androrat

General

Target

a68b1b8bbf7c834a8136b9f9ca221f7dc53225951dcf92ffe629dae037f85532.bin
Size

4.0MB
Sample

250103-1z2c6syler
MD5

7041e027d96b50bdff7fd945f861a5f8
SHA1

263bf5df478abac3e3b66ff375dcb9cd82b3da8d
SHA256

a68b1b8bbf7c834a8136b9f9ca221f7dc53225951dcf92ffe629dae037f85532
SHA512

37d3043f3f9a5261b92f518b12c8b083a2072ea175795b5e8746ddccadb93e24872ca73368cfd45b82c9d41acd2346e2fc900ed72a6ebb7b4ceb8a8e06447519
SSDEEP

49152:bgmBx0MkxPGRok3F3eyGAoWdXtAqPShdKOQFcbv7QG6elR0jqBxqN+zOnuyHXGAT:9CkKAoCRPSSOQcB66R0jqBxqvrXTjN

Score

10^/10

Malware Config

Extracted

Family

androrat

C2

3.6.98.232:18443

Targets

- Target
  
  a68b1b8bbf7c834a8136b9f9ca221f7dc53225951dcf92ffe629dae037f85532.bin
- Size
  
  4.0MB
- MD5
  
  7041e027d96b50bdff7fd945f861a5f8
- SHA1
  
  263bf5df478abac3e3b66ff375dcb9cd82b3da8d
- SHA256
  
  a68b1b8bbf7c834a8136b9f9ca221f7dc53225951dcf92ffe629dae037f85532
- SHA512
  
  37d3043f3f9a5261b92f518b12c8b083a2072ea175795b5e8746ddccadb93e24872ca73368cfd45b82c9d41acd2346e2fc900ed72a6ebb7b4ceb8a8e06447519
- SSDEEP
  
  49152:bgmBx0MkxPGRok3F3eyGAoWdXtAqPShdKOQFcbv7QG6elR0jqBxqN+zOnuyHXGAT:9CkKAoCRPSSOQcB66R0jqBxqvrXTjN
Score

10^/10

androrat evasion execution impact infostealer persistence rat stealth trojan banker collection credential_access discovery
- AndroRAT
  AndroRAT is an open source Android remote administration tool.
  trojan infostealer rat androrat
- Androrat family
  androrat
- Removes its main activity from the application launcher
  stealth trojan evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Reads the contacts stored on the device.
  collection
- Reads the content of the call log.
  collection
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2