Крысиный король: как Android-троян CraxsRAT ворует данные пользователей | Блог F.A.C.C.T.
Tags
cmtmf-attack-pattern: Command And Scripting Interpreter Data Manipulation Event Triggered Execution Location Tracking Masquerading Suppress Application Icon Uninstall Malicious Application
maec-delivery-vectors: Watering Hole
attack-pattern: Data Device Administrator Permissions - T1401 Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Access Notifications - T1517 Stored Application Data - T1409 Account Access Removal - T1640 Account Access Removal - T1531 Broadcast Receivers - T1402 Software Discovery - T1418 Archive Collected Data - T1560 Archive Collected Data - T1532 Audio Capture - T1429 Broadcast Receivers - T1624.001 Call Control - T1616 Call Log - T1636.002 Clipboard Data - T1414 Command And Scripting Interpreter - T1623 Contact List - T1636.003 Data Destruction - T1662 Data Destruction - T1485 Data From Local System - T1533 Data Manipulation - T1641 Data Manipulation - T1565 Device Administrator Permissions - T1626.001 Device Lockout - T1629.002 Device Lockout - T1446 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Download New Code At Runtime - T1407 Event Triggered Execution - T1624 Event Triggered Execution - T1546 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 Exploitation Of Remote Services - T1428 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Generate Traffic From Victim - T1643 Gui Input Capture - T1056.002 Gui Input Capture - T1417.002 Hide Artifacts - T1628 Hide Artifacts - T1564 Impair Defenses - T1562 Impair Defenses - T1629 Indicator Removal On Host - T1630 Ingress Tool Transfer - T1544 Input Capture - T1417 Input Injection - T1516 Internet Connection Discovery - T1016.001 Internet Connection Discovery - T1422.001 Keylogging - T1056.001 Keylogging - T1417.001 System Network Configuration Discovery - T1422 Location Tracking - T1430 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Process Discovery - T1424 System Information Discovery - T1426 Non-Standard Port - T1509 Non-Standard Port - T1571 Phishing - T1660 Phishing - T1566 Prevent Application Removal - T1629.001 Protected User Data - T1636 Screen Capture - T1513 Sms Control - T1582 Sms Messages - T1636.004 Software Discovery - T1518 Suppress Application Icon - T1628.001 Suppress Application Icon - T1508 System Checks - T1633.001 System Checks - T1497.001 Wi-Fi Discovery - T1016.002 Unix Shell - T1059.004 Wi-Fi Discovery - T1422.002 Transmitted Data Manipulation - T1493 Virtualization/Sandbox Evasion - T1497 Video Capture - T1512 Transmitted Data Manipulation - T1565.002 Uninstall Malicious Application - T1576 User Evasion - T1618 Unix Shell - T1623.001 User Evasion - T1628.002 Uninstall Malicious Application - T1630.001 Virtualization/Sandbox Evasion - T1633 Transmitted Data Manipulation - T1641.001 Audio Capture - T1123 Clipboard Data - T1115 Command-Line Interface - T1059 Data From Local System - T1005 Exfiltration Over Alternative Protocol - T1048 Exploitation Of Remote Services - T1210 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Remote File Copy - T1105 Input Capture - T1056 Masquerading - T1036 Process Discovery - T1057 Screen Capture - T1113 System Information Discovery - T1082 System Network Configuration Discovery - T1016 Video Capture - T1125 Data Destruction Exploitation Of Remote Services Indicator Removal On Host Masquerading Screen Capture
Common Information
Type Value
UUID 1b8d450c-7a31-477c-b1e3-a67e1118b480
Fingerprint 74d5e4f712143532
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 30, 2024, 9:24 a.m.
Added to db Nov. 4, 2024, 2:34 p.m.
Last updated Dec. 10, 2024, 4:24 p.m.
Headline Крысиный король: как Android-троян CraxsRAT ворует данные пользователей
Title Крысиный король: как Android-троян CraxsRAT ворует данные пользователей | Блог F.A.C.C.T.
Detected Hints/Tags/Attributes 120/3/154
Source URLs
Attributes
Details Type #Events CTI Value
Details Domain 60
com.google.android
Details File 3
info.json
Details md5 1
E868A915C11DB0C944D322EFA8E5C620
Details md5 1
BB19C6BEB399536B991C05E079B60914
Details sha1 1
8c15733647c3539aab425749d611073c859a3508
Details sha1 1
13a5060f9c55213b32cd15b9662c32ab8c229699
Details sha1 1
1839a984fb36c22a3246e30d0855d9774640b933
Details sha1 1
099963c88422242b5a89b6bf3ee45b2930e61f7a
Details sha1 1
8a081310a842146ee8acf2d50258e27aa1c22628
Details sha1 1
0666c0f295ad41905767d0b9cb732b9003239a28
Details sha1 1
a319aa8ce827baee03baccd0b055211828dbba78
Details sha1 1
ba538977ab9c62f316a0ba444258d052d1fd7215
Details sha1 1
5d910fbf47c69a797993d89e856c778bf5e8ce7d
Details sha1 1
6c94e7c6b6b8a960d3eebe13c8c0e0bd6b4cdb87
Details sha1 1
fff59bef063a39a67492fe2015d3137114519062
Details sha1 1
deb93ecc501901cdedd78711065786f39498f88a
Details sha1 1
3a2acbbfc23a3872d613ddbb80d689153332e1cb
Details sha1 1
97b624f61d7dda9842c16feed1a71a2050da4c0c
Details sha1 1
a6c9d99e0a52f97042dc49bba843690982a9335d
Details sha1 1
6cca1ed74c48a836e1160446b33893f30fcc8821
Details sha1 1
031b919210b5330f7e2298612dd30084b8d8e5ca
Details sha1 1
26586b3b3213234cac76a2400012f638fdf4c54c
Details sha1 1
6e9b7be519bd2622b1afa59d408d493f365b041b
Details sha1 1
ab62be4df88a137c2777e51472c820e3fef2b7e0
Details sha1 1
8cd6dd1ab99af1559e2a9d71dc259b078d10e0d8
Details sha1 1
0ac59c2147878032e7d57848647548c4c77e419f
Details sha1 1
218f8e0d10a0144793bcc33bd6c2169fc8e2d5cd
Details sha1 1
4e6510eb3a424178432835b1aca36dc72a385765
Details sha1 1
50c95753061d01016cfd991b2d4fc177e7f40124
Details sha1 1
0357dd8b63bd77faf8f86eb9faa131864137890f
Details sha1 1
45b8ad35e5aab215e1acf75b63073354e516a74d
Details sha1 1
3b01096e00c3605a8b479636a495311dc6c6ed15
Details sha1 1
4d93827232281ad1f7d8de9cc776215924d5a27f
Details sha1 1
75df07aa0561f7e9e5748820ed6cf30dc4cd9ad6
Details sha1 1
f7a965db24d7694f4f87d6beefb8d93e9e04a8b8
Details sha1 1
c6edb07d222f911b97e3c0c33af0cfbb82d6fa7d
Details sha1 1
4a0a452c9a7c5914ee390287b1b03ab7681d3d2b
Details sha1 1
3dbc18dd3ec90d90bb75c7c1ea53546b7582c450
Details sha1 1
9772988dff931bf99174b8059e7aa2f3d2cf218d
Details sha1 1
874727af32909614186da8175296e2ef94b41396
Details sha1 1
37dcf9f477a852454ade1e7b956bf7f2492492a2
Details sha1 1
e67c982db57c967ad4cec11ffb6f36a5dc10612b
Details sha1 1
8dc976ca82de8da361d2149fcd032423da124f69
Details sha1 1
131e0a0d03d8726c32111a0c4a92396e504642b6
Details sha1 1
7400096b3e19f898dfa1282f3ba775fafd0de34e
Details sha1 1
50034ba1f048b8311421455fe532e1dfd46e7cb5
Details sha1 1
06f6d2707fc93309ce0e6585e8ce31ffa4af1fa0
Details sha1 1
8dda6034b40bc704276c47abd130d3019344d07e
Details sha1 1
76843a63eb1a128f4a3e660c78ebcc055e12e634
Details sha1 1
b5dcc34ab5aa036b21b3965f320da0c43155aa45
Details sha1 1
bdafdae5a1c53ed70a2215972efbc2d2aaddffd7
Details sha1 1
f8c6371788bb2472004c414b2c74d75dc2160290
Details sha1 1
aad48b9dd6f1d92202112441fc0c96f9342ac755
Details sha1 1
be067b6f9a7d78f55f2252991016eabcf7a0b5ad
Details sha1 1
39f0cc1b1104063eb14bd228703a2a24b004ee38
Details sha1 1
f0eabe1b3b999266ec2ec67f06915ab41c8ecc16
Details sha1 1
5f29c993f95a4d11e66ac4852c929767e917ec8f
Details sha1 1
e82b708505e3140ce32d8f8fa1268f8b0b3a99c1
