888rat | 0fec5a20a4002ac124f46697743b7ad42389f6a089cb7771bd9ba643369a938b | Triage

Submit
Reports

Overview

overview

Static

static

PRLOIX.apk

android-13-x64

6

Sharing

General

Target

PRLOIX.apk
Size

1.9MB
Sample

240914-tnm8vatbnb
MD5

527454ce96785029b24823e6b0183317
SHA1

0556c4164393337ed292225528c9d0a5b2795ccd
SHA256

0fec5a20a4002ac124f46697743b7ad42389f6a089cb7771bd9ba643369a938b
SHA512

7402af195f66a7a17a6de7d3c8e27a5f688752fdcf5bab13aac4919abf3ea183592d96c6006157322475a3a5535718502613fef735aa09537d4bb8c9accdd0c2
SSDEEP

49152:jrLktsI3deNsQlY8CNvu48i/t98TBmjg9588:rNI3dAruvNm/i/YBrR

Score

10^/10

888rat android evasion persistence

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

PRLOIX.apk

Resource

android-33-x64-arm64-20240624-en

evasion persistence

android-13-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  PRLOIX.apk
- Size
  
  1.9MB
- MD5
  
  527454ce96785029b24823e6b0183317
- SHA1
  
  0556c4164393337ed292225528c9d0a5b2795ccd
- SHA256
  
  0fec5a20a4002ac124f46697743b7ad42389f6a089cb7771bd9ba643369a938b
- SHA512
  
  7402af195f66a7a17a6de7d3c8e27a5f688752fdcf5bab13aac4919abf3ea183592d96c6006157322475a3a5535718502613fef735aa09537d4bb8c9accdd0c2
- SSDEEP
  
  49152:jrLktsI3deNsQlY8CNvu48i/t98TBmjg9588:rNI3dAruvNm/i/YBrR
Score

6^/10

evasion persistence
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

© 2018-2024

Terms | Privacy