rafelrat | e7fe5cae5b5a5561e3aae30996e1c23bae6a16b8fce29865dc06aed1c1924c47 | Triage

Sharing

General

Target

BlackMart.apk
Size

9.0MB
Sample

241129-pfybmavlf1
MD5

5909be3db980803493a09350bf381fd2
SHA1

f18c88bb6705a97f8878e5cd685bc06275c42c23
SHA256

e7fe5cae5b5a5561e3aae30996e1c23bae6a16b8fce29865dc06aed1c1924c47
SHA512

768df287ae6094f59e2eda2edaa2e5c30d687f4f379527f883d970e11aa3c72c71efb540385e4d1961de5aaad1b6ab23c370b260ce654be268c0defeeaa84ea7
SSDEEP

196608:Lm+dMwZ+dMwT+dMwS8+dMwF+dMw6o18T4KUue9Jh8MG1ll:LmqMwZqMwTqMwS8qMwFqMw6Qo4Dtv25

Score

10^/10

rafelrat android collection credential_access discovery evasion impact persistence

Malware Config

Extracted

Family

rafelrat

C2

https://your-direct-url/commands.php

Targets

- Target
  
  BlackMart.apk
- Size
  
  9.0MB
- MD5
  
  5909be3db980803493a09350bf381fd2
- SHA1
  
  f18c88bb6705a97f8878e5cd685bc06275c42c23
- SHA256
  
  e7fe5cae5b5a5561e3aae30996e1c23bae6a16b8fce29865dc06aed1c1924c47
- SHA512
  
  768df287ae6094f59e2eda2edaa2e5c30d687f4f379527f883d970e11aa3c72c71efb540385e4d1961de5aaad1b6ab23c370b260ce654be268c0defeeaa84ea7
- SSDEEP
  
  196608:Lm+dMwZ+dMwT+dMwS8+dMwF+dMw6o18T4KUue9Jh8MG1ll:LmqMwZqMwTqMwS8qMwFqMw6Qo4Dtv25
Score

8^/10

collection credential_access discovery evasion impact persistence
- Checks if the Android device is rooted.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Legitimate hosting services abused for malware hosting/C2
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries the mobile country code (MCC)
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionimpactpersistence