Overview

overview

10

Static

static

10

Apktool/SandroRat.apk

windows10-2004-x64

3

Apktool/Sa...ion.js

windows10-2004-x64

1

Apktool/Sa...r/w.js

windows10-2004-x64

1

aapt.exe

windows10-2004-x64

1

Apktool/apktool.jar

windows10-2004-x64

1

Apktool/efm.jar

windows10-2004-x64

1

Apktool/signapk.jar

windows10-2004-x64

1

DroidJack_....6.jar

windows10-2004-x64

1

DroidJack_....4.jar

windows10-2004-x64

1

DroidJack_....2.jar

windows10-2004-x64

1

DroidJack_....1.jar

windows10-2004-x64

1

DroidJack_....5.jar

windows10-2004-x64

1

DroidJack_....5.jar

windows10-2004-x64

1

DroidJack_....5.jar

windows10-2004-x64

1

DroidJack_....4.jar

windows10-2004-x64

1

DroidJack_....5.jar

windows10-2004-x64

1

DroidJack_....4.jar

windows10-2004-x64

1

DroidJack_...on.jar

windows10-2004-x64

1

DroidJack_...ll.jar

windows10-2004-x64

1

DroidJack_...ua.jar

windows10-2004-x64

1

DroidJack_....2.jar

windows10-2004-x64

1

DroidJack_...10.jar

windows10-2004-x64

1

DroidJack_....2.jar

windows10-2004-x64

1

Droidjack.jar

windows10-2004-x64

1

Visit orig...es.url

windows10-2004-x64

1

Analysis

  • max time kernel
    58s
  • max time network
    66s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/04/2023, 13:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Droidjack.jar

  • Size

    1.6MB

  • MD5

    6a572a2d8b9a7d037efe7dd32b270aa6

  • SHA1

    59c443f4161921f56a29b1f3a0343bd50e2d5557

  • SHA256

    eb2e735c63bf6b17c349e4089f2c8c0d2463bc552d0dc8383a06e917f799eeff

  • SHA512

    f0ed013b6e0e938d3c1f54f6520171a6936913cd3fd0f8925bc1f269be6134eadc87ace3195313d0fd4c996d63c0bcc5b51f9e39813f95354c56bfe56cfe9ec6

  • SSDEEP

    24576:pO0l4/lqJxEHcu6oF3NKJa70pvZwE+08jnt/o3Tim6xkld:pBG/H6On7avOp0YSji/8

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Droidjack.jar
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4012

Network

  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.droidjack.net
    java.exe
    Remote address:
    8.8.8.8:53
    Request
    www.droidjack.net
    IN A
    Response
    www.droidjack.net
    IN CNAME
    droidjack.net
    droidjack.net
    IN A
    162.251.80.24
  • flag-us
    GET
    http://www.droidjack.net/Terms.html
    java.exe
    Remote address:
    162.251.80.24:80
    Request
    GET /Terms.html HTTP/1.1
    User-Agent: Java/1.8.0_66
    Host: www.droidjack.net
    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
    Connection: keep-alive
    Response
    HTTP/1.1 200 OK
    Date: Tue, 04 Apr 2023 13:41:37 GMT
    Server: nginx/1.21.6
    Content-Type: text/html
    Content-Length: 3451
    Last-Modified: Mon, 28 Sep 2015 19:02:06 GMT
    Vary: Accept-Encoding
    X-Server-Cache: true
    X-Proxy-Cache: EXPIRED
    Accept-Ranges: bytes
  • flag-us
    DNS
    71.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    24.80.251.162.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    24.80.251.162.in-addr.arpa
    IN PTR
    Response
    24.80.251.162.in-addr.arpa
    IN PTR
    cp-13 webhostboxnet
  • flag-us
    DNS
    108.211.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    108.211.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.77.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.77.109.52.in-addr.arpa
    IN PTR
    Response
  • 209.197.3.8:80
    260 B
     5
  • 162.251.80.24:80
    http://www.droidjack.net/Terms.html
    http
    java.exe
    488 B
     4.0kB
     7
    7

    HTTP Request

    GET http://www.droidjack.net/Terms.html

    HTTP Response

    200
  • 40.79.141.154:443
    322 B
     7
  • 13.107.4.50:80
    276 B
     6
  • 52.152.108.96:443
    260 B
     5
  • 173.223.113.164:443
    276 B
     6
  • 173.223.113.131:80
    276 B
     6
  • 204.79.197.203:80
    276 B
     6
  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    www.droidjack.net
    dns
    java.exe
    63 B
     93 B
     1
    1

    DNS Request

    www.droidjack.net

    DNS Response

    162.251.80.24

  • 8.8.8.8:53
    71.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    71.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    24.80.251.162.in-addr.arpa
    dns
    72 B
     106 B
     1
    1

    DNS Request

    24.80.251.162.in-addr.arpa

  • 8.8.8.8:53
    108.211.229.192.in-addr.arpa
    dns
    74 B
     145 B
     1
    1

    DNS Request

    108.211.229.192.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    2.77.109.52.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    2.77.109.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4012-143-0x0000000000CB0000-0x0000000000CB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4012-155-0x0000000000CB0000-0x0000000000CB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4012-159-0x0000000000CB0000-0x0000000000CB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4012-161-0x0000000000CB0000-0x0000000000CB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4012-166-0x0000000000CB0000-0x0000000000CB1000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.