ioc[.]one - OSINT Cyber Threat Intelligence Database

Крысиный король: как Android-троян CraxsRAT ворует данные пользователей | Блог F.A.C.C.T.

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Data Manipulation Event Triggered Execution Location Tracking Masquerading Suppress Application Icon Uninstall Malicious Application
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Device Administrator Permissions - T1401 Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Access Notifications - T1517 Stored Application Data - T1409 Account Access Removal - T1640 Account Access Removal - T1531 Broadcast Receivers - T1402 Software Discovery - T1418 Archive Collected Data - T1560 Archive Collected Data - T1532 Audio Capture - T1429 Broadcast Receivers - T1624.001 Call Control - T1616 Call Log - T1636.002 Clipboard Data - T1414 Command And Scripting Interpreter - T1623 Contact List - T1636.003 Data Destruction - T1662 Data Destruction - T1485 Data From Local System - T1533 Data Manipulation - T1641 Data Manipulation - T1565 Device Administrator Permissions - T1626.001 Device Lockout - T1629.002 Device Lockout - T1446 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Download New Code At Runtime - T1407 Event Triggered Execution - T1624 Event Triggered Execution - T1546 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 Exploitation Of Remote Services - T1428 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Generate Traffic From Victim - T1643 Gui Input Capture - T1056.002 Gui Input Capture - T1417.002 Hide Artifacts - T1628 Hide Artifacts - T1564 Impair Defenses - T1562 Impair Defenses - T1629 Indicator Removal On Host - T1630 Ingress Tool Transfer - T1544 Input Capture - T1417 Input Injection - T1516 Internet Connection Discovery - T1016.001 Internet Connection Discovery - T1422.001 Keylogging - T1056.001 Keylogging - T1417.001 System Network Configuration Discovery - T1422 Location Tracking - T1430 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Process Discovery - T1424 System Information Discovery - T1426 Non-Standard Port - T1509 Non-Standard Port - T1571 Phishing - T1660 Phishing - T1566 Prevent Application Removal - T1629.001 Protected User Data - T1636 Screen Capture - T1513 Sms Control - T1582 Sms Messages - T1636.004 Software Discovery - T1518 Suppress Application Icon - T1628.001 Suppress Application Icon - T1508 System Checks - T1633.001 System Checks - T1497.001 Wi-Fi Discovery - T1016.002 Unix Shell - T1059.004 Wi-Fi Discovery - T1422.002 Transmitted Data Manipulation - T1493 Virtualization/Sandbox Evasion - T1497 Video Capture - T1512 Transmitted Data Manipulation - T1565.002 Uninstall Malicious Application - T1576 User Evasion - T1618 Unix Shell - T1623.001 User Evasion - T1628.002 Uninstall Malicious Application - T1630.001 Virtualization/Sandbox Evasion - T1633 Transmitted Data Manipulation - T1641.001 Audio Capture - T1123 Clipboard Data - T1115 Command-Line Interface - T1059 Data From Local System - T1005 Exfiltration Over Alternative Protocol - T1048 Exploitation Of Remote Services - T1210 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Remote File Copy - T1105 Input Capture - T1056 Masquerading - T1036 Process Discovery - T1057 Screen Capture - T1113 System Information Discovery - T1082 System Network Configuration Discovery - T1016 Video Capture - T1125 Data Destruction Exploitation Of Remote Services Indicator Removal On Host Masquerading Screen Capture

Show in Graph

Common Information

Type	Value
UUID	1b8d450c-7a31-477c-b1e3-a67e1118b480
Fingerprint	74d5e4f712143532
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 30, 2024, 9:24 a.m.
Added to db	Nov. 4, 2024, 2:34 p.m.
Last updated	Nov. 12, 2024, 9:53 a.m.
Headline	Крысиный король: как Android-троян CraxsRAT ворует данные пользователей
Title	Крысиный король: как Android-троян CraxsRAT ворует данные пользователей \| Блог F.A.C.C.T.
Detected Hints/Tags/Attributes	120/3/154

Source URLs

	Redirection	Url
Details	Source	https://www.facct.ru/blog/craxsrat/

URL Provider

Details	Provider	Source level domain
Details	facct.ru	www.facct.ru

Attributes

Details	Type	#Events	Value
Details	Domain	57	com.google.android
Details	File	3	info.json
Details	md5	1	E868A915C11DB0C944D322EFA8E5C620
Details	md5	1	BB19C6BEB399536B991C05E079B60914
Details	sha1	1	8c15733647c3539aab425749d611073c859a3508
Details	sha1	1	13a5060f9c55213b32cd15b9662c32ab8c229699
Details	sha1	1	1839a984fb36c22a3246e30d0855d9774640b933
Details	sha1	1	099963c88422242b5a89b6bf3ee45b2930e61f7a
Details	sha1	1	8a081310a842146ee8acf2d50258e27aa1c22628
Details	sha1	1	0666c0f295ad41905767d0b9cb732b9003239a28
Details	sha1	1	a319aa8ce827baee03baccd0b055211828dbba78
Details	sha1	1	ba538977ab9c62f316a0ba444258d052d1fd7215
Details	sha1	1	5d910fbf47c69a797993d89e856c778bf5e8ce7d
Details	sha1	1	6c94e7c6b6b8a960d3eebe13c8c0e0bd6b4cdb87
Details	sha1	1	fff59bef063a39a67492fe2015d3137114519062
Details	sha1	1	deb93ecc501901cdedd78711065786f39498f88a
Details	sha1	1	3a2acbbfc23a3872d613ddbb80d689153332e1cb
Details	sha1	1	97b624f61d7dda9842c16feed1a71a2050da4c0c
Details	sha1	1	a6c9d99e0a52f97042dc49bba843690982a9335d
Details	sha1	1	6cca1ed74c48a836e1160446b33893f30fcc8821
Details	sha1	1	031b919210b5330f7e2298612dd30084b8d8e5ca
Details	sha1	1	26586b3b3213234cac76a2400012f638fdf4c54c
Details	sha1	1	6e9b7be519bd2622b1afa59d408d493f365b041b
Details	sha1	1	ab62be4df88a137c2777e51472c820e3fef2b7e0
Details	sha1	1	8cd6dd1ab99af1559e2a9d71dc259b078d10e0d8
Details	sha1	1	0ac59c2147878032e7d57848647548c4c77e419f
Details	sha1	1	218f8e0d10a0144793bcc33bd6c2169fc8e2d5cd
Details	sha1	1	4e6510eb3a424178432835b1aca36dc72a385765
Details	sha1	1	50c95753061d01016cfd991b2d4fc177e7f40124
Details	sha1	1	0357dd8b63bd77faf8f86eb9faa131864137890f
Details	sha1	1	45b8ad35e5aab215e1acf75b63073354e516a74d
Details	sha1	1	3b01096e00c3605a8b479636a495311dc6c6ed15
Details	sha1	1	4d93827232281ad1f7d8de9cc776215924d5a27f
Details	sha1	1	75df07aa0561f7e9e5748820ed6cf30dc4cd9ad6
Details	sha1	1	f7a965db24d7694f4f87d6beefb8d93e9e04a8b8
Details	sha1	1	c6edb07d222f911b97e3c0c33af0cfbb82d6fa7d
Details	sha1	1	4a0a452c9a7c5914ee390287b1b03ab7681d3d2b
Details	sha1	1	3dbc18dd3ec90d90bb75c7c1ea53546b7582c450
Details	sha1	1	9772988dff931bf99174b8059e7aa2f3d2cf218d
Details	sha1	1	874727af32909614186da8175296e2ef94b41396
Details	sha1	1	37dcf9f477a852454ade1e7b956bf7f2492492a2
Details	sha1	1	e67c982db57c967ad4cec11ffb6f36a5dc10612b
Details	sha1	1	8dc976ca82de8da361d2149fcd032423da124f69
Details	sha1	1	131e0a0d03d8726c32111a0c4a92396e504642b6
Details	sha1	1	7400096b3e19f898dfa1282f3ba775fafd0de34e
Details	sha1	1	50034ba1f048b8311421455fe532e1dfd46e7cb5
Details	sha1	1	06f6d2707fc93309ce0e6585e8ce31ffa4af1fa0
Details	sha1	1	8dda6034b40bc704276c47abd130d3019344d07e
Details	sha1	1	76843a63eb1a128f4a3e660c78ebcc055e12e634
Details	sha1	1	b5dcc34ab5aa036b21b3965f320da0c43155aa45
Details	sha1	1	bdafdae5a1c53ed70a2215972efbc2d2aaddffd7
Details	sha1	1	f8c6371788bb2472004c414b2c74d75dc2160290
Details	sha1	1	aad48b9dd6f1d92202112441fc0c96f9342ac755
Details	sha1	1	be067b6f9a7d78f55f2252991016eabcf7a0b5ad
Details	sha1	1	39f0cc1b1104063eb14bd228703a2a24b004ee38
Details	sha1	1	f0eabe1b3b999266ec2ec67f06915ab41c8ecc16
Details	sha1	1	5f29c993f95a4d11e66ac4852c929767e917ec8f
Details	sha1	1	e82b708505e3140ce32d8f8fa1268f8b0b3a99c1
Details	sha256	1	ec4e56b56cba6b5714148360e1bc7ac132e3b2aefe8dc1f07b508d3956ea7497
Details	IPv4	1	5.45.82.246
Details	IPv4	1	37.1.202.171
Details	IPv4	1	37.1.205.70
Details	IPv4	1	37.120.141.134
Details	IPv4	1	38.180.122.142
Details	IPv4	1	38.180.222.86
Details	IPv4	1	38.180.222.135
Details	IPv4	1	38.180.222.216
Details	IPv4	1	77.220.212.101
Details	IPv4	1	77.220.213.117
Details	IPv4	1	81.31.197.147
Details	IPv4	1	85.209.90.185
Details	IPv4	1	88.218.93.42
Details	IPv4	1	89.110.66.237
Details	IPv4	1	89.110.119.44
Details	IPv4	1	91.214.78.19
Details	IPv4	1	91.214.78.151
Details	IPv4	1	91.214.78.241
Details	IPv4	1	91.246.41.110
Details	IPv4	1	91.246.41.223
Details	IPv4	1	94.103.92.56
Details	IPv4	1	94.131.106.239
Details	IPv4	1	95.164.7.118
Details	IPv4	1	103.106.2.70
Details	IPv4	1	103.106.2.82
Details	IPv4	1	109.107.157.114
Details	IPv4	1	176.57.71.198
Details	IPv4	1	176.57.71.241
Details	IPv4	1	176.57.71.251
Details	IPv4	1	176.124.222.61
Details	IPv4	1	176.124.222.106
Details	IPv4	1	176.124.222.110
Details	IPv4	1	176.124.222.112
Details	IPv4	1	176.124.222.185
Details	IPv4	1	185.93.6.94
Details	IPv4	1	185.112.83.163
Details	IPv4	1	185.112.83.175
Details	IPv4	1	185.174.136.55
Details	IPv4	1	185.174.136.227
Details	IPv4	1	185.201.252.140
Details	IPv4	1	185.219.82.123
Details	IPv4	1	185.224.135.52
Details	IPv4	1	185.229.65.25
Details	IPv4	1	185.229.66.94
Details	IPv4	1	185.229.66.188
Details	IPv4	1	185.229.66.191
Details	IPv4	1	185.229.66.220
Details	IPv4	1	185.231.71.50
Details	IPv4	1	185.231.71.51
Details	IPv4	1	185.231.71.83
Details	IPv4	1	185.231.71.89
Details	IPv4	1	185.231.71.98
Details	IPv4	1	185.237.165.82
Details	IPv4	1	185.244.218.188
Details	IPv4	1	185.251.25.101
Details	IPv4	1	185.251.25.174
Details	IPv4	1	193.3.168.73
Details	IPv4	1	193.233.254.24
Details	IPv4	1	194.15.46.80
Details	IPv4	1	194.113.106.1
Details	IPv4	1	194.113.106.178
Details	IPv4	1	195.10.205.225
Details	IPv4	1	195.200.19.233
Details	IPv4	1	212.86.115.73
Details	IPv4	1	213.166.68.167
Details	MITRE ATT&CK Techniques	17	T1660
Details	MITRE ATT&CK Techniques	1	T1623.001
Details	MITRE ATT&CK Techniques	14	T1624.001
Details	MITRE ATT&CK Techniques	3	T1626.001
Details	MITRE ATT&CK Techniques	15	T1407
Details	MITRE ATT&CK Techniques	8	T1628.001
Details	MITRE ATT&CK Techniques	2	T1628.002
Details	MITRE ATT&CK Techniques	9	T1629.001
Details	MITRE ATT&CK Techniques	2	T1629.002
Details	MITRE ATT&CK Techniques	3	T1629.003
Details	MITRE ATT&CK Techniques	4	T1630.001
Details	MITRE ATT&CK Techniques	7	T1630.002
Details	MITRE ATT&CK Techniques	15	T1516
Details	MITRE ATT&CK Techniques	6	T1655.001
Details	MITRE ATT&CK Techniques	6	T1633.001
Details	MITRE ATT&CK Techniques	12	T1417.001
Details	MITRE ATT&CK Techniques	9	T1417.002
Details	MITRE ATT&CK Techniques	21	T1430
Details	MITRE ATT&CK Techniques	1	T1422.001
Details	MITRE ATT&CK Techniques	1	T1422.002
Details	MITRE ATT&CK Techniques	2	T1428
Details	MITRE ATT&CK Techniques	10	T1532
Details	MITRE ATT&CK Techniques	12	T1636.002
Details	MITRE ATT&CK Techniques	17	T1636.003
Details	MITRE ATT&CK Techniques	17	T1636.004
Details	MITRE ATT&CK Techniques	4	T1639.001
Details	MITRE ATT&CK Techniques	1	T1662
Details	MITRE ATT&CK Techniques	4	T1641
Details	MITRE ATT&CK Techniques	3	T1641.001
Details	MITRE ATT&CK Techniques	15	T1582