888rat | 23d23ede447193122acb545e6cff008d385b13d814a36c678db965d4e053a87a

Analysis

max time kernel
12s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
13-09-2024 18:56

Target

23d23ede447193122acb545e6cff008d385b13d814a36c678db965d4e053a87a.apk
Size

3.3MB
MD5

c0dc87eb093913aac099e6e52ea810df
SHA1

a70863d6fb7564e81d4867165e9381d9cd2d86a8
SHA256

23d23ede447193122acb545e6cff008d385b13d814a36c678db965d4e053a87a
SHA512

2674afbad0809e95862257d382e8dbeab14f0af4b2757fc0eab422a6bd514c00f758b7455ddcdfcc643e18420b1505a386ced061f217150e29a7cfd52ddf073e
SSDEEP

98304:Z3YTPlToffum+rspiiawHOpMC4oM+vJoeO:Z3YTRsoUiiVHOpMrowB

Score

10^/10

888RAT
888RAT is an Android remote administration tool.
trojan infostealer rat 888rat
Acquires the wake lock 1 IoCs

Processes:

com.example.dat.a8andoserverx

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.example.dat.a8andoserverx

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.example.dat.a8andoserverx

Declares services with permission to bind to the system 1 IoCs

Processes:

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.example.dat.a8andoserverx

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.example.dat.a8andoserverx

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.example.dat.a8andoserverx

Requests dangerous framework permissions 4 IoCs

Processes:

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS

com.example.dat.a8andoserverx
1⤵
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
PID:4919

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

/storage/emulated/0/.app.apk

Filesize
1.4MB

MD5
ddf7b546b980a2a8c80e9c1b25d835df

SHA1
3ab920f00e9b63b4c0862f8981d65beae5fa86c6

SHA256
8e2b96c09f74b905c879a5a65313d99458bc3fc620322aac75072431d811d959

SHA512
71075944c1c506246aa26f264079591ab6e406b6aa310a8c7e92fd2fb62210995d559f4862f4d47fe53c5fc342dcb1451f4cc92f0482a65e2d0cc93a07ec2b5f

Download Submit