gravityrat | 36851d1da9b2f35da92d70d4c88ea1675f1059d68fafd3abb1099e075512b45e

Analysis

max time kernel
106s
max time network
82s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
27-03-2024 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36851d1da9b2f35da92d70d4c88ea1675f1059d68fafd3abb1099e075512b45e.apk
Size

12.3MB
MD5

8073ed7dc906d83db7f1cfebddff8e31
SHA1

e0b09cc0f0e210de84937ada7e5d19dce5132c89
SHA256

36851d1da9b2f35da92d70d4c88ea1675f1059d68fafd3abb1099e075512b45e
SHA512

97d0072d1352d2f7cd919b89d32c53f8bdd1e1da53aa33c09b87337dfbf9d666f7e3e75825b4ab17229655bd382649d52c2d92ad8355391519e776a101f0460b
SSDEEP

196608:bGs1F11OSoKaRCBlWvGUcct7ww66toQYnUzHECotipEXrmCx+wJAEplXpKHm6:bvoKaYgptcwPoQYgHutipUmCswJTXEN

Score

10^/10

gravityrat backdoor collection discovery evasion persistence

Malware Config

Signatures

GravityRAT
GravityRAT family.
backdoor gravityrat

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.example.livedrive

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/data/phones	com.example.livedrive

Reads the content of SMS inbox messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/inbox	com.example.livedrive

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.example.livedrive

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.example.livedrive
1⤵
- Makes use of the framework's foreground persistence service
- Reads the contacts stored on the device.
- Reads the content of SMS inbox messages.
- Reads the content of the call log.
PID:4465

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads