androrat | 95dd6dbc3bf0984b24fd4a4f83c609ce4a9fc0a75a456f1cf3197d08527b698d | Triage

Sharing

General

Target

injector.apk
Size

2.2MB
Sample

250401-g6dqxaxls4
MD5

5c1ee6114834ce43b857fb4348d635e3
SHA1

824dca40ffc4892f4ab0cc5759418ad531a78de0
SHA256

95dd6dbc3bf0984b24fd4a4f83c609ce4a9fc0a75a456f1cf3197d08527b698d
SHA512

75d42755b28ba1ecc590c88244139ea8a65b73a7ee09052a24e61c53fe822f97c4e4504446c2b604f246b376d545003b8ef952a7333ceb348d5a1f2dc86db56a
SSDEEP

49152:xLIAaISxkhDbyzXNi0XisZcfwyi22EVkCrRd/gvY6Z2:traISChuNigihfwyi22ANdD6s

Score

10^/10

androrat android evasion stealth trojan

Malware Config

Extracted

Family

androrat

C2

192.168.118.130:8080

Targets

- Target
  
  injector.apk
- Size
  
  2.2MB
- MD5
  
  5c1ee6114834ce43b857fb4348d635e3
- SHA1
  
  824dca40ffc4892f4ab0cc5759418ad531a78de0
- SHA256
  
  95dd6dbc3bf0984b24fd4a4f83c609ce4a9fc0a75a456f1cf3197d08527b698d
- SHA512
  
  75d42755b28ba1ecc590c88244139ea8a65b73a7ee09052a24e61c53fe822f97c4e4504446c2b604f246b376d545003b8ef952a7333ceb348d5a1f2dc86db56a
- SSDEEP
  
  49152:xLIAaISxkhDbyzXNi0XisZcfwyi22EVkCrRd/gvY6Z2:traISChuNigihfwyi22ANdD6s
Score

8^/10

evasion stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionstealthtrojan

behavioral2

evasionstealthtrojan

behavioral3

evasionstealthtrojan