Overview

overview

10

Static

static

6

b16f8965b5...33.apk

android-9-x86

10

b16f8965b5...33.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    22/03/2025, 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b16f8965b58b33c6ee5a069adfe648a800f1045d2249e8e7a9c8fbbf9d954233.apk

  • Size

    4.1MB

  • MD5

    9522d56a17c8fab5d669221308327d5b

  • SHA1

    c9517f22905464ed3bd4e39bd18ef309c14014bc

  • SHA256

    b16f8965b58b33c6ee5a069adfe648a800f1045d2249e8e7a9c8fbbf9d954233

  • SHA512

    45ec1b871a4fd9b1b3918d2e716be4097611b2df881fa509086366c44f84bc1cc917ce3704872bca40eba9d0026018c6b4d602f3e21db8c7eddec3107b592f45

  • SSDEEP

    98304:93OGY3+W1qSuowYXP0uVaorfIkaTwEAJo9EK09H:iqStTG+y9EKaH

Score
10/10
androratbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

androrat

C2

3.6.98.232:18443

Signatures

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4814

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

Suppress Application Icon

1
T1628.001

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    5.9MB

    MD5

    ef547647de0746381d4e15503745cf6b

    SHA1

    41110bb6cd4d20d1d2e28f9a3876f3b05d0cb91c

    SHA256

    cba51bc821ca334c7fe20892dfb53c164e02e0913bbdc9693ba3ac3f9351d5b9

    SHA512

    adb9415ec0effe6b19ea37581ebd8e5bdecbbda3524566fca88d51e8b4fc65815d280b546bacf699d94f968b8e31f358c09223df0c099caee59f79fc3d035813

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname
    Filesize

    32KB

    MD5

    1854505a3f6d683ed7eb81612934370c

    SHA1

    4f710add9a652d2fb92b7ce45589e27bf03f0b2a

    SHA256

    8100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4

    SHA512

    104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    229435a185c29c0f749407612e475d75

    SHA1

    be2a0a28cae7ba2825586c9f351eb221f1257f28

    SHA256

    209233c2153e237f2f8a9f9ab5d44d58816f3ba6fe7b659599882823ca18a885

    SHA512

    d6ea6ff039bed044574014fc7c9168f76059b1927787505c7a2fad30be6198d0cf9e9de60b57fdf533ec982e37b83af8df5e81de506c97050c9de47a869a0ba1

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    a859b167e8c279c86719ca24ec234ad6

    SHA1

    8e915976d23d3ee8d0395bef259f30c8b41b5ba4

    SHA256

    ed5a5e5619c291467535c72e4096ce21d2d66d85e47967d743d6d98b01c7a555

    SHA512

    ca060f3899d7fecf7ccb6c0afc4ada4c45c7bf7de31f0a8566ce48a302675144c3a314e44d33bc16082920d2c405a6a7ae2a72cda94b38fd446d76691ab126a2

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    003c808983d905bb628fadeb89c6b11a

    SHA1

    ae9cf4a668566f4502792e79fee2985b40398f3e

    SHA256

    e75c0c3bc03f31883ab02a0b831804ac9efa8e83fe24624d38e02b4e111c2cd4

    SHA512

    c1d27911fa27635e511d238c7f9dbc01951d729161ff371e5317232cf3617445fb26c5cc346cf9ddcdfba278a33d6869c56f66a93c0bd09a12e038df8b0eb128

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    554f346f368c7140c5dc9269f1d9c465

    SHA1

    cf15b0dc4b10bc7ea122e9568bf00002a242faae

    SHA256

    4f4124998c285a09a4aeb63109cd897f16d5aa19df32b0c11d04fb93aeccf1bb

    SHA512

    cd2a4c8843784484bf070ada328a08c64f1b00c1400270ab1917bc3652155597b1c480bb8352b0ac5e2167102afa65a9d380c1c249097a48feeeffb2229dbf23

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    f742f6411b82704d9536974571c278a4

    SHA1

    6ad94d593b967b1f25b523cc60076fa563a7814a

    SHA256

    201ddf04cc5979692e889399ff8fc86d7c0e5fa303e36179fa713e66f3688ab5

    SHA512

    f5ec8cef50593911d5e01c0712c1cfc94bf44242512a5db112d041c4caa1a38fcaedb2f4dc3949ce81917e908957ae189d1d61917dedf3d737c9377ccd5e7857

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    58c0b6e45328752b20ac6e719ac034f8

    SHA1

    372b2638afd00bbbc4034657b3df3d2e428fb367

    SHA256

    9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a

    SHA512

    2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    8808541d643588c6c6d9c502ce2c47f4

    SHA1

    42d2195b43a0bb94ffa3cafcbcf50bae971a0a6b

    SHA256

    5f138ef833c1ac1efe2cbe8d2609d1063621a70bb520a008dc091cb53b0b8afe

    SHA512

    da693f44cbe86c8fec2832bc1781a48c9928bfa175f6420504de4542677ff8d760cf4f957fb226e15628c8be0a38bb0dcbb6ffaebf3774b08a7b0b85a79aa799

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    8f350fe0b554a242e5a25a9373bab35b

    SHA1

    a20d197242e008d459d7f01e17fd9e8f43dd5094

    SHA256

    a897c32995e4da45cd617f3a2ccb050a64207e83101a27e087ecaaa9105a69aa

    SHA512

    8c7777e643f3093b1a7ff509ee7dfa0980320d15c25464ffbcb87c1d2862218f4d318e234cd81ef239ecd60c57be0e0083aef5611e4fe9bda40fa36dbee6e778

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    8532735b52996aa1cd2138f7d5e18ba9

    SHA1

    750bc5f2f3e30b10fd72b9b0b5535c4a83338862

    SHA256

    e60e38928cec30bbe737a631fd79ebe00e9f379c5c5064acc7447a82b44bfaa0

    SHA512

    6ba35747cc14e38e2b940b3486cea0dc74fb3ecf6d6cbaa7b6044366684335a7b59fb30c0262340376ea88da0855a16941296a491f968ac55f4d1bf3aa439b54

    Download Submit

  • /data/user/0/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    58c620de6ea20d151ff15db34dfdaa60

    SHA1

    9461ae4e1fe5b15812d258c25e3846a7e0cd572e

    SHA256

    d637774011c8d46458458ec53a3e3774348fec2de5a5de4e55221802fac27ef3

    SHA512

    b672f44f01616a0f0981f7caab6e9e82926c854c01648d79039ae4f27c15a8c8f3dad13546095746c87f031631d014df2d2c3352a312f7f9a8d76023657c96bc

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    7bc3cf76536beae74721a05a8ca10bb2

    SHA1

    718a1b8994f9f1ffa0493db6dfd978b8605a7bb3

    SHA256

    3b519d68d325b2678860741efcf1da8230a7ee5e498f605ec849c809f4b4312b

    SHA512

    ff319476f1685958d72ca87d9107a3fb979e8cae7a7529eafd075ed8b36853d4cef5c357d58b529a950b97f5b89ff43a55f798a763fe7e6c700ea485c112a8f3

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    d13b41c2d4ccb2936e43f765c7515ddb

    SHA1

    3a056479d9575edf75c8c5f2bf4329b0ba77080e

    SHA256

    39fe14902183e61564a799dae3b2dd71cef796fe1fb61fc97ad49dca33cc0674

    SHA512

    69c476cd01486f6730a51109dc8c8ab14ab12f4c6c100bdbcdc3e2834e6f5613b5d8449aa215e46ad5451fb2b6a15d02f884c37aaea19ebafca9e84acba2fb54

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    43744a45c70681002faac1225fc40061

    SHA1

    bb7b822dd5ef2f4df3a62392d465ee3a3a42d104

    SHA256

    9b9aa6707c4ad98bfd0b58cdbb0e155db7caecc78377a419f3786074eda1557a

    SHA512

    f8b21e832f5831cbde5a92276a66c5f4e14493ff40de47ec4bc2644b1bb19d1378213801be62516a39dc2319f992a8a9d9876cbc53230553c7d47871f7edadf9

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    808306855275b4eee865fd7c428e4c1a

    SHA1

    ff52b7f6924391b537e9ab3022410f7b3ba472b1

    SHA256

    043595ce68da4754503d396ec77256259914365efd0653344811e35eb07162be

    SHA512

    27f2e53ed1f4644d89849013632db23421b8939fe5c19f57ae3aacf7d1d7e008b4032915e2b0c57f27b4b10b4ab451bd2218b9c1da48d2e7122a0f821177436c

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    60d9a0d5592ee89124dda3a8cd9dfb05

    SHA1

    92a382d7dfb505599374d814d76eb6134195d8ec

    SHA256

    83ed360f176da07c21f21169c2f878defc2dd929dbf481291e10ff18d4d65ac2

    SHA512

    f6e38afacaf8eb2180cc0dd0c58a939cd287b5732df80d3c8119618ac50e68f530d6f8ed0dbad566841f358a21581f4d92102a571e672ccb3fc104eea4341f42

    Download Submit

  • /data/user/0/com.tencent.mm/files/Tree.txt
    Filesize

    477B

    MD5

    f70e8e37a070c6a80c1aed531efb0e29

    SHA1

    57723027648cd1ffc062a7b7c226967b74e869bf

    SHA256

    638ebce314d19012e64db1af00127c93d0e02fe36e81f2806d5d49f6978062ab

    SHA512

    dd9a85b915f258e2d7b49c3ecdab43ef4de53c4b50047e5564c46e4b89fe8b4aaad90f5beab4b8fee1b9b3b017ce12200eb745d05a4ae3ccefef443d6d7b0cdb

    Download Submit

  • /data/user/0/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    854B

    MD5

    162b9d7eaba3e5875fb4df89542727f6

    SHA1

    47b3c4cbd21c63639505d5e37d9b9bbaeb62fca9

    SHA256

    4c881b7bc6435ddb6327b896aa7709bd51dca64d73a3e8544b9a05c2be8f800d

    SHA512

    04de99a9c3610b7058be164fb41093412f0617dd2277ecc880ee8b7a1f150ebecaf64bb0cc310179ce92ce9618ec69be4afe9c559c4dcb455f324fbf569751c5

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    853B

    MD5

    c8dba24186edab7d24a002e1700ef097

    SHA1

    d0b4d58a42caa9a02a157959d35acafda3167dc6

    SHA256

    e8e06e3db5993a543db0c986c7157608cd3820b8e1bb6250a3103c45ff845479

    SHA512

    21daa72b456532bdd08d0a73ff73df98bd9c85176dc9989e8e521ce48090bfe691cc3e2361c833da5865a57509c1c4b11f53f81911632a9a609332d5736efbdc

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    854B

    MD5

    95bc10b184df2232422201984ef1950e

    SHA1

    0194e12173fd1bf58a6838710a9f08fadb4c15e7

    SHA256

    3a42f3eca996fed4b1a14f8b2622aa531b3e2ecc7908211292d7b6d68dca4fd3

    SHA512

    b90813d786d6c47ee8726983c7cd08e9126a8f58aa41d51dd1d92a12228dfef57701e8542d25b158b755b3ebb3d7eb6268544b568488d3372c51743a0c4d2ffe

    Download Submit

  • /data/user/0/com.tencent.mm/files/pkinfo.txt
    Filesize

    10KB

    MD5

    344c40353d45d009b47272dfdac931a2

    SHA1

    44898c7bb8c5a7d12762562662dbbcb6c9180a00

    SHA256

    07bccca648467fff1bd92361bc2fdf21290d3f43f5d9c36fb0f9ee2d64569f7f

    SHA512

    809f0c501f809bdcda6635f242478aba23accef84e1c6ed085420616ec9cd6a8bdb85e0316e48f3d76ad3c8223db168b8d26d3c56bd29fc1ab7c3314963a9f75

    Download Submit

  • /data/user/0/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫
    Filesize

    3.0MB

    MD5

    50491d982e205d11b981a673ef55431b

    SHA1

    8016af28f95ec16ac7eed285fad187bc7b70ca86

    SHA256

    cdc1ac840f30a0a4818d1b2b1ac8c219dc86a5b51bcc658bf1f568168acc07be

    SHA512

    284e489e4a7e89c59a91a5b2150811727f8395c622a05e959b9f211a5c2228f3adecbf6071a9c77b2fd50fa536cf5cc8ad91177d19da097429804c80186bb61f

    Download Submit

  • /data/user/0/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫.
    Filesize

    8B

    MD5

    7fc865347360c0f8592c7e5add8de6d8

    SHA1

    89feff94d92f5073fea4cb84fc99b1890835a200

    SHA256

    59684c1d431bfa8e4f894244f026dc9025e72ab459d4ec3d374adcf334af0faa

    SHA512

    b9cf3869a29c0cfaff57d3adc6aa89b3f3789b29f6ba759b924680ad5312c9187194e1c0fda02ad3a3afd653b3643ef8ab2ad12e7a2292a010da772bc61c07c9

    Download Submit