antidot | f5fdc1672088ee29affc4817986e722765c4f03af4dcde8fc603b25544bae62d

Resubmissions

24/03/2025, 20:33

250324-zbyfyaypv8 10

21/03/2025, 22:49

250321-2rnmsasvgx 10

Analysis

max time kernel
57s
max time network
75s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
24/03/2025, 20:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5fdc1672088ee29affc4817986e722765c4f03af4dcde8fc603b25544bae62d.apk
Size

9.6MB
MD5

e6c96197eb41de926fe43d6721f01aaf
SHA1

15fd15f9803134efe6b7c28c86a00a4f0390c973
SHA256

f5fdc1672088ee29affc4817986e722765c4f03af4dcde8fc603b25544bae62d
SHA512

e36c4a07161d77d98d6e1fb7f30cb42667e9fb997adfdd1e36fd5ac41ef58428c87b0dcc507988614e29a7b9ba93f4f1e42715ac6802916729af51941020e5e2
SSDEEP

196608:B3TfkmoN3qOqH51QWqzQbgk4sAw7kCwDkbe9H/yzL3itOrY0obFF6a1SEfAL:BDfkmoxqUXzS4W7krDkbe9H/yzrrY0oO

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4242-0.dex	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.gatefada.digital/app_border/pk.json	4242	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.gatefada.digital/app_border/pk.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.gatefada.digital/app_border/oat/x86/pk.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.gatefada.digital/app_border/pk.json	4217	com.gatefada.digital

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.gatefada.digital

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.gatefada.digital

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.gatefada.digital

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.gatefada.digital

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.gatefada.digital

com.gatefada.digital
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4217
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.gatefada.digital/app_border/pk.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.gatefada.digital/app_border/oat/x86/pk.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4242

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gatefada.digital/app_border/oat/pk.json.cur.prof

Filesize
2KB

MD5
fea3beda101807e8711b015a4f95c25b

SHA1
80eed6bf0766c5eaeceea0df0cf8329304400a08

SHA256
1def4f4cda8d5bcb5773b675aac25ea71b538520fef61083cfbdd3e9b9479e8a

SHA512
fd8181783aeb3a3dce41778a4048f956cf629bf2f99a5173726089e1e70cbff00c8cca2ae8174eb52e67a9f69da70739d31e8e751fb03ef2676ce53eec5f20b5

Download Submit
/data/data/com.gatefada.digital/app_border/pk.json

Filesize
626KB

MD5
89e42973273a071c7810384f13f65b63

SHA1
9ac4c1043923f75764d56d8f001f6e5fa0b3a4fa

SHA256
3ffc2ac802f73a7321451f456a52195f3d733a84c99b22b36cca7505e1ffde66

SHA512
35c21b0536e0cff62283585a2a07913467c67a9bde10b4d9c75add5f516da9505509764d86b984ba23fe8f80a69f79b1950336d9ec4fd782eb9b5cf62ae168e1

Download Submit
/data/data/com.gatefada.digital/app_border/pk.json

Filesize
626KB

MD5
9b3ebd3743eeeb9a4ddafd8885393b3c

SHA1
2d5800f7ccd88d64080c4fcfcf3b2ecf61f38a2f

SHA256
61a91d1c88bed936873b60ebc0048165f81ade57579a3f5309bbc3ee11d0109e

SHA512
04e412da11cf825a41aba0948570543c8c4fe82a60584a36eedba2dff465f237a73d37f68807e34623886fe4bcb882acb183c40a1313607f4195de801283f863

Download Submit
/data/data/com.gatefada.digital/files/profileInstalled

Filesize
24B

MD5
85d70adc07151cecea9ccf447a7e9482

SHA1
a2963ad58b72df28ff436d24978124f5cb2c4555

SHA256
ef66df0b1041750a9df7fd875937f42d7965a3e36a5a0a762f93dfbefa5e7e2f

SHA512
c87a9affbe07f6c84292d51ac7e19ff0592b8d806a7e1e46b93ac0fabba289fde4d0cd4fbd2bba49dc2424a0277643ddbb2fee1172742abb7027cb6073343401

Download Submit
/data/data/com.gatefada.digital/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
db37f56b7f6ab71a1c95093f0a6506ee

SHA1
8d08e8892e770cb5f44c243e6a4fce96996b26c7

SHA256
f44cfc900193f7b172ebed33769c50a432eb48d7ea9c47aae9df194190d326a8

SHA512
6955e9ddc232c900a3c389003430ad0333a472e4b05e27dbd98e47020ebde68f924d6120d1dd2c7c47320dbbb22e928b23150319ac05f08ca779c46757f82767

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb

Filesize
116KB

MD5
5f406a30f3515cbf29021e06304404be

SHA1
8a057ad3171c98f2185c217522805b6d46c78d4c

SHA256
7ae1aaac166d654924f4f93f0de6399595bd4ebf3c6607f94f37e1b217faa03a

SHA512
5819f76c27d05078651baecb5f9c3f964570ac726202591c133e509bf839c48700912b37498dae11f2b96edf6c1ca42cb371606984c2546fee0f1d6094adff3a

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
7bfe45098257d21a0b3defdfddedeb8c

SHA1
0050c3a99ca5cb406bff2c5b6ef832e2bbbbb5e6

SHA256
5e3a19c9e0a975146ac813323499a7544f1c43440951b1bbd311408552451e1c

SHA512
dd22c064614676ce769363f9a5c0531cd1ee252157315f6c15270a02e3895c533eefd4c0d4722913bfe8116ed0e30cb6debab59b9a97e8d43cd366b9e9df142d

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
08255d16d690dec9460159b7f7d64eae

SHA1
6059a49f6d9425e38a5f1631f12330f145d795a4

SHA256
caeb61d5d8b313b5a8262a048db897259389cc37041955351c3a30e598724bc7

SHA512
969601fb620699294af9a364c662dbddc4ad29ee618a7157fe98b13dbe0e397f5a70d5187c7b536c3300d25d3521999d724a866427ea5a1baee0ccc337002fe5

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
784774d25064e4b936300eb55f3fe3f9

SHA1
04876219c7b28ac5866e2f1129818eac0dbf9a5a

SHA256
115a5e880e116a96316ce48f9ea627f87ce58d538d12d175eb8259d1e4e3e7e6

SHA512
5ddc13c352fb5242f5a0edaf57cbd8fd0542f49fdbe3af31e3f6799c31df3253723a321b035730a882407c3be28988079bdafb3316730d6591c5bbeac39babdc

Download Submit
/data/data/com.gatefada.digital/no_backup/androidx.work.workdb-wal

Filesize
422KB

MD5
9986a06bc5de9278c2148bddb9c3cf98

SHA1
7f6f16207a3959dc867af08f6970396cd5cc33b3

SHA256
931a6e7f67da71520bad30e3d20ea7d38c29dbf3cbbcddddc722f72370fc44ea

SHA512
6267c9cf285647fc1f37ae8d5e7c5a5649d1b00dd9c239d3ba005cbef7c72ea3281afc3c77c12bcc90ec5e7bd3b1ea732c8cfb51e837073dee4db94bd77b732b

Download Submit
/data/misc/profiles/cur/0/com.gatefada.digital/primary.prof

Filesize
986B

MD5
d2f1160f8584e32aca0a14c939d55ce8

SHA1
745ead3ab9ab804c4b35fa8de8aa67e90b134a87

SHA256
31e8408e823d20e580d23428b26d350a054b1487fd89658808bb0bc08e9440fb

SHA512
c17c8dda09c0fa226041dc06320b399d47000b1b5f28a617c761b67fb642aabbceb436fa90bb94f2b1f434b7b5fe6477703d95d210821e98bfd97c9bdaf45b86

Download Submit
/data/misc/profiles/cur/0/com.gatefada.digital/primary.prof

Filesize
185B

MD5
e4efb9aeeff9a508da81857861129abf

SHA1
98cc50a88f0e39e85b30729f50d0b5885db044fc

SHA256
d99718a5344572cf75a9cb6204f46c50a3b9be737c46779c96ac3a4f68f0fab6

SHA512
34a0156f660a4e9a6dc0a24ec32bed98f8992f566c38bb22511f5de93675dc8f93f63ea0e848360ce1145143f3d102e3a10260c6e3e2a723f752556454ae354b

Download Submit
/data/user/0/com.gatefada.digital/app_border/pk.json

Filesize
1.3MB

MD5
41d3cd8603353e5ad8525f7629901472

SHA1
4aa202aa4716680a19955b302fc347dd733b7590

SHA256
e42d272eac399e8df6f5121716a31a9e7d419eb0b28b02582accd969230537c9

SHA512
bd8aaff36146235981fb50c4e991f3728e128f68c1350165024371c14c74b7d473209bdf410a19fcd8dea71c969169e81dd2205cb37f29f3ed3140e6efb44fbe

Download Submit
/data/user/0/com.gatefada.digital/app_border/pk.json

Filesize
1.3MB

MD5
8f58959358243e0b52290d35817ab042

SHA1
6ec7f62a669b1fc3a5761d27e5fd5d65fa1f49cd

SHA256
97da4189934a50294bded0d2b6115807811ad15e0cd50eb6ad7e767c5004da6a

SHA512
28c6d8c0f8b49c44b1cb66323ac13449a75a979cf4832672dfec0a0d4a314340bf0c55aa7afcfb5dc1b34330971bec574433ce83f827ae5310ea39a7a0bfec95

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads