Overview

overview

10

Static

static

6

e893374ee1...a9.apk

android-9-x86

10

e893374ee1...a9.apk

android-10-x64

10

e893374ee1...a9.apk

android-11-x64

10

jixofobu.apk

android-9-x86

jixofobu.apk

android-10-x64

10

jixofobu.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    24/03/2025, 12:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e893374ee1f3e1a7ccabab85d2f47c64d7cf0781f64f5e0bb7a96368327919a9.apk

  • Size

    16.8MB

  • MD5

    4d7c8b05b2af242297137a70f9f6216d

  • SHA1

    b2cd4d335ac946bdac5b02a215f649f35c57464c

  • SHA256

    e893374ee1f3e1a7ccabab85d2f47c64d7cf0781f64f5e0bb7a96368327919a9

  • SHA512

    2f6a50a9362ce29a617b078eed0c660a096a6e2d633dc3aaff144316ca6065f6a2971161168ca4a1d82d1fd93e222238804e371a706948ae8bf1bf8bbe30ce5d

  • SSDEEP

    393216:HcowMPJkvcCCthgGKztNk+s/kUIOgWRfWnDv45v62D6:H3HkVGytqLkU6WRfB5vlu

Score
10/10
antidotbankerdiscoveryevasionexecutioninfostealerpersistencetrojan

Malware Config

Signatures

  • Antidot

    Antidot is an Android banking trojan first seen in May 2024.

    bankertrojaninfostealerantidot
  • Antidot family
    antidot
  • Antidot payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.luyabikone.development
    1⤵
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4333
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.luyabikone.development/app_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.luyabikone.development/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4359

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.luyabikone.development/app_dex/classes.dex
    Filesize

    1.6MB

    MD5

    c503da310e142896a749aca634caade2

    SHA1

    64053a2ccc6b01c6f5a74b9deaab5e115c940d97

    SHA256

    357456db5e3af73ee9de8a521fb93612cd08f340b5b0c5f398cb9713b9bd5d08

    SHA512

    d0ef906c5548ca5c62af8043c39af715f8a1b72186c31fe7bc5b1ed19e886a4261861b536f3875ec8d030a56295872396bc745b8939a0aca86ee38d4124a3c5f

    Download Submit

  • /data/data/com.luyabikone.development/cache/classes.dex
    Filesize

    783KB

    MD5

    02f9cd4e8d6fd5272a9aad12ef61d9bf

    SHA1

    44554b9ac65b0fe1319ac48b07bf525738ac3d57

    SHA256

    9a303da645f0ea04b04dcf655328c0c5b771025b0dcefa7e4e4cc146e02edee2

    SHA512

    4b752a4a5e9c54a112adbfac512c86ac0647d1101a75af3fb085e5c25eb07cf68734b937651c4c831ebe71229d7e82a881f825c7d358f1719c7b8626aea790e9

    Download Submit

  • /data/data/com.luyabikone.development/cache/classes.zip
    Filesize

    783KB

    MD5

    6549af6058dea0d0701df3e7daf7d5f4

    SHA1

    363316f3fa91fd9414a143c3cb196d9649ac92fd

    SHA256

    981294498ed9465a311684c0d398a845e82547060e54436861ca4069454875d7

    SHA512

    ff27842baa9af7d4963f64d215b0407f253ab78ffb58adf5dc329138645451171ed73609d7a876dfa5637f353b328bdb8c2ee1d4db9ae468d587f49ef8393edd

    Download Submit

  • /data/data/com.luyabikone.development/files/profileInstalled
    Filesize

    24B

    MD5

    18eb828ff4b9864f873d32e01fdbd6d6

    SHA1

    bf1113c2c60bb9b7915a2606eb8ee711c0d9959c

    SHA256

    8c57d2ed8e4a3a02694b3c374d52ec0829437797a386e6dbae540b0d7b6be290

    SHA512

    0c8beedfeaa08acbf6b7ebbecb0a51e3d45dd15b5f2765317eabec254f982070b9351cb20397cce50e7073b9dab7f4ceef70a1b1ce087b91b6734dbd1767e90e

    Download Submit

  • /data/data/com.luyabikone.development/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    5cd7798ab291625e831b042f7f013083

    SHA1

    d053476ceec315d65d54b9fafd71ff191db35c3f

    SHA256

    8469f7a28c63f921f7bc4009434e7b3e7d0be0bb4fcc1114195fae1f21a7da5f

    SHA512

    796c6e9c913a9c1f27877ef8a8ade016acbb22fd441075fdaba447772c14530a8fab5e9586a9ab7f292013eb7fb31b446b09ba004a17ab3dd5584ffd5e45bd1f

    Download Submit

  • /data/data/com.luyabikone.development/no_backup/androidx.work.workdb
    Filesize

    168KB

    MD5

    19c836f17d24574af8a9b0ed811d2f9a

    SHA1

    8768386c7b8972829b808c8d2d2790d38b465309

    SHA256

    b3f921b2892d597f8d1b8832be7e2261a5ad6e5ac8b74d69ad949d92e5cdfffb

    SHA512

    a33cea4cae18f99b2e785185ef71334eb607ec3befaebd2ce6d4d75bfee0096f499e52cdb308ceaca4ef4888ec45a9a816a67a57bede5cd9a48f53958b05bb16

    Download Submit

  • /data/data/com.luyabikone.development/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    e86216b5645c65f1c9c26356ca070e37

    SHA1

    c6d4d202bfeabf81f49af0e98adef4886a0b825f

    SHA256

    5317f68c58c3a6f35fe06177b5fae60d29a3fcaacfcb5b5d31617df5ee9c4b02

    SHA512

    0df51859cbd4db7591aa32d3dc2286593850aa3511c02a1425e289437521608244bf109f3f8ec303fef52f42755d008beb31bddd8ee1fad46de9860c233d0f12

    Download Submit

  • /data/data/com.luyabikone.development/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    9b9ec53a8639dad249544c29e97b2961

    SHA1

    7b2d740f233875c698c6e5142a439a9d8d9268b2

    SHA256

    8fd59f95dabfdca43c94b7452a2112bd37eb5733320d65305c92fc72b6f6ddd7

    SHA512

    22350c76fe68ca08857343b5943319b144961eafba8f6f79a2cedadbd24982f3f062a0e06d7b63df5839680f12bfe5350cd37eadc1292bb78d75e122bd25284a

    Download Submit

  • /data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    09aa99280e34f34bb3a2d6541f3055f6

    SHA1

    e4a57146348368442b71c62945647c0f9221e746

    SHA256

    7caa85050ff50846504cbcc6421a5d73d4f37a3cb5e4590b6a33da01bdc9081c

    SHA512

    52a62752bdbfaf8f95bbf79418d83cef6f665331e3ec001481c9b1c0c80294a2a50576587ab6a83b6015bf9abccc1b36f80c9157f3b2875fa562e92c020cf2e4

    Download Submit

  • /data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal
    Filesize

    434KB

    MD5

    1b3fa1d5877c52bc75376cb38fad4453

    SHA1

    d46754d649ba81696ca2975f820600ae6c3bd5ee

    SHA256

    f4fd1b47576b3d970d53d7a556ae79bf82ef4b1176b6e1528358b0068efb464a

    SHA512

    a39e74a9b507b57d2a33dbacf3294332aa4dc4c33671ae775c42ecafcfaf40b6acbccef9e2935e95b4bb7a7fe7ac1815ddf37cd94f0bbf8c098d659872a3060e

    Download Submit

  • /data/misc/profiles/cur/0/com.luyabikone.development/primary.prof
    Filesize

    1009B

    MD5

    9b2b7703d8c8602d0b8766f9cb4077ae

    SHA1

    5474d119950546bc3753551faf3fc00bb91b4181

    SHA256

    d8f995e6ddd101363b9262f57d171c0ee21dcbc9f2f57c861b175d146ad14b9c

    SHA512

    7b4337dbc05fda17f6d2bf9635c9d04089444ebf652868bc2304b9150eec8f2ffc22fe3c5a804d2e25aa017ba3e4c4608c295b3ff93dd782536ea7c400ccbd67

    Download Submit

  • /data/misc/profiles/cur/0/com.luyabikone.development/primary.prof
    Filesize

    111B

    MD5

    58da93e89feebb1e45655d8bc2216016

    SHA1

    eb60abc7275dfb8495704157fabbd6099ad2a861

    SHA256

    c5896de447a37dc5938aa976f46bee37bcde3416e744c7e23ba3271a26838b22

    SHA512

    752e6bbd18f68444a6e2909c21aea07fca130e47f4adacc5325fb37ef6bb4eaec8e490e206e91d8a1402d484f193d7f9c124d2de9e970bf4cba35001531f7794

    Download Submit

  • /data/user/0/com.luyabikone.development/app_dex/classes.dex
    Filesize

    1.6MB

    MD5

    82713d4befcc35fa7370089f6b06fb1c

    SHA1

    62b88d697108c72a25f802d576dc45757efacb53

    SHA256

    ab5fac1e3d23c71cee88b6e7c41d17d9a3ee70880d276c3a41d702a6254021ad

    SHA512

    afa5905b8dac4dd3fd43b3ac479097ce9a38402a96cecefa7d4b9de510743089c55b7dabdfafeb8cf0360eb39c8f0f99f599c0e563eee4dcfd4558750869da85

    Download Submit