androrat

General

Target

b16f8965b58b33c6ee5a069adfe648a800f1045d2249e8e7a9c8fbbf9d954233.bin
Size

4.1MB
Sample

250322-14aq1s1xgx
MD5

9522d56a17c8fab5d669221308327d5b
SHA1

c9517f22905464ed3bd4e39bd18ef309c14014bc
SHA256

b16f8965b58b33c6ee5a069adfe648a800f1045d2249e8e7a9c8fbbf9d954233
SHA512

45ec1b871a4fd9b1b3918d2e716be4097611b2df881fa509086366c44f84bc1cc917ce3704872bca40eba9d0026018c6b4d602f3e21db8c7eddec3107b592f45
SSDEEP

98304:93OGY3+W1qSuowYXP0uVaorfIkaTwEAJo9EK09H:iqStTG+y9EKaH

Score

10^/10

Malware Config

Extracted

Family

androrat

C2

3.6.98.232:18443

Targets

- Target
  
  b16f8965b58b33c6ee5a069adfe648a800f1045d2249e8e7a9c8fbbf9d954233.bin
- Size
  
  4.1MB
- MD5
  
  9522d56a17c8fab5d669221308327d5b
- SHA1
  
  c9517f22905464ed3bd4e39bd18ef309c14014bc
- SHA256
  
  b16f8965b58b33c6ee5a069adfe648a800f1045d2249e8e7a9c8fbbf9d954233
- SHA512
  
  45ec1b871a4fd9b1b3918d2e716be4097611b2df881fa509086366c44f84bc1cc917ce3704872bca40eba9d0026018c6b4d602f3e21db8c7eddec3107b592f45
- SSDEEP
  
  98304:93OGY3+W1qSuowYXP0uVaorfIkaTwEAJo9EK09H:iqStTG+y9EKaH
Score

10^/10

androrat evasion execution impact infostealer persistence rat stealth trojan banker collection credential_access defense_evasion discovery
- AndroRAT
  AndroRAT is an open source Android remote administration tool.
  trojan infostealer rat androrat
- Androrat family
  androrat
- Removes its main activity from the application launcher
  stealth trojan evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Reads the contacts stored on the device.
  collection
- Reads the content of the calendar entry data.
  collection
- Reads the content of the call log.
  collection
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery defense_evasion
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2