antidot | b039eb4e742a77a99452781f9de0aafd51bcfad6dcfea745e88200d0dd1ab69a

Analysis

max time kernel
147s
max time network
150s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
04/04/2025, 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vibufagafa.apk
Size

9.9MB
MD5

6f6aa0edc0e3e93700384a88a519aee2
SHA1

6dbf7f2185e3bc368f07a9009f9322f2e85c3181
SHA256

54819e64834851d97c6dfd6c48e4c2b65d5bded096eef41ebb4eb478f082842f
SHA512

20377ebedeaf463fdb9b4aae4d8b9e230fbbce0707d52491436e0f8a2955087e73f7b1190197c84b3e31c6bdd559c018f5755315f55e89a8e1c3820e65457bed
SSDEEP

196608:4ctSV521/8flAkCaqtrdDDeXtUu7rqLen1GxW89oY1Y4:0U/4HPKDDeXtn7rqqn8W41Y4

Score

10^/10

antidot banker collection credential_access discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral5/files/fstream-3.dat	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.hediyohe.dom/app_dex/classes.dex	5057	com.hediyohe.dom
/data/user/0/com.hediyohe.dom/app_dex/classes.dex	5057	com.hediyohe.dom

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.hediyohe.dom

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.hediyohe.dom

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.hediyohe.dom

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.hediyohe.dom

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.hediyohe.dom

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hediyohe.dom

com.hediyohe.dom
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5057

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hediyohe.dom/app_dex/classes.dex

Filesize
2.8MB

MD5
af99a0df43d1a4fdf0ab5d36d5ebc114

SHA1
28a4d02c31dce95f522e5c967c03b75f13fdd09a

SHA256
5c7eafba46b8e914a885f01fbf5525656b015621f8f1e4ca36674af97718bd02

SHA512
1393537e885931ebacfc9baddb117c2a7853158fe4f91334e9aabd68afa2784981c3b969bfd36b35b8c406218f29da9e04963c801a37b39eb3e4e1fef238cc62

Download Submit
/data/data/com.hediyohe.dom/cache/classes.dex

Filesize
1.3MB

MD5
62592964db9700985d97d46648542166

SHA1
b797d0db553c90c6012750ac28446aa74d604d8f

SHA256
7ca7fe68dd651858b3b6d47f1a1b6b0e307161b13c3bfee6541608002b2c3119

SHA512
152d8288bf71e53e8952be0d3f6601a9c16e36a42efaefb765dc7819832dadf4367ca30799df95e541ca2988c916de4aa7843d1b4f08d44a742e961c332e214c

Download Submit
/data/data/com.hediyohe.dom/cache/classes.zip

Filesize
1.3MB

MD5
b0cd6f049fc9db61e4ca0410ae2d686b

SHA1
723576f12260b4282cc81a608134626a2d6c0683

SHA256
8b77506284afd981caa0ac01ab36c0260a81d5747c1f2e5b18ab6eee43fce0af

SHA512
edc18d2581cfd07ef4d5c6b13531d582c13cb2a4a0e9ba8ad5eb42da5c4071705779de280d4c52fa7489579ba54862b8a6dd38354127477e34865bea4d816301

Download Submit
/data/data/com.hediyohe.dom/files/profileInstalled

Filesize
24B

MD5
7d245edbcb6d91fe472711d2fe04c972

SHA1
ea2b390bb699771040624c7391af4c9923be46b0

SHA256
117fea8dec06cf44a02253e1c4d3383384e4bc6e45b85f63f9573ddc4c9c6c5b

SHA512
c73e5372eb6f6b3ea01ce80aa7abfdebbd9a25e648008d064d7de0ba84472638df5d2378e9d9235a19a7ece5c3d50191a6b58fb6fe9b8a819c03e04e2950681d

Download Submit
/data/data/com.hediyohe.dom/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
f27a637dff3ed8b05942fc8dd07f3801

SHA1
a8170b0c1a7ea983626a68a7440f8ac4cedce4a6

SHA256
ac0ce9ac56986203c1bbf3a9e3eed5fe94e39842c789885f624be8f0f0fde46e

SHA512
e39ed203641873766f77bf19a4a6b8f166ec2dfab20ccfa1635370748216650722713f2298d2e1a5380bab2773a706d7c0983784e510dc1116934c1b49861b52

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb

Filesize
104KB

MD5
2eed6aff80f6563bd08224adfaa60e80

SHA1
1d85cc2e4e81bc2b95c18a19d59950e95c85f125

SHA256
4c4ea118689e8abe6601f19189a8a0e3c7a718cf395970c4456669ce765d168f

SHA512
e11c7b9d5f2aef45841e008d2c242d16aac49f51ed6b3611e19adbd3c396086fbaf3adbd65e79f5312959a3b07d97e675c6cc62faa304252c2b3031fd732376a

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
7ee874a53af0ae6bf54e7421e4cf68b5

SHA1
3e7aa3eed9624bc58f6588cc0bdc3e625276f6b4

SHA256
1208744ce35645319604f2534a53d36ec586268ca9ea337245de0c07a2a5a68f

SHA512
3cc8e021c4d794e1fd0a54450eb3759587390071f649ba53450db60b3c5447111136e2b100deb6caceab18149b615b8c8724006b4515d986ee8260c73ac5d939

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
8d0a65bd5124d65e575f05c276382559

SHA1
41e494d3b395233c42847a01d29de4014b2c7210

SHA256
04f447768a920fbd41bcabbc2e6c3b80b7bfc5f3482cd819f338b06cb1b452f5

SHA512
27cb53304974e502c5b165f388ea2524a83b5fb3ec16a577310154fa7dfe8a4fc4b7bf6accb1105abfec56278900a0c904a750049c3552f0df2ce475cfd9584f

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
4df5eb62262f89d0b5561fef409e49e4

SHA1
bc80ba5c86b4581eadd2906da2d0d1b1ab5cb256

SHA256
d3a387fdfd97f111b2e394e5b5889d55c45b921e7bbd9d0d8181f88174493b73

SHA512
85ac8d82dde92fc1f2b16790a4f385c2f4551e0069432948caef066d11721b4007aa302fce7b5fb40f18ed0bb9e1844adf16ad8a864e71b1d2a8659a1a71ddb5

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
91d69c1f21cff7b3dfb8ac993e3e4a34

SHA1
09c1a14e102f4579a2e39cac182f0d9d12e5acb3

SHA256
119e9b8acf9fb1ab0b8274463582f7ebc9869cff7d93cf11a686b8adca55c11c

SHA512
08c0846a3d93aa4ce307edff59ba89b55ba4128152ee0dd82d87f483b6d5f42b67fd810e38ded9af40c3f046e13357f3a4fe20c12dcc37d8dea8eec57bbbd743

Download Submit
/data/misc/profiles/cur/0/com.hediyohe.dom/primary.prof

Filesize
1KB

MD5
109dca565f401737d6e51f37191d5d1c

SHA1
c80ea384d54ff2eb2b9cd641a0f18eb6c8d589a1

SHA256
42c011afb5b2fa7fc7d182dc035f0d0e82c700f01b955dcb80630b292bf0a736

SHA512
88e78ecc3d95e23b0ece63ee97d2c9f5bf7a5d0b45b5f95b193cda8eececdf43f9864d91c9f384e13a6eb1d6bd19ebd8282965518921f857a51d4a49aec50650

Download Submit
/data/misc/profiles/cur/0/com.hediyohe.dom/primary.prof

Filesize
112B

MD5
126d99770ac154d139e9047028e53c6f

SHA1
4a14cc563de22d276c2b06072cf947814f8cb3b3

SHA256
5112d80b4b262400f33d0a21eaab691fa429e72c2e76ff58dd3a7d22fa21d4cb

SHA512
9bbb7c6a13bdd95e52f1d27667f4176bca2a694edd06d9710499d0f8208ee0121476457f4e3020cbd0ad6863db87976b4062e6ee7df41c7a866bb645aaffd6d3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads