gravityrat | 36851d1da9b2f35da92d70d4c88ea1675f1059d68fafd3abb1099e075512b45e

Analysis

max time kernel
102s
max time network
94s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
27-03-2024 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36851d1da9b2f35da92d70d4c88ea1675f1059d68fafd3abb1099e075512b45e.apk
Size

12.3MB
MD5

8073ed7dc906d83db7f1cfebddff8e31
SHA1

e0b09cc0f0e210de84937ada7e5d19dce5132c89
SHA256

36851d1da9b2f35da92d70d4c88ea1675f1059d68fafd3abb1099e075512b45e
SHA512

97d0072d1352d2f7cd919b89d32c53f8bdd1e1da53aa33c09b87337dfbf9d666f7e3e75825b4ab17229655bd382649d52c2d92ad8355391519e776a101f0460b
SSDEEP

196608:bGs1F11OSoKaRCBlWvGUcct7ww66toQYnUzHECotipEXrmCx+wJAEplXpKHm6:bvoKaYgptcwPoQYgHutipUmCswJTXEN

Score

10^/10

gravityrat backdoor collection discovery evasion persistence

Malware Config

Signatures

GravityRAT
GravityRAT family.
backdoor gravityrat

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.example.livedrive

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/data/phones	com.example.livedrive

Reads the content of SMS inbox messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/inbox	com.example.livedrive

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.example.livedrive

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.example.livedrive
1⤵
- Makes use of the framework's foreground persistence service
- Reads the contacts stored on the device.
- Reads the content of SMS inbox messages.
- Reads the content of the call log.
PID:5037

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.example.livedrive/databases/firestore.%5BDEFAULT%5D.cloudie-871bc.%28default%29

Filesize
12KB

MD5
163b0e3f017becbc89b9d7f330b78f09

SHA1
1ef9cd8ac8655190468d0ccece0a4738634ab0f9

SHA256
cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36

SHA512
6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

Download Submit
/data/data/com.example.livedrive/databases/firestore.%5BDEFAULT%5D.cloudie-871bc.%28default%29-journal

Filesize
512B

MD5
50d50d21937dee1eb6b723aac3ab26dc

SHA1
323d85eeda301871014493425501f358a8c88262

SHA256
4f830a0fc5c9f378c7a0b6a336fe83c43065191b64c0b3251729b562e8fad061

SHA512
a0080ea456ab946b3dbd1a3c61a1890cace9224b029ea9a04f4f41a7d1aa1dbe81a947832952230e6688d84ea3b0b9e6efdd47bb3e6d1433695fc815c659616b

Download Submit
/data/data/com.example.livedrive/databases/firestore.%5BDEFAULT%5D.cloudie-871bc.%28default%29-journal

Filesize
8KB

MD5
f73b4db05b547fc60b5b21144fbc551c

SHA1
e76715dbdb1bca110ca2a461586cf122bb084bc4

SHA256
eecdee93d246e6913aa4ce24b4f01ea16debf8393b13848d152f1225c34704f7

SHA512
09793630667acc5a4c8d32e91d9a64ea463043d4b4e0a1377e5d8593d6ef852cecd9dc9bccddb855cdcb01bfe444726af3a6bb5dae03eb0ea12a16c0a1c1d1e3

Download Submit
/data/data/com.example.livedrive/databases/firestore.%5BDEFAULT%5D.cloudie-871bc.%28default%29-journal

Filesize
8KB

MD5
910f0ce19b0c63894fe5cb6932caef57

SHA1
6acd49cdea6d2cc1f3dc424dbd11b3a3b45b3132

SHA256
08a6e37e334920d1236f0cee8059858bc7dea31179cf0637f76a43f69c1695ea

SHA512
14d016cbc53ea2d7208d749226e1963c2119a39cade9304a9a81fc45832bf93f77b86d7da724b61c4503e957aae3e79b99640df0c763412d3b60feedab6e76b2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads