888rat | cd4cfb25cd47e1e3f52de6be00547fcde3ee7f058bda0febb86ccd9c2c2a82cb

Analysis

max time kernel
2999544s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24-12-2023 04:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd4cfb25cd47e1e3f52de6be00547fcde3ee7f058bda0febb86ccd9c2c2a82cb.apk
Size

5.4MB
MD5

f150e5b51f7d33b2350e236fb3ab5ff1
SHA1

e0f569e935a4c8c0238ad170824bf2b21a65b63a
SHA256

cd4cfb25cd47e1e3f52de6be00547fcde3ee7f058bda0febb86ccd9c2c2a82cb
SHA512

8eb4505a0ab64270802546285095de5aab979a0a7ba47850221f6827db2d4930ac3185d95c7c993c16321fd5b7c4711aceb8addb1cca627fb3e183e5a29a27b8
SSDEEP

98304:VoXm4EjEm7H+dXPgGvpfyfrl6yTL+pfOUxDY00/SCEIzczRZvpiBdf/piVA5tvgG:VoXegm7UvpoaDYLCvp+DiyfgAN

Score

10^/10

888rat diamondfox botnet evasion infostealer rat stealer trojan

Malware Config

Signatures

888RAT
888RAT is an Android remote administration tool.
trojan infostealer rat 888rat

Android 888 RAT payload 1 IoCs

Processes:

resource	yara_rule
/data/data/com.protectstar.antivirus/cache/volley/-4440143562082814216	family_888rat

DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
botnet stealer diamondfox

DiamondFox stealer 1 IoCs

Processes:

resource	yara_rule
/data/data/com.protectstar.antivirus/cache/volley/-4440143561595694984	diamondfox_stealer

Acquires the wake lock 1 IoCs

Processes:

com.protectstar.antivirus

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.protectstar.antivirus
Checks the presence of a debugger
evasion

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.protectstar.antivirus

com.protectstar.antivirus
1⤵
- Acquires the wake lock
PID:4274

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.protectstar.antivirus/cache/volley/-4440143561595694984

Filesize
737B

MD5
146a9346ba4d2723e8cd6b72fa37c5b4

SHA1
d68f1592246e6ff9a50321c006ae60004fca3d09

SHA256
c8617137f7cabb8bdaead36d756c13567e936d7dfcb33e1658be0788fb06e47e

SHA512
136b116826f5a44e5817719aad514adddc55a5f90271729aa39542ec44bf630bf1cfad65f5e4242da93d322256c716eb3a8993dabb78cca4c589702d8218c9eb

Download Submit
/data/data/com.protectstar.antivirus/cache/volley/-4440143561595694984

Filesize
116KB

MD5
b72d43b55d169d903505248ae6f7848e

SHA1
94d8e79e7fb5a99410b78e002d8e801fa119d312

SHA256
f8c45f9c92aa8e641f5619caf95fbb9307414e44f913c4be3fdaf7b662a3919c

SHA512
a28bcda30fa6c37681ae89303fff18c35576d26fc8052b90223ed9ea6165d3252ad6483b9e45f4e9bfa63ac62c2950a61ced83ba3656aa891282294f2e0f104b

Download Submit
/data/data/com.protectstar.antivirus/cache/volley/-4440143562082814216

Filesize
737B

MD5
54a13fa836b35d7dbb074015994246a7

SHA1
e0f9a1d01f51c38c9529f93f7dd75023acc0dd08

SHA256
aa6acc3e323e261841753904330ec07bdf6db29591d7e70a7f377a13484c7867

SHA512
006e4b5492b3dd69d20ed321142cc799c6bbfc766f8e373fdb04388e1d12f61ad1a2a4b09992f61920c26ebed50c0f7e7e7c0060e5e0548a627f9802518c7841

Download Submit
/data/data/com.protectstar.antivirus/cache/volley/-4440143562082814216

Filesize
397KB

MD5
e74b9a2b27333b020a2ec96538d185fb

SHA1
868690e6d00606553d7b2a3c99f246c202a9b431

SHA256
80da155a2f4391cce5d781a8070486ede8d70427ee81f84e065a23a560980532

SHA512
86ebe956594ef2b37d1e87685c26d13a6479ff8c24182fc4e8490e8149ee4890f170663d9419ac0e814c65e00cfc79bd32697beccf8ae762fa1b5528a9f4bef3

Download Submit
/data/data/com.protectstar.antivirus/cache/volley/-504558873-1090045957

Filesize
759B

MD5
0858f0181337b8dfb5186b2f579a4de2

SHA1
dbc8875a05f5ec3c67d45aa47df429644cea52ed

SHA256
b53ae4cca3f5df2939575cad3810877e3eaeb9ebd6cefad0316bcb624c95f58a

SHA512
6a6906777ca60c07883ba8f41237ef7771db98cf8443635c0885151772c7c0a6e0784840c4ae743d3c3309f5c0ec99a7331ec86ba0d24d91895e00dd37c5947f

Download Submit
/data/data/com.protectstar.antivirus/cache/volley/-504558873-1090045957

Filesize
255KB

MD5
f2b9cc6a384d0b3392306ff2dd5703c1

SHA1
611299c8eefb4f11626b03b8938a9ca81b0b4f03

SHA256
66316a081286294ae8b9b9f9c24112aca24eac6ee9b46bc79a5b3d78c4b2bad3

SHA512
5c315621e1de51e059870b88ea6454160e64c83f2e8254f7202154adfa1e463251c982fb45c97133b37cef6e58450e3d3c153c52515a7da944f514f2b68d724c

Download Submit
/data/data/com.protectstar.antivirus/cache/volley/1832329520563655267

Filesize
954B

MD5
3f5f56964fd0cfdba44b7f5a4f4dd891

SHA1
b80be9fab3803c62360998c3a3591e00129dd2d7

SHA256
364a9867d43fdfc4c8ba749d08e0181c2c6c334a5cb552929a3e2ee69cadd25d

SHA512
fbeaea81091092512dec35c48db9e8a7a5ca087bdca983838c35d84a2bd16991dec0b613a1599c87153e61f349f3ffc920a8ca69c5234c82cceaa375fe5b4690

Download Submit
/data/data/com.protectstar.antivirus/cache/volley/1832329520563655267

Filesize
954B

MD5
7d2afad9d690355e36d0a3ac5500f0b8

SHA1
ab714073f6db40b867bb865de989c263dfc27475

SHA256
5bedd86865df2b2af3dbed933957ead8553b38ee73a001ec4764c71a43233367

SHA512
b265a09a6c400b2a66fb006fa02d6d3113403a2ce91c4632bb8d711263f5914969b2c26bad62f89e9952099124832844f7ae19135df1190fc2ee31b7ff70d3d2

Download Submit
/data/data/com.protectstar.antivirus/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.protectstar.antivirus/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
fc5173bc21faefc6639ff87e4a71c504

SHA1
1b6ee03ea302f2dad2cbca466e3265962d9b567b

SHA256
34347954101c346bbe899df91ecb7b5a3837de27e12fe3a3bf5c442e35624559

SHA512
5b51996954b9bf211fe20328e0bbb1c5765260ba4d275411ba5c9799420e12d7a22dd6add94ecf3f1c586450914a4fd848b7453ba5dfd4f5ee0c799b34b70a14

Download Submit
/data/data/com.protectstar.antivirus/databases/com.google.android.datatransport.events-wal

Filesize
8KB

MD5
d1a20fa1e7861c67afc1662a21ef7594

SHA1
7af247714c44f22ad5f4bdb369d3a05d03723547

SHA256
5e31acf28f1d54ef2c925f08ac292d75bf709279b818bc0f4a7463717ad9f985

SHA512
97040ed8f022089f91327f87353435f2da5d45884514c671f7930496389fc7710f70a5bca209e8290995eb1b7595164e0939e3b52ab52226f70e36851a283cb9

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db

Filesize
16KB

MD5
532ba5b738a379355ba22ce9e624fc5d

SHA1
663c546bd94c81a5d26ce7019f59c4ca7bbd9850

SHA256
293fe7ce4601f9740ac7c121f3d1c54c235b1346ad3631c11b99e15a3644bb56

SHA512
84fd1a07f9b1c6b93ba459f225128c43587aa8ce6b3277f5515c16e8c780c0ee9a591bd63764ed665f9346812028c4b6b43e8454e3b254b8363e7f9dd519250e

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db

Filesize
16KB

MD5
67a9a192726fd8d2f1f33485bac7cf87

SHA1
762feb97ec018134ecd085dee2ea3eb0bd502412

SHA256
a715b57f05b92b26c9a6355e941c2fc97ceb747113ba9366f72e007a5a325b71

SHA512
f654dcdf04048cd324b53dfa50951258e80fbf03a2af75cac740fccb4f00b0ed256e055fe1e966aa4f03fd1493d86d7da7a3967d405091be64b210dceb5be98a

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db

Filesize
16KB

MD5
35329b2478878d81378c65109591fd8f

SHA1
8bfef74dd72c699a007824129b1ea1662ea19e94

SHA256
9c1609b28c618b6d61871880f4aa5a1b5b8a82b110dd34a13348e0f2bf24be74

SHA512
04d0215ae2ebc16bd6ca9667b918c0abf5d3eb1c0d0fe6869aef1b42800346b24b9225e4ff865b553ab559a9c5560fe80892953dfabe03c8d15226ba5f76450d

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f77b259a1ffd898f82ab9e828663b825

SHA1
e71ad812cfacbadfc1753541a8570d1b5adf97d3

SHA256
bc81f8e6c594d4cb28e241739a069eb33c575fd1dafe11ffd575da513a9560f2

SHA512
03300c2f27b39ed9acc712a78d9e808207498c27139095fdbd37f870540faa512e89cb3064f5dd7a597a390beadfb8f2b43c2c86c2002149d25ab7987d6c2432

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5fbdd243431a734f0f062841d8267ba9

SHA1
4f4432cae25802003652801f68ac9c9ca75272e2

SHA256
3360361e195c3c53f42ed2a1b3e4bf2c3b419b3828557db1ec204d2a0e45b345

SHA512
8085291190709473c004b4ecaec7f512298bfea291bf194470d6412ba590d38eebabf8b6b34d955c3a301dfa048d9729f7123d07899a442f8a70b88ce0ec3a65

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
e769d69c48c8b863a1208b451981c7f0

SHA1
b028cd5b9868c6ed6b4b5801e506e1cbe46e8d9f

SHA256
2496cae4e2bd7d0eed7b5bc6bb67bd292b229dd954ef34e697cbbe4d03f494fc

SHA512
ac6ebde044affacf895765e434193524d93c5a86ee59195a89cf02249f79fe70f7d795e9583149ddeb744ad8dbda6fb3e8da18899f2709e00cb70f73abb6632c

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
8ac6013afbe41daabf57503c99ee2391

SHA1
e6e80d9cedfde236c4a557f931e38461ca8e4e89

SHA256
a69cca4d1f4486f308cb195c2e71ba67a59469a8038f52f0d2c77920e2e0e76f

SHA512
a44c2e8ad5750a46c65be28b3b76ba6cfe3f3e3c1730ffcb7d60d0ee5063fd38416d382cc68ce0557c010ef6b1cad937038614c297a60059b8cc6d67415d2fcb

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
f3c54b688545914f370cb5b38422433c

SHA1
1236ac04d0027a98f2d3c4d9a393be87eccdcaf7

SHA256
3e57e8badabedceae6b6b883046ab5500dbe0a72b61f337e381827f66163e5fb

SHA512
3f8746c263a89269c4e3b68138a36c9e4dfdd615b9c4ec2f6639262888e02143a6c2b4f5b7bdd9d2b018cf0e88ab77e90f2aafa95e32a54a2b2a8a2ce70edb5b

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
89b4d4ec502b912b29b9650bf6f2d3c6

SHA1
fbc36f3a6efd5e1051a51f87ac6ee166d73e69d1

SHA256
0b0be4bb12fb266143eafa39e7e0cb152551d82b6f7f94f078fafee4a573a65b

SHA512
cf91695724322b330ecff14a2ed138f82b9d66af3290344533c979b5c776fd72052977e8c86123a9594c13213a3b29fabf3b16ecd30f8fa47ea7655bd8322166

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
b3f7190e1fb6c6077a2d443f2fcae7a9

SHA1
82e5875cfde70592863aaab89a80f9352c9815bb

SHA256
3cc56b059b96b477a81a91853c9344b9e4e389e19be80d28c93459dee97f2909

SHA512
3b070e5ff0d97cf1ebc46ab6e6dc528901c7d0e1ef4820ef92e38ea7b715654864c236a4360db8702393f04486d98c6cae74a152a6d57ed375ddac2e787a6b1d

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
edb0436df002c7b61c8217fab8a615c6

SHA1
71dd35486340fdddb4b9ffacfd8630caf1526633

SHA256
cdc657a84c1d34c37f053c4eb6da03d10163511d107a6dd2e23b98b275d84152

SHA512
b7664918c9b333782f60cc3d080c1c75563f45e0f5db821d821b7f570dba584a3a17190fe3f460a6761cc2a698bcf866da246b60c4ad6aafe8d17ecbfb6e45ee

Download Submit
/data/data/com.protectstar.antivirus/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
87cf8dd13c4b64c10c60f36d3fb219a3

SHA1
30dad8046c397444227a9d08264b8186a142cf02

SHA256
09066625c665bfaf799b251a8f238631ba39db6eeca738007f2e81808ac2c19a

SHA512
ed8baad30b9c7b633d7aa8b12d361dd9ebde37ef4db40e8378b7062b4e580f38633233e0c3a62b0aa7db29e96a1acbfa06d6e180e14c88db3a7d244f22db608c

Download Submit
/data/data/com.protectstar.antivirus/files/.com.google.firebase.crashlytics/658E065502E2-0001-10B2-2172563614A1BeginSession.cls_temp

Filesize
75B

MD5
b4fd1951a26ee113a166789675ee6bd8

SHA1
9e2051e66e2632171d33f15d98d537bc234e1f5a

SHA256
44d63d0109ad510ee0932ac76c05486becf586c8cc5384a30b570a48396b742e

SHA512
3a2623f756a7dffa1bdc49e4552950dcc602f6f3633802e3c72fa5514b2a35c9489d155f84cf257c97c33e6a3f0a93f888e40c3617f07308fcc07d192acd759a

Download Submit
/data/data/com.protectstar.antivirus/files/.com.google.firebase.crashlytics/658E065502E2-0001-10B2-2172563614A1SessionApp.cls_temp

Filesize
78B

MD5
91ebf8460e76a345262e2ce4fb252031

SHA1
d3680b0a5dcc566c68ee317892741b190ab4228f

SHA256
42ac988e1eeea98e07440ea15dca4f359830129bd0716a40f2bdd06b3d60c425

SHA512
b5fa7024cd4f4bd88267b182268eb1bff7add2209622a0ff8cc592395e3aacb1401958d293904885366eee3b9e5c716befdc4d356b8bb171caf79a31c9da253d

Download Submit
/data/data/com.protectstar.antivirus/files/.com.google.firebase.crashlytics/658E065502E2-0001-10B2-2172563614A1SessionDevice.cls_temp

Filesize
48B

MD5
630aaf4621d940e95530e8a8b0d39283

SHA1
d06c5d18de58b6abb5890a83b6fb3c3aa4a2139e

SHA256
2f752007f6c33aaba282800edfe3d52da2ea954e3eceddf08efb0bfdc989cb93

SHA512
98c301f0188ced6036a863ba790e03ba22f88ec55a884fdf808711147228e97ee0571abad094ad68d758b2482db6ee3f2950d43d56c875bfeda7f0a58cd1a86a

Download Submit
/data/data/com.protectstar.antivirus/files/.com.google.firebase.crashlytics/658E065502E2-0001-10B2-2172563614A1SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.protectstar.antivirus/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
720B

MD5
b955d74a1cf7683ea103cbb97da81c34

SHA1
8ff22f5ededcfecd29af40a0c211ec8737703522

SHA256
adb118a002291f90f713f528cb1e740f59b7a038b75b66ed823d1f2901697566

SHA512
1594b7a169ca328dc845ec6ae27f0c7cc6d2a3685c579f3eb46ac6b9dd6116e7145ae166429246549a9830b082ea731f775a196ed7184e740f15f7160aeac173

Download Submit
/data/data/com.protectstar.antivirus/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-658E065502E2-0001-10B2-2172563614A1.temp

Filesize
198B

MD5
88b1c93c0087d767345acea8c71fd85e

SHA1
2352c525477e44efca17b66c1ac9edeef6a1fed3

SHA256
223d8bdff43425c9491e9b4adddaf8954d521ba23a9c78d2f8d0fa16d51f6864

SHA512
1aec43fcaf14105b7a8857032d0ff3d287b9953dede3cea8c664edb3d8e914ed17ffe31ca2595820a25129edafa0b08dd44112f824aa91f040aca652097ada29

Download Submit
/data/data/com.protectstar.antivirus/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-658E065502E2-0001-10B2-2172563614A1.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.protectstar.antivirus/files/.com.google.firebase.crashlytics/report-persistence/sessions/658E065502E2000110B22172563614A1/report

Filesize
753B

MD5
26d645cff0c2b1e8ba9f26fe2e7e9dd2

SHA1
811bbf7be2e9ed7818ee947f4ded2a60cca41a16

SHA256
1f2ed99a0820bedc63eb46801ffa1ca219e8f117763756f481826e0d215633c4

SHA512
dfd01bd07d2db62a9ce7db7a68e2d7849fc42b98228ab3c2df5025d6062e87d58fe2970d769d0bb609568ad4c470c6caeec1ad9e389c37e3b7fc07c3baaec5ce

Download Submit
/data/data/com.protectstar.antivirus/files/PersistedInstallation4074247166992965428tmp

Filesize
90B

MD5
84d612bafa672160eca6f5204968d773

SHA1
da9d7e5b554a3c60aad9f02fe091035be7519e27

SHA256
a8458ccb93b47fdcf5559fc2eb3cbf5e97c143332eddeb9cda84afbb36b3ebed

SHA512
232fc9e903d74e4f00d68b6af2599d83b064a29e36a25dbdcaa0fca197fe23d8e3456062ad047a4a31a5d3d3a4a67fff59afd3467968a98d679444ed0feb4b3c

Download Submit
/data/data/com.protectstar.antivirus/files/PersistedInstallation854668883967442228tmp

Filesize
569B

MD5
4b15020b1896a6685e3856a8f8f4c227

SHA1
296fff4b9a95a20105a6b6f56e21cf3b3ee2113e

SHA256
6260e428d1ab9493da8c765a43a777120296e0b5031a728a22926b7b9e91652d

SHA512
be1167d1401e1afd35319e5eddf3281d86a1c26dc07d92c655bf9334f073094a12d6f34ae669fd286c694f4e28912ae887e422a1a803419b103fe02e244093d3

Download Submit