antidot | e893374ee1f3e1a7ccabab85d2f47c64d7cf0781f64f5e0bb7a96368327919a9

Analysis

max time kernel
149s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
24/03/2025, 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e893374ee1f3e1a7ccabab85d2f47c64d7cf0781f64f5e0bb7a96368327919a9.apk
Size

16.8MB
MD5

4d7c8b05b2af242297137a70f9f6216d
SHA1

b2cd4d335ac946bdac5b02a215f649f35c57464c
SHA256

e893374ee1f3e1a7ccabab85d2f47c64d7cf0781f64f5e0bb7a96368327919a9
SHA512

2f6a50a9362ce29a617b078eed0c660a096a6e2d633dc3aaff144316ca6065f6a2971161168ca4a1d82d1fd93e222238804e371a706948ae8bf1bf8bbe30ce5d
SSDEEP

393216:HcowMPJkvcCCthgGKztNk+s/kUIOgWRfWnDv45v62D6:H3HkVGytqLkU6WRfB5vlu

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral3/files/fstream-3.dat	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.luyabikone.development/app_dex/classes.dex	4770	com.luyabikone.development
/data/user/0/com.luyabikone.development/app_dex/classes.dex	4770	com.luyabikone.development

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.luyabikone.development

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.luyabikone.development

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.luyabikone.development

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.luyabikone.development

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.luyabikone.development

com.luyabikone.development
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks the application is allowed to request package installs through the package installer
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4770

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.luyabikone.development/app_dex/classes.dex

Filesize
1.6MB

MD5
c503da310e142896a749aca634caade2

SHA1
64053a2ccc6b01c6f5a74b9deaab5e115c940d97

SHA256
357456db5e3af73ee9de8a521fb93612cd08f340b5b0c5f398cb9713b9bd5d08

SHA512
d0ef906c5548ca5c62af8043c39af715f8a1b72186c31fe7bc5b1ed19e886a4261861b536f3875ec8d030a56295872396bc745b8939a0aca86ee38d4124a3c5f

Download Submit
/data/data/com.luyabikone.development/cache/classes.dex

Filesize
783KB

MD5
02f9cd4e8d6fd5272a9aad12ef61d9bf

SHA1
44554b9ac65b0fe1319ac48b07bf525738ac3d57

SHA256
9a303da645f0ea04b04dcf655328c0c5b771025b0dcefa7e4e4cc146e02edee2

SHA512
4b752a4a5e9c54a112adbfac512c86ac0647d1101a75af3fb085e5c25eb07cf68734b937651c4c831ebe71229d7e82a881f825c7d358f1719c7b8626aea790e9

Download Submit
/data/data/com.luyabikone.development/cache/classes.zip

Filesize
783KB

MD5
6549af6058dea0d0701df3e7daf7d5f4

SHA1
363316f3fa91fd9414a143c3cb196d9649ac92fd

SHA256
981294498ed9465a311684c0d398a845e82547060e54436861ca4069454875d7

SHA512
ff27842baa9af7d4963f64d215b0407f253ab78ffb58adf5dc329138645451171ed73609d7a876dfa5637f353b328bdb8c2ee1d4db9ae468d587f49ef8393edd

Download Submit
/data/data/com.luyabikone.development/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
2b4bd774b6766a77847658dbc209608d

SHA1
6f2b5c012b9e96b6cc25a2bd31ea24baca037834

SHA256
8926ae973ec9270071a5b9ab811a621c4bb1fe03cda79baa195653cdd18059bf

SHA512
c844f3831333a91ed9d7543f3c5b0c4c0e92a732e01345c35b32296c3b043ab5d5b586a6d6bd68ee2a65862d56cdd6a10816579bf387f6a7795cb7e399b8e9db

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb

Filesize
184KB

MD5
316a78e92204d22d2f1c09605695a81b

SHA1
d2060c77c7c13137872c41e9daacac186133cd93

SHA256
ccd71d6626f14d951ebc5692302cde6dc9093bc16f1148d2fd70d454b2e697e4

SHA512
f89b5e21d30dcc1cd0437effb1a5764734bde8f044d2c710ee6aa9b963a7f66da7e58bd012d29670bf8b71406b3e73bb958baf90c78c7319741661ac73b50db4

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
99d3a1d9719af79c8cbc512290cf2345

SHA1
ed760e2369d91c21c7e44e688408caad7fd02b8d

SHA256
10867c0a4e3bde9f6fb681acf065a1805c5ed10a203c339018990d66dce99be9

SHA512
329d8fbfa57b65c70a9d1c852f38ed263275ebc78944057131691efac1406b77d7d868d8628736ae2c0df87c67e13d0cdb9b065cd7e832f5a1961ba08f201a8a

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal

Filesize
422KB

MD5
60cd6d6f79416d851a1dade8eedbff5d

SHA1
3fbbde83576ef7c72c33e5b0eabae8772438784a

SHA256
73d36f9c3b12ea1cd98df4217f0974fa00e840b4d30443b37bdf2787659890db

SHA512
7c5b3fe113d78236879897a56bd57dcfea6c658924dbc4478428916e23a0c05c691d6ba7cee2c3fccb14edd1fce4a36122fdb8e2b6f207dbddd4adc10ea79648

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
f12fbddf0d59ec0224014ce4bf68de5a

SHA1
66f805b2def932546d822532bacdc131d1b75c22

SHA256
a7bd3049da3365ef11855af9031631d2c26ec3cebc732834ec48af0b7d96ddda

SHA512
8371e29dfed1fe18916974d1d408152b0643c73191dcbdaa5e5df507714d18e5aee97affd2330a4e42b18693ff448b79916d02d4f2be54694f232d01cedaf62d

Download Submit
/data/data/com.luyabikone.development/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
cbcef5c19dde2bdb54feef2c91c01460

SHA1
a1dc9ad29ddbc166fbdf644e51159b095056a012

SHA256
2562eebda2623174c0b4a0c4b642a4dab8644554949a3c04e9f6a78157a4b4cc

SHA512
152c1606e0f2c15e31180143bb069e8d0e42cf2338dc480ff3c21f03e9806979411449ad0e9fccf0fc3114796be1f47866b00a846cb0bef2c48579f9cc58e994

Download Submit
/data/misc/profiles/cur/0/com.luyabikone.development/primary.prof

Filesize
1009B

MD5
9b2b7703d8c8602d0b8766f9cb4077ae

SHA1
5474d119950546bc3753551faf3fc00bb91b4181

SHA256
d8f995e6ddd101363b9262f57d171c0ee21dcbc9f2f57c861b175d146ad14b9c

SHA512
7b4337dbc05fda17f6d2bf9635c9d04089444ebf652868bc2304b9150eec8f2ffc22fe3c5a804d2e25aa017ba3e4c4608c295b3ff93dd782536ea7c400ccbd67

Download Submit
/data/misc/profiles/cur/0/com.luyabikone.development/primary.prof

Filesize
25B

MD5
b9d9e0f8902d129e1aeebff0ae7b725b

SHA1
cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781

SHA256
25a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91

SHA512
f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads