Overview

overview

10

Static

static

6

283bdca475...7f.apk

android-9-x86

10

283bdca475...7f.apk

android-11-x64

10

Analysis

  • max time kernel
    30s
  • max time network
    134s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    13/02/2025, 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    283bdca4759a7e79094d6c64f4408b23a00df6ab5c96fa131f1abdfbf13bbb7f.apk

  • Size

    4.0MB

  • MD5

    3ab3e18c9ef82e356c68455d08fbacd8

  • SHA1

    749c09dc2f0f4eea4b66095aea0d5262f8c65178

  • SHA256

    283bdca4759a7e79094d6c64f4408b23a00df6ab5c96fa131f1abdfbf13bbb7f

  • SHA512

    be5de0b9b428c02efe832102201dad25034ddc8a0c7545b7ac2e161d7c6b7ff0120737b206c149783f3a9e55d9d0d01a835ef12082bcb05911e6b2c46415b0bc

  • SSDEEP

    98304:vip5D/CYgV4R8yXJk/tUbjigQK2rVW9HWdTKkv1PNXI1:PZK8y5otMJ2rVW7kv19I1

Score
10/10
androratbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

androrat

C2

3.6.98.232:18443

Signatures

  • AndroRAT

    AndroRAT is an open source Android remote administration tool.

    trojaninfostealerratandrorat
  • Androrat family
    androrat
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoverydefense_evasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4325

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

Suppress Application Icon

1
T1628.001

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    5.9MB

    MD5

    7caaf4427f6acc3950b1d3ebc80df00f

    SHA1

    333d57b54d19568c9e42a7c7390980fb9042168e

    SHA256

    e0eb90ee2f34e485a846986d0373a240ac78aafd33302e68f42b88cf2a372472

    SHA512

    7e78f7942297a1970b5507882438d3b679a31b81565d6938983951bb2e1842ea822ba6e7dd4737f1cd101855e21d7fe1b91f8ea141bf8f40e2382755102a68ce

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    5fd6e168db6260b223b223f04b6cc48b

    SHA1

    68cc7bea79fab61e541e84f8959745bf84a3a701

    SHA256

    32762ff44aac4d17606b34482751218650afdb876577b24d371b107948286f3c

    SHA512

    54afd0316924a5c123aea1ea861a57492f952371bbf6d2f8976c6736c405fdea9cd992be76444b65c67f98552cac1d34f3b5aa35954d776a16038f4a6e41b9ef

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-wal
    Filesize

    60KB

    MD5

    cf5167b77c37c141fc111c3599d2b38c

    SHA1

    995d6c266d999c1e917106e0a00a9b0036bc154a

    SHA256

    f7c633be47261f5692b5a8737982333c7f023ebb39bc54135a00245bd33cf691

    SHA512

    8e214df041879897f1df5800a9345e9e52ac325c2b72c8c5108b7b16c4483948a10f58518e929e6b58cd053c4afbfeae111a4e61f63a444eebe6e78815f8bd76

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    8f285fb8e91fa1fdf005086f8df0e250

    SHA1

    8b63e6b86c913b3704b0a1cfe5b853d19ca4cf47

    SHA256

    20b7189032594d43d50d84be98b40b70d938cec607c0a0cb9315b613ccaa2de5

    SHA512

    a525f054c440498dd7e85868893899f22779efe96e32fc6c71fd2b21950f353efb6e841d5b4d350352c501e086e3c8c16cb4079477629c35baa877dba0f9db6d

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-wal
    Filesize

    28KB

    MD5

    3262714c35048cd698b1b08dd9b82e8b

    SHA1

    8d9394cc9254eef4bf7dc5cb99e93fcdcde3e3bc

    SHA256

    ac0059a2791198b06bf442036968ff169df95462f64b83f85a555a7fa3732ee4

    SHA512

    d46f9545d825a95e8ee533e24c7817ae557c19b64e9f3d9ccc4d4f7cf6c3a88be41bab8a4de4285643c74df4978a9e054ce00a18707c4734bb7063634acc2358

    Download Submit

  • /data/data/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    116B

    MD5

    9acd999fa1d8cda340f50cbfc8e8897e

    SHA1

    e321f5e4795026d00677d3024e04ca59d61afe9b

    SHA256

    8e1c6779565c8c1e6668b881553ead84f491b4a637c9e1f55c4f8f311de3cee8

    SHA512

    6c5e2fcb2a494f7ebb6426c3a41ea6725d73f764501ae8313888c245d84a4874d135d678802dd7c2572541adedaae15c83d07c2cc8414418a06a6d0e91c05163

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    1dea6256ffb156e494a0ed36e5347578

    SHA1

    ffde87703553d8c333cba61ec288de17587c0861

    SHA256

    9bd4666f2f8d070c4ecb984f46d76b518a8fbe447dcca19851cdd4475d50d3a9

    SHA512

    fafb9e957721a4406bee34bc1a2f6fffe0230ae496258633e572dc4d43d5fe331a38b6511c87e8faf6cc17ae770ea5f81d6b2932cd17efbaf076323665122950

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    116B

    MD5

    7adba86b8d45716cf60a0300096146d7

    SHA1

    c2e24675bf056210f104d2449c85bae9b481d01d

    SHA256

    e9136693d48a476a68780c05d112c1f663bbabe8f1940061f743dc1bb928db18

    SHA512

    7a795337d93926ab12ce9bc9e53940df829c609ecb2d963e1ca332ebc2422d88b6d7df9d11464869a38ca62005750126305fe8762150228f6434e7e3bad979c2

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    a2e74b93aad811f6624748e417d433e2

    SHA1

    14523f00042eee40c6db9c7aea93ed13b8a75fe9

    SHA256

    5e58d58c3025a264505e44c48b6f83151cf595effdfa9dc8d1b22b98777603af

    SHA512

    341bb7f91bab9e6be772787ef5427803685b21117fa25c8d706791a3789a6b04a7e404725bdcc58e005950ef04b9147bdbc42e9550f44779e2f8131ad100ccca

    Download Submit

  • /data/data/com.tencent.mm/files/Tree.txt
    Filesize

    341B

    MD5

    2ccc9369eedaf096efcd9ee4f68cabb9

    SHA1

    73ad96a6c1866f8bbf749c59daa184113bd50277

    SHA256

    946b4e8c8265b3df9e098d5b07a7fa87fea87f2bf2a8fbffef5c9b2b0ce72bf8

    SHA512

    e425f59701eafe12fd46c3f0634c6b44842fa0aae6357c81d70771f067f3b052107311296ddacacc190adce7a8d2fd07c3425803ba0f92d08fea8748f9ea3dc8

    Download Submit

  • /data/data/com.tencent.mm/files/Tree.txt
    Filesize

    430B

    MD5

    4add4e19aed042b4277ec261510e1db7

    SHA1

    370e00098008f83a432339098d1f63a8fc789172

    SHA256

    a21be71bd037feae630738575c70c4bb88dce3e5b4a1ebca370f7e94291eed9f

    SHA512

    68805862e74d00fee76800582e1947206b14b32f26e37b3b88a28d27d539c301ab0910ea41292a795dd403f2f606e358372593f6260c212a8ab8b6568cefb5c8

    Download Submit

  • /data/data/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    609B

    MD5

    71235e52e8500b8afd06e58844faf79f

    SHA1

    8a30da73a000032cb0316d2541e6dd84d8ef37c4

    SHA256

    d9cbd1e096a3c380ab2be90edf96f9b19ee162cb68e9c1be77bc8251cd7cc783

    SHA512

    1b259abf71495eca46baa6d41c5f1e0435ff3baad85b69be113b3cfdfcd63127e283e3876c7b85e5ff0b1f3cc659f5a79301babaa41d2b91de8db6a35c66958a

    Download Submit

  • /data/data/com.tencent.mm/files/pkinfo.txt
    Filesize

    5KB

    MD5

    b1356b307602e0458f966b6c3f65f6c2

    SHA1

    35efa8ba45f7801fd01ae03033d8dfe2228d7093

    SHA256

    13aa31a50a7e3d9dac43e1c95b9f1dd360fa1e74200b80ead086a1b546fe907e

    SHA512

    9ac27473d618d6d8c1cf74363afedb67ed56a4289183914c0a27313e04bd79adad0c56ce8ccce47bb27e21476d1881aedf283040aaecf3f0cf7fe0cec1cdcaf2

    Download Submit

  • /data/data/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫
    Filesize

    2.9MB

    MD5

    0cde52a22676973616207325e6d28e43

    SHA1

    3f395a88b28c0bb248dbb2d9deefa2b69a6cd53a

    SHA256

    2138f6e7b16413924b92c8292022cccdf738a239a8929f38717d7a86586ca934

    SHA512

    2d4f88b0b9a49c04176678a66d366202836a03ad8424796fe73efc46e648195eba0d28681542a425c792fce8b32cf3e385e75a77475c3785add0c7d09d358519

    Download Submit

  • /data/data/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫.
    Filesize

    8B

    MD5

    1c81a241aa3134f5e4702e401032ce03

    SHA1

    0be8c30c5d5303ea7f7ffec16fe8c6e8a1c93b92

    SHA256

    14c29a5496904182d3dd0d35373f6532dafd626acfdff4c5ed33f508e2558412

    SHA512

    ccdabc4a1e6b3e1a856a474e325debb2f24a85c63dd4c82c7bdd0683c516eb46fcf19a8718e02298e81eff322db99f526c2c36db16d3d7243130630ea09168cd

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-13.txt
    Filesize

    174B

    MD5

    572ce0c5c823ae6470ca2b05b2ed6ea7

    SHA1

    e903d32aa00b4a51df6b7726b9250b54fa10563d

    SHA256

    068e0e95471c134b2cfb2417b9a28b1a08d39a997354bc3b9a6091d1afe6c252

    SHA512

    c17b7193fb8b22a2653e7cf36cde15ef74786805cc1c6425b78f2014546248b57739befb52d769ff6ec690dc4bdeeccc632e81f2e4cd686ae72efc025112239e

    Download Submit