gravityrat | 380df073825aca1e2fdbea379431c2f4571a8c7d9369e207a31d2479fbc7be88

Analysis

max time kernel
151s
max time network
154s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
26-02-2024 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cloudie.apk
Size

12.3MB
MD5

ec28788283207fa601777801450497f8
SHA1

84b337bdc96d540b1df8ed3772a75c6cc2095552
SHA256

380df073825aca1e2fdbea379431c2f4571a8c7d9369e207a31d2479fbc7be88
SHA512

2187a063dab6ff388265955fe3b6478780f832ced1ca7ae4981b79e3aaed01c76f293db64099bd5a7eb24c4041e9a9146c84791765695d242dd3a4a96e681cc4
SSDEEP

196608:vbqF11OSldaa+lUJxl448vDIg5Qe8g3ziNcnQE6MObB+5L9VTT18sGmtpfAs:vb4ca+SsLDIg5733ziMflOyT9GeAs

Score

10^/10

gravityrat backdoor collection discovery

Malware Config

Signatures

GravityRAT
GravityRAT family.
backdoor gravityrat

Reads the content of SMS inbox messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/inbox	com.example.livedrive

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.example.livedrive

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.example.livedrive
1⤵
- Reads the content of SMS inbox messages.
- Reads the content of the call log.
PID:5021

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads