Overview

overview

10

Static

static

6

b16f8965b5...33.apk

android-9-x86

10

b16f8965b5...33.apk

android-11-x64

10

Analysis

  • max time kernel
    12s
  • max time network
    144s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    22/03/2025, 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b16f8965b58b33c6ee5a069adfe648a800f1045d2249e8e7a9c8fbbf9d954233.apk

  • Size

    4.1MB

  • MD5

    9522d56a17c8fab5d669221308327d5b

  • SHA1

    c9517f22905464ed3bd4e39bd18ef309c14014bc

  • SHA256

    b16f8965b58b33c6ee5a069adfe648a800f1045d2249e8e7a9c8fbbf9d954233

  • SHA512

    45ec1b871a4fd9b1b3918d2e716be4097611b2df881fa509086366c44f84bc1cc917ce3704872bca40eba9d0026018c6b4d602f3e21db8c7eddec3107b592f45

  • SSDEEP

    98304:93OGY3+W1qSuowYXP0uVaorfIkaTwEAJo9EK09H:iqStTG+y9EKaH

Score
10/10
androratevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

androrat

C2

3.6.98.232:18443

Signatures

  • AndroRAT

    AndroRAT is an open source Android remote administration tool.

    trojaninfostealerratandrorat
  • Androrat family
    androrat
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4379
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/apk.manager-v1.rizal.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4438
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/apk.manager-v1.rizal.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4463

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    5.9MB

    MD5

    ef547647de0746381d4e15503745cf6b

    SHA1

    41110bb6cd4d20d1d2e28f9a3876f3b05d0cb91c

    SHA256

    cba51bc821ca334c7fe20892dfb53c164e02e0913bbdc9693ba3ac3f9351d5b9

    SHA512

    adb9415ec0effe6b19ea37581ebd8e5bdecbbda3524566fca88d51e8b4fc65815d280b546bacf699d94f968b8e31f358c09223df0c099caee59f79fc3d035813

    Download Submit

  • /data/data/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫
    Filesize

    3.0MB

    MD5

    50491d982e205d11b981a673ef55431b

    SHA1

    8016af28f95ec16ac7eed285fad187bc7b70ca86

    SHA256

    cdc1ac840f30a0a4818d1b2b1ac8c219dc86a5b51bcc658bf1f568168acc07be

    SHA512

    284e489e4a7e89c59a91a5b2150811727f8395c622a05e959b9f211a5c2228f3adecbf6071a9c77b2fd50fa536cf5cc8ad91177d19da097429804c80186bb61f

    Download Submit

  • /data/data/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫.
    Filesize

    8B

    MD5

    7fc865347360c0f8592c7e5add8de6d8

    SHA1

    89feff94d92f5073fea4cb84fc99b1890835a200

    SHA256

    59684c1d431bfa8e4f894244f026dc9025e72ab459d4ec3d374adcf334af0faa

    SHA512

    b9cf3869a29c0cfaff57d3adc6aa89b3f3789b29f6ba759b924680ad5312c9187194e1c0fda02ad3a3afd653b3643ef8ab2ad12e7a2292a010da772bc61c07c9

    Download Submit

  • /data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    5.9MB

    MD5

    aba99be8d05d8c52783d5546c29c4b98

    SHA1

    e61bd95c753b75719b8f32b7610ab699c68e29dc

    SHA256

    e7c32813dc813cef4eab17bff1c9ce8d7aee7949489510ea248eabcd76bef450

    SHA512

    6062c81c7594a0c90aba76e4efd0d9b9bed7ca1433f1fb8cf2320c90ddad1bda4b22fd6108648d681f8ce0bc556b4927c859e96a6626e87ece89d44aa34dfcb3

    Download Submit