The Rotexy mobile Trojan – banker and ransomware
Tags
| country: | Germany Russia Ukraine |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Model Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Sms Messages - T1636.004 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 0be8a999-01da-410d-b2b2-e73c5471bcce |
| Fingerprint | e7051059c967b794 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 22, 2018, 10 a.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Oct. 1, 2024, 3:43 p.m. |
| Headline | The Rotexy mobile Trojan – banker and ransomware |
| Title | The Rotexy mobile Trojan – banker and ransomware |
| Detected Hints/Tags/Attributes | 73/3/34 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | youla9d6h.tk |
|
| Details | Domain | 1 | prodam8n9.tk |
|
| Details | Domain | 1 | prodamfkz.ml |
|
| Details | Domain | 1 | avitoe0ys.tk |
|
| Details | Domain | 1 | secondby.ru |
|
| Details | Domain | 1 | darkclub.net |
|
| Details | Domain | 1 | holerole.org |
|
| Details | Domain | 1 | googleapis.link |
|
| Details | Domain | 1 | test2016.ru |
|
| Details | Domain | 1 | blackstar.pro |
|
| Details | Domain | 1 | synchronize.pw |
|
| Details | Domain | 1 | lineout.pw |
|
| Details | Domain | 1 | sync-weather.pw |
|
| Details | Domain | 1 | freedns.website |
|
| Details | Domain | 1 | streamout.space |
|
| Details | Domain | 1 | sky-sync.pw |
|
| Details | Domain | 1 | gms-service.info |
|
| Details | File | 1 | avitopay.apk |
|
| Details | File | 4 | data.db |
|
| Details | File | 3 | card.html |
|
| Details | File | 1 | bank.html |
|
| Details | File | 8 | update.html |
|
| Details | File | 1 | extortionist.html |
|
| Details | File | 1 | gms-service.inf |
|
| Details | sha256 | 1 | ba4beb97f5d4ba33162f769f43ec8e7d1ae501acdade792a4a577cd6449e1a84 |
|
| Details | sha256 | 1 | 0ca09d4fde9e00c0987de44ae2ad51a01b3c4c2c11606fe8308a083805760ee7 |
|
| Details | sha256 | 1 | 4378f3680ff070a1316663880f47eba54510beaeb2d897e7bbb8d6b45de63f96 |
|
| Details | sha256 | 1 | 76c9d8226ce558c87c81236a9b95112b83c7b546863e29b88fec4dba5c720c0b |
|
| Details | sha256 | 1 | 7cc2d8d43093c3767c7c73dc2b4daeb96f70a7c455299e0c7824b4210edd6386 |
|
| Details | sha256 | 1 | 9b2fd7189395b2f34781b499f5cae10ec86aa7ab373fbdc2a14ec4597d4799ba |
|
| Details | sha256 | 1 | ac216d502233ca0fe51ac2bb64cfaf553d906dc19b7da4c023fec39b000bc0d7 |
|
| Details | sha256 | 1 | b1ccb5618925c8f0dda8d13efe4a1e1a93d1ceed9e26ec4a388229a28d1f8d5b |
|
| Details | sha256 | 1 | ba9f4d3f4eba3fa7dce726150fe402e37359a7f36c07f3932a92bd711436f88c |
|
| Details | sha256 | 1 | e194268bf682d81fc7dc1e437c53c952ffae55a9d15a1fc020f0219527b7c2ec |