888rat | e5af56ef129ed8a1d89be249b135ec33db32f019399eb05c64c2c0c57d04e1d0

Sharing

Copy URL

Twitter E-mail

General

Target

BastianHein Android malware samples 2025.zip
Size

48.3MB
Sample

250323-w8zhqa1sex
MD5

557d37f86cdba5fff92676ad3c3b2133
SHA1

2efda6dc8d8b3de15ad7f1087d476e283895dd8c
SHA256

e5af56ef129ed8a1d89be249b135ec33db32f019399eb05c64c2c0c57d04e1d0
SHA512

9ffd23884396907b78be2ffeb27efc6978dcbb3c24a378eda7fb9154e7611fb9433d941d0fb23e383282c13d6d650098a66240c855fa4bf47ea40faec52b9933
SSDEEP

1572864:yTL5Khi3E1Sg93/ATBohzYadJczpGvSRAKKwlXJ:yt3E1R93/QBohzYadJczomAKKwf

Score

10^/10

Malware Config

Extracted

Family

spynote

194.67.193.20:6667

154.61.80.208:7771

worldwide-contributor.gl.at.ply.gg:62875

Extracted

Family

spynote

receive-probably.gl.at.ply.gg:53745

Extracted

Family

spynote

192.168.1.19:84.236.77.191:84.236.77.191:84.236.77.191:84.236.77.191:192.168.1.19:192.168.1.19:192.168.1.19:80:7777:80:120:25565:25565:7777:120

mr-committees.gl.at.ply.gg:19695

Extracted

Family

spynote

mr-committees.gl.at.ply.gg:19695

Targets

- Target
  
  BastianHein Android malware samples 2025.zip
- Size
  
  48.3MB
- MD5
  
  557d37f86cdba5fff92676ad3c3b2133
- SHA1
  
  2efda6dc8d8b3de15ad7f1087d476e283895dd8c
- SHA256
  
  e5af56ef129ed8a1d89be249b135ec33db32f019399eb05c64c2c0c57d04e1d0
- SHA512
  
  9ffd23884396907b78be2ffeb27efc6978dcbb3c24a378eda7fb9154e7611fb9433d941d0fb23e383282c13d6d650098a66240c855fa4bf47ea40faec52b9933
- SSDEEP
  
  1572864:yTL5Khi3E1Sg93/ATBohzYadJczpGvSRAKKwlXJ:yt3E1R93/QBohzYadJczomAKKwf
Score

1^/10
behavioral1 behavioral2
- Target
  
  888RAT/QAFLRG.apk
- Size
  
  2.0MB
- MD5
  
  f918a04746221391097df07f678dfe1c
- SHA1
  
  90f3cb9df315c926fb42c7f0353ed664f00abb8c
- SHA256
  
  2e3f5b2d83c3844d534e4ec9481016c2acfa26813b54471a26003c34ef26f11b
- SHA512
  
  514c7c0a5a6709f5c492f5d76e20205643d23b903c078d01f6ceced61907b35f5ed7ae0f55527280fa3695428966298a64c26422111766c431d6f44c88c0a589
- SSDEEP
  
  24576:Z9pTK6uR0fZ7Q1eY8sl5pKBCI7WXkKF8scWVKUOZOUvBZRvL34ShdHplRaV5HKWT:FduR0fMSSKnyUNWjRCBZfHEVBKTTply
Score

1^/10
behavioral3 behavioral4 behavioral5
- Target
  
  Generic/Free apk 1.0.apk
- Size
  
  120KB
- MD5
  
  3d7a4a8e93995709393e31fc121d3627
- SHA1
  
  96ae35c7560abbb1ee297ee1a59661976b1d325d
- SHA256
  
  389508bff4ee6f78b595c72325d0ab8c226c3295cb695cba9302d21e00758adf
- SHA512
  
  017d6608d335397d11a882aab402712755d199614a45616119d8b515a91137d1810ea185abe19879fe96eb70b944bfa3e8b65f209d502f1db89a00c626444f8a
- SSDEEP
  
  3072:S8LLCkJbpYP5wBMAghNZV68C69/bNKGrbbcYR:xqkJb+hhN9CK/bIGLcYR
Score

1^/10
behavioral6 behavioral7 behavioral8
- Target
  
  Generic/gen_signed.apk
- Size
  
  645KB
- MD5
  
  a0c0c61db6f0ee2deae6622d3c1f0b83
- SHA1
  
  bdfcf9627a81f5da0ebff7d3c1e26c2d571f3b60
- SHA256
  
  3b3e121878062950afe656b571977ff071dc99c4d7689d878747f32671d2acb4
- SHA512
  
  3ce1b743762bbce09140589f24046562422b6be8355bd4600e67683881eade8ef642d1be655977aeac0d9974c8713bb5306b0297a842c5043513d7959ebbfad7
- SSDEEP
  
  12288:4/wx1Vqbqs/2lqyw7FEfBJ+IJB4xwC7uSP07Yz4EL4QA17VqxBYWehRXsNEJIG8Q:4/SLqbneAx76fBHyfyScU4EL4QWVqTYd
Score

1^/10
behavioral10 behavioral11 behavioral9
- Target
  
  Generic/الناي ناي (1).apk
- Size
  
  476KB
- MD5
  
  464fb05296c637103501b3ecf0734875
- SHA1
  
  eab687233bba9e0661ca3453b57cd8d99c26686e
- SHA256
  
  67d84cec270ad46119aa7763cb477f9169931187a431495146cdca53cb983ad4
- SHA512
  
  5bc9d158819a28f394931264c15e3fd60af38c14e876db0ccdf6655f2eda1be1ddc60eb01df3f19d653580c0ed27f5221d80a49c35268b1c89699373894641a6
- SSDEEP
  
  12288:Oy7m+7zXzD3dk1HU0s/TwRXtcRD8VQgy0do+23syxhN4aTd:Lmqz/Sfsr4dygyN3syzF
Score

1^/10
behavioral12 behavioral13 behavioral14
- Target
  
  Spynote/City Cleaning-1.apk
- Size
  
  4.4MB
- MD5
  
  16de79c0c19bccd6aa04249df139856e
- SHA1
  
  a880dab99e2615fb6fec3802580147b593ebba7c
- SHA256
  
  12abdde01cf4354a560c35de9f359ce8612dc455d6b11c12ccca1e5f6bf2aa5b
- SHA512
  
  d4f0478c4649e172a770f1c308eb331b539beaacd073164e0cf2e716accb87c0e0794f198cad6f467f39f5f7466fd002a6b07ad295b318830c6b20f4ad988fcf
- SSDEEP
  
  98304:hnvzBtT2mzQO0tOHARMVGoqwSVvcFthE+pjmd4dQh/SZ8:5Bz+OgKV01VkF7E0jmdmo/w8
Score

1^/10
behavioral15 behavioral16 behavioral17
- Target
  
  Spynote/CraxsApp.apk
- Size
  
  4.4MB
- MD5
  
  1ceef708d504863dd7ab59c5132836c4
- SHA1
  
  329a1dfdf52d630c0901e5aa1bb49e9eabab8958
- SHA256
  
  ff48ab2fd9e3b360909d9c9178ae498cd1cd847f399a4d084cb5c05a7e24052c
- SHA512
  
  bce34038c11b37e342035c4e1e5a8309cfc25ac33b58ae20bd45dd18d0b0afe0cf7d57fc4b05bd86540f364780ab4e096cc07c45fe14ea2b6a8850bcc17afc2b
- SSDEEP
  
  98304:4fb7hAQH5wSacfL9i5L37Pz/62mzXzBsT50tIJIP:mbbH6gj45DyBz2Wb
Score

1^/10
behavioral18 behavioral19 behavioral20
- Target
  
  Spynote/Encrypted_Signed.apk
- Size
  
  6.3MB
- MD5
  
  5bd0dedb83063da536843a4c1bac247f
- SHA1
  
  ad20294142fa94a2d4ba122f63b9e73dc2f9579f
- SHA256
  
  f85abcb01e8256cd7ed938cb47fb3f030112eaa1c94399c910086cdd46a1e053
- SHA512
  
  21b8a14e8132776485e6f9984e612fc1c9efa68e0b5e24f958714a61c6db2bf4a6c5b30950e471ce52d3f21730f7c8eb2fc33b14f1004030824989970b80f7d0
- SSDEEP
  
  98304:4L5bckluN2dpIRIgzsiorM6Bo9vfzjmzNzBjNT50txIQ+z:4LJHumcIg4Mk62zDNWzw
Score

1^/10
behavioral21 behavioral22 behavioral23
- Target
  
  Spynote/Launcher.apk
- Size
  
  8.5MB
- MD5
  
  c99c6bf687e3996406d80513a59e3c77
- SHA1
  
  8e1c9f9766dfe8edf80140e739b570bc3c8ed639
- SHA256
  
  295390dd521853011d0641180fb507a94becab696aef161a65eeeca9fbf1018b
- SHA512
  
  006c77945236c8b2de8953b0064282408064a60f5e62edbcb86663031f097cbf995842d5eea0aee3a22c3edc9761b4689b38497364c16b1a78a9540040747c4d
- SSDEEP
  
  98304:2J2j+UZtR4QGqZcis84+3vFmzfzBYTt0t8CC:82j+q4tis84+3vozSi+
Score

1^/10
behavioral24 behavioral25 behavioral26
- Target
  
  Spynote/Pepper_x_pocket.apk
- Size
  
  7.2MB
- MD5
  
  484a8bb3523242f407249ff282a0830c
- SHA1
  
  b85a82e671e6c86abf2c2f3768da2b5f847aff80
- SHA256
  
  b4bd02fc122583995a7375072955bc28f5b43a1900e74d8d7173caa6f67ad73c
- SHA512
  
  141ca0c5bf1d7e6c2d60419c73eaa46ebcb1cff5e42eadf7196b1b474ee990ccc1e1a587be7f4e9c4de629ec765b30f04831ea20f85ce5898b3798ff1c879aa6
- SSDEEP
  
  196608:VRWG8W4/77xiySPtUFfoO725mIT2GV4UrCPDYFZ+pQJJ:vGb7NiySMfoQSVp8DVQ7
Score

1^/10
behavioral27 behavioral28 behavioral29
- Target
  
  childapp.apk
- Size
  
  4.4MB
- MD5
  
  8e22828a63f574113c52c779ee12e6ea
- SHA1
  
  6d034ae5412ab94dce5a7c13b1803bfedc430268
- SHA256
  
  9dfc67ae5ad93b5f224186aa433db28af7ff20b671ce1db5c779183335d69479
- SHA512
  
  a2d4ca8dd112e8b15c499f438494d2df8ae4af8bcb74c2c8038aec37b69c96447767bcdd44116e1da3cbee3fbf45881e3b1aba8db3c9313078e7ace55d339962
- SSDEEP
  
  98304:NfrGwTVxBeIn91DzNvrV5g2ZkiivCE2mz7zBjTl0tA0O5o:NZHBF7PNvppkiF0zl6n5
Score

7^/10

banker collection credential_access defense_evasion discovery execution persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
behavioral30 behavioral31 behavioral32

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Targets

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Acquires the wake lock

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32