![[ICO]](/icons/blank.gif){kind=icon}
![[PARENTDIR]](/icons/back.gif){kind=icon}
![[ ]](/icons/compressed.gif){kind=icon}
![[ ]](/icons/unknown.gif){kind=icon}
![[DIR]](/icons/folder.gif){kind=icon}
![[TXT]](/icons/text.gif){kind=icon}
| Name | Last modified | Size | Description |
|---|---|---|---|---|
| Parent Directory | - | ||
| RAT01.apk.zip | 2021-02-12 09:29 | 473K | |
| RAT01.biargus | 2020-12-01 18:40 | 288K | |
| RAT01.log | 2020-11-18 00:20 | 13K | |
| RAT01.pcap | 2020-08-07 12:27 | 77M | |
| RAT01_screenshots/ | 2020-10-27 09:02 | - | |
| README.html | 2021-05-07 10:19 | 2.0K | |
| README.md | 2020-11-18 00:25 | 2.0K | |
| zeek/ | 2021-03-09 15:46 | - | |
Details of the execution of the Android Tester v.6.4.6
Author: Kamila Babayeva (kamifai14@gmail.com, @_kamifai_) Student Researcher at the Stratosphere Laboratory. https://www.stratosphereips.org/
RAT downloaded from: https://hackforums.net/showthread.php?tid=6042225
Executed RAT Contoller Environment: - VirtualBox with Windows 7, host is Linux Ubuntu 20.04
Executed Victim Environment: - Nokia Phone with Android 10
Phone Status Before The Infection: Applications: - Gmail, logged in - Facebook, logged in - Instagram, logged in - Whatsapp, logged in - Twitter, logged in - Skype, logged in - Messenger, logged in Data: - One contact - One photo in gallery - One video in gallery
RAT APK (RAT01.apk): - App Name: Android Tester - Service Name: Android Tester - File Name when put in the phone: 8fcc7ce91c1b2b75bf8b1469743e18a5.apk (md5 of apk)
Packet Capture (RAT01.pcap): - Controller IP: 147.32.83.234 - Victim IP: 10.8.0.61 - First Packet of the Infection: 26584 - UTC Time of the Infection: 2020-08-07 09:01:59
The phone was using the EVPN (https://www.civilsphereproject.org/emergency-vpn) to capture its traffic. All captures were done in CEST time (GMT+2). Which means that your tools looking at the pcap files may show a different time depending on your time zone. Since the time of capture inside the pcap file is 000000, then if you are in timezone GMT+1, you will see in your tools the packets with 1hs less of when they were captured. The real capture time is in the log file.
Files with information about this execution: - Log file RAT01.log - very detailed and specific time log of all the actions performed in the client and the server during the experiment, such as taking a picture, etc. - Screenshots folder RAT01_screenshots - a folder with screenshots of the mobile device and controller while performing the actions on the client and server - Packet capture RAT01.pcap - network traffic captured on the victim’s device - APK RAT01.apk- APK generated by the RAT’s builder