Overview

overview

10

Static

static

6

9df047c6c0...e3.apk

android-9-x86

10

9df047c6c0...e3.apk

android-13-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    17/01/2025, 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9df047c6c0aa2e41583af597798157578be1061cd4928576f416c878ff5799e3.apk

  • Size

    4.1MB

  • MD5

    aeee571dad8f7554d81bfeeac515764d

  • SHA1

    cbc7176336dd03105aee7c57442f42b61b9d96e2

  • SHA256

    9df047c6c0aa2e41583af597798157578be1061cd4928576f416c878ff5799e3

  • SHA512

    4ce64b6483b057d32b2097aaeb3d6b85a3f80eff190be07332dfb7d195ec257ae41a06df00fbf1b15b15668744b1e9681612b67edae40e0e7f9f510e2bd5598a

  • SSDEEP

    98304:WDnLvW+D1LAowJkdAg2JNp689TZcIlIPQhh685Bm:WrQkdAg2n797h69

Score
10/10
androratbankercollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

androrat

C2

3.6.98.232:18443

Signatures

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4512

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

Suppress Application Icon

1
T1628.001

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    5.9MB

    MD5

    c018278da756f85b6fd15c539cfb8a97

    SHA1

    a4c1229550dac47f048bd971d4e432c7d8e1be5f

    SHA256

    fe3c554585d8b20474ce5ad3008f00e5526307c2b1e6f273b95510c000443f6f

    SHA512

    10c3ecf9ab6b92dd91a60e42dff320068c42b2f853460b88aa88ec378ae3efc6fe75f27f11eeddf313cc7d99a34acbcb3c998b0f9d668d74d96141f8b7a11310

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname
    Filesize

    32KB

    MD5

    b84ca221f49f56ff688fbd77b269875f

    SHA1

    2b99d98f4c58523b8c7adf4a2ebdac6a3bb3cde3

    SHA256

    7325ead2e503bb80d341c1796f7dd0851b5089511958f09fcb16dd2af8fce31f

    SHA512

    29860393d2a3a22706a41d286448d0eb10b7d70990f848b1bdbb6f359871dcb4503c4acf3363b8b5addf10ea0289a076085a81669e6ce97801214fd085001ec0

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    3e0da6fae0cb123c5c3ffa7065e52671

    SHA1

    38fabcfa4361205bf8b1f98331d7ecc8be97c115

    SHA256

    39cbc8b7072135c9a2ee2051a2d9d4e3c83c9a08594f3d5447f79dc971c123cf

    SHA512

    ff21df1b4cab546188074d4962ffe0364f92166fbc7946aad0193e33ffc67f48c9de938e213561b48ecd3bfb741ab85374f35b84c27f7d5551f0dcc778b918a3

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    6a52156a8d1fa6dff8fba4afc64aacce

    SHA1

    135ae0592dff6bb8c492528167d8939eb648c76b

    SHA256

    37b50eeda092d91e0ad19a94fbd0f9f3c86322f670c06d0957526b5ed344339a

    SHA512

    17462cab28a5bc45f6e696926f6ccc93f6fa0a53dcd67d9d1798040e036bb636dd46e4131ae72f965e50688dd0a9f80c121dd6ad3f9a293524cb22ce61528644

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    aa100c7ed10782a1c6f153204b829767

    SHA1

    ab591058f936f5ea5d01f34e6ce865e222afcc3e

    SHA256

    b530ed30cc2e9eb70405a780a75e2522ef72ff79c41d99e92a0bddc60bb16a23

    SHA512

    de32b528124f1b96edc58b578f5e0cf8bad34a385fb2b698906ace60b5037b9f6afbd5326a68c0c3db55c110e54c22f532201fb895119f0e003708f0f4fdac31

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    29682618f3005b3fa458b5a0d7eca383

    SHA1

    c65ce79a3cc11a35099285285ba4680ed4e9b93d

    SHA256

    8774c95e44fee9c1bc39feed4d70351095db42982e08da7a48f47ae6b4d6602d

    SHA512

    9a4a965e86617728f9d4cf20ee9531be2db7725b46bb2b6c5d5880e6a66e123ac8644b3599058ba2325a9089091693dc8b06af279f62d2bba75120bd01456806

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    f04637b09fa2ffafdf6451041870b8b8

    SHA1

    121c692582c2b706ee3e3e67e8fb5990bd6b6392

    SHA256

    e9694218fcad672c82941b28b686d412dbfdd3753e36c100e910bd346d89bda4

    SHA512

    6bc1f36b071ef1843c8fe6099be62f41c6dcbed173181b529e8e96ccfe911370d2acfd9358a56f4d2d6cb510a736c6141523830ac9fdbee1979760314809814c

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    c40e9cd8541cc67b9566e02dcf370af1

    SHA1

    91474f613c918e661598f8cb901a5e1a3ee1fba9

    SHA256

    488d158bc51b804f03fc234e7e6edb4954657a3ebe8390e123d47144b1617fc9

    SHA512

    a6199b01eee060853f543145ed117de69df550e69668c21b8fbb0b9df4b232963e499dea07725fbca70f63717b5c2fcbee9a9beccfa89518cf0884a2f51f7e39

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    afee471ba92ea555c536f058d99dd718

    SHA1

    d7609efc2df78fb046f15b8f57df2a54cf9669d2

    SHA256

    d6265d4873c8f958e4915782e494f55e7844202d92017435a9407f78c6946418

    SHA512

    7030688c764d40fe628d19be0d5a3c7a11d131f0cd00d8d6c7757c4cf1f491ae4dd10025f99c541701a0d20bbe6047c87b332bbd30b3251db9767864ca994d80

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    c7cd6d6b6623adb460ffbc463a6a8047

    SHA1

    dd798391a2f6bb077abac49b612a0b27efdd3e08

    SHA256

    c13af9eba32c1d96bf2383c56b9bec1273503c33958392252d2c63f6fd46a23f

    SHA512

    544b1c068b03473fd356bd5fc0b39311a146540871fd9b84c964819a7999bbafc0330f22b1e9c5f2ab340a09af1453636f39940eec22629c875e0f76677800f7

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    e12e9859436945afde32ecece99c28be

    SHA1

    6f94e2f1ec2588f4fef9258005b6f34f88c97f84

    SHA256

    acb7f28e1609703814729bed02689fc0b6d9de034117fa88cf35bb240809b54e

    SHA512

    9ca123a75e6a5e66946156e2657b96ac02ceb32f69c3020880952fbcf14a5e583cca7f718738b340ebe0c33b42608f4c51bf8bcb355a41468ef033503ef70886

    Download Submit

  • /data/user/0/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    1000c32c76e42a65b6ca2f376311299c

    SHA1

    71172ec6731df19777ea91cef69cacdbed808b76

    SHA256

    81eb42d6f4f919d28147565efd02924a9d508e2acfef6b18ea163c9e683c3c2c

    SHA512

    5e15c7f4e688017137a9a4b96ca607393575def8674f7486e2556657e1c3dbd098a5ca38a8b3974a47dcfb39d22efdf8595bc344fcf27ab75c34723fa05e3b05

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    db96d5b172e888cd2f412bba2111fae4

    SHA1

    825ef81556bdbc23030e4ff947a39a2865439b70

    SHA256

    71913aeda14c52cb594c8b7e89cf607878a46a80570b8932849536790dfed4e8

    SHA512

    ea57ac42a8116315a28b103dcd058f015582112c24d66c2a045422c55fe09f867bf6478b2d604771677e9ef35b1adc79b8852f3ec9adcb6b549f55788fa44dd0

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    de53aa95c26e4b4d4a92401947cfcbbb

    SHA1

    3dc83495dfedb86861833421cf9b134629c677d0

    SHA256

    b18f2941871ee83fa5790accef65d134ad8f3c6da8cb40acf2d182ce9e51d828

    SHA512

    2408cd49cb41b0aa0ac81ca7b4da11efa74cc49951d3dcea6ac41adbc3f9c96d1c53eca823475af63073ed422bc3c3245cf0cf5711b0a21f34dab99d90421e2f

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    a294fda94e8084fa5a3cb0b22446da1d

    SHA1

    3a092c3477b1fe738b86e71458840812e8d2df3a

    SHA256

    9be8e64257efcb3b103f1218114d1e93af7d59851c80d6b19ecd24b9144b6767

    SHA512

    35de1602ddc5fccd24f6d575abf451dbcf03f822fe42fb7f132aa15ade017dbd8361f05e250e6517daf79b20897a2b0b60e973255238554294f4d12f5ca747d5

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    ae87d8b23f529693f36e52d714062b15

    SHA1

    e15d19a83a9f8fd916fd0d103e3733b4f6d54791

    SHA256

    73dcc9fe82c5feddb34ef0e300f0e537c631f311913ad258a6f513da794a87be

    SHA512

    19a746cba950c0ab9f0040bcfabf0c2d653a5eeaa9bb4d38d9c6a1c63b3576794f3501d582c6763d1aebbe4d4f3c012f6b8b4ec568517da0bcec5e27c65c8920

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    71e11534748b09809ff4928e0f0f4365

    SHA1

    ef295ffe02bbae7167c76890ab6bab4eb87181d3

    SHA256

    364e1e70660a40c057387b3fbea4b840576eafa179a57aacd6580c77677b21ef

    SHA512

    2a793ea500e90b22345b5fcc7a1e54383e639de001c6b0cf0eac0dec57ec9dc0547f23d3fca51da9edde65912da97d4e0bac7f91635454dbcda747707e8b525b

    Download Submit

  • /data/user/0/com.tencent.mm/files/Tree.txt
    Filesize

    477B

    MD5

    a6c5a0ee4c027fcb6798d1ab574108a3

    SHA1

    6054a71fe39fe6d53881974bf24b3ab495a06d7e

    SHA256

    7285a07f901f7fc3dd0bbaa82e32bf3dc9eb9e2df9c4ba52834973ea7ca141b5

    SHA512

    aca0918a9e7386e6a7d4a22bedce465aa168ddd17f8ad4cd36297e581319119c1ec508dde98e371bc0b27d963468b2691a623d227a14956e9b8124ae173ad59f

    Download Submit

  • /data/user/0/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    1KB

    MD5

    8f651130f3346357b918a43d6854600c

    SHA1

    c139fe19d9ab5bf38ca3fef577c5744c94191c6e

    SHA256

    8114a51cc598075b98e01dc479b4e8ba0335663ef9761bf14b2aa0f7f463a16e

    SHA512

    2b203d22e7811ecb82f2f1bee6c121dbe2a5e86f307765efce7a943fa2f53d9a795153e31db7eea39e536717a5dc67b07a2e38dc299025057eeb8cc26aa2e743

    Download Submit

  • /data/user/0/com.tencent.mm/files/pkinfo.txt
    Filesize

    11KB

    MD5

    6c67d94a917ade34763ebcf52fb291a2

    SHA1

    bbaa4ca101fad9f7723aac9ac264ac93ea8debcf

    SHA256

    bc11e58a0aecd911956f5b73acbd16c0bb5b2936cf0507b15c21cdb4d6107fb3

    SHA512

    aa89ff8308b53a0fd19fd19fab5a5664def071d112d2469f38ff7293a65566a670aa06f4a6c9d92e8eb34aaa8ed523fab2b38a6acfee102b7e2051540630588a

    Download Submit