antidot | e893374ee1f3e1a7ccabab85d2f47c64d7cf0781f64f5e0bb7a96368327919a9

Analysis

max time kernel
149s
max time network
129s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
23/03/2025, 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

new_chrome_v8.4.35.apk
Size

16.8MB
MD5

4d7c8b05b2af242297137a70f9f6216d
SHA1

b2cd4d335ac946bdac5b02a215f649f35c57464c
SHA256

e893374ee1f3e1a7ccabab85d2f47c64d7cf0781f64f5e0bb7a96368327919a9
SHA512

2f6a50a9362ce29a617b078eed0c660a096a6e2d633dc3aaff144316ca6065f6a2971161168ca4a1d82d1fd93e222238804e371a706948ae8bf1bf8bbe30ce5d
SSDEEP

393216:HcowMPJkvcCCthgGKztNk+s/kUIOgWRfWnDv45v62D6:H3HkVGytqLkU6WRfB5vlu

Score

10^/10

antidot banker collection credential_access defense_evasion discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral2/files/fstream-3.dat	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.luyabikone.development/app_dex/classes.dex	5129	com.luyabikone.development
/data/user/0/com.luyabikone.development/app_dex/classes.dex	5129	com.luyabikone.development

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.luyabikone.development

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.luyabikone.development

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.luyabikone.development

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.luyabikone.development

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.luyabikone.development

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.luyabikone.development

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.luyabikone.development

com.luyabikone.development
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5129

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.luyabikone.development/app_dex/classes.dex

Filesize
1.6MB

MD5
c503da310e142896a749aca634caade2

SHA1
64053a2ccc6b01c6f5a74b9deaab5e115c940d97

SHA256
357456db5e3af73ee9de8a521fb93612cd08f340b5b0c5f398cb9713b9bd5d08

SHA512
d0ef906c5548ca5c62af8043c39af715f8a1b72186c31fe7bc5b1ed19e886a4261861b536f3875ec8d030a56295872396bc745b8939a0aca86ee38d4124a3c5f

Download Submit
/data/data/com.luyabikone.development/cache/classes.dex

Filesize
783KB

MD5
02f9cd4e8d6fd5272a9aad12ef61d9bf

SHA1
44554b9ac65b0fe1319ac48b07bf525738ac3d57

SHA256
9a303da645f0ea04b04dcf655328c0c5b771025b0dcefa7e4e4cc146e02edee2

SHA512
4b752a4a5e9c54a112adbfac512c86ac0647d1101a75af3fb085e5c25eb07cf68734b937651c4c831ebe71229d7e82a881f825c7d358f1719c7b8626aea790e9

Download Submit
/data/data/com.luyabikone.development/cache/classes.zip

Filesize
783KB

MD5
6549af6058dea0d0701df3e7daf7d5f4

SHA1
363316f3fa91fd9414a143c3cb196d9649ac92fd

SHA256
981294498ed9465a311684c0d398a845e82547060e54436861ca4069454875d7

SHA512
ff27842baa9af7d4963f64d215b0407f253ab78ffb58adf5dc329138645451171ed73609d7a876dfa5637f353b328bdb8c2ee1d4db9ae468d587f49ef8393edd

Download Submit
/data/data/com.luyabikone.development/files/profileInstalled

Filesize
24B

MD5
b41b09f0765ca5075278590d73855af3

SHA1
b027a34d419b562739ac9f92b58ee537e0ace4f8

SHA256
55cca3b1a93ab2b6c8ed4d227c2c9f46583da6b914109de427a7a908b066de5f

SHA512
2e89be71fd3f1af4c2c4fddf2a0cce2b5e32cdf08b98b62b89a64a7e954671581ed610d2ab0703c84c14970e535ec2ee4f975fa226b1e9fa330317c09c4c804a

Download Submit
/data/data/com.luyabikone.development/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
66e05ad01867361aa213c7e49e7f0753

SHA1
e05eab668cf6de6262c3312dedc0ee536858661a

SHA256
08d79b9b58cc9e14c3e1f79b8f57c5299d3c66c7d192958704c099aad7f85748

SHA512
7557ad7b8b107514f11700b8af7c0810f83a02c2483d5064d66fa032f38cb6cf74aa7cf67cdd9a79bc605b15d409fb862fb5a45d6aad4179d3f48a3c77507df5

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb

Filesize
172KB

MD5
4a731922f9c81440483613e36c1ea1ec

SHA1
6f7e81204888aca35a140aff82a1c7992df6f334

SHA256
c629842fe52faeb61ddaa908638e5edeaeaad6538c67bc88f3a3a47a858a3f65

SHA512
bea1d027f75c9a38722a8c377807c479e99d8344529f251e18b70a2688bc2f712c234d57da1d8f381af8b1ecbff45bdc37f1d8284fa919d01f3d49d33dd07b63

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
798999e27b7ebfa208b9c49f082ac7bf

SHA1
b947441803518b0c50e6f33ee46110edbbd461c7

SHA256
642f65686e93575b07a079601899f218d48be5d9ea37bf65c04c138472dde583

SHA512
6e1ca4ee0ada39d721ba3f7403960b378ca7755364a6e7fb9c806e965c08b01441f8defb9ac03136796d98409d8c1e6ae59736b41153907f0042702079b507b7

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal

Filesize
426KB

MD5
1bde2f74267e14718e91c7ef55126f33

SHA1
e405b24afdfd33f76c7cde3e74a07861c340e8ca

SHA256
6d49c4b82dd3d3d2dfc12e218b834ab9608c935c0182c9186332fd68ead45b6e

SHA512
bf4dcf15513ff8c6a188e9e768946fa9082f59b58a27b229a188fd9e9b93493f076fa4ee8c294f325d16e9e3bf1a42e72fa538507e8f89f9f738d30684535c1f

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a3e35ce847d0ebf7c187a74120b9da32

SHA1
1fbd74b6c6c81820d71b052d0cf51c1df2c7689b

SHA256
7ba0d6140850dbd3e324cb96896357c3bff62ddcf4f71a895686ead60d43d9c5

SHA512
77de5ca03d7c28e4c11badf9a503591aab62d87afb14433be282feed25a82438262d4877cbce5573585f5a32ebd2be9c5280e3da77acb805aabb345d2a91d3a1

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
bb3dfe9ce0a9e850af317b467fcba07c

SHA1
00df1ee736cd05cc7d3bfdbaca5c169700687196

SHA256
8b3e920deeb8e3ee0cf19771f9c7bec0969d93740d1a69ce7596ada263dfc81f

SHA512
456035e3b14ed21ff71a6f1f4f03bfdc32500a05102a56bb1f9c6f0fa9d64a74c5780fc20068337b3433ec387bf0531bb864c76c2ae830052cfef01e0ac73fce

Download Submit
/data/misc/profiles/cur/0/com.luyabikone.development/primary.prof

Filesize
1009B

MD5
9b2b7703d8c8602d0b8766f9cb4077ae

SHA1
5474d119950546bc3753551faf3fc00bb91b4181

SHA256
d8f995e6ddd101363b9262f57d171c0ee21dcbc9f2f57c861b175d146ad14b9c

SHA512
7b4337dbc05fda17f6d2bf9635c9d04089444ebf652868bc2304b9150eec8f2ffc22fe3c5a804d2e25aa017ba3e4c4608c295b3ff93dd782536ea7c400ccbd67

Download Submit
/data/misc/profiles/cur/0/com.luyabikone.development/primary.prof

Filesize
25B

MD5
b9d9e0f8902d129e1aeebff0ae7b725b

SHA1
cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781

SHA256
25a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91

SHA512
f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads