irata | c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852

Analysis

max time kernel
1081643s
max time network
156s
platform
android_x86
resource
android-x86-arm-20230831-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
submitted
13/10/2023, 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852.apk
Size

1.8MB
MD5

473bd3af0b898b23a3faf79bf8bb0389
SHA1

49b613fbd3e7cd2e62b913b0a9297decd242b3b4
SHA256

c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852
SHA512

6ffdfe2a0826f49197c6b69141106829340723cd189a6fa669abb5c8a08b330232d58cfcf1690c537642709c477bd3ab993193dacef8d604423ea6e821fdcd50
SSDEEP

49152:CU6jDVzOat8p0HPZ9gz2KsoGcQlIh7Q05kACh81LUssOrFN:CU6nVtt8p0vPgsoGcQckACh81oYrFN

Score

10^/10

irata infostealer rat trojan

Malware Config

Signatures

Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
trojan infostealer rat irata

Irata payload 2 IoCs

resource	yara_rule
behavioral1/memory/4200-0.dex	family_irata4
behavioral1/memory/4165-0.dex	family_irata4

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	admin5.testing.brother

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/admin5.testing.brother/code_cache/secondary-dexes/base.apk.classes1.zip	4200	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/admin5.testing.brother/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/admin5.testing.brother/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/admin5.testing.brother/code_cache/secondary-dexes/base.apk.classes1.zip	4165	admin5.testing.brother

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	admin5.testing.brother

admin5.testing.brother
1⤵
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
PID:4165
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/admin5.testing.brother/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/admin5.testing.brother/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/admin5.testing.brother/code_cache/secondary-dexes/tmp-base.apk.classes7548618294160435937.zip

Filesize
1.1MB

MD5
b3ae1bc54a2326fe3998aff1b02e515e

SHA1
b1d21dc0456d085a703984d827a0ef1d10af121a

SHA256
c6a71f83e1c6044e43e8f2f7147cb413460533c8d5b565c17b234257150bae33

SHA512
fd53678e0c3c7ddf1f3640286308abfd9b9abb9458bd6c682e37eb84ef424576a481d29e8700b2a9f015b73f21c102ae2dc05a8dd6755b0b923d843abdfdd520

Download Submit
/data/data/admin5.testing.brother/files/a11y

Filesize
8B

MD5
18969d3b36f62f71d3b915a0a1cef24f

SHA1
810c6836d73c3d75b1bfdb13c8975daa105819d0

SHA256
c6b406c745f3bbf5987f8b047d9d6aae86f02600986d25e64d60d6c25d54c063

SHA512
f0b08a42f70face6b93e11f4417084467eda552a09939b00bfefb36fc77570ae58fd5734f7b20fabae8f9e5915b6f87f342640e6c6d34d2d09d6e8ae2caccc11

Download Submit
/data/user/0/admin5.testing.brother/code_cache/secondary-dexes/base.apk.classes1.zip

Filesize
3.2MB

MD5
0313a12bcd74d43c341f560d2409125c

SHA1
54e8677c004288df335d179f7a37fdb814b52a69

SHA256
c50c40251edfb43ff18a05c88a09c5b8ab3e18cb4f1d373ca5b204571102ecbe

SHA512
b651d8f2f34a4d6f5a84b7730c5fcc7500093739b204ce8b9d33c6ef8b443363065275090afc1d81109ca2462c1c6a00cbfbab262da4b78708af4081d1d01126

Download Submit
/data/user/0/admin5.testing.brother/code_cache/secondary-dexes/base.apk.classes1.zip

Filesize
3.2MB

MD5
d129f743289499f73abb1d8ac2f60a53

SHA1
7d47c71106e989b612182071bcc006cd72ef3a3d

SHA256
8cbcc6896ce2ee891d8cef4b7befdc980ab612d2dc2a9b10c19f49c73b8aa703

SHA512
4d811de72f201e6576496a5cc503ac4e83d84fbf564e3b10728a20760131fdc3c86b4707f58770d7e381efd79b5596006a83744641732f09b7e81ff7e30d09cf

Download Submit