sandrorat | b6d88c1b604301462d0eeaa97ca9a114b61e1d66eecb60636906ccf90644446c

Sharing

Copy URL

Twitter E-mail

General

Target

ef76f412df4275fbeac3e98b7c1661c9_JaffaCakes118
Size

18.1MB
Sample

240921-kz93bavanr
MD5

ef76f412df4275fbeac3e98b7c1661c9
SHA1

c6ee1a0e5e5ff3a95cf6684ea4d3dfa86753cbb7
SHA256

b6d88c1b604301462d0eeaa97ca9a114b61e1d66eecb60636906ccf90644446c
SHA512

ae45323a7d96f284c194eeceb179e6f5a40a3b7189b9305f0f9bfcafa55f18e37ce8e3e146ae15019fb67c2df839f54dbcc7935692ae54ad437a56b28fa8b8fc
SSDEEP

393216:s+ZJZFcRoUoMiob1eO3tC1WIU0s7400L2DvoW9UW:suJZKqUj/tC1s7Su3R

Score

10^/10

Malware Config

Extracted

Family

sandrorat

192.168.1.5:1337

Targets

- Target
  
  DroidJack.4.4.Cracked.2.02.2016/DroidJack/Apktool/SandroRat.apk
- Size
  
  252KB
- MD5
  
  9202458b25d8c56b85b5801c254c43e9
- SHA1
  
  97b1a631fd88b13327b00269f859f0e311b5ac93
- SHA256
  
  03ac348fc2978168bf86a1ba63a32f411e5642fbd11c95f59ff4d4c7e7b049c6
- SHA512
  
  84efc449bfecd6fdf7376086a84a50b3665793dc8e4dfc60e9aefb096e73c4e4e67296c76aee2a0735371d0b57b2d26efc2e18b94b79bfd68d582e395a0f791f
- SSDEEP
  
  6144:yuObopWPaR7mM++Iu8hK+CqoDTvJpsbV1dFqQOG8/8V4Sy8:yuObyjOu1+ToDTRpE1utDf8
Score

1^/10
behavioral1 behavioral2 behavioral3
- Target
  
  aapt
- Size
  
  1.1MB
- MD5
  
  908811c1fbcc200d01c885e0385dc79a
- SHA1
  
  1911c290fb52d2fe821ebec5cec5450735fa58ec
- SHA256
  
  4b0b43987b479c242f40c91bca06a0e7b08dc0af3ce51490b3149cf6b0be9612
- SHA512
  
  76e56e543e7e0944f97f83f7b70368972f84cd732484b3ba1f9d67e61cba1a50b0775c49e34c0c9946ab81a828c6f24cd009e5b20d6d2add13dd07dd2edbeb62
- SSDEEP
  
  24576:xHinq2NVyW/ZH+EbKZBKUq6HGnVgXEM9Vk13yqGV:xHiq2NVflEZIUq6HGnVOq3eV
Score

1^/10
behavioral4
- Target
  
  aapt.exe
- Size
  
  833KB
- MD5
  
  4fe6d020deb0e1b52c3b358355ad245d
- SHA1
  
  5851663a552bd3e477f4d319ed0b72a1f4f1ff46
- SHA256
  
  e37c72c9aab974d4e02e9e4d86ccfaefa5e093f06969b278db17217b984bc227
- SHA512
  
  0a6913a2067da691d6bc00b1744d878c2769f078410da126619cbffcdabbc2647e297ab1198974e160f63159136516f814c56d841c9ef197438fc4419d813c98
- SSDEEP
  
  24576:zvh+TyoVx8BMTFoTVM/zmn//SodZ5yzSWcdUX/MYdTko8:z6wgmdZcmxedT
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  DroidJack.4.4.Cracked.2.02.2016/DroidJack/Apktool/apktool.jar
- Size
  
  6.0MB
- MD5
  
  2c25fd4270d6aff37c5165342991bce6
- SHA1
  
  440b87deea9d5f403e5496c5427ff38ca1b3a224
- SHA256
  
  c15cf1b87486d83dbc9e5ce64a03178a64eeeecf62cf08637193ba759f61419b
- SHA512
  
  895710e899d7e9dad05281d6c537954a3d3d32c2b81277aa57a624340a2bc6260f196247a83764d256f46b56794dd1cdb9e49c12d49e173ef30d5f408bea620f
- SSDEEP
  
  98304:kyH0E8H1tWFAtFKO8oZosOXW8n358nKji2CFRnvMvvZGE1iElRNHF4:rUE8Vt+AGboZVc9GjAvZ/5lR74
Score

1^/10
behavioral7 behavioral8
- Target
  
  DroidJack.4.4.Cracked.2.02.2016/DroidJack/Apktool/efm.jar
- Size
  
  4KB
- MD5
  
  a91f7cbbd06f657bd7608b70cf7fb864
- SHA1
  
  6bec1fef965e6a1c1fe25d4d28c07f99adea3af7
- SHA256
  
  91d79633b19d62b0ea71341b1692f49b2b59f9535e30a181d66fc4e83b0a2660
- SHA512
  
  3ec90cbed6b62757d6b6f28c0171d5931390f73d8a19f051fce3ec94d78cbdeb5f61d52be7378cc4c5c28521dc48116dfe8c7a8163ed7a0c21ef99574959df98
- SSDEEP
  
  48:kkp0xL/5V4vn/JGQStEDQ211tB//3kOnnt7U0VrwRQ6UBB0ytKwDEUrEdIu97mFh:Wa/gTgjBX3PnC0RhiO/EdTq+D4abrmfP
Score

1^/10
behavioral10 behavioral9
- Target
  
  DroidJack.4.4.Cracked.2.02.2016/DroidJack/Apktool/signapk.jar
- Size
  
  7KB
- MD5
  
  aec6985fe2314e4d032ba6d192ac4163
- SHA1
  
  b16f006e7bf509add528f4b9a075ca373d531203
- SHA256
  
  b17534e89a5b58d5e343ba54a49da579cf9213988f4beeae24fe4582a0c226bb
- SHA512
  
  5347fb296f87fb71046e0fd261a495485254ed7bd6d68da3aebb346267e5bc14ad8a89aa5496b31b2bf0da35b8c7c4cbbf71ace977443f09ecdbe50e1288bcea
- SSDEEP
  
  192:20AfGZ6TJSM/+Lz2dBM8ZRSvdrGanQRSHFzJ:dj6tof2nMySvldT
Score

1^/10
behavioral11 behavioral12
- Target
  
  DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/commons-codec-1.6.jar
- Size
  
  227KB
- MD5
  
  5970f54883b4831b24b97f1125ba27e6
- SHA1
  
  b7f0fc8f61ecadeb3695f0b9464755eee44374d4
- SHA256
  
  54b34e941b8e1414bd3e40d736efd3481772dc26db3296f6aa45cec9f6203d86
- SHA512
  
  752fca09371e0e228432155533a9b84f0442cafd7f25ebf0c6c2024d541fbba80882e71aee047ec94cd22c0d8114942e967652913412f5cbcf9b816c0e1fc1ad
- SSDEEP
  
  6144:PDTWpPoPf1mNIr6ZuH9FYaGC5Y79N22RKzvqDNuwv3:P2FoPf1mNSR2vvpN8ziD8Q
Score

1^/10
behavioral13 behavioral14
- Target
  
  DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/commons-io-2.4.jar
- Size
  
  180KB
- MD5
  
  7f97854dc04c119d461fed14f5d8bb96
- SHA1
  
  b1b6ea3b7e4aa4f492509a4952029cd8e48019ad
- SHA256
  
  cc6a41dc3eaacc9e440a6bd0d2890b20d36b4ee408fe2d67122f328bb6e01581
- SHA512
  
  957a438894a196e534af9ae1e61fb21e16f273952b55a81abb8faf0b139fc031ea940cf477f81704db417d1ce6ff2d9ddd4a2cbf316903b0e2dc1aeaef24f292
- SSDEEP
  
