antidot | b039eb4e742a77a99452781f9de0aafd51bcfad6dcfea745e88200d0dd1ab69a

Analysis

max time kernel
149s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
04/04/2025, 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Update.apk
Size

17.1MB
MD5

d44caa02e4fa7e2992b327abb4242791
SHA1

2ec56ee9ad5fe44a3407ff977c6d0b5dfe4704e6
SHA256

3de709dadce6084258b4928145e5da404affeeedad19426f93a2741d6fd6dcf4
SHA512

46b0c1d1a118bbfe621a1f95d2186259db9f3d458adbfdd07686961559d88b37252b1d71fdd4d9aad6e6f6e2b120c906fd52dc04612ae6e1de17fe9d356af57a
SSDEEP

393216:n/6/FU/4HPKDDeXtn7rqqn8W41YRdcz27+rDrfn7S3Zd:n/6924yDiXZr18W41YRvwDrfmZd

Score

10^/10

antidot banker defense_evasion discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-3.dat	family_antidot

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.belilu.acm/app_dex/classes.dex	4219	com.belilu.acm
/data/user/0/com.belilu.acm/app_dex/classes.dex	4244	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.belilu.acm/app_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.belilu.acm/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.belilu.acm/app_dex/classes.dex	4219	com.belilu.acm

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.belilu.acm

Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs

defense_evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Intent action	android.settings.MANAGE_UNKNOWN_APP_SOURCES	com.belilu.acm

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.belilu.acm

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.belilu.acm

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.belilu.acm

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.belilu.acm

com.belilu.acm
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Requests allowing to install additional applications from unknown sources.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4219
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.belilu.acm/app_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.belilu.acm/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4244

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.belilu.acm/app_dex/classes.dex

Filesize
1.6MB

MD5
f255edad36ca54915519e76fed7d8049

SHA1
1b5e5200fc0a4739f65170d8c62a12914272e480

SHA256
ea8abdff5124a73c975b186e92de2fefc8d19b688082bea46cd7773b46374dfc

SHA512
939eee51aa07b8672a911510603fa88fa1a5e9de2f907a2352e46d04cc2002dfb2c50aa7a91b8d1d92c724ecc0f7e992c412f6cd4f208cc7183a99a01dbdb397

Download Submit
/data/data/com.belilu.acm/cache/classes.dex

Filesize
781KB

MD5
52c154dcde5d100bb1526079b0d7966c

SHA1
fb8b8531e5c1da60d3d4ad3336df1202c6b2ee66

SHA256
6c5ba604db8fcec76fbdca3a3a6356effc5d74cb20e526834157ec2c1055d56b

SHA512
81d5297e24d3935b88c88a8bb5af2c2fa56323a375200f3d3ecd0215bdce53d13b017c2ed76f4668000eb3f5a9a61cbfb4661735f6b22c250bd12af68ee0263b

Download Submit
/data/data/com.belilu.acm/cache/classes.zip

Filesize
782KB

MD5
37e70e82c84d65f7b0334ddd76d7b3ff

SHA1
0661ee06aa45c7c7e90e94b0ac3b19bb70f60b5f

SHA256
3b8f83cf8b8e2033f0d1198ac495858e4803b4c655a4281a1f77187b7b779ce5

SHA512
eec81c2771c655fb76f2ffb85f8fa24ae03eba6576299e295f21632e73d02f7c341c35f448ab8ac3de1b1b7eef409f1217e44fc55ce862f0cb5f022c70edc981

Download Submit
/data/data/com.belilu.acm/files/profileInstalled

Filesize
24B

MD5
e9f7be95605847e1bf0cd02d8ab81c37

SHA1
2efc0e5936169c3d606caa65f81f1a61c5111407

SHA256
d2bac0bc87306b18746154c5627fab4717c927d82d72d987beed1cca388d37b9

SHA512
30ef5957b3e9d3e6ba2c7b8df85402bfb6467dba300b0e62cafdd3716c3f9c7aaece994827e92d363e8f22e6a60795cc4fc502e5b2943fb46a10d5774cde0737

Download Submit
/data/data/com.belilu.acm/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
ceefc3dc9440ebc0e2ad77204abcc231

SHA1
e6eb6485d4a6c75130e666e5234344afb52d7dd6

SHA256
acac046093d3c528651d5564d1f3aaf2556bb7aff0f963cb999d93940955a028

SHA512
5029a9a5348f14a9b53c48aa36fbea6364cf6d2ad348531eae8fe5cee4cfcb8a93026b13aff34e759dd270c1c65d0e9e9aba1c80fbd70623c76da7e8938a299c

Download Submit
/data/data/com.belilu.acm/no_backup/androidx.work.workdb

Filesize
168KB

MD5
5b69f433bb72b88a5740ed01ab72bae0

SHA1
a6a6322a13e4381814f9d6ce0e38978350d629e1

SHA256
60b713eb090899177eaea83b09d3bfbc5c372cfc2e22f53101656340b5c53c57

SHA512
1e469cbc2ba94a595463b80b30ab7e8f02ca86474d8d7c2eadd68e172070646e0916c477f9c042f30a13af5be2ccaa2eda0a1661c82b69e21f80ffc1897377c5

Download Submit
/data/data/com.belilu.acm/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
b56209fc73c6873fc49900fb63f84544

SHA1
dc160a25f6a23639e17692e582bdb58da4ef1976

SHA256
adef438a54e8237cd4ee3ab802ee60bf527468074751edcdfb854153f713e427

SHA512
ba94fc0a2a55220a19a283147efa9e2428a7d07690f979541d700fd87921ed30db93d961858ab91aa6e0186ae8ef8b0dade1c8820447ffef307c232339c89d53

Download Submit
/data/data/com.belilu.acm/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.belilu.acm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
092363430b91cdf0661f8f172d42e683

SHA1
969633864fb7e6dc86ac4388c2dc7246b668a113

SHA256
b1198fd19d42c231f274381e994ffb2bcc22c200d48797bbd7d2111354cef1cd

SHA512
0864321ba16c1750496d18513a04f84ca61149b140fd509ab6b9cbd795765e471577c53ead3fc9f6d66058c6b3279236550d4e5a3e7e36e171f2ff9b4541b863

Download Submit
/data/data/com.belilu.acm/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
fc32b74aad5ed5a2e1bdec9f6face43c

SHA1
4ae83981193a99115a940d77eb307bff8c377b56

SHA256
7c7a8fd3f716404cfc13144c6861873755a60ca889bcfe0a5812842908ff7ccf

SHA512
feffa79d2dd5d1f5e1321084402f0e598441c435f581168faea653e77bbfe4d11e1149da33c5aee532e9a415cc2da898b713a4a2223d0fa0301a2d61178186cd

Download Submit
/data/data/com.belilu.acm/no_backup/androidx.work.workdb-wal

Filesize
422KB

MD5
dd447a6cdb8eb52b2870d056ae4439aa

SHA1
310c7fbe5db829b620f24812ea24208c01c2157e

SHA256
1dd305f71e72712775ac657febac47d6b4b62df36eb53ba516c04646c969b60a

SHA512
5e09c8b6de8a3ad9978378c7a1bee796cad6c830b010fbd5cea1c104283151d77b2a605a8b84398349a5354277b80df8fc221b0cd4ed5d498d5e4eeeeb4f5328

Download Submit
/data/misc/profiles/cur/0/com.belilu.acm/primary.prof

Filesize
1013B

MD5
00290bc6b09ac837f078d4ac753e0284

SHA1
135a20dd7ca2c536b52883a1c3210e146087ffc1

SHA256
0f30686171731bd060c6bfed03aa7d8efd96b517b9dc9b962ac1432d7d9fc717

SHA512
0d2a64d482fac57df157ea4278f8025fc4a1dc1918b78b282b61a3f34fbd74ab7cdd47dfac7f92f7c6378c58226ae0f952bf32cf5fd5f5fd919704a5c7ac0fe2

Download Submit
/data/misc/profiles/cur/0/com.belilu.acm/primary.prof

Filesize
108B

MD5
400c281a8cba7e60127ad1e7dd0b5c02

SHA1
9b40e7cd2f9763b89e30e0e884afd8a1538882de

SHA256
1ec38374e67a7ca7dfaa0e303aecdc29146167d830244779dfb17c565bdc5542

SHA512
77e6d882841100327b31484bf95fb9bdf6c61b49134301ba8a96564113ca2aa658b49f909c5e5d4e7b866e4b7a3d8cc9a2bd305c5c8e83ceefcc7c08bf1f72a1

Download Submit
/data/user/0/com.belilu.acm/app_dex/classes.dex

Filesize
1.6MB

MD5
db550d468c061af9111b226a99c5b106

SHA1
ae5096bc36f828843623912f78c4841cf628a5c7

SHA256
9dfea98e889f9478f51b6eb67634e38c2b8f66a2fdd005b5ce5b7c3c74140a9a

SHA512
be9570b6687321792b6ea054d5e92888d330c48745f48fbe8b6c0abf87d7464b017aaf58471f6bb0c8b4a42b24a5ab2f877caf4c319f90e121c51ea8a8a809bf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads