androrat | 6c843108012adb472d33824a32f98be859220b2be80d88ac6948c5e31bdeb957 | Triage

Sharing

General

Target

Headshot_Hack_FF_v4.apk
Size

3.9MB
Sample

250327-hjxqyazrz4
MD5

4e8bc81ffbbd2e3233b396793af97eff
SHA1

106711ad765e769d4e0bd26a8cf8379a6eee18bc
SHA256

6c843108012adb472d33824a32f98be859220b2be80d88ac6948c5e31bdeb957
SHA512

32550092cc32dd8df2df9049a486a7440bba02348c0d69f58e0c5cc5f4749adbb2329dcfed1287557f2a64494d29e43e15a9503ca24893fc028d6eeee8536813
SSDEEP

49152:JPJDwS8qek8037hbCrfKCrf5CrfjCrfShoICrf+CrfczBCrfUCrfyCrfdCrf7VgZ:Fh8030bxbAbmbjbbdbLb/b5bMb+t

Score

10^/10

androrat android discovery execution persistence

Malware Config

Extracted

Family

androrat

C2

147.185.221.17:25603

Targets

- Target
  
  Headshot_Hack_FF_v4.apk
- Size
  
  3.9MB
- MD5
  
  4e8bc81ffbbd2e3233b396793af97eff
- SHA1
  
  106711ad765e769d4e0bd26a8cf8379a6eee18bc
- SHA256
  
  6c843108012adb472d33824a32f98be859220b2be80d88ac6948c5e31bdeb957
- SHA512
  
  32550092cc32dd8df2df9049a486a7440bba02348c0d69f58e0c5cc5f4749adbb2329dcfed1287557f2a64494d29e43e15a9503ca24893fc028d6eeee8536813
- SSDEEP
  
  49152:JPJDwS8qek8037hbCrfKCrf5CrfjCrfShoICrf+CrfczBCrfUCrfyCrfdCrf7VgZ:Fh8030bxbAbmbjbbdbLb/b5bMb+t
Score

7^/10

discovery execution persistence
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Queries information about active data network
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionpersistence