Overview

overview

10

Static

static

6

dde9ac42b9...b8.apk

android-9-x86

10

dde9ac42b9...b8.apk

android-13-x64

10

Analysis

  • max time kernel
    17s
  • max time network
    150s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    28/02/2025, 22:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dde9ac42b901d50f10cd39ef9ebb342b015739eeece0927d840abdafa9d4feb8.apk

  • Size

    4.0MB

  • MD5

    0fb74af2fa1aa4ee4b7ad0bcd944d78e

  • SHA1

    552b5a73ff31cc276fe64cae79beae7e2e3bb1fd

  • SHA256

    dde9ac42b901d50f10cd39ef9ebb342b015739eeece0927d840abdafa9d4feb8

  • SHA512

    13ca1a1667f282879718a90778653e9080d1a39b7fc1a5477a68432f722a10be4a3163110c1e980ab9576528e0bcc45a5d1cb07e751ef0179ddd6f9564a4e65c

  • SSDEEP

    49152:5gm5ZaPGRo5N3YeyRZJOzqIQ7TcPAr6pOTPTzUZGoAFbYRVLLw1ZPQJiSxm9TmP9:nw3DHFHpODHjotVEP7im9SeG

Score
10/10
androratevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

androrat

C2

3.6.98.232:18443

Signatures

  • AndroRAT

    AndroRAT is an open source Android remote administration tool.

    trojaninfostealerratandrorat
  • Androrat family
    androrat
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4306
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/apk.manager-v1.rizal.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4334
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/apk.manager-v1.rizal.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4423

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    5.9MB

    MD5

    7caaf4427f6acc3950b1d3ebc80df00f

    SHA1

    333d57b54d19568c9e42a7c7390980fb9042168e

    SHA256

    e0eb90ee2f34e485a846986d0373a240ac78aafd33302e68f42b88cf2a372472

    SHA512

    7e78f7942297a1970b5507882438d3b679a31b81565d6938983951bb2e1842ea822ba6e7dd4737f1cd101855e21d7fe1b91f8ea141bf8f40e2382755102a68ce

    Download Submit

  • /data/data/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫
    Filesize

    2.9MB

    MD5

    6586994a8447ce2d5c37f333be8da137

    SHA1

    a3af22ec083b4ba3d819f16c20c2651f425f664a

    SHA256

    61f9d847f639a8d693083b01296b37e597f3a0115b3869437fbd49bf33d60736

    SHA512

    f6d65ea4b4b0b4796cedb397701a5398dbd9519c235272d9377895f6b6dd42129428c54b01b81706a43cc5867ab7d4bc499d883444dca3f2c02476c244833009

    Download Submit

  • /data/data/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫.
    Filesize

    8B

    MD5

    df7a845164ce7b068b81fc16c78b0f32

    SHA1

    679d02ad03692357e937a4f9061e07dbde640101

    SHA256

    f96d08b2bdbb5f9a42e47b6f9ad018ab1821c6af61df6b33bd0175bcdd799ca4

    SHA512

    ab36567623a4a2de4da64edd2875d55053f682d9f7d4cf60609f428bf946be419ab7aafc5f160b6b29c31c220f39095d15c6902e0241e4f2d0e5b457a222227f

    Download Submit

  • /data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    5.9MB

    MD5

    d46ce88d6e643ae50cbf92554432d061

    SHA1

    f4e59c6af509366863e8f49fb546e567df43010f

    SHA256

    878d8b9c0ecb1870fc656b26ac1a3290ccedf0385c834189499470a03a2fc68d

    SHA512

    7ddf88bc4eb3818506754219b1508119391899a6a7976e6b105fe145322ac7b29d738a90f0c1d15f2def9b42cf8ec1fa068a0de6c9de2b38f61e0798d87d9554

    Download Submit