888rat | 0230783fd8557685df5334e84f2fa437[.]apk

General

Target

0230783fd8557685df5334e84f2fa437.apk
Size

38.6MB
MD5

0230783fd8557685df5334e84f2fa437
SHA1

572377fe51f2224328861b1b70e7735790441ad4
SHA256

ce0ef4122015076b9dd65a6ce0c76b7acaf0fd891b3d84bd7ccc3b15393a6508
SHA512

b0bb0448bc7f1ae74b63ba2027c015d021990200bf0b17f0544ce41a23ba17adc2b8f5058a9f44d02aa53ea1593b27deec4af7e538c24418c71ff42abd696419
SSDEEP

786432:yVRMg3zAmwc2OG3KnTc+SYREzj0hFFwf3XSn:mzxwgTSgEzj0hI3XSn

Score

10^/10

888rat family
888rat
Android 888 RAT payload 1 IoCs

Processes:

resource yara_rule

sample family_888rat
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Processes:

resource yara_rule

sample disable_win_def
XMRig Miner payload 1 IoCs
miner

Processes:

resource yara_rule

sample xmrig
Xmrig family
xmrig
ReZer0 packer 1 IoCs
Detects ReZer0, a packer with multiple versions used in various campaigns.
rezer0

Processes:

resource yara_rule

sample rezer0
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
pdf link

Processes:

resource yara_rule

sample pdf_with_link_action
Office document contains embedded OLE objects 1 IoCs
Detected embedded OLE objects in Office documents.

Processes:

resource yara_rule

sample office_ole_embedded

resource	yara_rule
sample	family_888rat

resource	yara_rule
sample	disable_win_def

resource	yara_rule
sample	xmrig

resource	yara_rule
sample	rezer0

resource	yara_rule
sample	pdf_with_link_action

resource	yara_rule
sample	office_ole_embedded