3647d81859e4b44ee4f32ad2cda1178898d8c0cedfdbd26055d1373288d247ba

General

Target

AndroidSideloader v2.28.exe
Size

4.0MB
MD5

20947cc58e2add3e4b157273bad06541
SHA1

24e769605cf998cfb88b7425fbce274389040ab1
SHA256

989ebdeb5fc4114b6db0fc7f29e44e63ad42ece9842ca99a872fba33033f99bb
SHA512

896009a698abfcfabe0776bab2ebd3e570b0e3bd550b419241e1c5706940498a9fc1ca41b0b6352248a148781498d640d5d9c37381f2585978761a447820b296
SSDEEP

12288:QYGiwTOrVwTOnwTOnwTO9xpwTO/HwTOnwTOmEoyyN302V8gvp5bu9TlLfUTdwq1e:QY9jV//Ppn/0yyNEwJvvbuhZUTd+h

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3556	AndroidSideloader v2.28.exe
3556	AndroidSideloader v2.28.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3556	AndroidSideloader v2.28.exe

C:\Users\Admin\AppData\Local\Temp\AndroidSideloader v2.28.exe
"C:\Users\Admin\AppData\Local\Temp\AndroidSideloader v2.28.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader_v2.28.e_Url_gdcod45oay4ctqjyiq2lpjyiwiww2rrq\2.0.0.0\3xudtruu.newcfg

Filesize
2KB

MD5
695babc167cab96a67dd43ba91ed7c46

SHA1
39f9dcc4d5d5596e97e9de0a4201100940629c64

SHA256
cc22ad55a868dd64a177fa61b8af275061b19c2339419dae8a18ecab4e2d93f5

SHA512
91803b3f8409f821e6942754e91eda63805b2a25710dce74c6a405ac1f1d8356395e925a7bf59f289457687b4f778c5990a2d3bc2d322750444ede4f32bab7c2

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader_v2.28.e_Url_gdcod45oay4ctqjyiq2lpjyiwiww2rrq\2.0.0.0\user.config

Filesize
838B

MD5
6dc22626c68e39d1f7a92bc247d064fa

SHA1
06d72094b8ccfb2cd09e3b04fa79cd2f4efbb40c

SHA256
5b1cfb327e8e4f605cdb650526ab442cc846ce97cfdc51d1da23dfecb3abdf60

SHA512
09858fce9752da51c915859873510c5f115b8d2b2ffa9b3bfe8bee20b804de1fe3ef8bbe5448b2374d6089af29e9d7914e0098df675e5eef240d4f1649a0db72

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader_v2.28.e_Url_gdcod45oay4ctqjyiq2lpjyiwiww2rrq\2.0.0.0\user.config

Filesize
2KB

MD5
09fa86db828a3e63376ef56b483f73de

SHA1
e26a025ef398e577b20dce50b39a340d6998bf09

SHA256
fcdf02fca34cb65ab1272e5afc988f3266aebbfa568a9d56c59aeaeeb4e16a9c

SHA512
6a3cdc38ae51add9e7d5397c86a941adf1b9499ae44da8493594ee6e4f2722c8f7c2807fcec2b802dca0dc90abf4d104035aabe36c573f4f32c6a1b7e74e94b9

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader_v2.28.e_Url_gdcod45oay4ctqjyiq2lpjyiwiww2rrq\2.0.0.0\user.config

Filesize
2KB

MD5
6c50f8b5923f807f8f99be244b531bfe

SHA1
45c1c423d03d71534d650007e4f702d20b643401

SHA256
8ad2b748cba26ce86c73bfe8981532afdb0c7797f40c761010751a5102c50839

SHA512
7938e122e903128cb90a5944710c837d0e03d562c75d7570bda64dbc7a4cf73e3e2ac97db617a8044b4519f54951984c7bb1aa897c2a29269feda92051226922

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader_v2.28.e_Url_gdcod45oay4ctqjyiq2lpjyiwiww2rrq\2.0.0.0\user.config

Filesize
2KB

MD5
da4fb69e5ceab06c75512b52bdc8eeee

SHA1
ac407bbb1317faf7a04fd30e4865ba798530cf3b

SHA256
102f045d1bffea67e3bd66e5af8645aa7489545337f0af7e1d488b04a5560a77

SHA512
4a0ba33071c5d6b1aa1e1f71975bc31ef5d486bb8fbc1bbdc934fa4a5fa140760e46fbdb5852a99989c894d8e598324ed55b1d91714e492b579094d40fe07234

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader_v2.28.e_Url_gdcod45oay4ctqjyiq2lpjyiwiww2rrq\2.0.0.0\vbopu5yd.newcfg

Filesize
3KB

MD5
4ae0ada21fdb6be3ddf4c658eb58acee

SHA1
00fc40c69d22b9625a70b84c99583403c9f340a2

SHA256
957647e9a3a1720af8d2b731092e618d13cbcf972a163790d717de882bde6bf5

SHA512
4fbf5c46a653d7290f823e0a0bc27bf51ed726f6da5cbf37b766e3a3974051a3ded879a00dad98cc164dcd9447feabcdef28bbc2b7554b9d550290fa0c98e0b6

Download Submit
memory/3556-33-0x0000000005710000-0x0000000005720000-memory.dmp

Filesize
64KB

Download
memory/3556-36-0x0000000005710000-0x0000000005720000-memory.dmp

Filesize
64KB

Download
memory/3556-10-0x0000000005980000-0x00000000059CA000-memory.dmp

Filesize
296KB

Download
memory/3556-8-0x00000000057B0000-0x00000000057BC000-memory.dmp

Filesize
48KB

Download
memory/3556-7-0x0000000005730000-0x000000000573A000-memory.dmp

Filesize
40KB

Download
memory/3556-4-0x0000000005710000-0x0000000005720000-memory.dmp

Filesize
64KB

Download
memory/3556-0-0x0000000000830000-0x0000000000C3C000-memory.dmp

Filesize
4.0MB

Download
memory/3556-34-0x0000000008C90000-0x0000000008D40000-memory.dmp

Filesize
704KB

Download
memory/3556-35-0x00000000744E0000-0x0000000074C91000-memory.dmp

Filesize
7.7MB

Download
memory/3556-9-0x0000000005970000-0x000000000597C000-memory.dmp

Filesize
48KB

Download
memory/3556-37-0x0000000005710000-0x0000000005720000-memory.dmp

Filesize
64KB

Download
memory/3556-38-0x0000000008EB0000-0x0000000008ED2000-memory.dmp

Filesize
136KB

Download
memory/3556-39-0x0000000009890000-0x0000000009BE7000-memory.dmp

Filesize
3.3MB

Download
memory/3556-40-0x000000000A120000-0x000000000A186000-memory.dmp

Filesize
408KB

Download
memory/3556-3-0x00000000057C0000-0x0000000005852000-memory.dmp

Filesize
584KB

Download
memory/3556-2-0x0000000005CD0000-0x0000000006276000-memory.dmp

Filesize
5.6MB

Download
memory/3556-1-0x00000000744E0000-0x0000000074C91000-memory.dmp

Filesize
7.7MB

Download
memory/3556-82-0x00000000744E0000-0x0000000074C91000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing