888rat | fee6f339c94ca51f3a45ff5dd820b47909790eb1eb986c17ce9edaa11901c1a9 | Triage

Submit
Reports

Overview

overview

Static

static

9fed52ee73...88.apk

android-9-x86

8

9fed52ee73...88.apk

android-10-x64

8

9fed52ee73...88.apk

android-11-x64

8

Sharing

General

Target

sep_tiktokSpyware.zip
Size

1.4MB
Sample

240814-2sl6cavdrr
MD5

17a38d2889794604c8183c089b9cc3a8
SHA1

9d94ab5cd091cba40d6f5973894975bfb187b2a1
SHA256

fee6f339c94ca51f3a45ff5dd820b47909790eb1eb986c17ce9edaa11901c1a9
SHA512

87c0147e255f6eaa6b1b5c71be73fe152e4d57b3c86c3d625a7390b332ae7e6533a337cd38fd56bbfb552e5783b3b3b973771ee0b962b96cfb08befef2c80e8a
SSDEEP

24576:D+GeBkGFAlp1jKfdmQgcPjjEJaKwMbSWVnVKAmkIjNzTmzX7sAW43/BigHmwfTgb:UWlnijfEs/MWWfKNkIjNWnsI3/Bb7ru

Score

10^/10

888rat android discovery evasion persistence stealth trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

9fed52ee7312e217bd10d6a156c8b988.apk

Resource

android-x86-arm-20240624-en

discovery evasion persistence stealth trojan

android-9-x86

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

9fed52ee7312e217bd10d6a156c8b988.apk

Resource

android-x64-20240624-en

discovery evasion persistence stealth trojan

android-10-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

9fed52ee7312e217bd10d6a156c8b988.apk

Resource

android-x64-arm64-20240624-en

discovery evasion persistence stealth trojan

android-11-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  9fed52ee7312e217bd10d6a156c8b988.apk
- Size
  
  1.7MB
- MD5
  
  9fed52ee7312e217bd10d6a156c8b988
- SHA1
  
  3e23c0d93b51e06918c69b138ef5fbeb921c9f95
- SHA256
  
  6ac2fadf96fb423f7c22521fcb106e44343d26c8d682e8b5a460cdf8388b2178
- SHA512
  
  dfd8dc7d623d2c142cbe11473324f34250115fb3c7e08a6b60f319ac9f419aa5301f3e042a525639398c54cfe3f1175426af09732cbb05932e4487baa91f5f4d
- SSDEEP
  
  24576:0ZCqpP9JH/VoVPvQrHs7zOSKHynup2usCAdYvgK5zT2y6HvCVMjny9L5hX/zqrI:0ZxxVopuHsOltFgg6abvX/zuI
Score

8^/10

discovery evasion persistence stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

discoveryevasionpersistencestealthtrojan

behavioral2

discoveryevasionpersistencestealthtrojan

behavioral3

discoveryevasionpersistencestealthtrojan

© 2018-2024

Terms | Privacy