sandrorat | 201224e9c42a85859010309c6d365050a31f4407ec99e2e77dba0be00270b681

Sharing

Copy URL

Twitter E-mail

General

Target

AppNee.com.DroidJack.v4.4.Portable.FR.7z
Size

18.3MB
Sample

230404-qx6j1afc67
MD5

5338cdc36a979437dedb3a5c0c17f80f
SHA1

80976eedc8f918b55d4ed4dba2be48ab484f989c
SHA256

201224e9c42a85859010309c6d365050a31f4407ec99e2e77dba0be00270b681
SHA512

e2333c3aec231c152fdd30b8c6cd77ef5ecbd75449f242bbe2a161b16a02b675e8e2b9a860234a2e6e1cbc0258c5828dad4e45285f625740e9735bac85de49e8
SSDEEP

393216:ZpsRligov9W+jTZhniRMvS5nPCvWm912NfPUVX79Om:067vYgTZdckSFavf91KmpZ

Score

10^/10

sandrorat

Malware Config

Extracted

Family

sandrorat

192.168.1.5:1337

Targets

- Target
  
  Apktool/SandroRat.apk
- Size
  
  252KB
- MD5
  
  15f7199148dd83cc0f76fbd7edcd6ee5
- SHA1
  
  e7eb0e7abc1c2810eff6d329b391fe6f8261c5f6
- SHA256
  
  30aa2eeeb8401e4a312a7e99462432769a7c569114180aaedbfcbef18b6db268
- SHA512
  
  72a7f9356e4c7d1439b6111094f5642fa34d42002bac0919ccc335b9ed7032c4d103d1f2427bc007ac4ae6763f5f5ceb55dce9ec5f762fdfaff2b2a6e5c52f5d
- SSDEEP
  
  6144:Svm3PTybAtc33FvTkOzBB3bGIX8S6Y4Tye:S8PcnFvzzBB3bPX8S4Ge
Score

3^/10
behavioral1
- Target
  
  Apktool/SandroRat/smali/com/esotericsoftware/kryonet/Connection.smali
- Size
  
  20KB
- MD5
  
  7c17b2a188146572ae01e4eba51ac823
- SHA1
  
  7870871c7412759914a531bbadadadd9b40cba0f
- SHA256
  
  1062ed754de5cfe62154eee165ddaf239f0a18cdbee4969186c1722638c75b69
- SHA512
  
  bbdc9e92fc44529344e951615b81359fa861c9d7296f98d3480b0472d13f9d6ffa7280db5ea0b0f519683a6ed0cd39e4f76e55e171884c1233486b0303590b9e
- SSDEEP
  
  384:mkfeTkt87QiGEJRnzhn0QIayRfhT4hqGBix68vGiFLhonFxSw68WPAwaRIXp8Btd:7Eu6a0SzAn+kx
Score

1^/10
behavioral2
- Target
  
  Apktool/SandroRat/smali/net/droidjack/server/w.smali
- Size
  
  3KB
- MD5
  
  f78d96748644a7881b460de63179132d
- SHA1
  
  54386bd68873b54c4843e26d6b6abcab446fe103
- SHA256
  
  b59cba072c010a69eada19a78eefe5d92ddac775b1857e8ce5384a77c889e578
- SHA512
  
  a5339216635083b0190cd83d64884f24c51ffaeb437b45b81754df2791baabf5d700e78855f668d36187885cf34338b23af39398f71f09f2450321f0b6053517
Score

1^/10
behavioral3
- Target
  
  aapt.exe
- Size
  
  833KB
- MD5
  
  4fe6d020deb0e1b52c3b358355ad245d
- SHA1
  
  5851663a552bd3e477f4d319ed0b72a1f4f1ff46
- SHA256
  
  e37c72c9aab974d4e02e9e4d86ccfaefa5e093f06969b278db17217b984bc227
- SHA512
  
  0a6913a2067da691d6bc00b1744d878c2769f078410da126619cbffcdabbc2647e297ab1198974e160f63159136516f814c56d841c9ef197438fc4419d813c98
- SSDEEP
  
  24576:zvh+TyoVx8BMTFoTVM/zmn//SodZ5yzSWcdUX/MYdTko8:z6wgmdZcmxedT
Score

1^/10
behavioral4
- Target
  
  Apktool/apktool.jar
- Size
  
  6.0MB
- MD5
  
  2c25fd4270d6aff37c5165342991bce6
- SHA1
  
  440b87deea9d5f403e5496c5427ff38ca1b3a224
- SHA256
  
  c15cf1b87486d83dbc9e5ce64a03178a64eeeecf62cf08637193ba759f61419b
- SHA512
  
  895710e899d7e9dad05281d6c537954a3d3d32c2b81277aa57a624340a2bc6260f196247a83764d256f46b56794dd1cdb9e49c12d49e173ef30d5f408bea620f
- SSDEEP
  
  98304:kyH0E8H1tWFAtFKO8oZosOXW8n358nKji2CFRnvMvvZGE1iElRNHF4:rUE8Vt+AGboZVc9GjAvZ/5lR74
Score

1^/10
behavioral5
- Target
  
  Apktool/efm.jar
- Size
  
  4KB
- MD5
  
  a91f7cbbd06f657bd7608b70cf7fb864
- SHA1
  
  6bec1fef965e6a1c1fe25d4d28c07f99adea3af7
- SHA256
  
  91d79633b19d62b0ea71341b1692f49b2b59f9535e30a181d66fc4e83b0a2660
- SHA512
  
  3ec90cbed6b62757d6b6f28c0171d5931390f73d8a19f051fce3ec94d78cbdeb5f61d52be7378cc4c5c28521dc48116dfe8c7a8163ed7a0c21ef99574959df98
- SSDEEP
  
  48:kkp0xL/5V4vn/JGQStEDQ211tB//3kOnnt7U0VrwRQ6UBB0ytKwDEUrEdIu97mFh:Wa/gTgjBX3PnC0RhiO/EdTq+D4abrmfP
Score

1^/10
behavioral6
- Target
  
  Apktool/signapk.jar
- Size
  
  7KB
- MD5
  
  aec6985fe2314e4d032ba6d192ac4163
- SHA1
  
  b16f006e7bf509add528f4b9a075ca373d531203
- SHA256
  
  b17534e89a5b58d5e343ba54a49da579cf9213988f4beeae24fe4582a0c226bb
- SHA512
  
  5347fb296f87fb71046e0fd261a495485254ed7bd6d68da3aebb346267e5bc14ad8a89aa5496b31b2bf0da35b8c7c4cbbf71ace977443f09ecdbe50e1288bcea
- SSDEEP
  
  192:20AfGZ6TJSM/+Lz2dBM8ZRSvdrGanQRSHFzJ:dj6tof2nMySvldT
Score

1^/10
behavioral7
- Target
  
  DroidJack_lib/commons-codec-1.6.jar
- Size
  
  227KB
- MD5
  
  5970f54883b4831b24b97f1125ba27e6
- SHA1
  
  b7f0fc8f61ecadeb3695f0b9464755eee44374d4
- SHA256
  
  54b34e941b8e1414bd3e40d736efd3481772dc26db3296f6aa45cec9f6203d86
- SHA512
  
  752fca09371e0e228432155533a9b84f0442cafd7f25ebf0c6c2024d541fbba80882e71aee047ec94cd22c0d8114942e967652913412f5cbcf9b816c0e1fc1ad
- SSDEEP
  
  6144:PDTWpPoPf1mNIr6ZuH9FYaGC5Y79N22RKzvqDNuwv3:P2FoPf1mNSR2vvpN8ziD8Q
Score

1^/10
behavioral8
- Target
  
  DroidJack_lib/commons-io-2.4.jar
- Size
  
  180KB
- MD5
  
  7f97854dc04c119d461fed14f5d8bb96
- SHA1
  
  b1b6ea3b7e4aa4f492509a4952029cd8e48019ad
- SHA256
  
  cc6a41dc3eaacc9e440a6bd0d2890b20d36b4ee408fe2d67122f328bb6e01581
- SHA512
  
  957a438894a196e534af9ae1e61fb21e16f273952b55a81abb8faf0b139fc031ea940cf477f81704db417d1ce6ff2d9ddd4a2cbf316903b0e2dc1aeaef24f292
- SSDEEP
  
  3072:pF6mb9NczTyPXoTt75AQ6oBoEfDmwFHb/1Vd23l/ODoxb7DcKK:pYmb9iz2W75JLKEfDmwTVdilnxb7DTK
Score

1^/10
behavioral9
- Target
  
  DroidJack_lib/commons-lang3-3.3.2.jar
- Size
  
  403KB
- MD5
  
  18bb67afa15354843ebfb7640cbb9c5f
- SHA1
  
  659861b4acde07a0527211e40d256119face1d15
- SHA256
  
  46d24ea8d0771655aec5fdf203ca4bfab4cc1a4587b8a15901d385f80263dd36
- SHA512
  
  ab3b3c318e17654d77924dc4d3f826e973caff8b02ce77f28ef84fac5a93270caa8fcb999a81911e42782be7b9ead290163d72a8b1640e69ea047aab1ac040a8
- SSDEEP
  
  12288:8ikku6ntM+/M0iV8hWkEgjQg3WIOfbFvrrj9bZ:8izu6y+0PmTxjjGIOf1rjZZ
Score

1^/10
behavioral10
- Target
  
  DroidJack_lib/commons-logging-1.1.1.jar
- Size
  
  59KB
- MD5
  
  ed448347fc0104034aa14c8189bf37de
- SHA1
  
  5043bfebc3db072ed80fbd362e7caf00e885d8ae
- SHA256
  
  ce6f913cad1f0db3aad70186d65c5bc7ffcc9a99e3fe8e0b137312819f7c362f
- SHA512
  
  470323a2ee38be1b7ff8c84f1f5a5f8c4ec2ceb6b0649faa7b961f111865877dbe125409f72b1c52c7f18aa89e3469635c49ff4b83f86cc2f2eb2cc5562f9bff
- SSDEEP
  
  768:Jirg+Y5XjlrZKpQHBSSfqKeR5r8WuwjK+imOU4MYgArhR0S9mNIHZ8LwyEOuHwIx:EAXjqrSiKm8XrQMr0S9mqH+wyEpQIx
Score

1^/10
behavioral11
- Target
  
  DroidJack_lib/fluent-hc-4.2.5.jar
- Size
  
  21KB
- MD5
  
  5a387f6bec45cb94c7f2667c15cbf00f
- SHA1
  
  7eda2ae9f77415cf92651191e2229eae2caf0b61
- SHA256
  
  e13070f38957fc1c063895105ab64c810a3fd8b4b6ab5d45ce2d508c8d5fa192
- SHA512
  
  3d6dd064a131993a51bd66e8d100812c559365587a050a04511280092ef0cc58767bf5ca025641590c35c1b628ce20de0c56eddac63c67e4bb682ca3aaf9ed2b
- SSDEEP
  
  384:Z4O5kHnxNasdF0L3K+N72rrGczqcg6Mx/Sjd+/kxXyV3Iu52Pw+k7ozYj:t5QrkGYeGdcgZag/kxXyVF2PdYj
Score

1^/10
behavioral12
- Target
  
  DroidJack_lib/httpclient-4.2.5.jar
- Size
  
  423KB
- MD5
  
  23bd23d9d6327dd01fa41c12f15bf9bc
- SHA1
  
  3bfeb9062b12d5b340445336790dbc14c59c2d79
- SHA256
  
  56b4aae1bd9c66e1f890279dde75e81d226c97e302de97dafc081adeab956bbc
- SHA512
  
  e043ba153c74f65eb5185ab7e672cd7ba21cae95673b00447deb6abe0e6c4c72ae50c2ed784d020bf2558539b51f09d18e2481b617ccd887a4994adc2712effb
- SSDEEP
  
  6144:o3rUaqSQdbq34UBXmWeM9oUxVKzvEF1Wx2FMDtwiQJ+khG/UBE14CFmDt12l:o3w2QdeI6+MpOEFs1t7i+eG/7dSty
Score

1^/10
behavioral13
- Target
  
  DroidJack_lib/httpclient-cache-4.2.5.jar
- Size
  
  112KB
- MD5
  
  1c3611c6b424d2ac7945ab7e6243b942
- SHA1
  
  313cfeb950089985994736aa08885711c56b7e1e
- SHA256
  
  a67c50b74286766bdbb397088c4a78f1008d2ab17df7562db76439778c90430a
- SHA512
  
  9a3388b4c55a77740afe4062043cec1e863ed2f54058797311cfd6ad00b4f612eadd0c5ac743cc1be15cb8f8ada8197f638b64d0dec295c45457d011405d71a2
- SSDEEP
  
  1536:HKVZLQaLHU8KHG5QhPc2qxOkOq3Qlum2lZhFWgM2ukFdRpFU/uFS:HK3LQaLjKmidIxOtSQwmocghDF0/uS
Score

1^/10
behavioral14
- Target
  
  DroidJack_lib/httpcore-4.2.4.jar
- Size
  
  221KB
- MD5
  
  6ccb86231d8a8b99c551b4ddf926ddd1
- SHA1
  
  3b7f38df6de5dd8b500e602ae8c2dd5ee446f883
- SHA256
  
  bda2b9e0464f7a0e122d5e9bff7b384f3bc3a91af18ad51e029deaaa599e5db3
- SHA512
  
  0c4de4513cafb13a81bcad7cc1a4e45759ba32654eafde15665afde63a427b04ac25cfe17e4bbd1887225960b5aaf7e73382e35ec16993dbc1fd19a2bf5e8ab9
- SSDEEP
  
  6144:mjj5oIwPj1CM0oifaJtv27fxnNibFx992P0SfMPlJ:mRoZPjuwgRNUIPTW
Score

1^/10
behavioral15
- Target
  
  DroidJack_lib/httpmime-4.2.5.jar
- Size
  
  25KB
- MD5
  
  8df1654c39f4116c9f1fcd04f8505bc2
- SHA1
  
  6efc2f9df23c2ac4d3b701a11cab9f9fa6a641d4
- SHA256
  
  2ef409c599c532ca1e692013582695231bdb9f3956d4ec9ba3ac71300728b382
- SHA512
  
  a0f8aafeb69e1fc7616e813e30515997068faba245641c0437dc8c24f5e348ab77457b4d9cafb59a941d5dcdee187ce6d249cf313fe0d09b1b5ce3854b93d357
- SSDEEP
  
  384:mBO5kHnxNHhVgjAV+KLz4NqO2ottK/lqEBrtxmxvH6qou3oyExBwI9F:F5QBV4Dy4NtttKdq6xmxZouUx5F
Score

1^/10
behavioral16
- Target
  
  DroidJack_lib/jaad-0.8.4.jar
- Size
  
  653KB
- MD5
  
  4c09aa32e036530d42319aec289928a7
- SHA1
  
  f6617d5b95437557042e2d21f2b49121174ac80d
- SHA256
  
  be6ba7919a20f602703536e343860c2ae74ad18da195fd845743b877dbb379f7
- SHA512
  
  d1ee7d5d1f5c8599bfa1eaf779e29033768c92e56cc69c9d30d809ad4b41ba9bfcd616af2f8cb3b7e00bab2b2626dfc0d46b78ed072d933d200e801b70c888ea
- SSDEEP
  
  12288:l0baMUzCKol2XKnbywMnCrR+7UZYVw7hHRNBeH3Q6dKncq:WeMUmKqoKn2RClmyYsRDqbdKncq
Score

1^/10
behavioral17
- Target
  
  DroidJack_lib/json.jar
- Size
  
  47KB
- MD5
  
  092f12bcf4e448262cebda81c032950b
- SHA1
  
  7ad48f520e9f94787fdbf2beb9916c76971bdcb0
- SHA256
  
  38c21b9c3d6d24919cd15d027d20afab0a019ac9205f7ed9083b32bdd42a2353
- SHA512
  
  1eaa00c3d42d54e70c31a4aa2030895915023dc38b2060bbf72271293103f44da2cc6e3abc597519849cf5dc80dfa93998c6bb0083215e6ccb707eca75197c75
- SSDEEP
  
  768:X5so9soPVNnL6a6/+0nfj0GzsPnR+rz1mSv3mwCl/zpMwWGwhwAr9buUkrku0vcM:XOv4ZLOfj0VRyzpv3roLpBWGGwAr97k8
Score

1^/10
behavioral18
- Target
  
  DroidJack_lib/kryonet-2.21-all.jar
- Size
  
  329KB
- MD5
  
  3c05283c589306a23b8602c5bc474361
- SHA1
  
  d906a8f689f340b39a7f78bf9b4474aa819d7391
- SHA256
  
  eab8c51e0e3a11bb1411ace21d9876184d5084fde82ee298da03ca0627499151
- SHA512
  
  1aea27eb1b029ae1773e7b0ffebab51de79ee8746762ba153c4b20fd23b4c59f7c96804a08cc654b5ab9dc2135db14bccd69a6fe69e5677c3bd639f3176fc74c
- SSDEEP
  
  6144:TuCLxaF2a4FlrHUuOG8RhoSPPN9NO/G+yspLXbCjL:Hc25UVHVO/Hl3Cv
Score

1^/10
behavioral19
- Target
  
  DroidJack_lib/quaqua.jar
- Size
  
  2.0MB
- MD5
  
  025ff87a7f70fd81f42f52f558ae8d83
- SHA1
  
  342be0d473fcd2ec159099beedfe084afc1852f7
- SHA256
  
  04c1725622ca16461436ef1d35d9992f82680997761fc76116e37f2347ee03d4
- SHA512
  
  cc195c0354dcd70eafff475d9fdea919b9f6548c95d0363c4ebf1d509b68a96a1c7da2438e1caba0e175547938e8da104626d9f34aa92f7766e6cb024494bc76
- SSDEEP
  
  49152:3mhLDeEPh+yzQajfFaWS+sroHA4vtZnsfXaUVJIDjnCNgkXVxK:wLDe0QEOKPnsfKUVJ7Nh2
Score

1^/10
behavioral20
- Target
  
  DroidJack_lib/sqlite-jdbc-3.8.11.2.jar
- Size
  
  5.3MB
- MD5
  
  c56e036631557d93c9a28acd3a49e32b
- SHA1
  
  dec208cba8debb0a8b9204b08d8d887d63041f0f
- SHA256
  
  f30968b896af52baaeda4a901f6ef2629319168fa304e9747c7cfabef6c476ec
- SHA512
  
  8195dd54d920b132dd8d1ba275a6aba2fe734e229392a9f06d86a711668b2476d1d18d2ffe88278487ec12910d5d0e901c743b30dd43cc016a7cc8ae5367714b
- SSDEEP
  
  98304:5PU0qxMptoxGyEnqV66Q7rlyGy30dZ2TpKlGGJeGeRGlvYdwtkaN5PsONA0:xEWoLtQ7rlyr38Z2TpezoGeREAgkalC0
Score

1^/10
behavioral21
- Target
  
  DroidJack_lib/sqljet-1.1.10.jar
- Size
  
  744KB
- MD5
  
  ae96e5611e50631c3c12c3aaf862bf35
- SHA1
  
  ede7fbabd4c96d34e48fda0e8feced24c98cedca
- SHA256
  
  df7463424e3560f5e8c8003e1816c0a6ea6e84673921ca5af05b90b0892b3c97
- SHA512
  
  4923bbfcd0531d6807debc9ac0d8a1e10576eb2ed8a224ccb3bbba7e4f172d97b1d41f708398943b1298db15335fdd8919f1c8d9ba0ceb2170f7bf935cb7e470
- SSDEEP
  
  12288:BdrEUAUn8UXQQ8vMl/cOko92QXlua+6LHoMYinp:brEA8U5Pl/d92Q1u9uoMh
Score

1^/10
behavioral22
- Target
  
  DroidJack_lib/zip4j_1.3.2.jar
- Size
  
  127KB
- MD5
  
  63ebde69f7be7edbda8dc4bc7a4580a4
- SHA1
  
  3e20955923c5b61bfbcd4590a87720643c729695
- SHA256
  
  92524aa1bf716f1d15e75fb66c2212ee903e118677ca625506f94487628317f7
- SHA512
  
  fb0b4d55e4afa00e0b055045b768591055ba624c1f386e83d8a0822df4f27e641527bbb8069c0e16145bdcf9243e4b6642d8a3afc754cae0d9a7bb01d7e0d045
- SSDEEP
  
  3072:qNiT9tXhgKISPr5EehKquZvLsCjB0fDdS9CCnF8BElK:k6DXGKVNEeodvLsC1b9CCnqYK
Score

1^/10
behavioral23
- Target
  
  Droidjack.jar
- Size
  
  1.6MB
- MD5
  
  6a572a2d8b9a7d037efe7dd32b270aa6
- SHA1
  
  59c443f4161921f56a29b1f3a0343bd50e2d5557
- SHA256
  
  eb2e735c63bf6b17c349e4089f2c8c0d2463bc552d0dc8383a06e917f799eeff
- SHA512
  
  f0ed013b6e0e938d3c1f54f6520171a6936913cd3fd0f8925bc1f269be6134eadc87ace3195313d0fd4c996d63c0bcc5b51f9e39813f95354c56bfe56cfe9ec6
- SSDEEP
  
  24576:pO0l4/lqJxEHcu6oF3NKJa70pvZwE+08jnt/o3Tim6xkld:pBG/H6On7avOp0YSji/8
Score

1^/10
behavioral24
- Target
  
  Visit original article link for more resources.url
- Size
  
  127B
- MD5
  
  f8fc16c9e0b68948b51fcfc38d8ce559
- SHA1
  
  6385a514442d8348ea41533dc55c5da3332113b2
- SHA256
  
  940587952ad6dd8b00558d62f6d679c3a270e74320aaa42786b4d8f96ab5343e
- SHA512
  
  004b6e5e869a459050f19a03f6cc9142a2363b8a4d9227c58b502f7b7ba9e54d1a6c678a6893a084f5b363388270bed4cbabc7d9a354615b1905db2f5b11c6bb
Score

1^/10
behavioral25

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25