androrat | f23b6ed9ddbc3b26491358200a3d6ea9d717f6774cda0d6c32b8844bc0c95d70 | Triage

Resubmissions

06/03/2025, 00:11

250306-ags1zasyft 10

06/03/2025, 00:10

250306-agdlaasyew 10

06/03/2025, 00:08

250306-afbejatms7 10

Sharing

General

Target

notarat.apk
Size

2.2MB
Sample

250306-afbejatms7
MD5

8ad3a911e19a8b27236fb05cc4fbe3b3
SHA1

e9115e343e76575ecded80cf41ddc378c7a53281
SHA256

f23b6ed9ddbc3b26491358200a3d6ea9d717f6774cda0d6c32b8844bc0c95d70
SHA512

c98347e871362cb73d121c61bfec62ec71e1f3d5edb174766464124f2321c783d51aba78c78bdbcd7bc3420cf2ae71762c22ecf29671e8e2722e0bd601b32cc9
SSDEEP

49152:wHt6QeQu32LKycSHpyzTAbyL9XiwC0XPM9FB8gfBGSqdelXcPgvYale:BQXxLKYHAcM9Sb9FB8gflHczaM

Score

10^/10

androrat android evasion stealth trojan

Malware Config

Extracted

Family

androrat

C2

97.150.160.168:1273

Targets

- Target
  
  notarat.apk
- Size
  
  2.2MB
- MD5
  
  8ad3a911e19a8b27236fb05cc4fbe3b3
- SHA1
  
  e9115e343e76575ecded80cf41ddc378c7a53281
- SHA256
  
  f23b6ed9ddbc3b26491358200a3d6ea9d717f6774cda0d6c32b8844bc0c95d70
- SHA512
  
  c98347e871362cb73d121c61bfec62ec71e1f3d5edb174766464124f2321c783d51aba78c78bdbcd7bc3420cf2ae71762c22ecf29671e8e2722e0bd601b32cc9
- SSDEEP
  
  49152:wHt6QeQu32LKycSHpyzTAbyL9XiwC0XPM9FB8gfBGSqdelXcPgvYale:BQXxLKYHAcM9Sb9FB8gflHczaM
Score

8^/10

evasion stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionstealthtrojan