androrat | 29b1831f1afbb8b0a67938002f2a8d1a6cf51c82e5903b1bd5afd90c03b1d16d | Triage

Sharing

General

Target

29b1831f1afbb8b0a67938002f2a8d1a6cf51c82e5903b1bd5afd90c03b1d16d
Size

2.2MB
Sample

240918-zgjvqssdna
MD5

67975135ba00b417270e4214dd2e6c2b
SHA1

7bd4d816e2d768efdccdd37b66d01561d730d67e
SHA256

29b1831f1afbb8b0a67938002f2a8d1a6cf51c82e5903b1bd5afd90c03b1d16d
SHA512

5c4299e8b11e1c1a5add1b589ecc898614b285801579c88dc52b677346ccfb175e4413f269d1d10931de86348338f071f7b456c8a5c4250d0efe341a78be8c76
SSDEEP

49152:ZZ5JRJrEL2L/lQs8M7ysihlJbGGt+CfH9Wj8vWogvYQj:ZZPBLtQt60d+CPrWyQj

Score

10^/10

androrat android evasion stealth trojan

Malware Config

Extracted

Family

androrat

C2

10.200.166.240:1222

Targets

- Target
  
  29b1831f1afbb8b0a67938002f2a8d1a6cf51c82e5903b1bd5afd90c03b1d16d
- Size
  
  2.2MB
- MD5
  
  67975135ba00b417270e4214dd2e6c2b
- SHA1
  
  7bd4d816e2d768efdccdd37b66d01561d730d67e
- SHA256
  
  29b1831f1afbb8b0a67938002f2a8d1a6cf51c82e5903b1bd5afd90c03b1d16d
- SHA512
  
  5c4299e8b11e1c1a5add1b589ecc898614b285801579c88dc52b677346ccfb175e4413f269d1d10931de86348338f071f7b456c8a5c4250d0efe341a78be8c76
- SSDEEP
  
  49152:ZZ5JRJrEL2L/lQs8M7ysihlJbGGt+CfH9Wj8vWogvYQj:ZZPBLtQt60d+CPrWyQj
Score

8^/10

evasion stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionstealthtrojan

behavioral2

evasionstealthtrojan

behavioral3

evasionstealthtrojan