888rat | 17c984f927330422965f3bebe23021c5ddf8c786558ac586fa0e89c8108b259b | Triage

Sharing

General

Target

KKMXAO.apk
Size

2.0MB
Sample

240818-dahs7sthkq
MD5

96488e82f25cabea65df35d1feed3c30
SHA1

064eb2d5e5fe91346f3fec8808ada3c42db9172d
SHA256

17c984f927330422965f3bebe23021c5ddf8c786558ac586fa0e89c8108b259b
SHA512

7e0d0503eee4e5a54eeb85bfb6179053fcd2f5fa39114b3cb2f3a3400fa0ec6866cd496c9de712d8e8ead3aa09aac0b8c93d8817746170ce0e6e139f97057e4a
SSDEEP

49152:iEoMTx96BjMKtUpJm5jMFd2Oh8O+wUvq83Pi2JTplj:isdajMKKpJKjM32O+FwU93Pi+j

Score

10^/10

888rat android discovery evasion impact persistence privilege_escalation stealth trojan

Malware Config

Targets

- Target
  
  KKMXAO.apk
- Size
  
  2.0MB
- MD5
  
  96488e82f25cabea65df35d1feed3c30
- SHA1
  
  064eb2d5e5fe91346f3fec8808ada3c42db9172d
- SHA256
  
  17c984f927330422965f3bebe23021c5ddf8c786558ac586fa0e89c8108b259b
- SHA512
  
  7e0d0503eee4e5a54eeb85bfb6179053fcd2f5fa39114b3cb2f3a3400fa0ec6866cd496c9de712d8e8ead3aa09aac0b8c93d8817746170ce0e6e139f97057e4a
- SSDEEP
  
  49152:iEoMTx96BjMKtUpJm5jMFd2Oh8O+wUvq83Pi2JTplj:isdajMKKpJKjM32O+FwU93Pi+j
Score

8^/10

discovery evasion impact persistence privilege_escalation stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Hide Artifacts

Suppress Application Icon

User Evasion

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

discoveryevasionimpactpersistenceprivilege_escalationstealthtrojan

behavioral2

discoveryevasionpersistence

behavioral3

discoveryevasionimpactpersistenceprivilege_escalation