Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

dde9ac42b9...b8.apk

android-9-x86

10

dde9ac42b9...b8.apk

android-13-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dde9ac42b901d50f10cd39ef9ebb342b015739eeece0927d840abdafa9d4feb8.bin

  • Size

    4.0MB

  • Sample

    250228-18kf1szygz

  • MD5

    0fb74af2fa1aa4ee4b7ad0bcd944d78e

  • SHA1

    552b5a73ff31cc276fe64cae79beae7e2e3bb1fd

  • SHA256

    dde9ac42b901d50f10cd39ef9ebb342b015739eeece0927d840abdafa9d4feb8

  • SHA512

    13ca1a1667f282879718a90778653e9080d1a39b7fc1a5477a68432f722a10be4a3163110c1e980ab9576528e0bcc45a5d1cb07e751ef0179ddd6f9564a4e65c

  • SSDEEP

    49152:5gm5ZaPGRo5N3YeyRZJOzqIQ7TcPAr6pOTPTzUZGoAFbYRVLLw1ZPQJiSxm9TmP9:nw3DHFHpODHjotVEP7im9SeG

Score
10/10
androratandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

androrat

C2

3.6.98.232:18443

Targets

    • Target

      dde9ac42b901d50f10cd39ef9ebb342b015739eeece0927d840abdafa9d4feb8.bin

    • Size

      4.0MB

    • MD5

      0fb74af2fa1aa4ee4b7ad0bcd944d78e

    • SHA1

      552b5a73ff31cc276fe64cae79beae7e2e3bb1fd

    • SHA256

      dde9ac42b901d50f10cd39ef9ebb342b015739eeece0927d840abdafa9d4feb8

    • SHA512

      13ca1a1667f282879718a90778653e9080d1a39b7fc1a5477a68432f722a10be4a3163110c1e980ab9576528e0bcc45a5d1cb07e751ef0179ddd6f9564a4e65c

    • SSDEEP

      49152:5gm5ZaPGRo5N3YeyRZJOzqIQ7TcPAr6pOTPTzUZGoAFbYRVLLw1ZPQJiSxm9TmP9:nw3DHFHpODHjotVEP7im9SeG

    Score
    10/10
    androratevasionexecutionimpactinfostealerpersistenceratstealthtrojanbankercollectioncredential_accessdefense_evasiondiscovery

    • AndroRAT

      AndroRAT is an open source Android remote administration tool.

      trojaninfostealerratandrorat

    • Androrat family

      androrat

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Reads the contacts stored on the device.

      collection

    • Reads the content of the calendar entry data.

      collection

    • Reads the content of the call log.

      collection

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoverydefense_evasion

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

Suppress Application Icon

1
T1628.001

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.