  3072:pF6mb9NczTyPXoTt75AQ6oBoEfDmwFHb/1Vd23l/ODoxb7DcKK:pYmb9iz2W75JLKEfDmwTVdilnxb7DTK
Score

1^/10
behavioral15 behavioral16
- Target
  
  DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/commons-lang3-3.3.2.jar
- Size
  
  403KB
- MD5
  
  18bb67afa15354843ebfb7640cbb9c5f
- SHA1
  
  659861b4acde07a0527211e40d256119face1d15
- SHA256
  
  46d24ea8d0771655aec5fdf203ca4bfab4cc1a4587b8a15901d385f80263dd36
- SHA512
  
  ab3b3c318e17654d77924dc4d3f826e973caff8b02ce77f28ef84fac5a93270caa8fcb999a81911e42782be7b9ead290163d72a8b1640e69ea047aab1ac040a8
- SSDEEP
  
  12288:8ikku6ntM+/M0iV8hWkEgjQg3WIOfbFvrrj9bZ:8izu6y+0PmTxjjGIOf1rjZZ
Score

1^/10
behavioral17 behavioral18
- Target
  
  DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/commons-logging-1.1.1.jar
- Size
  
  59KB
- MD5
  
  ed448347fc0104034aa14c8189bf37de
- SHA1
  
  5043bfebc3db072ed80fbd362e7caf00e885d8ae
- SHA256
  
  ce6f913cad1f0db3aad70186d65c5bc7ffcc9a99e3fe8e0b137312819f7c362f
- SHA512
  
  470323a2ee38be1b7ff8c84f1f5a5f8c4ec2ceb6b0649faa7b961f111865877dbe125409f72b1c52c7f18aa89e3469635c49ff4b83f86cc2f2eb2cc5562f9bff
- SSDEEP
  
  768:Jirg+Y5XjlrZKpQHBSSfqKeR5r8WuwjK+imOU4MYgArhR0S9mNIHZ8LwyEOuHwIx:EAXjqrSiKm8XrQMr0S9mqH+wyEpQIx
Score

1^/10
behavioral19 behavioral20
- Target
  
  DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/fluent-hc-4.2.5.jar
- Size
  
  21KB
- MD5
  
  5a387f6bec45cb94c7f2667c15cbf00f
- SHA1
  
  7eda2ae9f77415cf92651191e2229eae2caf0b61
- SHA256
  
  e13070f38957fc1c063895105ab64c810a3fd8b4b6ab5d45ce2d508c8d5fa192
- SHA512
  
  3d6dd064a131993a51bd66e8d100812c559365587a050a04511280092ef0cc58767bf5ca025641590c35c1b628ce20de0c56eddac63c67e4bb682ca3aaf9ed2b
- SSDEEP
  
  384:Z4O5kHnxNasdF0L3K+N72rrGczqcg6Mx/Sjd+/kxXyV3Iu52Pw+k7ozYj:t5QrkGYeGdcgZag/kxXyVF2PdYj
Score

1^/10
behavioral21 behavioral22
- Target
  
  DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/httpclient-4.2.5.jar
- Size
  
  423KB
- MD5
  
  23bd23d9d6327dd01fa41c12f15bf9bc
- SHA1
  
  3bfeb9062b12d5b340445336790dbc14c59c2d79
- SHA256
  
  56b4aae1bd9c66e1f890279dde75e81d226c97e302de97dafc081adeab956bbc
- SHA512
  
  e043ba153c74f65eb5185ab7e672cd7ba21cae95673b00447deb6abe0e6c4c72ae50c2ed784d020bf2558539b51f09d18e2481b617ccd887a4994adc2712effb
- SSDEEP
  
  6144:o3rUaqSQdbq34UBXmWeM9oUxVKzvEF1Wx2FMDtwiQJ+khG/UBE14CFmDt12l:o3w2QdeI6+MpOEFs1t7i+eG/7dSty
Score

1^/10
behavioral23 behavioral24
- Target
  
  DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/httpclient-cache-4.2.5.jar
- Size
  
  112KB
- MD5
  
  1c3611c6b424d2ac7945ab7e6243b942
- SHA1
  
  313cfeb950089985994736aa08885711c56b7e1e
- SHA256
  
  a67c50b74286766bdbb397088c4a78f1008d2ab17df7562db76439778c90430a
- SHA512
  
  9a3388b4c55a77740afe4062043cec1e863ed2f54058797311cfd6ad00b4f612eadd0c5ac743cc1be15cb8f8ada8197f638b64d0dec295c45457d011405d71a2
- SSDEEP
  
  1536:HKVZLQaLHU8KHG5QhPc2qxOkOq3Qlum2lZhFWgM2ukFdRpFU/uFS:HK3LQaLjKmidIxOtSQwmocghDF0/uS
Score

1^/10
behavioral25 behavioral26
- Target
  
  DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/httpcore-4.2.4.jar
- Size
  
  221KB
- MD5
  
  6ccb86231d8a8b99c551b4ddf926ddd1
- SHA1
  
  3b7f38df6de5dd8b500e602ae8c2dd5ee446f883
- SHA256
  
  bda2b9e0464f7a0e122d5e9bff7b384f3bc3a91af18ad51e029deaaa599e5db3
- SHA512
  
  0c4de4513cafb13a81bcad7cc1a4e45759ba32654eafde15665afde63a427b04ac25cfe17e4bbd1887225960b5aaf7e73382e35ec16993dbc1fd19a2bf5e8ab9
- SSDEEP
  
  6144:mjj5oIwPj1CM0oifaJtv27fxnNibFx992P0SfMPlJ:mRoZPjuwgRNUIPTW
Score

1^/10
behavioral27 behavioral28
- Target
  
  DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/httpmime-4.2.5.jar
- Size
  
  25KB
- MD5
  
  8df1654c39f4116c9f1fcd04f8505bc2
- SHA1
  
  6efc2f9df23c2ac4d3b701a11cab9f9fa6a641d4
- SHA256
  
  2ef409c599c532ca1e692013582695231bdb9f3956d4ec9ba3ac71300728b382
- SHA512
  
  a0f8aafeb69e1fc7616e813e30515997068faba245641c0437dc8c24f5e348ab77457b4d9cafb59a941d5dcdee187ce6d249cf313fe0d09b1b5ce3854b93d357
- SSDEEP
  
  384:mBO5kHnxNHhVgjAV+KLz4NqO2ottK/lqEBrtxmxvH6qou3oyExBwI9F:F5QBV4Dy4NtttKdq6xmxZouUx5F
Score

1^/10
behavioral29 behavioral30
- Target
  
  DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/jaad-0.8.4.jar
- Size
  
  653KB
- MD5
  
  4c09aa32e036530d42319aec289928a7
- SHA1
  
  f6617d5b95437557042e2d21f2b49121174ac80d
- SHA256
  
  be6ba7919a20f602703536e343860c2ae74ad18da195fd845743b877dbb379f7
- SHA512
  
  d1ee7d5d1f5c8599bfa1eaf779e29033768c92e56cc69c9d30d809ad4b41ba9bfcd616af2f8cb3b7e00bab2b2626dfc0d46b78ed072d933d200e801b70c888ea
- SSDEEP
  
  12288:l0baMUzCKol2XKnbywMnCrR+7UZYVw7hHRNBeH3Q6dKncq:WeMUmKqoKn2RClmyYsRDqbdKncq
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32