antidot | b039eb4e742a77a99452781f9de0aafd51bcfad6dcfea745e88200d0dd1ab69a

Analysis

max time kernel
64s
max time network
154s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
04/04/2025, 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vibufagafa.apk
Size

9.9MB
MD5

6f6aa0edc0e3e93700384a88a519aee2
SHA1

6dbf7f2185e3bc368f07a9009f9322f2e85c3181
SHA256

54819e64834851d97c6dfd6c48e4c2b65d5bded096eef41ebb4eb478f082842f
SHA512

20377ebedeaf463fdb9b4aae4d8b9e230fbbce0707d52491436e0f8a2955087e73f7b1190197c84b3e31c6bdd559c018f5755315f55e89a8e1c3820e65457bed
SSDEEP

196608:4ctSV521/8flAkCaqtrdDDeXtUu7rqLen1GxW89oY1Y4:0U/4HPKDDeXtn7rqqn8W41Y4

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral6/files/fstream-3.dat	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.hediyohe.dom/app_dex/classes.dex	4827	com.hediyohe.dom
/data/user/0/com.hediyohe.dom/app_dex/classes.dex	4827	com.hediyohe.dom

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.hediyohe.dom

Requests uninstalling the application. 1 TTPs 1 IoCs

defense_evasion

Uninstall Malicious Application

T1630.001

description	ioc	Process
Intent action	android.intent.action.DELETE	com.hediyohe.dom

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.hediyohe.dom

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.hediyohe.dom

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hediyohe.dom

com.hediyohe.dom
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests uninstalling the application.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4827

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Indicator Removal on Host

T1630

Uninstall Malicious Application

T1630.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hediyohe.dom/app_dex/classes.dex

Filesize
2.8MB

MD5
af99a0df43d1a4fdf0ab5d36d5ebc114

SHA1
28a4d02c31dce95f522e5c967c03b75f13fdd09a

SHA256
5c7eafba46b8e914a885f01fbf5525656b015621f8f1e4ca36674af97718bd02

SHA512
1393537e885931ebacfc9baddb117c2a7853158fe4f91334e9aabd68afa2784981c3b969bfd36b35b8c406218f29da9e04963c801a37b39eb3e4e1fef238cc62

Download Submit
/data/data/com.hediyohe.dom/cache/classes.dex

Filesize
1.3MB

MD5
62592964db9700985d97d46648542166

SHA1
b797d0db553c90c6012750ac28446aa74d604d8f

SHA256
7ca7fe68dd651858b3b6d47f1a1b6b0e307161b13c3bfee6541608002b2c3119

SHA512
152d8288bf71e53e8952be0d3f6601a9c16e36a42efaefb765dc7819832dadf4367ca30799df95e541ca2988c916de4aa7843d1b4f08d44a742e961c332e214c

Download Submit
/data/data/com.hediyohe.dom/cache/classes.zip

Filesize
1.3MB

MD5
b0cd6f049fc9db61e4ca0410ae2d686b

SHA1
723576f12260b4282cc81a608134626a2d6c0683

SHA256
8b77506284afd981caa0ac01ab36c0260a81d5747c1f2e5b18ab6eee43fce0af

SHA512
edc18d2581cfd07ef4d5c6b13531d582c13cb2a4a0e9ba8ad5eb42da5c4071705779de280d4c52fa7489579ba54862b8a6dd38354127477e34865bea4d816301

Download Submit
/data/data/com.hediyohe.dom/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
1552b2f3ca259dc3f9b7a5c7b6d61d49

SHA1
aacd7a768c3a375903e04dcc8df9be4c22c42993

SHA256
40f016cef223b44d08be859b07c14a53e995914cb771dc6aef36f1fc08160ce7

SHA512
6f9bb886335605608fc4a86c9b3c8210dfe14eaecac84e7e35144453bd17540d6c659803cf8c3f2782f0ebae941753599e94fd9a1adfb08aa461521afb54d36c

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
2ec9257fd0100474e1481bface01b781

SHA1
0047aab934bc81a55d30836bad4172e1640ea40f

SHA256
c19396f1e82b5254ed55c2c0a5c77cbd6842055c1ff4a75afc44da98e688b6f3

SHA512
c902521d60027cf1a6f4698283c8f8771f5f40756de2d58464da27470d7dbc89bc561398166a0da06480678eb60f2d3a1748e4c3e076619ab15bb45041d12e03

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb-wal

Filesize
350KB

MD5
fe4601e41c03225bef217c628e2f3e6d

SHA1
61a9935a921bb3cd97042c3500f7b30c0fd99ecf

SHA256
14c995a738240a98fdeb5ac7942db32637d2bf9e38399f946996e03ef140a398

SHA512
71f6a3cf4b21245b181a07ed05d9f67ecb83f5e8c89aab9e922fc73cc5629abf5e128fe375e1fe3c3074022a22a583567c2d51465ca952fadeb556bc4bd565d9

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
c1cfbe97afe94714a70384eacce8cf5a

SHA1
0216b6dbef28147b5d054e9827381e10ffe3f16f

SHA256
014a6ca6750f8d92fb07cbfa48aeca2a97e57072909301c2c90198535566ee4f

SHA512
d19810aaaf8123c535bf8fa543f9ccc5ffd68e826104afc2f490668275852dbe3d2b71630f63afe8f9f729a6c4e32c6ed6e22d1ad38b1e87326851d4533f9ff3

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
ea0a88f31d2ad9e6cb21a95a88c79c1e

SHA1
fb1a31c1c526f10f531129d157e115216acdfd7e

SHA256
d1818f3e5109b70608a6774af73e6d928d6e88d55b4ef94fbf5c39708aa7b2d6

SHA512
8223533ae813d4f6e3e32e6a5f8c6bd41cf86459cc842feeab68c926c651b2ef0253fc7370147ced83915fc945ba319cef28f895acbcf7dfe4bed430351e01f6

Download Submit
/data/misc/profiles/cur/0/com.hediyohe.dom/primary.prof

Filesize
1KB

MD5
109dca565f401737d6e51f37191d5d1c

SHA1
c80ea384d54ff2eb2b9cd641a0f18eb6c8d589a1

SHA256
42c011afb5b2fa7fc7d182dc035f0d0e82c700f01b955dcb80630b292bf0a736

SHA512
88e78ecc3d95e23b0ece63ee97d2c9f5bf7a5d0b45b5f95b193cda8eececdf43f9864d91c9f384e13a6eb1d6bd19ebd8282965518921f857a51d4a49aec50650

Download Submit
/data/misc/profiles/cur/0/com.hediyohe.dom/primary.prof

Filesize
25B

MD5
b9d9e0f8902d129e1aeebff0ae7b725b

SHA1
cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781

SHA256
25a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91

SHA512
f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads