gravityrat | d659be4ae2e65369ac6d5fc7e47d257f57f3057b6e335955593491aa1dcd6712

Analysis

max time kernel
86s
max time network
97s
platform
android_x64
resource
android-33-x64-arm64-20231215-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
submitted
15-02-2024 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download.apk
Size

30.9MB
MD5

41a7c01981c361dd804160adedbb7117
SHA1

0ae7e43a5a2f9625bc556c164f8b84bfb888abcd
SHA256

d659be4ae2e65369ac6d5fc7e47d257f57f3057b6e335955593491aa1dcd6712
SHA512

e513af5f392fb25a59e0a84d075ee67005c9332034de3a099d4c29a9573e713af0d978b639e485dc6fd7ed570adcb946532731b1e450ea6033063275bfa7341e
SSDEEP

786432:X5IbkIIwjd1Zb+QZ92YEzfEZsWAvdhjucVQZR9kPpRCX+fi9gE:pIbgU9/aYEzT7vdhju3R9X+69l

Score

10^/10

gravityrat backdoor collection

Malware Config

Signatures

GravityRAT
GravityRAT family.
backdoor gravityrat

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	eu.siacs.conversations

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	eu.siacs.conversations

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	eu.siacs.conversations

Reads information about phone network operator.

eu.siacs.conversations
1⤵
- Reads the contacts stored on the device.
- Reads the content of the call log.
- Acquires the wake lock
PID:4324

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/eu.siacs.conversations/databases/history

Filesize
12KB

MD5
edb655088d1ed9f33f9d0d499b7a3ef5

SHA1
565c4f4e43179dbfc285cd6331dc8ac75a901af8

SHA256
bb9e45aad35b43e895393e7a66e4ead6a5f728f90b7627e3c741d391bf65d4f9

SHA512
98cbf923880de82921c38973fbc6d711dc39884428d1eb4ead33658a5a7f163734e5121823d5b043ca44554d19c5b6f966674ac7291513944a94cec97d5be599

Download Submit
/data/user/0/eu.siacs.conversations/databases/history-journal

Filesize
512B

MD5
235613510fe952502f2cd8d1d935c47d

SHA1
22f14d6516890ea6d09eb1907713d7059557c3fd

SHA256
adc8b0834640ce9fd56ff48a29f064b6336b363ca8627492f2bf5b2075273e49

SHA512
cbe454e7c87dd123a86ca73b15c77e21ce3f2aea97b339bfe4119853ef47e82068dea753cb82de10628ad23713e53788d4b20cee92ef1e062cba30ad7ad4067d

Download Submit
/data/user/0/eu.siacs.conversations/databases/history-journal

Filesize
8KB

MD5
f180271ea78f1445988ed9c1e831880f

SHA1
cad3ca0b7280bd103802123aa3adf7ca990b22b0

SHA256
2c0c5df9a918cd8c36b257f6f11a48aee77a962161888728a1c178e79f02ae37

SHA512
d4fbe274e9170d9c0e0017401c51d75da7abd65164feac7dae3a2a9e95bc44054cd77eff459c59b48e549d7d6a4d93f08ec46dc2f63a39284cab917b0ef3ef8a

Download Submit
/data/user/0/eu.siacs.conversations/databases/history-journal

Filesize
8KB

MD5
a3206f718bfa13925f0ae9c1311b1107

SHA1
4e8da9f4724aa0a018183e898f92330e7b6be252

SHA256
cc526ff7706aff13aa88ae50e7732c17e972923c94da46aa616b71727416b790

SHA512
7430c7dbea8686c281dba2332a852cc51808cac6ed8315ad57d04e994ce249d447f73c0ad9f2374a11c333b654931296280fa11c4736c1680d3d4ac606939aaf

Download Submit
/data/user/0/eu.siacs.conversations/databases/history-journal

Filesize
12KB

MD5
25bca801eba63f71beea088e68b53229

SHA1
a0d6d126cbdb90daeb551f7e1d3d0deb1ae4e9b2

SHA256
6d6c932bc617585128f9c86b15f6596000da3391b09c707111d7f72697f579c2

SHA512
c83b9884abad8156ab88b2bff777dc51b0d6eec6d7ce995fd0f055ca4db58c542c9f346dbcf7f99c24a5b0dd10cb6762c326fa998e3cb7c015831eb95e0f63f9

Download Submit
/data/user/0/eu.siacs.conversations/databases/history-journal

Filesize
12KB

MD5
1b505699b6512d1b9f0f3e10a1e39af7

SHA1
d75acc0ed1c200ccae7f1ace7a9c69d4e5d79c00

SHA256
ce97cd66f10fb8fc78bdaad3d1cb8a285dd8cd766764ae9ad19a2ccd574e253e

SHA512
a017c23be225bb6d33ce36de66965a4ac3db0136c01834453e8147b2749633ac23445f34a31882849b77919f7e39a3b23c598f349611faa615182b326b4150fc

Download Submit
/data/user/0/eu.siacs.conversations/databases/history-journal

Filesize
12KB

MD5
7424e2b69ba7ac6b6bb5a31d387a70f8

SHA1
f01a29cc1d827b7608984d43b606f8520f701b45

SHA256
ff598698cb2e9e75c024a99391b886da9bdd3d25f000cc76b0f4eec318d9a452

SHA512
87dacda2088b23a07c2291388ff2457ac2145452ed5854ee4af78e1f24cd5cc8355ca8a3ac72a3b92ba8c3085302e1f09565f1200d5285c3a9e818166f198691

Download Submit
/storage/emulated/0/Android/rcl.txt

Filesize
10B

MD5
7c2a3cab8ad4c31621fe279edb81eaf1

SHA1
4b1aa4e85a72cea923b03d416efbc2afcaff4a28

SHA256
deb9808860ec49ecf1afa78131e0ae76633f7d08ac59b77390562ac0c4d543b7

SHA512
9fa98e45164ce6b484ab034aa9fb10c0c944ada9c9484a5201b07e652e8529b33a9cff245f452e80b5dcdb0a0dfdf6e05a35276409d8b49bfaf80709f9c6786b

Download Submit
/storage/emulated/0/Android/rcn.txt

Filesize
12B

MD5
34ee811ae758eea9793e72caa862b2e3

SHA1
ff5cb7d26f3e97563724df377e72ac10c8f7977d

SHA256
0df705f96b9378adea857c7a0e927671946a3d4b9b8a80336160fad5fd7a920d

SHA512
3f51d3da2cdef45d3463d10a447c5a4331b8909cedb76ef70e8a42c32be143259ddb0185f9b1be79ac306522227f814aaba2408bb55eb3b109702bc317c349e4

Download Submit
/storage/emulated/0/Android/rsm.txt

Filesize
9B

MD5
1e7de2d153566aadd8805ce45f4a7276

SHA1
11cf298bccbeddf4f28bdd1906b969af64f398c9

SHA256
d05113facf29f65226276a41b33a4a11036b8951abff942d4105e034d1d3c62a

SHA512
63fb2bd129045ae591747d5b9b67ac9a91b509efd30e6007c32a64da5e0a8655e6c871f149b0390cbd372219f42aa171cbedcf56194adbde793b1d0ab2da85b0

Download Submit
/storage/emulated/0/Android/scl.txt

Filesize
144B

MD5
dc509e9da00e2b7d1cf8954534cd76a2

SHA1
5fec5715106211083ff3ddfab3e880d372c2357d

SHA256
56b00caa694bd2fac152cdcdea6981b73fc10d4c1c362ff03b90e4ab6b53d519

SHA512
65721947e318886eefc12c2234afd9581fd4b8727c323f8100f4b2f6bb7ddb52236debb5a2531b2c63633746a97053e7041d9190889d6a5cc1c7ceb4eeb33308

Download Submit
/storage/emulated/0/Android/scl.txt

Filesize
72B

MD5
4bb7b0a2e7c50cdffe0e91e7d1c636ee

SHA1
d42bcd3bfcc22929b0014b7efecf6ce0a12f2f3e

SHA256
056f85eba66ebeda52203237b96c8dbb34a957216c943e85f25c281bffdc2253

SHA512
3ee76b8c292e02ee30d277c8cdac51f1ada238e43375f098b96effa6b76ee972b1fa484faf541b57179a1485a8584de96a5c320eb9ca791dab132e41aae7c51d

Download Submit
/storage/emulated/0/Android/scl.txt

Filesize
108B

MD5
9fa4dab8b6400caff81d0ae71e3332c1

SHA1
f6f02bd190676d5899f978a3fe567ed5b454b193

SHA256
fb57b067de7dd57b84eaa24c6b11ba733b30205e7d2b6bc5614838f8c0749a81

SHA512
4f11aa54ce23db5006d300d7c8bda7a3a12fec10fea945a02c89e4633685358f7979824419fb5c3e9c227bc6b1de79941118d34cf84f838ed107a3f5296568c8

Download Submit