Details sha256 1
ec4e56b56cba6b5714148360e1bc7ac132e3b2aefe8dc1f07b508d3956ea7497
Details IPv4 1
5.45.82.246
Details IPv4 1
37.1.202.171
Details IPv4 1
37.1.205.70
Details IPv4 1
37.120.141.134
Details IPv4 1
38.180.122.142
Details IPv4 1
38.180.222.86
Details IPv4 1
38.180.222.135
Details IPv4 1
38.180.222.216
Details IPv4 1
77.220.212.101
Details IPv4 1
77.220.213.117
Details IPv4 1
81.31.197.147
Details IPv4 1
85.209.90.185
Details IPv4 1
88.218.93.42
Details IPv4 1
89.110.66.237
Details IPv4 1
89.110.119.44
Details IPv4 1
91.214.78.19
Details IPv4 1
91.214.78.151
Details IPv4 1
91.214.78.241
Details IPv4 1
91.246.41.110
Details IPv4 1
91.246.41.223
Details IPv4 1
94.103.92.56
Details IPv4 1
94.131.106.239
Details IPv4 1
95.164.7.118
Details IPv4 1
103.106.2.70
Details IPv4 1
103.106.2.82
Details IPv4 1
109.107.157.114
Details IPv4 1
176.57.71.198
Details IPv4 1
176.57.71.241
Details IPv4 1
176.57.71.251
Details IPv4 1
176.124.222.61
Details IPv4 1
176.124.222.106
Details IPv4 1
176.124.222.110
Details IPv4 1
176.124.222.112
Details IPv4 1
176.124.222.185
Details IPv4 1
185.93.6.94
Details IPv4 1
185.112.83.163
Details IPv4 1
185.112.83.175
Details IPv4 1
185.174.136.55
Details IPv4 1
185.174.136.227
Details IPv4 1
185.201.252.140
Details IPv4 1
185.219.82.123
Details IPv4 1
185.224.135.52
Details IPv4 1
185.229.65.25
Details IPv4 1
185.229.66.94
Details IPv4 1
185.229.66.188
Details IPv4 1
185.229.66.191
Details IPv4 1
185.229.66.220
Details IPv4 1
185.231.71.50
Details IPv4 1
185.231.71.51
Details IPv4 1
185.231.71.83
Details IPv4 1
185.231.71.89
Details IPv4 1
185.231.71.98
Details IPv4 1
185.237.165.82
Details IPv4 1
185.244.218.188
Details IPv4 1
185.251.25.101
Details IPv4 1
185.251.25.174
Details IPv4 1
193.3.168.73
Details IPv4 1
193.233.254.24
Details IPv4 1
194.15.46.80
Details IPv4 1
194.113.106.1
Details IPv4 1
194.113.106.178
Details IPv4 1
195.10.205.225
Details IPv4 1
195.200.19.233
Details IPv4 1
212.86.115.73
Details IPv4 1
213.166.68.167
Details MITRE ATT&CK Techniques 19
T1660
Details MITRE ATT&CK Techniques 1
T1623.001
Details MITRE ATT&CK Techniques 16
T1624.001
Details MITRE ATT&CK Techniques 3
T1626.001
Details MITRE ATT&CK Techniques 15
T1407
Details MITRE ATT&CK Techniques 8
T1628.001
Details MITRE ATT&CK Techniques 2
T1628.002
Details MITRE ATT&CK Techniques 9
T1629.001
Details MITRE ATT&CK Techniques 2
T1629.002
Details MITRE ATT&CK Techniques 3
T1629.003
Details MITRE ATT&CK Techniques 6
T1630.001
Details MITRE ATT&CK Techniques 7
T1630.002
Details MITRE ATT&CK Techniques 17
T1516
Details MITRE ATT&CK Techniques 8
T1655.001
Details MITRE ATT&CK Techniques 6
T1633.001
Details MITRE ATT&CK Techniques 14
T1417.001
Details MITRE ATT&CK Techniques 11
T1417.002
Details MITRE ATT&CK Techniques 21
T1430
Details MITRE ATT&CK Techniques 1
T1422.001
Details MITRE ATT&CK Techniques 1
T1422.002
Details MITRE ATT&CK Techniques 2
T1428
Details MITRE ATT&CK Techniques 10
T1532
Details MITRE ATT&CK Techniques 14
T1636.002
Details MITRE ATT&CK Techniques 19
T1636.003
Details MITRE ATT&CK Techniques 19
T1636.004
Details MITRE ATT&CK Techniques 4
T1639.001
Details MITRE ATT&CK Techniques 1
T1662
Details MITRE ATT&CK Techniques 4
T1641
Details MITRE ATT&CK Techniques 3
T1641.001
Details MITRE ATT&CK Techniques 17
T1582