sandrorat | 77417aae6d66a86cec1584f22031c96d76ac7b695b96578fed2c70bba8410ac6 | Triage

Sharing

General

Target

5ebdd95b2dcd8ffa3f4bd05bbb928ed8_JaffaCakes118
Size

254KB
Sample

241019-z9xx3azdld
MD5

5ebdd95b2dcd8ffa3f4bd05bbb928ed8
SHA1

70e9a82e0b669038d0fbfbb87a4c8b099ae3b492
SHA256

77417aae6d66a86cec1584f22031c96d76ac7b695b96578fed2c70bba8410ac6
SHA512

bee83a7872654665063f564d1074a933948e158568cf4590023bc108c47f11bf85d5fc83d5a197fea164bddadb119d35467a3d7861591d0ea8ba5f3b0c0fae36
SSDEEP

6144:HyCp4k3/JC6AsY8/AUR3gJvBc+FFFpen7EYU:SncCf8l90RI7EF

Score

10^/10

sandrorat android discovery evasion persistence stealth trojan

Malware Config

Extracted

Family

sandrorat

C2

egytiger.myftp.org:1337

Targets

- Target
  
  5ebdd95b2dcd8ffa3f4bd05bbb928ed8_JaffaCakes118
- Size
  
  254KB
- MD5
  
  5ebdd95b2dcd8ffa3f4bd05bbb928ed8
- SHA1
  
  70e9a82e0b669038d0fbfbb87a4c8b099ae3b492
- SHA256
  
  77417aae6d66a86cec1584f22031c96d76ac7b695b96578fed2c70bba8410ac6
- SHA512
  
  bee83a7872654665063f564d1074a933948e158568cf4590023bc108c47f11bf85d5fc83d5a197fea164bddadb119d35467a3d7861591d0ea8ba5f3b0c0fae36
- SSDEEP
  
  6144:HyCp4k3/JC6AsY8/AUR3gJvBc+FFFpen7EYU:SncCf8l90RI7EF
Score

8^/10

discovery evasion persistence stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Acquires the wake lock
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencestealthtrojan

behavioral2

discoveryevasionpersistencestealthtrojan

behavioral3

discoveryevasionstealthtrojan