Analysis
-
max time kernel
149s -
max time network
153s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
-
submitted
13/02/2025, 22:06
General
-
Target
283bdca4759a7e79094d6c64f4408b23a00df6ab5c96fa131f1abdfbf13bbb7f.apk
-
Size
4.0MB
-
MD5
3ab3e18c9ef82e356c68455d08fbacd8
-
SHA1
749c09dc2f0f4eea4b66095aea0d5262f8c65178
-
SHA256
283bdca4759a7e79094d6c64f4408b23a00df6ab5c96fa131f1abdfbf13bbb7f
-
SHA512
be5de0b9b428c02efe832102201dad25034ddc8a0c7545b7ac2e161d7c6b7ff0120737b206c149783f3a9e55d9d0d01a835ef12082bcb05911e6b2c46415b0bc
-
SSDEEP
98304:vip5D/CYgV4R8yXJk/tUbjigQK2rVW9HWdTKkv1PNXI1:PZK8y5otMJ2rVW7kv19I1
Malware Config
Extracted
androrat
3.6.98.232:18443
Signatures
-
AndroRAT
AndroRAT is an open source Android remote administration tool.
-
Androrat family
-
Removes its main activity from the application launcher 1 TTPs 3 IoCs
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
-
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
-
Reads the content of the call log. 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
2System Checks
2Discovery
Location Tracking
1Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.9MB
MD57caaf4427f6acc3950b1d3ebc80df00f
SHA1333d57b54d19568c9e42a7c7390980fb9042168e
SHA256e0eb90ee2f34e485a846986d0373a240ac78aafd33302e68f42b88cf2a372472
SHA5127e78f7942297a1970b5507882438d3b679a31b81565d6938983951bb2e1842ea822ba6e7dd4737f1cd101855e21d7fe1b91f8ea141bf8f40e2382755102a68ce
-
Filesize
32KB
MD51854505a3f6d683ed7eb81612934370c
SHA14f710add9a652d2fb92b7ce45589e27bf03f0b2a
SHA2568100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4
SHA512104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962
-
Filesize
8KB
MD593f19260b52e7ec7fd6409c433c2b47d
SHA1b15ff53723d9fac4506423344d4083ad5784f1c9
SHA2562c9f20235631a01fe49b168b9db685dd39883d69876d219b2f7516697c205e5f
SHA5123246fc8c768db7b52ca610e09b4d781e18e5bd6dcb4f58294dc5254860bcfab454b9fbe34ae5e1e8feb9cdf968940504acf5f26e69958662933a54d0a6cb49ec
-
Filesize
512B
MD57e8ed641bd3aaa41368a863aa1ed5279
SHA11e849b45890d8a2e379521a881e77d83d86fa352
SHA2565b1f164999747c2ecf364bcff0435e6e91561652f0e8a93f2784e12d136c497d
SHA512a10807e89737eeba6d6884af6a2ff61f3328b6c594b7f28ebc8542c954fc10964f5c73de5a77f10f309c7e913a0cb526b8616fa169b48af1cfb44692489e8bb5
-
Filesize
8KB
MD530228edac7407d3156cb15e7b73baa9e
SHA144e6816b057ab4b12ff5d90378088498de689d89
SHA256636d1df66ab3cdfd04c1c514183d19ad6d25f87b3c4694b38dd36824e70b1ebb
SHA5127bfa6120eff32bcf6cf96a1922d7604d3a2a40b1c84b7156ad6eb919ca2286fb07b76e7e0c3577d75c8c234bc5d7bb694d86a1201439849e946c1c3efd2112f9
-
Filesize
8KB
MD54b6983fe5a14f8b2f56844f3a1f700e8
SHA1d726717757c4758a3ccc8460650ef5044f034327
SHA256601e36af9ef297b07a70208b5db1b3384f4fe1829dd72857c3a76fde6aaca51e
SHA512f189273e6cdf00587a94f5c12e47dd0a7d8a51fa07c7fea1f8919e3bd8f88457f285753588fc76c81a95b429b0c2dd3f50ebf0b6cde09945d0c69369a7d9645e
-
Filesize
8KB
MD5cfdd32b74c9312ce27cbef11c2bd6067
SHA1102c309a948716c687efd41d3d3d3deba1b55ac4
SHA25656bd14e809257e953b3db29ec731658ebe50358fec00d2d7ad8004ee268149a9
SHA5126740debaf2bad9d3a05b08112c2ab82ea6a99308692558e5207b222725353cc7569c58234ff71fae5e0ab59fe3a0b93cb3f1811987c1405228fa1b7abc166546
-
Filesize
16KB
MD558c0b6e45328752b20ac6e719ac034f8
SHA1372b2638afd00bbbc4034657b3df3d2e428fb367
SHA2569d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a
SHA5122d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab
-
Filesize
512B
MD590b375367e8e8ae793bb567bb18862a2
SHA194dbb7e581848bb35d4400bfd5d5d346f685e7f8
SHA25695d3c76e76286edfdfb2d55fd74affbb19e31759ee93a22c6bc41ac7a010085b
SHA512b17cd4bac92e6f2f438ecf2fb0549f10666f631f48599deee93cb72c5d20c588ce00045e9a3edfcbba995099ec66b19f18726793e32f2f28cd2cc01a7c5c5826
-
Filesize
8KB
MD54a61b3108b92e1edbcdad8f01f5c6668
SHA1adb4ef8963a783ed94b36f668cbb50c2bab1d20c
SHA256b63063553bcc6d21d6dd61012667e5eb238124dec48979cbfca1d3dd44ce8364
SHA512467b7a0347947ab36cea9256b71abb800292de454011340d88d2d1b3091c65b7434433cfeaf43ac54679a24911671dac0742b7064f9b5eb03706dc4b23b8fe78
-
Filesize
8KB
MD5b61bfd22c4a030abcc73b091453cd61f
SHA16382d3e18d43b7d83e03ab054cac080aa0b75f0b
SHA25663ddc8b22922079b068e80fdbfa63e64fbfca56159b3e1ffab24bb1364fed9cd
SHA512643ad7c75dec1bd271592bff5755e358a2af3cf161b8985dcc148f5161ef31c0d414d6f8355e4239d0f22eb66880c28f24b7d812eeb7fe785c5351e465cd8b55
-
Filesize
3B
MD558e0494c51d30eb3494f7c9198986bb9
SHA1cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA25637517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4
-
Filesize
108B
MD54cee54a1d939e23ef6a9420c23e06454
SHA186c5fa215c9a4b261c1f249e9db04d6b77a7a0ff
SHA256ed70fad070b667f27a95f1dee64d0bb8836433c67bb18eef2f1cdd031caf7333
SHA512dd20057581999760f4793564d54db886ea1cb2ad58fa401e5db19e9cef56d72b575fd444fcbf1f65ae4ded10ab124681fc2f038f3a7617792490bf67324b025a
-
Filesize
108B
MD5516e95984fd57c83399d385a7ee88fde
SHA13ce8daec1fc222e7ee834ceb16fa1b67df4f73d1
SHA256bed16110e4d1a6bc5108d98dcbc0eb1ef3fb8c73bfbf7659d205b2215330e8b5
SHA5122b670c958fd084b3a83d2ebf9bb5d7b89b1052bde0831683e837ac3768444c020eb7af46031058272572d3a9a2a81c3b0fd2292016556b7bb2d4a3dfeab49887
-
Filesize
114B
MD5262603ffd01fb5b27644741b5dd1be03
SHA1cb8362cbff8775465bca1fee06b34ec483af3016
SHA256d1c78a9d1ccaaa233671cec7a697ec445ba0e89e32ae0945b919f941b8f91512
SHA5123dacf2d83c5f73542a8e1630a6cd5eb20cf6008f757b1939e85127f07fb12beb9876018fb03603ecda84451894eb8545f635e97e3cbddca46be3ba9406fc8b1f
-
Filesize
108B
MD5560b3b92107668caccddaa6f6d87e9ae
SHA10ca1ffea3db090a61e8424b454770a5b05a3208c
SHA256cf72d47b6a62ff995031c138f518bafbb9e3ebb561be6f4484433b03d1c99988
SHA51272246d90b8014c3afdb0b13c761e01baa840012cd1ebdb85aa4c28c7b75e3666a5be732078e08476c3fc52d8b3a9d2f456ea633512daf016029e7907b0c259ed
-
Filesize
114B
MD5f43fbbb913bd0c1b3252a1251dc97103
SHA17e8b9ea88c6494cc326bb2c41cb0e79e89eaba4b
SHA2567137e93d213b11be900ed6c8358cbc95e06166f96ca9ee30e1fae350b2a7d12e
SHA51269ee89da2399429b037bd1c14bfd7004153e3380cf93819321759cc284ef5c4c1613ea28fd1d18085fe84fc8cae26c2a36a0a97667ec849b98c0aece02dd454e
-
Filesize
114B
MD538bafd5b7ba93fd342c3613670a47df4
SHA11ae7344a71e67629ce5e393b41fab68a40956005
SHA2568cbc7d20bb530a3f348952247c820ef4ee2224246d96ad279dc12d1a1e1fdcef
SHA51207abb40c861b1afef5b4aeff98e7b81f9ab556f424321116f44a85d51018231e114d0497417ef620bb71ec578e3096c5ba695a5deba652e3723054f1b55ab810
-
Filesize
477B
MD5f70e8e37a070c6a80c1aed531efb0e29
SHA157723027648cd1ffc062a7b7c226967b74e869bf
SHA256638ebce314d19012e64db1af00127c93d0e02fe36e81f2806d5d49f6978062ab
SHA512dd9a85b915f258e2d7b49c3ecdab43ef4de53c4b50047e5564c46e4b89fe8b4aaad90f5beab4b8fee1b9b3b017ce12200eb745d05a4ae3ccefef443d6d7b0cdb
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
854B
MD56efc46fcdfd4fffda10314829fbc9814
SHA15a96f3ba424b05ebf98fd6dc23e18fa4c8b34461
SHA256b95df6890dc702a25239b8f8c4559f19ba52da57f352d8e4f1bd87ba7a179a55
SHA51234366b1fa5fb02b7bf7a55ceaf56f11dd9f461b48bbb0bf38445e5f9f964a71d46ce29c2fb8dec64dc476321201809a9e89e34c71fba2d266a445d3df094ae18
-
Filesize
854B
MD57016c4d0c71fc5ca4587b7430a86489f
SHA13b197edb516a76aa72d75f1ae5d952eb8e4a6616
SHA2567283dd459fcbf6c4b7bab2b8c8aacd93dc567b8e37ac5b792f825464e5288963
SHA512b1f9e20b6538c5b1f1274d0bad090a6161e3cb08957db9b1998c9c4e4ac337ff9473fe80ed7a0efd27a7f7c38701ad232684f29c42b34f7229eff58453937050
-
Filesize
854B
MD590b12c301631a30bea68351dc7f63078
SHA1019a6d735ff23ca34a236fbf39de3ba0c2ee29b2
SHA2567c7864627d0d023015c9875d656c7a6aab1002d0af72208e42a44eb55cb6eda5
SHA51204c0a9acce30599e9a69ad0a59a5ac221d0299cf3c0862d781e2b03f0b4abb19c18419ae3e937013c7bc0de2aa9b2d9df713abc92f7b642251fc73351449e268
-
Filesize
10KB
MD5344c40353d45d009b47272dfdac931a2
SHA144898c7bb8c5a7d12762562662dbbcb6c9180a00
SHA25607bccca648467fff1bd92361bc2fdf21290d3f43f5d9c36fb0f9ee2d64569f7f
SHA512809f0c501f809bdcda6635f242478aba23accef84e1c6ed085420616ec9cd6a8bdb85e0316e48f3d76ad3c8223db168b8d26d3c56bd29fc1ab7c3314963a9f75
-
Filesize
2.9MB
MD50cde52a22676973616207325e6d28e43
SHA13f395a88b28c0bb248dbb2d9deefa2b69a6cd53a
SHA2562138f6e7b16413924b92c8292022cccdf738a239a8929f38717d7a86586ca934
SHA5122d4f88b0b9a49c04176678a66d366202836a03ad8424796fe73efc46e648195eba0d28681542a425c792fce8b32cf3e385e75a77475c3785add0c7d09d358519
-
Filesize
8B
MD51c81a241aa3134f5e4702e401032ce03
SHA10be8c30c5d5303ea7f7ffec16fe8c6e8a1c93b92
SHA25614c29a5496904182d3dd0d35373f6532dafd626acfdff4c5ed33f508e2558412
SHA512ccdabc4a1e6b3e1a856a474e325debb2f24a85c63dd4c82c7bdd0683c516eb46fcf19a8718e02298e81eff322db99f526c2c36db16d3d7243130630ea09168cd