antidot | e893374ee1f3e1a7ccabab85d2f47c64d7cf0781f64f5e0bb7a96368327919a9

Analysis

max time kernel
149s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
23/03/2025, 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

new_chrome_v8.4.35.apk
Size

16.8MB
MD5

4d7c8b05b2af242297137a70f9f6216d
SHA1

b2cd4d335ac946bdac5b02a215f649f35c57464c
SHA256

e893374ee1f3e1a7ccabab85d2f47c64d7cf0781f64f5e0bb7a96368327919a9
SHA512

2f6a50a9362ce29a617b078eed0c660a096a6e2d633dc3aaff144316ca6065f6a2971161168ca4a1d82d1fd93e222238804e371a706948ae8bf1bf8bbe30ce5d
SSDEEP

393216:HcowMPJkvcCCthgGKztNk+s/kUIOgWRfWnDv45v62D6:H3HkVGytqLkU6WRfB5vlu

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral3/files/fstream-3.dat	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.luyabikone.development/app_dex/classes.dex	4779	com.luyabikone.development
/data/user/0/com.luyabikone.development/app_dex/classes.dex	4779	com.luyabikone.development

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.luyabikone.development

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.luyabikone.development

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.luyabikone.development

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.luyabikone.development

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.luyabikone.development

com.luyabikone.development
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4779

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.luyabikone.development/app_dex/classes.dex

Filesize
1.6MB

MD5
c503da310e142896a749aca634caade2

SHA1
64053a2ccc6b01c6f5a74b9deaab5e115c940d97

SHA256
357456db5e3af73ee9de8a521fb93612cd08f340b5b0c5f398cb9713b9bd5d08

SHA512
d0ef906c5548ca5c62af8043c39af715f8a1b72186c31fe7bc5b1ed19e886a4261861b536f3875ec8d030a56295872396bc745b8939a0aca86ee38d4124a3c5f

Download Submit
/data/data/com.luyabikone.development/cache/classes.dex

Filesize
783KB

MD5
02f9cd4e8d6fd5272a9aad12ef61d9bf

SHA1
44554b9ac65b0fe1319ac48b07bf525738ac3d57

SHA256
9a303da645f0ea04b04dcf655328c0c5b771025b0dcefa7e4e4cc146e02edee2

SHA512
4b752a4a5e9c54a112adbfac512c86ac0647d1101a75af3fb085e5c25eb07cf68734b937651c4c831ebe71229d7e82a881f825c7d358f1719c7b8626aea790e9

Download Submit
/data/data/com.luyabikone.development/cache/classes.zip

Filesize
783KB

MD5
6549af6058dea0d0701df3e7daf7d5f4

SHA1
363316f3fa91fd9414a143c3cb196d9649ac92fd

SHA256
981294498ed9465a311684c0d398a845e82547060e54436861ca4069454875d7

SHA512
ff27842baa9af7d4963f64d215b0407f253ab78ffb58adf5dc329138645451171ed73609d7a876dfa5637f353b328bdb8c2ee1d4db9ae468d587f49ef8393edd

Download Submit
/data/data/com.luyabikone.development/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
e97cdef3c37e4cbfaebb49b2ce8332d0

SHA1
9aaaa0d26cf92839f20d28760f34189d16c78871

SHA256
1945453c76467cddacc859b30ea7ebd9ed76d807a9ac98c66428b79a9f15d577

SHA512
1f4e756b811c0ab50f40ed127401071f1298c84548f770fbc24bcb7905d9fbd3473b88050ebfb1be6df83839f8f77ee050ec68fec30e0a5b4b0724246cc6b2ea

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb

Filesize
184KB

MD5
be70fa784c2ca2d26fe1252e2b165350

SHA1
c8da7edf56e1a231190c82d90f9fc4ff0ba3f863

SHA256
65c03b4b0af812d0520ce7bdcdc4e06b6fc43a6603ec67c025a512eaaa61c8f6

SHA512
70dc78b2310100c5b0d8737e2de5aadd65b3acfd96d2575eefbc9bece6af3995e6c3e4916b9e992b194c73f087cb7ae28c01e3bab250d89e58c1046f382a47f7

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
84562329c934496e0b0e2c6fe53ced83

SHA1
2c50ce1072ec2d8ed3988e02550bec884b2bc497

SHA256
c9a6df882892e25b7905224676192e119b9ce94978579837b46a81d2be38222e

SHA512
740de7d8452f71ff4270a8265fdb1644fdec879c994b8eade3b7cd71683512776aeed4c60c82dfcb8765ebb93dd953aea23717c669a5d62e16219e241bffd262

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal

Filesize
422KB

MD5
25a574dd0f4a96477b7e24ca165930b2

SHA1
cd982d8c63b7c43fe2ea4e287e8498b77a9bf96a

SHA256
9eeb2323e69dae159159c2e53b6dddc2bf10d2ed6e2780574cc6543a6577abf9

SHA512
284858ff93b5b0a0aa6baae04b2d7fad0cf8cd7b1bf35f2843fe33c77016d6ed0779203a3f0f05f77825aa5c8c942c250aca48f3e1f940b3a37180ff7486690f

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
820eb3c085759571904d9830c5c9e2d2

SHA1
56078cb4d89e0017e578c64690e393a13f051de1

SHA256
abd9b24291960555c140451f478490fd2ed43603b3cc885844b22c019f3c10fc

SHA512
53d96cee1d98c764c05bb3fdf39194817c14f865613db85b99088d4d961cb255a05cd32e92914138f62b62ff3a8907c749352a7f13de2eb679037fe27546257f

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
4ef1e3bf552bbf9b42b22690864d9810

SHA1
98662afbee606469df7a438a4a224e27d33d7c2d

SHA256
0ef6956eb9cec6679853be72946134bde82047c170d552bacd2b9eaa549ea007

SHA512
98ebea844efd03cdcb8bb590b73c787945e22869b4bebaa6421678327f862175117476fb8dd85da6ac41c4a9d577d4abba6af5bebd3c76cd56cb197dce498206

Download Submit
/data/misc/profiles/cur/0/com.luyabikone.development/primary.prof

Filesize
1009B

MD5
9b2b7703d8c8602d0b8766f9cb4077ae

SHA1
5474d119950546bc3753551faf3fc00bb91b4181

SHA256
d8f995e6ddd101363b9262f57d171c0ee21dcbc9f2f57c861b175d146ad14b9c

SHA512
7b4337dbc05fda17f6d2bf9635c9d04089444ebf652868bc2304b9150eec8f2ffc22fe3c5a804d2e25aa017ba3e4c4608c295b3ff93dd782536ea7c400ccbd67

Download Submit
/data/misc/profiles/cur/0/com.luyabikone.development/primary.prof

Filesize
25B

MD5
b9d9e0f8902d129e1aeebff0ae7b725b

SHA1
cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781

SHA256
25a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91

SHA512
f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads