888rat | 17c984f927330422965f3bebe23021c5ddf8c786558ac586fa0e89c8108b259b | Triage

Submit
Reports

Overview

overview

Static

static

KKMXAO.apk

android-9-x86

8

KKMXAO.apk

android-10-x64

6

KKMXAO.apk

android-11-x64

6

Sharing

General

Target

KKMXAO.apk
Size

2.0MB
Sample

240818-dahs7sthkq
MD5

96488e82f25cabea65df35d1feed3c30
SHA1

064eb2d5e5fe91346f3fec8808ada3c42db9172d
SHA256

17c984f927330422965f3bebe23021c5ddf8c786558ac586fa0e89c8108b259b
SHA512

7e0d0503eee4e5a54eeb85bfb6179053fcd2f5fa39114b3cb2f3a3400fa0ec6866cd496c9de712d8e8ead3aa09aac0b8c93d8817746170ce0e6e139f97057e4a
SSDEEP

49152:iEoMTx96BjMKtUpJm5jMFd2Oh8O+wUvq83Pi2JTplj:isdajMKKpJKjM32O+FwU93Pi+j

Score

10^/10

888rat android discovery evasion impact persistence privilege_escalation stealth trojan

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

KKMXAO.apk

Resource

android-x86-arm-20240624-en

discovery evasion impact persistence privilege_escalation stealth trojan

android-9-x86

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

KKMXAO.apk

Resource

android-x64-20240624-en

discovery evasion persistence

android-10-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

KKMXAO.apk

Resource

android-x64-arm64-20240624-en

discovery evasion impact persistence privilege_escalation

android-11-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  KKMXAO.apk
- Size
  
  2.0MB
- MD5
  
  96488e82f25cabea65df35d1feed3c30
- SHA1
  
  064eb2d5e5fe91346f3fec8808ada3c42db9172d
- SHA256
  
  17c984f927330422965f3bebe23021c5ddf8c786558ac586fa0e89c8108b259b
- SHA512
  
  7e0d0503eee4e5a54eeb85bfb6179053fcd2f5fa39114b3cb2f3a3400fa0ec6866cd496c9de712d8e8ead3aa09aac0b8c93d8817746170ce0e6e139f97057e4a
- SSDEEP
  
  49152:iEoMTx96BjMKtUpJm5jMFd2Oh8O+wUvq83Pi2JTplj:isdajMKKpJKjM32O+FwU93Pi+j
Score

8^/10

discovery evasion impact persistence privilege_escalation stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

discoveryevasionimpactpersistenceprivilege_escalationstealthtrojan

behavioral2

discoveryevasionpersistence

behavioral3

discoveryevasionimpactpersistenceprivilege_escalation

© 2018-2024

Terms | Privacy