General
-
Target
d1f2ed3e379cde7375a001f967ce145a5bba23ca668685ac96907ba8a0d29320.apk
-
Size
8.6MB
-
Sample
240702-cwkn9awflp
-
MD5
94bca3926cd70f60d54be7218dd7ac55
-
SHA1
b0a58d44603f9b184cf26bf5b265644f9843faef
-
SHA256
d1f2ed3e379cde7375a001f967ce145a5bba23ca668685ac96907ba8a0d29320
-
SHA512
3d3608358323531f518d281dd95fd1412685406d43b4a941c55d41d64cc14566358b045484fdc6b6212daef4cfe6a17c565fef5f0bb05964e0a38b31eec2d4c5
-
SSDEEP
196608:x1+dMws+dMwQ+dMwG+dMws+dMwVqxpe+2DPFNMjDO7RU:x1qMwsqMwQqMwGqMwsqMwVqpeRhYya
Malware Config
Extracted
rafelrat
https://atualizarnovo10.000webhotapp.com/public/commands.php
Targets
-
-
Target
d1f2ed3e379cde7375a001f967ce145a5bba23ca668685ac96907ba8a0d29320.apk
-
Size
8.6MB
-
MD5
94bca3926cd70f60d54be7218dd7ac55
-
SHA1
b0a58d44603f9b184cf26bf5b265644f9843faef
-
SHA256
d1f2ed3e379cde7375a001f967ce145a5bba23ca668685ac96907ba8a0d29320
-
SHA512
3d3608358323531f518d281dd95fd1412685406d43b4a941c55d41d64cc14566358b045484fdc6b6212daef4cfe6a17c565fef5f0bb05964e0a38b31eec2d4c5
-
SSDEEP
196608:x1+dMws+dMwQ+dMwG+dMws+dMwVqxpe+2DPFNMjDO7RU:x1qMwsqMwQqMwGqMwsqMwVqpeRhYya
Score10/10-
rafelrat
RafelRAT is an open source Android RAT.
-
Checks if the Android device is rooted.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Legitimate hosting services abused for malware hosting/C2
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-