sandrorat | b2ddd144adc0b3cc4449e7ab6974f0ebab258b89797b8955ef19ed59d680e235 | Triage

Sharing

General

Target

b6f2fbdd5df903874ae719224bf759f3_JaffaCakes118
Size

254KB
Sample

241202-fsj54awnek
MD5

b6f2fbdd5df903874ae719224bf759f3
SHA1

cba65e30830ee3f4693180bd74c3d6521e73f8ea
SHA256

b2ddd144adc0b3cc4449e7ab6974f0ebab258b89797b8955ef19ed59d680e235
SHA512

f1a8ae2534d7e96b944402d93baf2f81e0f365558e3e5fcf7f92990283ed82217f7e0bada2fc36dc83fdf6ff6abddfa64e9975ca9c96f0857cba671a71979cfe
SSDEEP

6144:LlySS49NM6mrITccV88vwYF34p0mfFROjfIaTSOvN:LU0I6mrQVDw434JFROjfTRl

Score

10^/10

sandrorat android discovery evasion persistence stealth trojan

Malware Config

Extracted

Family

sandrorat

C2

216.58.101.242:1336

Targets

- Target
  
  b6f2fbdd5df903874ae719224bf759f3_JaffaCakes118
- Size
  
  254KB
- MD5
  
  b6f2fbdd5df903874ae719224bf759f3
- SHA1
  
  cba65e30830ee3f4693180bd74c3d6521e73f8ea
- SHA256
  
  b2ddd144adc0b3cc4449e7ab6974f0ebab258b89797b8955ef19ed59d680e235
- SHA512
  
  f1a8ae2534d7e96b944402d93baf2f81e0f365558e3e5fcf7f92990283ed82217f7e0bada2fc36dc83fdf6ff6abddfa64e9975ca9c96f0857cba671a71979cfe
- SSDEEP
  
  6144:LlySS49NM6mrITccV88vwYF34p0mfFROjfIaTSOvN:LU0I6mrQVDw434JFROjfTRl
Score

8^/10

discovery evasion persistence stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Acquires the wake lock
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencestealthtrojan

behavioral2

discoveryevasionpersistencestealthtrojan

behavioral3

discoveryevasionstealthtrojan