Overview

overview

10

Static

static

6

dde9ac42b9...b8.apk

android-9-x86

10

dde9ac42b9...b8.apk

android-13-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    28/02/2025, 22:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dde9ac42b901d50f10cd39ef9ebb342b015739eeece0927d840abdafa9d4feb8.apk

  • Size

    4.0MB

  • MD5

    0fb74af2fa1aa4ee4b7ad0bcd944d78e

  • SHA1

    552b5a73ff31cc276fe64cae79beae7e2e3bb1fd

  • SHA256

    dde9ac42b901d50f10cd39ef9ebb342b015739eeece0927d840abdafa9d4feb8

  • SHA512

    13ca1a1667f282879718a90778653e9080d1a39b7fc1a5477a68432f722a10be4a3163110c1e980ab9576528e0bcc45a5d1cb07e751ef0179ddd6f9564a4e65c

  • SSDEEP

    49152:5gm5ZaPGRo5N3YeyRZJOzqIQ7TcPAr6pOTPTzUZGoAFbYRVLLw1ZPQJiSxm9TmP9:nw3DHFHpODHjotVEP7im9SeG

Score
10/10
androratbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

androrat

C2

3.6.98.232:18443

Signatures

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4496

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

Suppress Application Icon

1
T1628.001

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    5.9MB

    MD5

    7caaf4427f6acc3950b1d3ebc80df00f

    SHA1

    333d57b54d19568c9e42a7c7390980fb9042168e

    SHA256

    e0eb90ee2f34e485a846986d0373a240ac78aafd33302e68f42b88cf2a372472

    SHA512

    7e78f7942297a1970b5507882438d3b679a31b81565d6938983951bb2e1842ea822ba6e7dd4737f1cd101855e21d7fe1b91f8ea141bf8f40e2382755102a68ce

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname
    Filesize

    32KB

    MD5

    b84ca221f49f56ff688fbd77b269875f

    SHA1

    2b99d98f4c58523b8c7adf4a2ebdac6a3bb3cde3

    SHA256

    7325ead2e503bb80d341c1796f7dd0851b5089511958f09fcb16dd2af8fce31f

    SHA512

    29860393d2a3a22706a41d286448d0eb10b7d70990f848b1bdbb6f359871dcb4503c4acf3363b8b5addf10ea0289a076085a81669e6ce97801214fd085001ec0

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    da1c5afa3314628aa42a4627d2aa69a7

    SHA1

    6c2f513b84e474e1d933523f06c2c230a868aae2

    SHA256

    63733463b47414a1ee634e2e3c2423b38ea05ef74c406fd55014e6a68ff00180

    SHA512

    17ffa9ecc5f45f01e8e24fb649d776a0d996c95e5f9cab99b9ab9a8e7e903858fa711ea44818aa81ba8a6eb6545364c3f3a2a4213d67495bdff9488007018b54

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    01bc20ede1524c45707f3bffde573e72

    SHA1

    37c9573f9244a771b7930cc74d0605dedd55ca47

    SHA256

    b2396ccb359f3142a055df35972b72434e18ae0aa5612ef2b74ea5408441e348

    SHA512

    ebb9604b6fb27fc81e1e23c0902fe0dc5c1c93488cf837fc78f2a966c1ca21fdef1782e2e3267aaf9dd311e546f6ffb5377b78f9a4ba5afe2ef4e787ca8b8a0f

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    e05d71eeed7b8db2036708a1951dffe8

    SHA1

    554ba1b8e791348d61c37cdb61a2be9e8d1340b4

    SHA256

    b938777d09c8dd98b1a2ecec29265bb1eed5bb4f1ba2027601e5f754ee7d7f6b

    SHA512

    d90dfd86c60a4cd2e0fcacb2defc70f1da7e48c1150be1f851d3e52003f090d5a264f152c026d38728edb97d9a7888e52e65f0fab92c98c581d2ce5db60cc5a1

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    634efcbdd2d6cc44d7739c24b9a7b4c3

    SHA1

    dd2b5fcfdfa057d65fd90fc3d3c5eddf30bd493c

    SHA256

    bf771f430efc5eea14d7e436e861d4b292b5d94f4506349cfbb67348c7ff031d

    SHA512

    bbc0ba54cb4de18feba5a854a38775de48461ac24857ab0528c8e9cdf0f88c9456dd9a7f52239a84bfda319c37a5d69e4d18a6aeb9dc0e7a20cbab18b123436f

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    b2e07e5fe95e31aef02a901366f92507

    SHA1

    86cdb35dc8fd902f1aca49d8b2109f19602feadc

    SHA256

    4ce664a6642a2aefbc4178c10638748eb857003cf9a18a5456fadd269f34979f

    SHA512

    4c1ff5087f5f8a5e408c4eb2ceabb7556b0b698b55ff26a9ae5b9a90ade1d4175c0a8d52dec27ccd50c43411e6cd98edf0e2fe8d6eddb2aeda8dda4d4032c174

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    c40e9cd8541cc67b9566e02dcf370af1

    SHA1

    91474f613c918e661598f8cb901a5e1a3ee1fba9

    SHA256

    488d158bc51b804f03fc234e7e6edb4954657a3ebe8390e123d47144b1617fc9

    SHA512

    a6199b01eee060853f543145ed117de69df550e69668c21b8fbb0b9df4b232963e499dea07725fbca70f63717b5c2fcbee9a9beccfa89518cf0884a2f51f7e39

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    fbc61849d6b9a178cd3156491e6d15ea

    SHA1

    627974e4a74bd14343312585492637f00f81d648

    SHA256

    f4e23ecf8c8ffbcb6fab9c8d678a88dddb7e1552058d99266e03504238a4bce2

    SHA512

    b2d9aa3e7dc1366baf7917e752fb2e68b596aad144ebf2396e73c96e46729407fe71bb2b36cdce3812ca7f1ca37d40275a0ba0add3b012860e186869b37247ee

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    8925d2355279dd6c4e6a51f6a0fe4e47

    SHA1

    dfdc0f7a76e5a8bbf82534bd4638640104af9950

    SHA256

    7dfdd261ef2f77dceeceed500444b2722eb7e5e1f75503938dbd7afff428ca9c

    SHA512

    f82f24d72a0b321e91f31868ba81e94f7f3678c400a6ce106881a636ac286dca87f82b9cec664efcac2b16ce70f55fbb9f73cfaf71b05208174215fc7c76378f

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    be58d6f78e5a302cd373b8694bd4c68e

    SHA1

    94820988a25726fc0ecfb0f54ef84be68d8dbe7c

    SHA256

    ee86fca9390a51487a49b2b24ca9151e54306b556ad1c534537653d6bb0f896a

    SHA512

    df4d38f968eeedd0933e8424aa07e00a74dd5967f01280275e948815290c3e9e510189cbb85a85efe7f27a5c51007251052f7db0a1b38484b0b538cf288bfc1f

    Download Submit

  • /data/user/0/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    b8e2c12985b78856a51971ad2e2cd66e

    SHA1

    086edf1b42f554a87a7648ace69aec6e1de5a504

    SHA256

    caa5eefa1dacbc2ad62823e5c9b65565c5bc9388adaabbc04e29ed10a3d43909

    SHA512

    dca94455775d25971bd629b7b06a0255f076de634c50e115357e47a90f00b8020f7967036b381673ac59e08bc69f43f54b853226e1096d8e2a320fda568c55ad

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    3bfd2829976c411144782292b538cf9f

    SHA1

    1b2b133c99ecd92253d0c2053599d15e593c16e3

    SHA256

    2db8d44ebeb565d6fbf6a65152f78250e8b8c6839349e5c41e0743c3637a8afe

    SHA512

    115f9a5044432e7bc3d4dc667f53264542f90f1a3a6820ce08b74ae58a1b7cede7ed9c352f46a87bbcbbaef14038a6e0c94c154867fdcf4e2c8cd437d56fdf6e

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    e751630f3a1c0c20fda1444c052d2c2e

    SHA1

    23a61aee8e03829c33074c5263a728025e016177

    SHA256

    111645383984ec29f8f397a31bc58e21d4e38b8002f45c9b7c6d8dfbc7aba763

    SHA512

    64ff21248b86fbef0f07c27cbf6d39c593c0fc21996d75a03f355c8fabff9e2e8e09c7fac37534b2ec3356db91a8e35df79e656128315b3cb90e20718079bee3

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    5b3969d94118c2e279f1b72797534281

    SHA1

    b6ebee68979fec403ac6cd0f98a0352b54a56b7d

    SHA256

    6cafe1c85875aa3d2e3869243337996f9e37077278bb2bb3c2da31ed72d0d23c

    SHA512

    3d6179ea87affa41ab32d91f65898f26a4346fee6e5c466b0d31f8a58119da6179421f1f8981111344b54d7417ca1db211bb2a7aa3da3e3a8e6e138045d1dc45

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    c16c851dd4aa870e3c68bc9e0c51192a

    SHA1

    4f01b8e071303963d51993592cc18a128fa7f1dc

    SHA256

    7fa64ef254608f74ad5e27526db0c1bb480c6204b1b939ead5013426f999a0af

    SHA512

    14e2b1ed3c14b33b68a5c94e1d644d59121e7df89040421ee87e3559ea33f08479029712eb7ee6fc33056e4fdd19286b2ecb34d80e1c087103f78a325d8ce12a

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    c382c545707c88354f9d0fa74e0b27eb

    SHA1

    3c4ce49cdb57e0b21b526b8ad1a8c379eb4b3b1b

    SHA256

    0050c967fe350d234f7bb1e0661d3a99c9da2f7e9bd94472a69fbb51b7739731

    SHA512

    ebce3419c43adb2480fcf79863894bb6453aef50db32a907d67d2299435befdb50b8b120f30dd53e6174ec7453fb08bf92e3ed5abd4a653e934655e454172636

    Download Submit

  • /data/user/0/com.tencent.mm/files/Tree.txt
    Filesize

    477B

    MD5

    a6c5a0ee4c027fcb6798d1ab574108a3

    SHA1

    6054a71fe39fe6d53881974bf24b3ab495a06d7e

    SHA256

    7285a07f901f7fc3dd0bbaa82e32bf3dc9eb9e2df9c4ba52834973ea7ca141b5

    SHA512

    aca0918a9e7386e6a7d4a22bedce465aa168ddd17f8ad4cd36297e581319119c1ec508dde98e371bc0b27d963468b2691a623d227a14956e9b8124ae173ad59f

    Download Submit

  • /data/user/0/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    1KB

    MD5

    8f651130f3346357b918a43d6854600c

    SHA1

    c139fe19d9ab5bf38ca3fef577c5744c94191c6e

    SHA256

    8114a51cc598075b98e01dc479b4e8ba0335663ef9761bf14b2aa0f7f463a16e

    SHA512

    2b203d22e7811ecb82f2f1bee6c121dbe2a5e86f307765efce7a943fa2f53d9a795153e31db7eea39e536717a5dc67b07a2e38dc299025057eeb8cc26aa2e743

    Download Submit

  • /data/user/0/com.tencent.mm/files/pkinfo.txt
    Filesize

    11KB

    MD5

    6c67d94a917ade34763ebcf52fb291a2

    SHA1

    bbaa4ca101fad9f7723aac9ac264ac93ea8debcf

    SHA256

    bc11e58a0aecd911956f5b73acbd16c0bb5b2936cf0507b15c21cdb4d6107fb3

    SHA512

    aa89ff8308b53a0fd19fd19fab5a5664def071d112d2469f38ff7293a65566a670aa06f4a6c9d92e8eb34aaa8ed523fab2b38a6acfee102b7e2051540630588a

    Download Submit