sandrorat | bc850c692e84f67ec59c08e6e893e479b6b1a24a5b4097dfa3c70396c9bb9b40 | Triage

Sharing

General

Target

bc850c692e84f67ec59c08e6e893e479b6b1a24a5b4097dfa3c70396c9bb9b40.apk
Size

254KB
Sample

240817-pk1ybavfjg
MD5

241c0118347f7af0a76b6d868526e896
SHA1

c34f1f3911a04513e69a6ff042fc1fb619459f81
SHA256

bc850c692e84f67ec59c08e6e893e479b6b1a24a5b4097dfa3c70396c9bb9b40
SHA512

f5fb725f19ebfa69f04e3dcd311d1d8e7f7b5ca5f1c83a38ff5a8f266ca6620ee7b06dac3b943a1ca1c912e177b88e773bc1f5abb4145447bb9e9042df52a20e
SSDEEP

6144:oyxr4i5JBuB6SdsQN8zmnDbAYWDz3X7OdcibM/ub881Fn87JGcC:JmyJBuBsID0YWn3X7O+ubpnWJGb

Score

10^/10

sandrorat android discovery persistence

Malware Config

Extracted

Family

sandrorat

C2

googlesettings.system.net:1122

Targets

- Target
  
  bc850c692e84f67ec59c08e6e893e479b6b1a24a5b4097dfa3c70396c9bb9b40.apk
- Size
  
  254KB
- MD5
  
  241c0118347f7af0a76b6d868526e896
- SHA1
  
  c34f1f3911a04513e69a6ff042fc1fb619459f81
- SHA256
  
  bc850c692e84f67ec59c08e6e893e479b6b1a24a5b4097dfa3c70396c9bb9b40
- SHA512
  
  f5fb725f19ebfa69f04e3dcd311d1d8e7f7b5ca5f1c83a38ff5a8f266ca6620ee7b06dac3b943a1ca1c912e177b88e773bc1f5abb4145447bb9e9042df52a20e
- SSDEEP
  
  6144:oyxr4i5JBuB6SdsQN8zmnDbAYWDz3X7OdcibM/ub881Fn87JGcC:JmyJBuBsID0YWn3X7O+ubpnWJGb
Score

6^/10

discovery persistence
- Acquires the wake lock
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

behavioral3