sandrorat | 2609dbe83514b307adda1e13f3eadede9d66b89a7b05959a08bb5bfbbac8cb03 | Triage

Sharing

General

Target

2609dbe83514b307adda1e13f3eadede9d66b89a7b05959a08bb5bfbbac8cb03.zip
Size

251KB
Sample

250325-qnxwhazpw9
MD5

f1de40dfe793cc7af67360501d34af8f
SHA1

181ec0ee0242bcc32ff52e034cef4762826cba5b
SHA256

2609dbe83514b307adda1e13f3eadede9d66b89a7b05959a08bb5bfbbac8cb03
SHA512

00c71214f29404493850726f76334d63668f4c042c7794a776580eee268b7de7aa6ca77dd62e6eac7c9d3b5fd056a797216e02ab579f91e9e451d0f23d48db3a
SSDEEP

6144:M1hHRxqLuEhE3DQ47JCNUy9ffFDZkIo7k3DmNWfmvvlM5Ne:IhHvGuqEb78N1forASwMvCe

Score

10^/10

sandrorat android discovery persistence

Malware Config

Extracted

Family

sandrorat

C2

googlesettings.system.net:1122

Targets

- Target
  
  bc850c692e84f67ec59c08e6e893e479b6b1a24a5b4097dfa3c70396c9bb9b40.apk
- Size
  
  254KB
- MD5
  
  241c0118347f7af0a76b6d868526e896
- SHA1
  
  c34f1f3911a04513e69a6ff042fc1fb619459f81
- SHA256
  
  bc850c692e84f67ec59c08e6e893e479b6b1a24a5b4097dfa3c70396c9bb9b40
- SHA512
  
  f5fb725f19ebfa69f04e3dcd311d1d8e7f7b5ca5f1c83a38ff5a8f266ca6620ee7b06dac3b943a1ca1c912e177b88e773bc1f5abb4145447bb9e9042df52a20e
- SSDEEP
  
  6144:oyxr4i5JBuB6SdsQN8zmnDbAYWDz3X7OdcibM/ub881Fn87JGcC:JmyJBuBsID0YWn3X7O+ubpnWJGb
Score

6^/10

discovery persistence
- Acquires the wake lock
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

behavioral3