sandrorat | 1b3e4f327c14b4f02cf5233c4139f3fce3df9274aaf9cfb3d53ea2b67736ff0e | Triage

Sharing

General

Target

b29e94d40a950a4ba478e1a69d0c2e97_JaffaCakes118
Size

254KB
Sample

241129-vf28gawqaw
MD5

b29e94d40a950a4ba478e1a69d0c2e97
SHA1

3b4adc879186dfd78570cfb5c0f3302973bc59dd
SHA256

1b3e4f327c14b4f02cf5233c4139f3fce3df9274aaf9cfb3d53ea2b67736ff0e
SHA512

8724ef073e4cafd5b251e59b7f56e79f7a1bb69d16b4c939bf93112234f1c4781cdfe4e70a5eeae1b5b57786fec6d35cd7e514a10cf60da6360f09d90aa94565
SSDEEP

6144:SyrVVcQ61BCWSgQ1ihXD9+kDI8y0T6cMRu45:fUjXSt0hXD9+kSv5

Score

10^/10

sandrorat android discovery evasion persistence stealth trojan

Malware Config

Extracted

Family

sandrorat

C2

hnny61.ddns.net:1337

Targets

- Target
  
  b29e94d40a950a4ba478e1a69d0c2e97_JaffaCakes118
- Size
  
  254KB
- MD5
  
  b29e94d40a950a4ba478e1a69d0c2e97
- SHA1
  
  3b4adc879186dfd78570cfb5c0f3302973bc59dd
- SHA256
  
  1b3e4f327c14b4f02cf5233c4139f3fce3df9274aaf9cfb3d53ea2b67736ff0e
- SHA512
  
  8724ef073e4cafd5b251e59b7f56e79f7a1bb69d16b4c939bf93112234f1c4781cdfe4e70a5eeae1b5b57786fec6d35cd7e514a10cf60da6360f09d90aa94565
- SSDEEP
  
  6144:SyrVVcQ61BCWSgQ1ihXD9+kDI8y0T6cMRu45:fUjXSt0hXD9+kSv5
Score

8^/10

discovery evasion persistence stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Acquires the wake lock
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencestealthtrojan

behavioral2

discoveryevasionpersistencestealthtrojan

behavioral3

discoveryevasionstealthtrojan