Resubmissions

31-10-2022 16:21

221031-ttnrkaccdp 10

31-08-2022 14:05

220831-rdtlrsfcej 10

General

  • Target

    divar.apk

  • Size

    2.3MB

  • MD5

    9082147d32ce71e3da1469bd9a0cdff9

  • SHA1

    2db449cb6fc44b39f0e38d628c5fe72a056f35fd

  • SHA256

    cd3720fcdfb015b745e1a560ce5f4ed198d5a8afe79c0cf7bdecb7c47e33455e

  • SHA512

    26e536bbfc943e4a71e3dc4201fdd19a54274974171e46902d4d55261267dc2b767bf5da0966e1988488a3d092ce558dd85ebb93adb9d70359eb1df59ad7c25a

  • SSDEEP

    49152:A/Yyeit+zalch6z5Oz2vpqLwR6L2zsq7IlVCxd0qAnibUO74kg:OYyeit+za+2chLU6L19lw0qDUO+

Score
10/10

Malware Config

Extracted

Family

irata

C2

https://3points.click

Signatures

  • Irata family
  • Irata payload 1 IoCs
  • Requests dangerous framework permissions 4 IoCs

Files

  • divar.apk
    .apk android

    com.psiphon3

    .main


Android Permissions

divar.apk

Permissions

android.permission.INTERNET

android.permission.READ_SMS

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.WAKE_LOCK

android.permission.ACCESS_NETWORK_STATE

com.google.android.c2dm.permission.RECEIVE

com.psiphon3.permission.C2D_MESSAGE

android.permission.SEND_SMS

android.permission.ACCESS_WIFI_STATE

android.permission.RECEIVE_SMS

android.permission.READ_CONTACTS