888rat | 2a4cf22220b95ad1f802efd1ae8abea56e83dc598d66eb073d75882d20858e39

Resubmissions

16/03/2025, 03:52

250316-efh7latrx5 10

06/10/2023, 08:12

231006-j3vlcshh7x 8

09/09/2021, 12:48

210909-p13rvagbf2 8

Analysis

max time kernel
145s
max time network
150s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
16/03/2025, 03:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

up4net-Xwakurk-1-0-4.apk
Size

15.3MB
MD5

ae866cd8ff9ad51b09bc2799fbdef3d2
SHA1

43f36c86bbd370884e77dfd496fd918a2d9e023d
SHA256

2a4cf22220b95ad1f802efd1ae8abea56e83dc598d66eb073d75882d20858e39
SHA512

3d70132d84524a0fc4f98079471c0ab9c59dadabb14a353b22e678d8b96fe38a6115a3acd6a0ce00e17eb55a26be34b54f74af4eb57ad7ae9caa67036d317fc7
SSDEEP

393216:zV8ZRS/ppA21NdpalnK/VndDjJK29KGOeuAhKXaJ6M71k2zmz48:JWRQpR1RmK/VndDjJQGOjAQXa0Mppzml

Score

10^/10

888rat defense_evasion discovery infostealer persistence rat trojan

Malware Config

Signatures

888RAT
888RAT is an Android remote administration tool.
trojan infostealer rat 888rat
888Rat family
888rat

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.example.dat.a8andoserverx

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.example.dat.a8andoserverx

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.example.dat.a8andoserverx

Requests dangerous framework permissions 10 IoCs

description	ioc
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION

com.example.dat.a8andoserverx
1⤵
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
PID:4498

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/.app.apk

Filesize
13.6MB

MD5
f2fa5102cf3613b7e140f08176c5d556

SHA1
9d78604430531939cbe0c12bead4483aabfbd3bb

SHA256
58532c98beac043ad5b839f47a98befd833505c4727bbf5e584955fc41580912

SHA512
dbea90d660ab60044e3a1ca03ae57154ff8819eb54bdd9c7d2dfbf4ffde4b748d0040839e6501cb528d224155efa820ece27e97796a9be645cc74e38891013b3

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads