antidot | b039eb4e742a77a99452781f9de0aafd51bcfad6dcfea745e88200d0dd1ab69a

Analysis

max time kernel
149s
max time network
152s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
04/04/2025, 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Update.apk
Size

17.1MB
MD5

d44caa02e4fa7e2992b327abb4242791
SHA1

2ec56ee9ad5fe44a3407ff977c6d0b5dfe4704e6
SHA256

3de709dadce6084258b4928145e5da404affeeedad19426f93a2741d6fd6dcf4
SHA512

46b0c1d1a118bbfe621a1f95d2186259db9f3d458adbfdd07686961559d88b37252b1d71fdd4d9aad6e6f6e2b120c906fd52dc04612ae6e1de17fe9d356af57a
SSDEEP

393216:n/6/FU/4HPKDDeXtn7rqqn8W41YRdcz27+rDrfn7S3Zd:n/6924yDiXZr18W41YRvwDrfmZd

Score

10^/10

antidot banker discovery evasion execution infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-3.dat	family_antidot

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.belilu.acm/app_dex/classes.dex	4329	com.belilu.acm
/data/user/0/com.belilu.acm/app_dex/classes.dex	4355	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.belilu.acm/app_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.belilu.acm/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.belilu.acm/app_dex/classes.dex	4329	com.belilu.acm

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.belilu.acm

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.belilu.acm

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.belilu.acm

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.belilu.acm

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.belilu.acm

com.belilu.acm
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4329
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.belilu.acm/app_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.belilu.acm/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4355

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.belilu.acm/app_dex/classes.dex

Filesize
1.6MB

MD5
f255edad36ca54915519e76fed7d8049

SHA1
1b5e5200fc0a4739f65170d8c62a12914272e480

SHA256
ea8abdff5124a73c975b186e92de2fefc8d19b688082bea46cd7773b46374dfc

SHA512
939eee51aa07b8672a911510603fa88fa1a5e9de2f907a2352e46d04cc2002dfb2c50aa7a91b8d1d92c724ecc0f7e992c412f6cd4f208cc7183a99a01dbdb397

Download Submit
/data/data/com.belilu.acm/cache/classes.dex

Filesize
781KB

MD5
52c154dcde5d100bb1526079b0d7966c

SHA1
fb8b8531e5c1da60d3d4ad3336df1202c6b2ee66

SHA256
6c5ba604db8fcec76fbdca3a3a6356effc5d74cb20e526834157ec2c1055d56b

SHA512
81d5297e24d3935b88c88a8bb5af2c2fa56323a375200f3d3ecd0215bdce53d13b017c2ed76f4668000eb3f5a9a61cbfb4661735f6b22c250bd12af68ee0263b

Download Submit
/data/data/com.belilu.acm/cache/classes.zip

Filesize
782KB

MD5
37e70e82c84d65f7b0334ddd76d7b3ff

SHA1
0661ee06aa45c7c7e90e94b0ac3b19bb70f60b5f

SHA256
3b8f83cf8b8e2033f0d1198ac495858e4803b4c655a4281a1f77187b7b779ce5

SHA512
eec81c2771c655fb76f2ffb85f8fa24ae03eba6576299e295f21632e73d02f7c341c35f448ab8ac3de1b1b7eef409f1217e44fc55ce862f0cb5f022c70edc981

Download Submit
/data/data/com.belilu.acm/files/profileInstalled

Filesize
24B

MD5
3a9debf46d146d12c7a38bd2acdecad9

SHA1
68f0809aef65f6743540c242fbe0a05056cbf5d6

SHA256
f4c2c8cd1ef8b3d7b37abef183b9325c67c6460b042d78e66c6ead5a8c5d9ef6

SHA512
f499be91765109a3663c0d0f441505ab6405d93741d5d386511a6402267d6278aa9c5caf564fbbc49f01481e1ef830fc7448a29366c32dd6430e24d3222929d0

Download Submit
/data/data/com.belilu.acm/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
52dede9b09f42bd0acf64a3eb48bd3ca

SHA1
2cfc828a5cb91fff9520da3ea7e242e962c0960e

SHA256
6bb13e54a5b8df2625b33b0e09fe963dc80872cbc6448fd892ccbd7023dd72da

SHA512
b6880d6edcb6871e6c298ba778914956b84a11af2b70905f320ab5297d1368b652c3ea9ba2c8f09bc596957b6873d759e1966c2f0e85c53f3c4c8c03be0b1ee8

