rafelrat | 3e545df7b9e9bf2221eb42a7d0d9b45183ea205583767d612c4cf489c9cfe962 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

base.apk
Size

8.6MB
Sample

240913-xa5shssanl
MD5

0f9e499294caacbcd515eeb8ce437afe
SHA1

2c9fd958e5a5474a358e2e561c19b244ca2ee356
SHA256

3e545df7b9e9bf2221eb42a7d0d9b45183ea205583767d612c4cf489c9cfe962
SHA512

8377ff9bd8f17739b4f76f157d87a8fb666ab75cc114c69509cfc4d947435c989b2df0c81cedab3189f4b42cf2b7ec9beb03523ba2506b9cbd2427f218a17b3d
SSDEEP

196608:vFNHoD0zdv10PkSrm7QeyZA0VQMVQ8VQaVQwVQ6:vXIDqd9JSS7QeyO0iMi8iaiwi6

Score

10^/10

rafelrat android collection credential_access discovery evasion impact persistence

Malware Config

Extracted

Family

rafelrat

C2

https://lovehurts.000webhostapp.com/Server_Panel/public/commands.php

Targets

- Target
  
  base.apk
- Size
  
  8.6MB
- MD5
  
  0f9e499294caacbcd515eeb8ce437afe
- SHA1
  
  2c9fd958e5a5474a358e2e561c19b244ca2ee356
- SHA256
  
  3e545df7b9e9bf2221eb42a7d0d9b45183ea205583767d612c4cf489c9cfe962
- SHA512
  
  8377ff9bd8f17739b4f76f157d87a8fb666ab75cc114c69509cfc4d947435c989b2df0c81cedab3189f4b42cf2b7ec9beb03523ba2506b9cbd2427f218a17b3d
- SSDEEP
  
  196608:vFNHoD0zdv10PkSrm7QeyZA0VQMVQ8VQaVQwVQ6:vXIDqd9JSS7QeyO0iMi8iaiwi6
Score

8^/10

collection credential_access discovery evasion impact persistence
- Checks if the Android device is rooted.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Legitimate hosting services abused for malware hosting/C2
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries the mobile country code (MCC)
  discovery
- Requests accessing notifications (often used to intercept notifications before users become aware).
  collection credential_access
- Probable phishing domain
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Virtualization/Sandbox Evasion

System Checks

Credential Access

Access Notifications

Clipboard Data

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Access Notifications

Clipboard Data

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionimpactpersistence