androrat | 8ba737ea98efd66ca64a9ddb61c2ca30e5f9f851d47c1dab7da7f4f01f95e9f9 | Triage

Sharing

General

Target

evil.apk
Size

2.2MB
Sample

250224-s7xqyszrs2
MD5

fb53e9379186f32862388c3d93130959
SHA1

5807d9469c5eb14125439680d684347d49c5d2e7
SHA256

8ba737ea98efd66ca64a9ddb61c2ca30e5f9f851d47c1dab7da7f4f01f95e9f9
SHA512

864efef5774e513fcb673f2b05c3928d20360d552b3b85b14aaa7bdfd91f0338e53b97b998886184c48e9d1d6287168aaa1ee277f0ac49698c3f59462d303023
SSDEEP

49152:MgvYNQHt6QU1f+1Lv1MlQs8M7ysihlJOGGtgCX3dG2cfzX:eNhQcc5uQt600HDcf7

Score

10^/10

androrat android evasion stealth trojan

Malware Config

Extracted

Family

androrat

C2

100.115.92.195:8000

Targets

- Target
  
  evil.apk
- Size
  
  2.2MB
- MD5
  
  fb53e9379186f32862388c3d93130959
- SHA1
  
  5807d9469c5eb14125439680d684347d49c5d2e7
- SHA256
  
  8ba737ea98efd66ca64a9ddb61c2ca30e5f9f851d47c1dab7da7f4f01f95e9f9
- SHA512
  
  864efef5774e513fcb673f2b05c3928d20360d552b3b85b14aaa7bdfd91f0338e53b97b998886184c48e9d1d6287168aaa1ee277f0ac49698c3f59462d303023
- SSDEEP
  
  49152:MgvYNQHt6QU1f+1Lv1MlQs8M7ysihlJOGGtgCX3dG2cfzX:eNhQcc5uQt600HDcf7
Score

8^/10

evasion stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionstealthtrojan

behavioral2

evasionstealthtrojan

behavioral3

evasionstealthtrojan