Download Submit
/data/data/com.belilu.acm/no_backup/androidx.work.workdb

Filesize
168KB

MD5
89d738101060d00c769ae8c20f743257

SHA1
686ad77d3d76af11264a466926217a0fa6645bb7

SHA256
792c20568d9ad988023893f58ce9cabf5e3c6d7bae85915743326897c6ac0edd

SHA512
896b01baf8c401ac58fa489bc03b38f59276255a5f2cc1e9a621ced7ad28d2ff5165534a875f96ecf9ed8cba146f24146736f33bd8ad68cff377c44c9a8ab599

Download Submit
/data/data/com.belilu.acm/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
b10f3f9e1d6bd489f0d252c627489eeb

SHA1
09d44dae1eee3eace366ab6927ddb5a20b0f82b8

SHA256
d9958059d650e368e26fc6f83f6511f0828ce0554c0164a38439a9072c9c6775

SHA512
ff5aabe4bb5113c09ab963c5a3f0654c6f9eed58cd13f0889e2967bdc98182be3717fab7d3832023d346dd3788eae4d2de80aa705b2cc1579db3ec37de85f3a1

Download Submit
/data/data/com.belilu.acm/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.belilu.acm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
6ea4141880c2f39616928c6cd6bdd2f1

SHA1
63fd0c3531d78b5c8bbed01181b928bff51a67b4

SHA256
a3cfa27e7b7aea1e3f51910b725394c951cc3cb792f4a7e17b2da0cdfeb5e17c

SHA512
a7c456a905b82d352a4eeb072bed488b168d4989e0c46643d4dfab8c173fcc511643e592b75b4bd056ea2c045063db090479c3f564be8752822d3c6b7b015de9

Download Submit
/data/data/com.belilu.acm/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
4ba1d91453e007d58ba2ec93d94f3d30

SHA1
f2747b76c0e9c313676ea5ab249a1dd069e8473d

SHA256
82ceae4bcd8da6b107ccee3b1196b66fe0291f459bd766b4611084d87d1a6ad2

SHA512
9495b40601ae79bf2a4be822948150bc57bbf1cdfae9a625810186be8d3e733eee05881459a16c91b549552ea6bd9f2328a558fcbb63c2b3907c3dd64b407b94

Download Submit
/data/data/com.belilu.acm/no_backup/androidx.work.workdb-wal

Filesize
422KB

MD5
6e3b0dce410919fd544960dc83cfba7a

SHA1
85a7df9a7bf18764983bc3ffb6ef99820d7b35f7

SHA256
47399d9112977248352ad0bb49f96c6ca30defc8ffcd631e427a5f53752d6690

SHA512
d0964cf7153fc99c06a19d8f79256a9b5238e9e29fdffa027595e995fcac98c91ef36d7f6d6ac9fa4a8792bcb2efb92dcc252a6143b2734b4855215c12ad193c

Download Submit
/data/misc/profiles/cur/0/com.belilu.acm/primary.prof

Filesize
1013B

MD5
00290bc6b09ac837f078d4ac753e0284

SHA1
135a20dd7ca2c536b52883a1c3210e146087ffc1

SHA256
0f30686171731bd060c6bfed03aa7d8efd96b517b9dc9b962ac1432d7d9fc717

SHA512
0d2a64d482fac57df157ea4278f8025fc4a1dc1918b78b282b61a3f34fbd74ab7cdd47dfac7f92f7c6378c58226ae0f952bf32cf5fd5f5fd919704a5c7ac0fe2

Download Submit
/data/misc/profiles/cur/0/com.belilu.acm/primary.prof

Filesize
110B

MD5
60e37c9aafb06e265f65f0949cb4a4e3

SHA1
1739f73a62c2bacb4ab53743c4141e9529f4a18d

SHA256
42bb845c9903fb9e3eede540c72e301f70cbd14bc4214a4dbde44aa97bb83044

SHA512
ccfa4ef25150776235520a7db29dab2ac46a381c34196db1254072766758d50b7836ba720bdb07e3d71f0c37083dabbc4faa2aff36cb9494182fda7d363010df

Download Submit
/data/user/0/com.belilu.acm/app_dex/classes.dex

Filesize
1.6MB

MD5
db550d468c061af9111b226a99c5b106

SHA1
ae5096bc36f828843623912f78c4841cf628a5c7

SHA256
9dfea98e889f9478f51b6eb67634e38c2b8f66a2fdd005b5ce5b7c3c74140a9a

SHA512
be9570b6687321792b6ea054d5e92888d330c48745f48fbe8b6c0abf87d7464b017aaf58471f6bb0c8b4a42b24a5ab2f877caf4c319f90e121c51ea8a8a809bf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads