sandrorat | 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4 | Triage

Sharing

General

Target

d350cc8222792097317608ea95b283a8_JaffaCakes118
Size

58.2MB
Sample

241207-yg5lrsvqhn
MD5

d350cc8222792097317608ea95b283a8
SHA1

561ae708f234f46dbdca1d7f2a38d854d9bb60df
SHA256

15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4
SHA512

6731b7ac67db94825a0659c288baa601fa7e21b585ad23bfa1314bfbc859eb8f2ab0db984f31e34921d9de5911077b55b29e48b32fbe77e0ffc1751b0f7e46e2
SSDEEP

1572864:nR1mSZ+yT7t73Q9+/aoavq8djBWdtsUK1W:TmSZL3t7U+/NQVcdEW

Score

10^/10

sandrorat android persistence

Malware Config

Extracted

Family

sandrorat

C2

pokemon.no-ip.org:1337

Targets

- Target
  
  d350cc8222792097317608ea95b283a8_JaffaCakes118
- Size
  
  58.2MB
- MD5
  
  d350cc8222792097317608ea95b283a8
- SHA1
  
  561ae708f234f46dbdca1d7f2a38d854d9bb60df
- SHA256
  
  15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4
- SHA512
  
  6731b7ac67db94825a0659c288baa601fa7e21b585ad23bfa1314bfbc859eb8f2ab0db984f31e34921d9de5911077b55b29e48b32fbe77e0ffc1751b0f7e46e2
- SSDEEP
  
  1572864:nR1mSZ+yT7t73Q9+/aoavq8djBWdtsUK1W:TmSZL3t7U+/NQVcdEW
Score

4^/10

persistence
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1