sandrorat | 96df7effc5e18bfefb8897a7edc76bfab907b58b15591ba16c29d2bf92e52b9c | Triage

Sharing

General

Target

b35dc72b278271b0c003ef8c335c267d_JaffaCakes118
Size

254KB
Sample

241129-y6e3eavjgv
MD5

b35dc72b278271b0c003ef8c335c267d
SHA1

495b38e10dcf1a5a63f3f4e930c7815d226bd9c8
SHA256

96df7effc5e18bfefb8897a7edc76bfab907b58b15591ba16c29d2bf92e52b9c
SHA512

502c74dd86c0d57d1993c36368182501ab100056c1357ded7dd05e1182ba9d49a90565a82e0b340aec7ea48f799a64bac2c083698c48a6a175e3310b98708e70
SSDEEP

6144:ty+F4lXdj+rfJzrtGXPHjlvwIzwaivPhtMZSHjbeWlA/BNeH:8DJ6pYHjhH+v5t6SHjbZcBMH

Score

10^/10

sandrorat android discovery evasion persistence stealth trojan

Malware Config

Extracted

Family

sandrorat

C2

connect.yourtube.me:1337

Targets

- Target
  
  b35dc72b278271b0c003ef8c335c267d_JaffaCakes118
- Size
  
  254KB
- MD5
  
  b35dc72b278271b0c003ef8c335c267d
- SHA1
  
  495b38e10dcf1a5a63f3f4e930c7815d226bd9c8
- SHA256
  
  96df7effc5e18bfefb8897a7edc76bfab907b58b15591ba16c29d2bf92e52b9c
- SHA512
  
  502c74dd86c0d57d1993c36368182501ab100056c1357ded7dd05e1182ba9d49a90565a82e0b340aec7ea48f799a64bac2c083698c48a6a175e3310b98708e70
- SSDEEP
  
  6144:ty+F4lXdj+rfJzrtGXPHjlvwIzwaivPhtMZSHjbeWlA/BNeH:8DJ6pYHjhH+v5t6SHjbZcBMH
Score

8^/10

discovery evasion persistence stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Acquires the wake lock
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencestealthtrojan

behavioral2

discoveryevasionpersistencestealthtrojan

behavioral3

discoveryevasionstealthtrojan