sandrorat | f5b654396e690cdef07318b705974c35a155e7a528d48c97e0b1aff0efcc1916 | Triage

Sharing

General

Target

dd60c8f63996d8ed23bcd8c0cdd4ad6b_JaffaCakes118
Size

254KB
Sample

241210-gzdsbswlgz
MD5

dd60c8f63996d8ed23bcd8c0cdd4ad6b
SHA1

16b74de31df6514e6f1e0143ceeae8731ea3beed
SHA256

f5b654396e690cdef07318b705974c35a155e7a528d48c97e0b1aff0efcc1916
SHA512

eb234200d08ba70176f8cbd7e81322528bd21fd9a7cc89d77235fd862371decde26fbaa27d7e3de9080f643f3f8af2a201f886b3208b49ca4ebd53742fc3b547
SSDEEP

6144:Yy+X4MXJU8eMK+AUR3nZ+cHoBH8MVz6RQjPJS6xv:Zt18sk9nZpIBzgelSQv

Score

10^/10

sandrorat android discovery evasion persistence stealth trojan

Malware Config

Extracted

Family

sandrorat

C2

djpaddy.chickenkiller.com:31337

Targets

- Target
  
  dd60c8f63996d8ed23bcd8c0cdd4ad6b_JaffaCakes118
- Size
  
  254KB
- MD5
  
  dd60c8f63996d8ed23bcd8c0cdd4ad6b
- SHA1
  
  16b74de31df6514e6f1e0143ceeae8731ea3beed
- SHA256
  
  f5b654396e690cdef07318b705974c35a155e7a528d48c97e0b1aff0efcc1916
- SHA512
  
  eb234200d08ba70176f8cbd7e81322528bd21fd9a7cc89d77235fd862371decde26fbaa27d7e3de9080f643f3f8af2a201f886b3208b49ca4ebd53742fc3b547
- SSDEEP
  
  6144:Yy+X4MXJU8eMK+AUR3nZ+cHoBH8MVz6RQjPJS6xv:Zt18sk9nZpIBzgelSQv
Score

8^/10

discovery evasion persistence stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Acquires the wake lock
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencestealthtrojan

behavioral2

discoveryevasionpersistencestealthtrojan

behavioral3

discoveryevasionstealthtrojan