androrat | test[.]apk

General

Target

test.apk
Size

2.2MB
MD5

6a0757584118a4f7f66df31b023c3b2c
SHA1

26cfaf2b1917006935a41939cc70099ac8c2dacc
SHA256

0db62718e0ac2ce8cb86d208d1a687a9bb453de620b2236521bc2cd65626e30a
SHA512

5ec783ffdafcdce24f83aed07c4f345657b4a4867d619a099dc26d2234f6ef1f9d1336096fa5e59e4665d3b11d05afb060e328cf48dea1c369601ae6ecd742c1
SSDEEP

49152:9rM7sQSgm6ZUp63VW2yzll5J4OV3LszmYQffUrKcgvYma:i4Q3j305V3LsTpKOd

Score

10^/10

androrat

Malware Config

Extracted

Family

androrat

C2

193.161.193.99:59263

Signatures

Androrat family
androrat

Requests dangerous framework permissions 10 IoCs

description	ioc
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE

Files

test.apk
.apk android

com.example.reverseshell2

com.example.reverseshell2.MainActivity

Activities

com.example.reverseshell2.MainActivity

android.intent.action.MAIN

Permissions

android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WAKE_LOCK
android.permission.CAMERA
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.VIBRATE
android.permission.READ_SMS
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_COARSE_LOCATION
android.permission.READ_CALL_LOG
android.permission.RECORD_AUDIO
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE

Receivers

com.example.reverseshell2.broadcastReciever

android.intent.action.BOOT_COMPLETED
android.intent.action.SCREEN_OFF
android.intent.action.SCREEN_ON

com.example.reverseshell2.keypadListner

android.provider.Telephony.SECRET_CODE

Services

Android Permissions

test.apk

Permissions

android.permission.ACCESS_NETWORK_STATE

android.permission.INTERNET

android.permission.ACCESS_WIFI_STATE

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.WAKE_LOCK

android.permission.CAMERA

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.VIBRATE

android.permission.READ_SMS

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_COARSE_LOCATION

android.permission.READ_CALL_LOG

android.permission.RECORD_AUDIO

android.permission.SYSTEM_ALERT_WINDOW

android.permission.READ_PHONE_STATE

Sharing

General

Malware Config

Extracted

Signatures

Files

com.example.reverseshell2

com.example.reverseshell2.MainActivity

Activities

com.example.reverseshell2.MainActivity

Permissions

Receivers

com.example.reverseshell2.broadcastReciever

com.example.reverseshell2.keypadListner

Services

Android Permissions

test.apk