Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

d54841a13a...27.apk

android-9-x86

10

d54841a13a...27.apk

android-13-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d54841a13a8b207b01641b07ec4fb0c4e5afa69f304d46c0ce91ad7425a9d327.bin

  • Size

    4.1MB

  • Sample

    250224-122rqazpt5

  • MD5

    c1704623de4f7a3c743e078b57178715

  • SHA1

    3b35b2b650c859d7b8a9adeaeaefb4fa98a21009

  • SHA256

    d54841a13a8b207b01641b07ec4fb0c4e5afa69f304d46c0ce91ad7425a9d327

  • SHA512

    a849aac4f9415ee77e7c71debc6f760dd9fb65fb5449d6f916a799fe8a9c3d06e7adc93871438ca5bd78737c0aa9194b5fb2d141b22b1ecd690ccf2f94365567

  • SSDEEP

    98304:pdHpSFqXO3uieO/AAdo00OgjFAAlA7tpbICbhh64:NScOVeTAFohAAliDbPZ

Score
10/10
androratandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

androrat

C2

3.6.98.232:18443

Targets

    • Target

      d54841a13a8b207b01641b07ec4fb0c4e5afa69f304d46c0ce91ad7425a9d327.bin

    • Size

      4.1MB

    • MD5

      c1704623de4f7a3c743e078b57178715

    • SHA1

      3b35b2b650c859d7b8a9adeaeaefb4fa98a21009

    • SHA256

      d54841a13a8b207b01641b07ec4fb0c4e5afa69f304d46c0ce91ad7425a9d327

    • SHA512

      a849aac4f9415ee77e7c71debc6f760dd9fb65fb5449d6f916a799fe8a9c3d06e7adc93871438ca5bd78737c0aa9194b5fb2d141b22b1ecd690ccf2f94365567

    • SSDEEP

      98304:pdHpSFqXO3uieO/AAdo00OgjFAAlA7tpbICbhh64:NScOVeTAFohAAliDbPZ

    Score
    10/10
    androratevasionexecutionimpactinfostealerpersistenceratstealthtrojanbankercollectioncredential_accessdefense_evasiondiscovery

    • AndroRAT

      AndroRAT is an open source Android remote administration tool.

      trojaninfostealerratandrorat

    • Androrat family

      androrat

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Reads the contacts stored on the device.

      collection

    • Reads the content of the calendar entry data.

      collection

    • Reads the content of the call log.

      collection

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoverydefense_evasion

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

Suppress Application Icon

1
T1628.001

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Tasks