gravityrat | d659be4ae2e65369ac6d5fc7e47d257f57f3057b6e335955593491aa1dcd6712

Analysis

max time kernel
124s
max time network
148s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
15-02-2024 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d659be4ae2e65369ac6d5fc7e47d257f57f3057b6e335955593491aa1dcd6712.apk
Size

30.9MB
MD5

41a7c01981c361dd804160adedbb7117
SHA1

0ae7e43a5a2f9625bc556c164f8b84bfb888abcd
SHA256

d659be4ae2e65369ac6d5fc7e47d257f57f3057b6e335955593491aa1dcd6712
SHA512

e513af5f392fb25a59e0a84d075ee67005c9332034de3a099d4c29a9573e713af0d978b639e485dc6fd7ed570adcb946532731b1e450ea6033063275bfa7341e
SSDEEP

786432:X5IbkIIwjd1Zb+QZ92YEzfEZsWAvdhjucVQZR9kPpRCX+fi9gE:pIbgU9/aYEzT7vdhju3R9X+69l

Score

10^/10

gravityrat backdoor collection

Malware Config

Signatures

GravityRAT
GravityRAT family.
backdoor gravityrat

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	eu.siacs.conversations

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	eu.siacs.conversations

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	eu.siacs.conversations

Reads information about phone network operator.

eu.siacs.conversations
1⤵
- Reads the contacts stored on the device.
- Reads the content of the call log.
- Acquires the wake lock
PID:4623

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/eu.siacs.conversations/databases/history

Filesize
12KB

MD5
f41f531c07d4141546a531ff9caffdcd

SHA1
9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5

SHA256
bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646

SHA512
e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

Download Submit
/data/user/0/eu.siacs.conversations/databases/history-journal

Filesize
512B

MD5
6184aee8c1bbc28464722f740cd4bce4

SHA1
e46f75222f40bb29c723e48cd2dea55e2d59a9d6

SHA256
d11dd76ace2e885b3e5bf4e969081be1fe8a491d9f64dc30e74e00f41f00cb16

SHA512
0159c30c735bb1ce7eb20437aa5ab97270593bff3aeed8b500317b772482d4d78092b0c2520ce3ef9c238ac9d7fa0cefc485374780028c9d99b826c87650674f

Download Submit
/data/user/0/eu.siacs.conversations/databases/history-journal

Filesize
8KB

MD5
0070eb7c8c478622c001fd834253fe02

SHA1
42c13e543424704db6b117cd81d2a9d3b2d281a0

SHA256
7fce744a0fda5a1a067db4c34a92e31549e23c1913fc6d4750d6aaa8362b8b56

SHA512
0d8e0ed4f9a71a8b9adf7e7691984a2f7dcb37ef09c2d949a7afc4aec627b339f0c71798ddacd91d86765d2a71207c2ab871081ce3b027d2cd353e1a65f748c4

Download Submit
/storage/emulated/0/Android/rcl.txt

Filesize
10B

MD5
7c2a3cab8ad4c31621fe279edb81eaf1

SHA1
4b1aa4e85a72cea923b03d416efbc2afcaff4a28

SHA256
deb9808860ec49ecf1afa78131e0ae76633f7d08ac59b77390562ac0c4d543b7

SHA512
9fa98e45164ce6b484ab034aa9fb10c0c944ada9c9484a5201b07e652e8529b33a9cff245f452e80b5dcdb0a0dfdf6e05a35276409d8b49bfaf80709f9c6786b

Download Submit
/storage/emulated/0/Android/rcn.txt

Filesize
12B

MD5
34ee811ae758eea9793e72caa862b2e3

SHA1
ff5cb7d26f3e97563724df377e72ac10c8f7977d

SHA256
0df705f96b9378adea857c7a0e927671946a3d4b9b8a80336160fad5fd7a920d

SHA512
3f51d3da2cdef45d3463d10a447c5a4331b8909cedb76ef70e8a42c32be143259ddb0185f9b1be79ac306522227f814aaba2408bb55eb3b109702bc317c349e4

Download Submit
/storage/emulated/0/Android/rsm.txt

Filesize
9B

MD5
1e7de2d153566aadd8805ce45f4a7276

SHA1
11cf298bccbeddf4f28bdd1906b969af64f398c9

SHA256
d05113facf29f65226276a41b33a4a11036b8951abff942d4105e034d1d3c62a

SHA512
63fb2bd129045ae591747d5b9b67ac9a91b509efd30e6007c32a64da5e0a8655e6c871f149b0390cbd372219f42aa171cbedcf56194adbde793b1d0ab2da85b0

Download Submit
/storage/emulated/0/Android/scl.txt

Filesize
36B

MD5
9d1e990fc90dcb8eb96e9463ee27cabf

SHA1
088928fdeec13fa8b623c53e5d8c2bb6c4cb986d

SHA256
7ee2c2f54e00123e929d5a44e519258b74bab3e548a178415a0daad6fe746bad

SHA512
764ca60bb47870c5882bc21ee1d5f8fef589aba1c4cac8581084b2b30834d85bcd3460cfa37727ccbecbaab25a2a018b59839cdc001b6a992048cd631402dd2c

Download Submit
/storage/emulated/0/Android/scl.txt

Filesize
72B

MD5
126f756ffe0aa8ed55c26496d311a6fa

SHA1
f2b799ca5ad959548ac612fac780eb2dd754c569

SHA256
5cd179541563295ee07845c6b0e753488db5ac623ce91a89b58c63d7fbb94408

SHA512
1b49fec0d8155469a2d3b1237619724f82fde3a6058b004717ac3ba30173f6cdd0a06403c8b007ad9eeae4bc96604bbfc746356f16f5278f9236db256d5fb72b

Download Submit