sandrorat | a0c6f248f02967a02094f937f82571ffb69de97b76fb663229715966fb675ff4 | Triage

Sharing

General

Target

9d7c6db36b65909e13a87e497bd495df_JaffaCakes118
Size

244KB
Sample

241125-x895wsyqal
MD5

9d7c6db36b65909e13a87e497bd495df
SHA1

20e7902b318c92dc39f609b3bb0c0bcc0612eb13
SHA256

a0c6f248f02967a02094f937f82571ffb69de97b76fb663229715966fb675ff4
SHA512

c2e12e256f7a801bc9b4c4ee0814d017b6a9dcf5456bbb25ef91094ace7b80563b61616c88980b0ae3a7dd4d20823dcab2fdb46e15db1733258327f89b77d59b
SSDEEP

6144:5+jNdpp1fKdky1GCFlYc5ecKLjU7upREu3vnR3HiCJAu0CaIIc:5+XzZKdV1Oc5vaj8uYu/9HuVml

Score

10^/10

sandrorat android discovery evasion persistence stealth trojan

Malware Config

Extracted

Family

sandrorat

C2

anawebs.ddns.net:1234

Targets

- Target
  
  9d7c6db36b65909e13a87e497bd495df_JaffaCakes118
- Size
  
  244KB
- MD5
  
  9d7c6db36b65909e13a87e497bd495df
- SHA1
  
  20e7902b318c92dc39f609b3bb0c0bcc0612eb13
- SHA256
  
  a0c6f248f02967a02094f937f82571ffb69de97b76fb663229715966fb675ff4
- SHA512
  
  c2e12e256f7a801bc9b4c4ee0814d017b6a9dcf5456bbb25ef91094ace7b80563b61616c88980b0ae3a7dd4d20823dcab2fdb46e15db1733258327f89b77d59b
- SSDEEP
  
  6144:5+jNdpp1fKdky1GCFlYc5ecKLjU7upREu3vnR3HiCJAu0CaIIc:5+XzZKdV1Oc5vaj8uYu/9HuVml
Score

8^/10

discovery evasion persistence stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Acquires the wake lock
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencestealthtrojan

behavioral2

discoveryevasionpersistencestealthtrojan

behavioral3

discoveryevasionstealthtrojan