Overview

overview

10

Static

static

6

ab71f92c8d...c5.apk

android-9-x86

10

ab71f92c8d...c5.apk

android-11-x64

10

Analysis

  • max time kernel
    34s
  • max time network
    103s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    16/01/2025, 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab71f92c8db193aa8ffe8991c55dcae492c172766015ea73faa2c5faa75aaec5.apk

  • Size

    4.1MB

  • MD5

    6f128a4c892ab81fe4fae4f61a8c6134

  • SHA1

    521ca97420f0edf00e07da94fee36fa1f8c72d6a

  • SHA256

    ab71f92c8db193aa8ffe8991c55dcae492c172766015ea73faa2c5faa75aaec5

  • SHA512

    032f11e2e4c4ebd86c2532eaeaad71de7a0d17d9277fa0f39011c88ce2b19bc712bf22c7640b9394455e1400af1b4dfe82703c37b472d00e15b07176f2fea220

  • SSDEEP

    98304:9Dkcut1pedKTRiBKgBP0oeeVOTcFQ9V3NGs1x:9Y1pqOiY0coZVocFQ9V3NGs/

Score
10/10
androratevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

androrat

C2

3.6.98.232:18443

Signatures

  • AndroRAT

    AndroRAT is an open source Android remote administration tool.

    trojaninfostealerratandrorat
  • Androrat family
    androrat
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4247
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/apk.manager-v1.rizal.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4282
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/apk.manager-v1.rizal.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4392

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    5.9MB

    MD5

    9220a880e1327327cc9d20fa59293e76

    SHA1

    d35a04e7bd9d1447bf88bf0c15bd568d922be73c

    SHA256

    dec995feee9644e713271bcfe8b81913c05ccd0c19d57370488da84406549f6c

    SHA512

    207e8db2a757577e57364d17802ac2a8b63ab4caf4ccb43e70c8ddbe2752a7342ca19d6844c83e4334d92f02dce0a891da815ef8b768d53ee2dc5f453964d423

    Download Submit

  • /data/data/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫
    Filesize

    3.0MB

    MD5

    33adf4fbef55a950720aa96a757a816d

    SHA1

    dc03405c4221e904d242ff4d1904d6abc15a838b

    SHA256

    800870d67632864179c5198adfbb2ec959e420ca7a27482f14380ef39848cb79

    SHA512

    d99f3252c60148b65d0cc0c9b8c19e8c0ffcba70cb6faaa7c133ec1e156d75becb747573fec0f118ca20bb34aa9a6a5dd0bbabf6f7eff58e2f7786532ae10042

    Download Submit

  • /data/data/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫.
    Filesize

    8B

    MD5

    4e068884b2d83b7830bc77171d100c0c

    SHA1

    c3a347c71884ed572c7aed22daf345bd4a82b26a

    SHA256

    8e7f537ab45f0098bd4164abd207b7f2243185a1aeb2af1acaeb5b187fb0d182

    SHA512

    3fbb2d201e71862f9ff95e979a0aa6a463a3b821c9f7fc16e16c5a76b283a141b6878f13b4aa14ce569bb3daad354a74fde39c57cea9b9f9948290079a797d9d

    Download Submit

  • /data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    5.9MB

    MD5

    be9bc85c2451eae46a3d563ef8dd3ed7

    SHA1

    6beb05a1b8f3cf7ea6d99387e1c44ddc515cc6c8

    SHA256

    ed02c6f6fa45c72926cb7ae0cc44cfe9aa8d80a29e71e3bc9013818c7532dc4c

    SHA512

    39e0ec7b829145a2da5daf37ddeac543fb2cf73d9243a0c1c2e883608da6943a8b7618d3883d0bd21bc252d8f96d245148ae9f9c9e564a9df9903f8c85656725

    Download Submit