

MD5
6549af6058dea0d0701df3e7daf7d5f4

SHA1
363316f3fa91fd9414a143c3cb196d9649ac92fd

SHA256
981294498ed9465a311684c0d398a845e82547060e54436861ca4069454875d7

SHA512
ff27842baa9af7d4963f64d215b0407f253ab78ffb58adf5dc329138645451171ed73609d7a876dfa5637f353b328bdb8c2ee1d4db9ae468d587f49ef8393edd

Download Submit
/data/data/com.luyabikone.development/files/profileInstalled

Filesize
24B

MD5
8654a76bf701df9e24fd38af71d54f41

SHA1
2ef1fb1ab503e5998cbb86ad36d5e87dc57c6188

SHA256
616081ae8fac3e6e943daea0e07d6465cf7c3102c8eff620c11f9d02d27574ac

SHA512
192865c2f6a49f30f069b090d22fc55ac8b0bf87d3dc2cdeb48609d1747c41fb7bbe9f6104ab322a164a4ea11541fa0f353a7e2bada3018be982917e6cff0737

Download Submit
/data/data/com.luyabikone.development/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
5d0c307db1882eb6aa14845b73dec1c4

SHA1
3c8e1922521f214872d03e40723e506379dd7d18

SHA256
9c864892dd37d55eb04cd732d02b2979f31ce6701054910273979862281eea6d

SHA512
ea914e22950d6bd4e6542b8fb907c68b5bd36bc4c1ef124df38b18f0e6e72eee5d181f31b6cb2ebb38565066adedff8c534155b7737890894a7ac06140a755d0

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb

Filesize
168KB

MD5
b1a3d011a855109d1b4d3d4757096342

SHA1
4b84a5cc4a8541648b22eadafefed1edaf7f0209

SHA256
aa717c3ebf9b8909e259fb641eb685bc7ac2a016d771da959f3da3f63e7bf118

SHA512
b02fdf90578557ab143f68b12adc4d3ccc9ed42e5ebca95eeca12e7ab36af763872b1bc281826f644ca671068687bd046ababc41a5d7d0556327dce054467865

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
893e6ce7d5e5c661388963f09bfd3cd1

SHA1
7cc0a9c632bd95201c5ac4ea84c476be665b939b

SHA256
a1b71140b4da9cf9ce0deb98961de8e161a04e8ca211e881b627659fbdf547d3

SHA512
23427840b800818a54e158c9ee747d3110351018f42abb68738466355b3a32d8e93ea08c631c245a85b8d0d181e8c960918b0897af9370d25e4d6cd5c8e452d9

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
b381816e15412bf9fb1625bc8000ca0f

SHA1
38a06377ea1607d87e75bab8662e8e1b96be7c3a

SHA256
c2a735a87908ce3b855ad58fc16e4acb39b3b7058924726826db22bea81343fd

SHA512
2577d552919ea8e48596beb39ce6b302fec6164f724ba6bd6ce48e2f390eeb4e31c84bacf032b490f6764c5d4c0545cc1d61b802a884d0b911ebb2daa8fab44c

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
94cf48718bedfc333f46e1e02d4d4389

SHA1
d321ee2985c3f747fb1a172f0282e2102cfa7036

SHA256
e5eb762ba15b1194f585a4141a8ddd9bda557565fa4b78a1e531cdfc40d5e619

SHA512
1ab060d01ae3e1503fbd6cccfd1481bec230736dd401a226d9f9e51a162c80b6808d02758354c68bcf03ed3fe685b2539cae1a4fe510ce5a7495cea9eb9badb7

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal

Filesize
426KB

MD5
eb446407a2594fbba94f01a8e0469338

SHA1
ebb612228b9b5b56a51516e6c961485d4595b798

SHA256
4d0d44664f5d469e5099b934aa1a8c8763a1e4c12a21f670c8859ff8931867bd

SHA512
c763f845946a54c91b7f925aa0c58c35b6efc30081a434b77b30ce034632d9a3465db682e6dd598b4ea6f0a6a165eb2739122f072795d120a2042707c7aca438

Download Submit
/data/misc/profiles/cur/0/com.luyabikone.development/primary.prof

Filesize
1009B

MD5
9b2b7703d8c8602d0b8766f9cb4077ae

SHA1
5474d119950546bc3753551faf3fc00bb91b4181

SHA256
d8f995e6ddd101363b9262f57d171c0ee21dcbc9f2f57c861b175d146ad14b9c

SHA512
7b4337dbc05fda17f6d2bf9635c9d04089444ebf652868bc2304b9150eec8f2ffc22fe3c5a804d2e25aa017ba3e4c4608c295b3ff93dd782536ea7c400ccbd67

Download Submit
/data/misc/profiles/cur/0/com.luyabikone.development/primary.prof

Filesize
111B

MD5
58da93e89feebb1e45655d8bc2216016

SHA1
eb60abc7275dfb8495704157fabbd6099ad2a861

SHA256
c5896de447a37dc5938aa976f46bee37bcde3416e744c7e23ba3271a26838b22

SHA512
752e6bbd18f68444a6e2909c21aea07fca130e47f4adacc5325fb37ef6bb4eaec8e490e206e91d8a1402d484f193d7f9c124d2de9e970bf4cba35001531f7794

Download Submit
/data/user/0/com.luyabikone.development/app_dex/classes.dex

Filesize
1.6MB

MD5
82713d4befcc35fa7370089f6b06fb1c

SHA1
62b88d697108c72a25f802d576dc45757efacb53

SHA256
ab5fac1e3d23c71cee88b6e7c41d17d9a3ee70880d276c3a41d702a6254021ad

SHA512
afa5905b8dac4dd3fd43b3ac479097ce9a38402a96cecefa7d4b9de510743089c55b7dabdfafeb8cf0360eb39c8f0f99f599c0e563eee4dcfd4558750869da85

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads