General

  • Target

    ANDROID_RAT.rar

  • Size

    15.8MB

  • MD5

    f121b24292ab6b5c0fdc6f165f7e869d

  • SHA1

    f5a34d026d56262ddf99b8099706d0c774b3cfb7

  • SHA256

    8a78fdf56fe352e39b804faa5f544db35694ea6d0d46297d52bb66986604ab15

  • SHA512

    954647af0d46b744073e642e84b91440e864c2e185ce7a1455360dc3d0065066fe9a99fe13684ad45658e871aa0ff485c43488b94c0b2d5bf4e6de97e172bd36

  • SSDEEP

    393216:JKSn4hsYBCxVv2A6VbjSKgtB2WFVCHKSn4hsYBCxVv2A6VbjSKgtB2WFVCZ:JX+sYcVvf6VjSltxCHX+sYcVvf6VjSlQ

Malware Config

Signatures

  • An infostealer written in Python and packaged with PyInstaller. 2 IoCs
  • Crealstealer family
  • Detects Pyinstaller 2 IoCs
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • ANDROID_RAT.rar
    .rar
  • ANDROID RAT/Build 1.exe
    .exe windows:5 windows x64 arch:x64

    0b5552dccd9d0a834cea55c0c8fc05be


    Headers

    Imports

    Sections

  • Creal.pyc
  • ANDROID RAT/Compiler.exe
    .exe windows:5 windows x64 arch:x64

    0b5552dccd9d0a834cea55c0c8fc05be


    Headers

    Imports

    Sections

  • Creal.pyc
  • ANDROID RAT/Readme.txt
  • ANDROID RAT/Run first.bat