888rat | hxxps://www[.]mediafire[.]com/file/hm3u7r925vkznne/UgPhoneCrack[.]apk/file

Analysis

max time kernel
887s
max time network
897s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
18-01-2025 06:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/hm3u7r925vkznne/UgPhoneCrack.apk/file

Score

10^/10

888rat infostealer rat trojan

Malware Config

Signatures

888RAT
888RAT is an Android remote administration tool.
trojan infostealer rat 888rat
888Rat family
888rat

Android 888 RAT payload 1 IoCs

resource	yara_rule
behavioral3/files/fstream-5.dat	family_888rat

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 18 IoCs

description	ioc
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application a broad access to external storage in scoped storage.	android.permission.MANAGE_EXTERNAL_STORAGE
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access location in the background.	android.permission.ACCESS_BACKGROUND_LOCATION
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Checks CPU information 2 TTPs 3 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.android.chrome
File opened for read	/proc/cpuinfo	com.android.chrome
File opened for read	/proc/cpuinfo	com.android.chrome

Checks memory information 2 TTPs 3 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android.chrome
File opened for read	/proc/meminfo	com.android.chrome
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4394

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4786

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:5110

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

files/dom-0.html

Filesize
264KB

MD5
88c353638ab32637bdb63d41849886ca

SHA1
e4d52aae132061d4338beb63c807cab9cac39a17

SHA256
bbd63153bb634140ad402c200fc72d4283a0c29c98dbe6f39c5cc87dea9796af

SHA512
699e30b1e156e5b7b446ca149fb37598215a155c8a38d712c69f521299ac2fc55f7ac2876817e82095762119910c929885b939140c7898020115a6ca89508f8e

Download Submit
/storage/emulated/0/Download/.pending-1737785461-UgPhoneCrack.apk

Filesize
2.2MB

MD5
08b85491b068e324273df1639fbfd609

SHA1
347959b68435d977c792e5c6238312cff0d5a37d

SHA256
89edbb9e5757f6b8e3b099553b1cc08f4affcd5b1cadd2ec25c4ecdac5d1629a

SHA512
0f2bdc6819c805d40d700e1850f0a718fedab71a19df35f97c765a218c484df3e393c934f751cdf935dd0b45495b395d87f463dcd40f28401a780a142dc7881d

Download Submit
/storage/emulated/0/Download/.pending-1737785461-UgPhoneCrack.apk (deleted)

Filesize
512KB

MD5
59071590099d21dd439896592338bf95

SHA1
6a521e1d2a632c26e53b83d2cc4b0edecfc1e68c

SHA256
07854d2fef297a06ba81685e660c332de36d5d18d546927d30daad6d7fda1541

SHA512
eedb6cadbceb2c991fc6f68dccb80463b3f660c5358acd7d705398ae2e3df2b4327f0f6c6746486848bd2992b379776483a98063ae96edb45877bb0314874668

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads