androrat | b64a46693b6cd3d73deb4015243ca3b9c4ad4b1d222e64815ac598a2611604fb | Triage

Sharing

General

Target

based.apk
Size

2.2MB
Sample

250325-ezptgs1tgv
MD5

45ef961c0d925aa3ca1e7f943ca673cb
SHA1

ce377d305a967ef4d4c474e0723826109d8a6bd4
SHA256

b64a46693b6cd3d73deb4015243ca3b9c4ad4b1d222e64815ac598a2611604fb
SHA512

2b5df5e6f957c218e37dac575d3451c80e887e209aa6e4f7dd8517c214da41cacfb717ad7c1157ccb0873c9792286ac4d90c69959ee2cb7eaff9151213cf63a5
SSDEEP

49152:WQgtYfKUctQ8v2FUFAkHJHCwz2G4ckvbXdvsAS5G5gvY4Rl:pgtbbQ8v2FtwTB4tXRsA9Ol

Score

10^/10

androrat android collection discovery execution persistence

Malware Config

Extracted

Family

androrat

C2

147.185.221.17:25603

Targets

- Target
  
  based.apk
- Size
  
  2.2MB
- MD5
  
  45ef961c0d925aa3ca1e7f943ca673cb
- SHA1
  
  ce377d305a967ef4d4c474e0723826109d8a6bd4
- SHA256
  
  b64a46693b6cd3d73deb4015243ca3b9c4ad4b1d222e64815ac598a2611604fb
- SHA512
  
  2b5df5e6f957c218e37dac575d3451c80e887e209aa6e4f7dd8517c214da41cacfb717ad7c1157ccb0873c9792286ac4d90c69959ee2cb7eaff9151213cf63a5
- SSDEEP
  
  49152:WQgtYfKUctQ8v2FUFAkHJHCwz2G4ckvbXdvsAS5G5gvY4Rl:pgtbbQ8v2FtwTB4tXRsA9Ol
Score

7^/10

collection discovery execution persistence
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Reads the content of SMS inbox messages.
  collection
- Queries information about active data network
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Protected User Data

SMS Messages

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondiscoveryexecutionpersistence