Overview

overview

10

Static

static

6

69ae5079f2...f9.apk

android-9-x86

10

69ae5079f2...f9.apk

android-10-x64

10

Analysis

  • max time kernel
    16s
  • max time network
    154s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    05/02/2025, 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69ae5079f26908ff840960dc5bea1d055d3b1bd78318102a4e64b605ee7e4ff9.apk

  • Size

    4.1MB

  • MD5

    45b5377f3a42484d5391af34ad47785c

  • SHA1

    8fb49e59b8e025a70be935ad0a720a677ca1031d

  • SHA256

    69ae5079f26908ff840960dc5bea1d055d3b1bd78318102a4e64b605ee7e4ff9

  • SHA512

    e22e285dc0b4739d191f3be9e339e7076af02e0f907cbebb0d7fb7c7584f7c741e7b8ff3c7993bd4672d0308a7f82ff41137fbbf4e4c6fc5fb5cf7611c01f034

  • SSDEEP

    49152:ygmPDdoPGRo5X3meyRZJyYVza3qc65Kt6u7wpymvMfVVW9BX5pgtflZMekqeDj0V:WD6hbYZkLjtB7fTg7gdlVkXjvYCZAz9F

Score
10/10
androratevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

androrat

C2

3.6.98.232:18443

Signatures

  • AndroRAT

    AndroRAT is an open source Android remote administration tool.

    trojaninfostealerratandrorat
  • Androrat family
    androrat
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4270
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml --output-vdex-fd=42 --oat-fd=44 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/apk.manager-v1.rizal.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4331
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml --output-vdex-fd=42 --oat-fd=44 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/apk.manager-v1.rizal.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4392

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    5.9MB

    MD5

    c8f6ba71cea84260cb55fd11ad2d0c4a

    SHA1

    d1f1e7e20a168047729d1c959de13401707a5691

    SHA256

    fb799b0b47b3404aa43a4fd4a6b43d7d8367a58dae8d25ec2d331d9005f8d867

    SHA512

    66485f9c9adc1f8514773d14103b62488e3b9ab05a4dac322f17d51641924589b2eee3c46cb67673b0053bc3f3e3de3c013ddc3d2603e0445349867a51e8d774

    Download Submit

  • /data/data/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫
    Filesize

    3.0MB

    MD5

    816ff97c55fa609561bd900657ad5431

    SHA1

    c11f5860337170602824e4c4dc11aac011eb5082

    SHA256

    cedb29b3dff81aa6652eebd774a501452b16547b627939405f5fb74da849bd09

    SHA512

    841bfc69e1cf7508b120d3b17f63590ad8c7ff656615c182b53258783a266893f38239916b3f4d2b4f977aede3f6ce7cfc34881fc2fb37f43ed1bfde838c7b16

    Download Submit

  • /data/data/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫.
    Filesize

    8B

    MD5

    5bef64cc7650cce5b95c17f2f7de0d41

    SHA1

    cf282932713ecb4bc4975f3a43185a598338a2c2

    SHA256

    5f9da690e712f4cc30ec9888f166676b677beb32a3c67b614b3c5f33d083022a

    SHA512

    42a2305c9af3281c190b8305333f5da30d82efaf10389319ffe35f154a1e258b065df4114eef1d47da0eaa50ec874538747aae5b778c679a094ab1dc157c0586

    Download Submit

  • /data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    5.9MB

    MD5

    68ea026269d9e8aac8298aa5c8f9cd00

    SHA1

    f1a3fc8227cc91104a1d22c7ce7cbd62a259bbce

    SHA256

    4ff7f160d6e57b3d8e24f46e87a7f2cdbf63911c68719ce3dc778d582559c035

    SHA512

    f92b8a83db2fda067b8561c1ab915627282f98a5c614ae1dd201ca01afa1a84a67bb6ae9a5f9ff43e9113f32130a36813125d37aa8fbfc505a9a4abe4743c082

    Download Submit