androrat | 7eb00f9351a7a2caeefdaa172288c2ae77922407c88f4f517884a600d3ea812f | Triage

Sharing

General

Target

system.apk
Size

2.2MB
Sample

240914-vx6l8awalr
MD5

0b8fa481a40dea489c019ffe85c3dd7e
SHA1

24c9eb572d3fcc8727ef3d0bb4a58bbccba702b8
SHA256

7eb00f9351a7a2caeefdaa172288c2ae77922407c88f4f517884a600d3ea812f
SHA512

e18d8ba908765ed2e15528d563c5902c9544d9336ec4a6cfe13174c42b15c46f437e9f0718a7af786374079ded2444b0fff5aa4d941972911fe654674b96d41b
SSDEEP

49152:kgeFnfKo5c6ZXSbArvhlywS4zF64kC1apeR7kvgvYfsr:kg2n35hSMv3yN4zF6nC1/kT0r

Score

10^/10

androrat android discovery evasion execution persistence stealth trojan

Malware Config

Extracted

Family

androrat

C2

176.37.81.222:8585

Targets

- Target
  
  system.apk
- Size
  
  2.2MB
- MD5
  
  0b8fa481a40dea489c019ffe85c3dd7e
- SHA1
  
  24c9eb572d3fcc8727ef3d0bb4a58bbccba702b8
- SHA256
  
  7eb00f9351a7a2caeefdaa172288c2ae77922407c88f4f517884a600d3ea812f
- SHA512
  
  e18d8ba908765ed2e15528d563c5902c9544d9336ec4a6cfe13174c42b15c46f437e9f0718a7af786374079ded2444b0fff5aa4d941972911fe654674b96d41b
- SSDEEP
  
  49152:kgeFnfKo5c6ZXSbArvhlywS4zF64kC1apeR7kvgvYfsr:kg2n35hSMv3yN4zF6nC1/kT0r
Score

8^/10

discovery execution persistence evasion stealth trojan
- Checks if the Android device is rooted.
  evasion
- Removes its main activity from the application launcher
  stealth trojan evasion
- Queries information about active data network
  discovery
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

System Information Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionpersistence

behavioral2

evasionstealthtrojan