Overview

overview

10

Static

static

6

a68b1b8bbf...32.apk

android-9-x86

10

a68b1b8bbf...32.apk

android-10-x64

10

Analysis

  • max time kernel
    31s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    03/01/2025, 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a68b1b8bbf7c834a8136b9f9ca221f7dc53225951dcf92ffe629dae037f85532.apk

  • Size

    4.0MB

  • MD5

    7041e027d96b50bdff7fd945f861a5f8

  • SHA1

    263bf5df478abac3e3b66ff375dcb9cd82b3da8d

  • SHA256

    a68b1b8bbf7c834a8136b9f9ca221f7dc53225951dcf92ffe629dae037f85532

  • SHA512

    37d3043f3f9a5261b92f518b12c8b083a2072ea175795b5e8746ddccadb93e24872ca73368cfd45b82c9d41acd2346e2fc900ed72a6ebb7b4ceb8a8e06447519

  • SSDEEP

    49152:bgmBx0MkxPGRok3F3eyGAoWdXtAqPShdKOQFcbv7QG6elR0jqBxqN+zOnuyHXGAT:9CkKAoCRPSSOQcB66R0jqBxqvrXTjN

Score
10/10
androratevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

androrat

C2

3.6.98.232:18443

Signatures

  • AndroRAT

    AndroRAT is an open source Android remote administration tool.

    trojaninfostealerratandrorat
  • Androrat family
    androrat
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4256
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/apk.manager-v1.rizal.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4294
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/apk.manager-v1.rizal.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4379

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    5.9MB

    MD5

    5a171b938523af817334cfaf2ee16a2e

    SHA1

    be6cab8d005721812e594263d8e28842b9565b6d

    SHA256

    3c665b4906d7763252a834f505056515a8e41cbb8fb894deafa8b6d9a8a37704

    SHA512

    370826a203220cf4513e38fb39ee13bcb5a48390cf8e8dfc55017508f9f90858023a19cf876832511e33bc9ede953870cf0d5cb7449e9fbe4de19f9380bf8a26

    Download Submit

  • /data/data/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫
    Filesize

    3.0MB

    MD5

    fcafb9253cf1bc18731459cbf483de44

    SHA1

    706685591e0929375632f435c2e6b79547e16a14

    SHA256

    e3f34ef496279c2f513f7f14fce72b75790c3ba4c1e6a1cb07593f1129743b7e

    SHA512

    8f9d57ba6f41fa8cdf84feb77ae43dd92e307381561e9d4f99c95a1a746afa9cd58e9a09c3a9648f69945dfb5309c6638e816f0cc94ecda0bce8c6d56f9d794a

    Download Submit

  • /data/data/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫.
    Filesize

    8B

    MD5

    c76faa4ddcee508edc61196a7d63cd0f

    SHA1

    5b96a86d76a5d6110d4474b3210a9c1586162e8d

    SHA256

    477a6136caf595f625d5246820da10ee579e0195d48607ec6ebee077319f50ab

    SHA512

    3b1192df72842023c709d5d788e333b2588746a9ee65059906e77963e8fc4378e16b7e94dc92e12dbc63fd00f5af3ad873a09622353234caff186f0233046898

    Download Submit

  • /data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    5.9MB

    MD5

    c42100c470651818cf7aa851a2fe5b08

    SHA1

    d1db14a1adea3b67bdfd35f379e018d9e8b39fa8

    SHA256

    c34670b5801ac597ab2eb085fcbfa638f33a3382a8e72051e892ff54d1248e55

    SHA512

    26b69645360aeaca74bf8e93c20a6e15a24b4124dfc1742b9c01af63014a5b0a0101d0d8389c9b7c3b7aa402f570a3ea1244867c9aefd7b69519bb37f67e5e59

    Download Submit