antidot | e893374ee1f3e1a7ccabab85d2f47c64d7cf0781f64f5e0bb7a96368327919a9

Analysis

max time kernel
149s
max time network
150s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
24/03/2025, 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e893374ee1f3e1a7ccabab85d2f47c64d7cf0781f64f5e0bb7a96368327919a9.apk
Size

16.8MB
MD5

4d7c8b05b2af242297137a70f9f6216d
SHA1

b2cd4d335ac946bdac5b02a215f649f35c57464c
SHA256

e893374ee1f3e1a7ccabab85d2f47c64d7cf0781f64f5e0bb7a96368327919a9
SHA512

2f6a50a9362ce29a617b078eed0c660a096a6e2d633dc3aaff144316ca6065f6a2971161168ca4a1d82d1fd93e222238804e371a706948ae8bf1bf8bbe30ce5d
SSDEEP

393216:HcowMPJkvcCCthgGKztNk+s/kUIOgWRfWnDv45v62D6:H3HkVGytqLkU6WRfB5vlu

Score

10^/10

antidot banker collection credential_access defense_evasion discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral2/files/fstream-3.dat	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.luyabikone.development/app_dex/classes.dex	5105	com.luyabikone.development
/data/user/0/com.luyabikone.development/app_dex/classes.dex	5105	com.luyabikone.development

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.luyabikone.development

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.luyabikone.development

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.luyabikone.development

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.luyabikone.development

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.luyabikone.development

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.luyabikone.development

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.luyabikone.development

com.luyabikone.development
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5105

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.luyabikone.development/app_dex/classes.dex

Filesize
1.6MB

MD5
c503da310e142896a749aca634caade2

SHA1
64053a2ccc6b01c6f5a74b9deaab5e115c940d97

SHA256
357456db5e3af73ee9de8a521fb93612cd08f340b5b0c5f398cb9713b9bd5d08

SHA512
d0ef906c5548ca5c62af8043c39af715f8a1b72186c31fe7bc5b1ed19e886a4261861b536f3875ec8d030a56295872396bc745b8939a0aca86ee38d4124a3c5f

Download Submit
/data/data/com.luyabikone.development/cache/classes.dex

Filesize
783KB

MD5
02f9cd4e8d6fd5272a9aad12ef61d9bf

SHA1
44554b9ac65b0fe1319ac48b07bf525738ac3d57

SHA256
9a303da645f0ea04b04dcf655328c0c5b771025b0dcefa7e4e4cc146e02edee2

SHA512
4b752a4a5e9c54a112adbfac512c86ac0647d1101a75af3fb085e5c25eb07cf68734b937651c4c831ebe71229d7e82a881f825c7d358f1719c7b8626aea790e9

Download Submit
/data/data/com.luyabikone.development/cache/classes.zip

Filesize
783KB

MD5
6549af6058dea0d0701df3e7daf7d5f4

SHA1
363316f3fa91fd9414a143c3cb196d9649ac92fd

SHA256
981294498ed9465a311684c0d398a845e82547060e54436861ca4069454875d7

SHA512
ff27842baa9af7d4963f64d215b0407f253ab78ffb58adf5dc329138645451171ed73609d7a876dfa5637f353b328bdb8c2ee1d4db9ae468d587f49ef8393edd

Download Submit
/data/data/com.luyabikone.development/files/profileInstalled

Filesize
24B

MD5
e94e53ffff8b6a44bd86201b6dafb4ed

SHA1
105c8a0181685f42c88c0918453972d832d007f2

SHA256
2c57345bd97fbe1007d9e1cd3a49423b90717f5f7266b76ed2195a6de5064611

SHA512
ae1e1728106f2156894cfce4892ff867635ba848645d399b4f912a6f935af00ccd6cf6257ab0f477ddeee3a914fa37f79b15a22a4a5aed42e1a9cdb29db4ade2

Download Submit
/data/data/com.luyabikone.development/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
700b2737b582b7c1f752846570deb8ae

SHA1
5ff969457184e74054f156323ca902103bdc53d0

SHA256
e1b9b49f7fdfda2c768f921972e8aa5a7fb246420cff101420c4dd0eea3f81bd

SHA512
36837a69770b990e0cb3402b84f19c84d81e8f35327c54df6a9804473184e5afb5fdd7c6a4e6f09ae0da04adf97da87e8e4006aae1b14d5d2f31624dcdfe0f64

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb

Filesize
172KB

MD5
be56738b0c50813b6237cf12e3288ae7

SHA1
206adb11c98d9a0d73c09c56a683efbee0a09982

SHA256
be97dd269f7b223d7f544b5086dd8583bb658ca744c78008488cbb83d8d294a8

SHA512
69b5095bf951982873933cf1a0a8503b1fff5ccf121521efd7f1c1fdc7d1d9e4cf8b9c71377ddf3585f3891c6b009ceda268302e48f991c3b99af86578aa8198

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
f1edc17773422e62aa4d5c4f874205e4

SHA1
9f36d9207381cccc75d82ea6fefd07b7a9e4b3c0

SHA256
3890792458a5c1fcd1dd3662fabc0537a996011b2ddd1e20dbb4ddb7bf02aed9

SHA512
1529d101ee9df0f87ec35b66aa791f55e5608185d282d4b95d7684deec30318c9572487488a39a7d584bb68cf3a23c6da2478392be9fa80d59b5d94710612247

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal

Filesize
434KB

MD5
261baa7228aaac0d0d89c1860f4d45d7

SHA1
de85b685cfaefe30b6efa525ae6ca283e5a55b39

SHA256
db35fc4d08ea05d5aa30a0ef1d86956f833ba4c4aa365af7e07467fceb1cf578

SHA512
a25eb2c1bfcee5fc52d025193fd6f70d5453c67a5fd29e01fdf691af9c51590dd183ee27ff485cc7b53ef5fb9736a5065388b29f4b6894ed84808e3761640303

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
528805bc136450c0dbe80f038dc9cdcf

SHA1
10c3de002af283f17e4f70a786f0ca8a3b9ac433

SHA256
d75d31250e647d81976812ac438ad9c58f2c179f75eb36ee0787ca65791ca021

SHA512
dc182fc5860a5bdcc6c4fa2246851f387bcd147a39fea353a2646af90ce4f3090d9339d13b335e92aba0c1228109ca46adecfb7de154c4e800d9e83be908b685

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
1087d1b0e3c78dac8926d0b50fa8cb34

SHA1
07fe360539c26ee7e0a619480b28f6e1074dc36c

SHA256
3f8f7d2ac80bc842f5a427d2c259716ee212abb93485c756e1fe945d6956ef0e

SHA512
901ddc73aad870b7b8b4e547b9af35d1650374e9989ce4cd7435aa77c6415466f2d052c203a2926fa70ce9e8a6a0d45695ea20f2fbde8d7a489b077179592560

Download Submit
/data/misc/profiles/cur/0/com.luyabikone.development/primary.prof

Filesize
1009B

MD5
9b2b7703d8c8602d0b8766f9cb4077ae

SHA1
5474d119950546bc3753551faf3fc00bb91b4181

SHA256
d8f995e6ddd101363b9262f57d171c0ee21dcbc9f2f57c861b175d146ad14b9c

SHA512
7b4337dbc05fda17f6d2bf9635c9d04089444ebf652868bc2304b9150eec8f2ffc22fe3c5a804d2e25aa017ba3e4c4608c295b3ff93dd782536ea7c400ccbd67

Download Submit
/data/misc/profiles/cur/0/com.luyabikone.development/primary.prof

Filesize
25B

MD5
b9d9e0f8902d129e1aeebff0ae7b725b

SHA1
cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781

SHA256
25a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91

SHA512
f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads