Analysis

  • max time kernel
    1081643s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
  • submitted
    13/10/2023, 02:59

General

  • Target

    c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852.apk

  • Size

    1.8MB

  • MD5

    473bd3af0b898b23a3faf79bf8bb0389

  • SHA1

    49b613fbd3e7cd2e62b913b0a9297decd242b3b4

  • SHA256

    c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852

  • SHA512

    6ffdfe2a0826f49197c6b69141106829340723cd189a6fa669abb5c8a08b330232d58cfcf1690c537642709c477bd3ab993193dacef8d604423ea6e821fdcd50

  • SSDEEP

    49152:CU6jDVzOat8p0HPZ9gz2KsoGcQlIh7Q05kACh81LUssOrFN:CU6nVtt8p0vPgsoGcQckACh81oYrFN

Malware Config

Signatures

  • Irata

    Irata is an Iranian remote access trojan Android malware first seen in August 2022.

  • Irata payload 2 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs

Processes

  • admin5.testing.brother
    1⤵
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    PID:4165
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/admin5.testing.brother/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/admin5.testing.brother/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/admin5.testing.brother/code_cache/secondary-dexes/tmp-base.apk.classes7548618294160435937.zip

    Filesize

    1.1MB

    MD5

    b3ae1bc54a2326fe3998aff1b02e515e

    SHA1

    b1d21dc0456d085a703984d827a0ef1d10af121a

    SHA256

    c6a71f83e1c6044e43e8f2f7147cb413460533c8d5b565c17b234257150bae33

    SHA512

    fd53678e0c3c7ddf1f3640286308abfd9b9abb9458bd6c682e37eb84ef424576a481d29e8700b2a9f015b73f21c102ae2dc05a8dd6755b0b923d843abdfdd520

  • /data/data/admin5.testing.brother/files/a11y

    Filesize

    8B

    MD5

    18969d3b36f62f71d3b915a0a1cef24f

    SHA1

    810c6836d73c3d75b1bfdb13c8975daa105819d0

    SHA256

    c6b406c745f3bbf5987f8b047d9d6aae86f02600986d25e64d60d6c25d54c063

    SHA512

    f0b08a42f70face6b93e11f4417084467eda552a09939b00bfefb36fc77570ae58fd5734f7b20fabae8f9e5915b6f87f342640e6c6d34d2d09d6e8ae2caccc11

  • /data/user/0/admin5.testing.brother/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    3.2MB

    MD5

    0313a12bcd74d43c341f560d2409125c

    SHA1

    54e8677c004288df335d179f7a37fdb814b52a69

    SHA256

    c50c40251edfb43ff18a05c88a09c5b8ab3e18cb4f1d373ca5b204571102ecbe

    SHA512

    b651d8f2f34a4d6f5a84b7730c5fcc7500093739b204ce8b9d33c6ef8b443363065275090afc1d81109ca2462c1c6a00cbfbab262da4b78708af4081d1d01126

  • /data/user/0/admin5.testing.brother/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    3.2MB

    MD5

    d129f743289499f73abb1d8ac2f60a53

    SHA1

    7d47c71106e989b612182071bcc006cd72ef3a3d

    SHA256

    8cbcc6896ce2ee891d8cef4b7befdc980ab612d2dc2a9b10c19f49c73b8aa703

    SHA512

    4d811de72f201e6576496a5cc503ac4e83d84fbf564e3b10728a20760131fdc3c86b4707f58770d7e381efd79b5596006a83744641732f09b7e81ff7e30d09cf