sandrorat | hxxps://dosya[.]co/nt8hcc7eenad/virus[.]apk[.]html

Analysis

max time kernel
80s
max time network
1159s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
22/09/2024, 16:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dosya.co/nt8hcc7eenad/virus.apk.html

Score

10^/10

sandrorat infostealer rat trojan

Malware Config

Extracted

Family

sandrorat

potar.duckdns.org:1628

Signatures

SandroRat
SandroRat is an Android RAT first seen in 2013.
trojan infostealer rat sandrorat

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.android.chrome

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4411

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

files/dom-0.html

Filesize
19KB

MD5
d64e7d2f2c7d8dee3d140983a5657eaa

SHA1
d037ae5bc0a2986a3621d6a7c22f675a83e9e476

SHA256
3cb4ef95b50fd96f8578e17d5eb73b880e41eb0bd8f7a09ab53391bdc05fc949

SHA512
21e88e855bb5a2e64baecc147a3980fb973b085ee62041ba0a3d3264b6aee1e3a7b7f04f1f1a8371b893c6b2b158aeb78e9b4607e52725d082ce1836d6b0ff46

Download Submit
/storage/emulated/0/Download/.pending-1727626273-virus.apk

Filesize
254KB

MD5
063ba05f9f2afa3f23b47dc318a7cc24

SHA1
ea09d0c0023e8dc251505a61e3192a7e9c4e180e

SHA256
74c9186a28afc24ae83e4e2d63f6230f219c721dee2a389e32fbe53c2c17d6b0

SHA512
0ac877f41be838f216448f2fdbd483b109c3b93412c73642bb5817f624c301686814e98fb8fc48b4671b3d7a5df8b0e8c2398eef556119c7576cfab4f8b8dce4

Download Submit
/storage/emulated/0/Download/.pending-1727626273-virus.apk (deleted)

Filesize
543KB

MD5
6eef3f6894b75f2ace507ac82b551519

SHA1
035751df62a1d67717ef79fcf58b00056f811ae7

SHA256
4889161908c435ead199b5858d465e83d3dca4119d7d0af9e4050702ae366339

SHA512
8ee6b2d6901e13a37e59508201e32317e378bd2470bd9900c677f29834e31283b7736d8fa9248969eddc3714e7e6a1a7757baa9602680036c99cf809f5e983d9

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads