Overview

overview

10

Static

static

10

442fbbb66e...a9.apk

android-9-x86

8

442fbbb66e...a9.apk

android-10-x64

8

442fbbb66e...a9.apk

android-11-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    442fbbb66efd3c21ba1c333ce8be02bb7ad057528c72bf1eb1e07903482211a9.apk

  • Size

    8.2MB

  • Sample

    240705-g12ksatelr

  • MD5

    d92eecc462e59f3e2061a6a568935b96

  • SHA1

    14596ae969626eecdb7aa5d73a1b89dd0fbc53f8

  • SHA256

    442fbbb66efd3c21ba1c333ce8be02bb7ad057528c72bf1eb1e07903482211a9

  • SHA512

    7a4c0ac8599b1dd6e0ea303d1e71fc95c5aa9b1a6c4a84e0944a5ec2b586abd8b030322ea9161ecb91fb72790db77d4c209c494f21d1fe5403e196d393f13958

  • SSDEEP

    196608:VdcvyH+j818fUwe1Wz2AUFcgd+dMw0+dMwm+dMwA+dMwC+dMws0n:VNR+d6DFcSqMw0qMwmqMwAqMwCqMws0n

Score
10/10
rafelratandroidcollectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Extracted

Family

rafelrat

C2

https://abutalebnew.000webhostapp.com/Server_Panel/public/commands.php

Targets

    • Target

      442fbbb66efd3c21ba1c333ce8be02bb7ad057528c72bf1eb1e07903482211a9.apk

    • Size

      8.2MB

    • MD5

      d92eecc462e59f3e2061a6a568935b96

    • SHA1

      14596ae969626eecdb7aa5d73a1b89dd0fbc53f8

    • SHA256

      442fbbb66efd3c21ba1c333ce8be02bb7ad057528c72bf1eb1e07903482211a9

    • SHA512

      7a4c0ac8599b1dd6e0ea303d1e71fc95c5aa9b1a6c4a84e0944a5ec2b586abd8b030322ea9161ecb91fb72790db77d4c209c494f21d1fe5403e196d393f13958

    • SSDEEP

      196608:VdcvyH+j818fUwe1Wz2AUFcgd+dMw0+dMwm+dMwA+dMwC+dMws0n:VNR+d6DFcSqMw0qMwmqMwAqMwCqMws0n

    Score
    8/10
    discoveryevasionpersistencecollectioncredential_accessimpact

    • Checks if the Android device is rooted.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Legitimate hosting services abused for malware hosting/C2

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks