antidot | b039eb4e742a77a99452781f9de0aafd51bcfad6dcfea745e88200d0dd1ab69a

Analysis

max time kernel
145s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
04/04/2025, 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vibufagafa.apk
Size

9.9MB
MD5

6f6aa0edc0e3e93700384a88a519aee2
SHA1

6dbf7f2185e3bc368f07a9009f9322f2e85c3181
SHA256

54819e64834851d97c6dfd6c48e4c2b65d5bded096eef41ebb4eb478f082842f
SHA512

20377ebedeaf463fdb9b4aae4d8b9e230fbbce0707d52491436e0f8a2955087e73f7b1190197c84b3e31c6bdd559c018f5755315f55e89a8e1c3820e65457bed
SSDEEP

196608:4ctSV521/8flAkCaqtrdDDeXtUu7rqLen1GxW89oY1Y4:0U/4HPKDDeXtn7rqqn8W41Y4

Score

10^/10

antidot banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Signatures

Antidot
Antidot is an Android banking trojan first seen in May 2024.
banker trojan infostealer antidot
Antidot family
antidot

Antidot payload 1 IoCs

resource	yara_rule
behavioral6/files/fstream-3.dat	family_antidot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.hediyohe.dom/app_dex/classes.dex	4847	com.hediyohe.dom
/data/user/0/com.hediyohe.dom/app_dex/classes.dex	4847	com.hediyohe.dom

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.hediyohe.dom

Requests uninstalling the application. 1 TTPs 1 IoCs

defense_evasion

Uninstall Malicious Application

T1630.001

description	ioc	Process
Intent action	android.intent.action.DELETE	com.hediyohe.dom

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.hediyohe.dom

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.hediyohe.dom

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hediyohe.dom

com.hediyohe.dom
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests uninstalling the application.
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4847

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Indicator Removal on Host

T1630

Uninstall Malicious Application

T1630.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hediyohe.dom/app_dex/classes.dex

Filesize
2.8MB

MD5
af99a0df43d1a4fdf0ab5d36d5ebc114

SHA1
28a4d02c31dce95f522e5c967c03b75f13fdd09a

SHA256
5c7eafba46b8e914a885f01fbf5525656b015621f8f1e4ca36674af97718bd02

SHA512
1393537e885931ebacfc9baddb117c2a7853158fe4f91334e9aabd68afa2784981c3b969bfd36b35b8c406218f29da9e04963c801a37b39eb3e4e1fef238cc62

Download Submit
/data/data/com.hediyohe.dom/cache/classes.dex

Filesize
1.3MB

MD5
62592964db9700985d97d46648542166

SHA1
b797d0db553c90c6012750ac28446aa74d604d8f

SHA256
7ca7fe68dd651858b3b6d47f1a1b6b0e307161b13c3bfee6541608002b2c3119

SHA512
152d8288bf71e53e8952be0d3f6601a9c16e36a42efaefb765dc7819832dadf4367ca30799df95e541ca2988c916de4aa7843d1b4f08d44a742e961c332e214c

Download Submit
/data/data/com.hediyohe.dom/cache/classes.zip

Filesize
1.3MB

MD5
b0cd6f049fc9db61e4ca0410ae2d686b

SHA1
723576f12260b4282cc81a608134626a2d6c0683

SHA256
8b77506284afd981caa0ac01ab36c0260a81d5747c1f2e5b18ab6eee43fce0af

SHA512
edc18d2581cfd07ef4d5c6b13531d582c13cb2a4a0e9ba8ad5eb42da5c4071705779de280d4c52fa7489579ba54862b8a6dd38354127477e34865bea4d816301

Download Submit
/data/data/com.hediyohe.dom/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
055205479ef63c4b52ad87cfe3590a86

SHA1
6b4d465f40e7ccdef809980d79cda9f499b9c87a

SHA256
cdd84c3b26b1c0a536603362d93b163065fab1d22d6af395f502ea674c179d81

SHA512
e66e293c042683b832eb6c5a349e08dd044fae163d99c2dcc96e4d23083e01890e388071e45341e32a33992099aa3071c5b3a62c321e50d39921d31f20a3480e

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb

Filesize
104KB

MD5
40113ab2a256d583313d120a64eb8348

SHA1
7d2ac9a92f908d9a95ac25997ac73135b93911ed

SHA256
0d5e4a7c9c2c78cb166723f6453dfeac939377928229f8cf820b68ad8c44149e

SHA512
3172603547ca22709ac65f6461d3205d2236d98f8ef50d89bb4d654502e554956373c0b0eb279b7a4bea9ed78dab00a383f804d0baa4211526abbbd86e718cb2

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
72500a6acbdbfe76358bfcf80d66f63e

SHA1
1b3297b26e3252c622bff9029f5f2c8dd1ecaa65

SHA256
078dd838a878d6ddb69509bdfe2c389beb46d14800949378c500a2ffae70dd71

SHA512
43a533ac3f70f09525fef0898d4c7ef64d549bf8b95037f6c99d61163ba755845f246a79d36dd12b75b1d210e884edd2ddad123d562d5187957c1435c91b2a6f

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
9686ba3e65c772ff36e4c01a7b6a6041

SHA1
597e814bdbc7e345398782f926882787b728c3dd

SHA256
07cc46b7965cea0bb3486cc28ec922290ef4356f34759820d393fb9e643886d6

SHA512
d2f30f57430b31cd0076577ce79cefab10259fbd1dd7cefad084cfac3ff7507d0bdcda93b5edc62f4109c406089da0ba3a2da3f2ef28249a0498f2d8223f19e3

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
396b27c551e4986f6a16324089151d08

SHA1
045ff875ab21bcf4b40fed91b828ead03ff58c4c

SHA256
ae55b981777d4c1aca806b4f913806d1ce698555090a6e2252ec57a03c7875cc

SHA512
4e063acd18b8c207a177c69c1481bc4231e7e7f0eb90ecde917e8977aaee09ff54ce6e1b0ec687c46a818bcaaace33fcb52d97da5f3fd052f9138a4e3f2165fc

Download Submit
/data/data/com.hediyohe.dom/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
24560c54095ff71e9d5d47c130470711

SHA1
e64c28f2cce02aafeedcd2f6a6c8415861b6f727

SHA256
0a9fb555c41fc23ae1fc6b47aa17469f0e5fbe5799d995cbaf6f3980a66529b5

SHA512
c163f315872123044909b77ad12349ff4ca962c87c77c0b5ba09915e0b6e1e05111c3cb0de152639bf5344c02668a679433f653a91835d9bdc3cd1efedd25662

Download Submit
/data/misc/profiles/cur/0/com.hediyohe.dom/primary.prof

Filesize
1KB

MD5
109dca565f401737d6e51f37191d5d1c

SHA1
c80ea384d54ff2eb2b9cd641a0f18eb6c8d589a1

SHA256
42c011afb5b2fa7fc7d182dc035f0d0e82c700f01b955dcb80630b292bf0a736

SHA512
88e78ecc3d95e23b0ece63ee97d2c9f5bf7a5d0b45b5f95b193cda8eececdf43f9864d91c9f384e13a6eb1d6bd19ebd8282965518921f857a51d4a49aec50650

Download Submit
/data/misc/profiles/cur/0/com.hediyohe.dom/primary.prof

Filesize
25B

MD5
b9d9e0f8902d129e1aeebff0ae7b725b

SHA1
cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781

SHA256
25a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91

SHA512
f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads