Analysis

  • max time kernel
    12s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    13-09-2024 18:46

General

  • Target

    Live Tiktok.apk

  • Size

    3.3MB

  • MD5

    4106bc5d5551761b8dfeacc47217563b

  • SHA1

    03f9de2ddd7dd96d20d1f06ac3db900b890c73c9

  • SHA256

    c7e0f6bec293dc451cfd65030dcf6b847c83ec252cf62c2722ad96cb7aaeb069

  • SHA512

    89e267ab76e38625955e10c8fc629fa02701ea6ed95c46c07ea8adea579e5d3a6be186862f320c632aa54a00cb526a307d40257bd75d630b5d62125e9baa3821

  • SSDEEP

    49152:P3BzBInlSy8vOFOJ+B2dvBSWDmH/tyEY+jWL9xuKU2L7wuzP/M+4IJj8YarJig9M:p1IlSy86OJ+BKBf0/9CRvUWDM+vJoltC

Malware Config

Signatures

  • 888RAT

    888RAT is an Android remote administration tool.

  • Acquires the wake lock 1 IoCs
  • Declares services with permission to bind to the system 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Requests dangerous framework permissions 4 IoCs

Processes

  • com.example.dat.a8andoserverx
    1⤵
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    PID:4349

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/.app.apk

    Filesize

    1.4MB

    MD5

    13073de69286b27058682b1f997e8a43

    SHA1

    0454fc81ab3f0b9fecf2b724ea9f6068f32c3945

    SHA256

    b666b3d6f59062959281f8eb28da96c3b42db92e5b65846c41b1c60afe193993

    SHA512

    858cf7cd1b048d260c50ac4113ea23c6859fec53b987d5a9e7aa40d5ffe02f5a4118882db422af01bb697ca39aa1af5fb3028b12f5c7f7d163debc51709decec