airavat | 21387422589551d9d521eb3362eb6194f27324912d1a39e8d0fe85785fcd8278 | Triage

Sharing

General

Target

AndroidRat.apk
Size

5.5MB
Sample

240927-s4k8razaqj
MD5

51e26f39c79f845548f1e75f74c7c517
SHA1

3baa6b8a7eaab4204865d4177a8a65cc0c39ef70
SHA256

21387422589551d9d521eb3362eb6194f27324912d1a39e8d0fe85785fcd8278
SHA512

1ee9c4a88aade68c648778c0be47902dda46c14b22a800ae65738284c75d212db78b8e6121b237089418856b83e767cdd14497af2204cb9d2a0efc66f64e05ff
SSDEEP

98304:NwubXW62AALy6GqYZpcQb788aGg82Qr9pzbuV7zphCIJaL31C8UofrFF3NPMP:NrXZJ6nicQHNaf8/IXrJaD1T3VMP

Score

10^/10

airavat android collection credential_access discovery evasion impact persistence

Malware Config

Extracted

Family

airavat

C2

https://sigma-b2650-default-rtdb.firebaseio.com

Targets

- Target
  
  AndroidRat.apk
- Size
  
  5.5MB
- MD5
  
  51e26f39c79f845548f1e75f74c7c517
- SHA1
  
  3baa6b8a7eaab4204865d4177a8a65cc0c39ef70
- SHA256
  
  21387422589551d9d521eb3362eb6194f27324912d1a39e8d0fe85785fcd8278
- SHA512
  
  1ee9c4a88aade68c648778c0be47902dda46c14b22a800ae65738284c75d212db78b8e6121b237089418856b83e767cdd14497af2204cb9d2a0efc66f64e05ff
- SSDEEP
  
  98304:NwubXW62AALy6GqYZpcQb788aGg82Qr9pzbuV7zphCIJaL31C8UofrFF3NPMP:NrXZJ6nicQHNaf8/IXrJaD1T3VMP
Score

8^/10

collection credential_access discovery evasion persistence impact
- Checks if the Android device is rooted.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries the mobile country code (MCC)
  discovery
- Requests accessing notifications (often used to intercept notifications before users become aware).
  collection credential_access
- Requests enabling of the accessibility settings.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Virtualization/Sandbox Evasion

System Checks

Credential Access

Access Notifications

Clipboard Data

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Access Notifications

Clipboard Data

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionpersistence

behavioral2

collectioncredential_accessdiscoveryevasionimpactpersistence

behavioral3

collectioncredential_accessevasionimpactpersistence