Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1081643s -
max time network
156s -
platform
android_x86 -
resource
android-x86-arm-20230831-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system -
submitted
13/10/2023, 02:59
Static task
static1
Behavioral task
behavioral1
Sample
c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852.apk
Resource
android-x64-20230831-en
Behavioral task
behavioral3
Sample
c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852.apk
Resource
android-x64-arm64-20230831-en
General
-
Target
c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852.apk
-
Size
1.8MB
-
MD5
473bd3af0b898b23a3faf79bf8bb0389
-
SHA1
49b613fbd3e7cd2e62b913b0a9297decd242b3b4
-
SHA256
c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852
-
SHA512
6ffdfe2a0826f49197c6b69141106829340723cd189a6fa669abb5c8a08b330232d58cfcf1690c537642709c477bd3ab993193dacef8d604423ea6e821fdcd50
-
SSDEEP
49152:CU6jDVzOat8p0HPZ9gz2KsoGcQlIh7Q05kACh81LUssOrFN:CU6nVtt8p0vPgsoGcQckACh81oYrFN
Malware Config
Signatures
-
Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
-
Irata payload 2 IoCs
resource yara_rule behavioral1/memory/4200-0.dex family_irata4 behavioral1/memory/4165-0.dex family_irata4 -
Acquires the wake lock. 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock admin5.testing.brother -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/admin5.testing.brother/code_cache/secondary-dexes/base.apk.classes1.zip 4200 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/admin5.testing.brother/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/admin5.testing.brother/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/admin5.testing.brother/code_cache/secondary-dexes/base.apk.classes1.zip 4165 admin5.testing.brother -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS admin5.testing.brother
Processes
-
admin5.testing.brother1⤵
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
PID:4165 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/admin5.testing.brother/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/admin5.testing.brother/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4200
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/admin5.testing.brother/code_cache/secondary-dexes/tmp-base.apk.classes7548618294160435937.zip
Filesize1.1MB
MD5b3ae1bc54a2326fe3998aff1b02e515e
SHA1b1d21dc0456d085a703984d827a0ef1d10af121a
SHA256c6a71f83e1c6044e43e8f2f7147cb413460533c8d5b565c17b234257150bae33
SHA512fd53678e0c3c7ddf1f3640286308abfd9b9abb9458bd6c682e37eb84ef424576a481d29e8700b2a9f015b73f21c102ae2dc05a8dd6755b0b923d843abdfdd520
-
Filesize
8B
MD518969d3b36f62f71d3b915a0a1cef24f
SHA1810c6836d73c3d75b1bfdb13c8975daa105819d0
SHA256c6b406c745f3bbf5987f8b047d9d6aae86f02600986d25e64d60d6c25d54c063
SHA512f0b08a42f70face6b93e11f4417084467eda552a09939b00bfefb36fc77570ae58fd5734f7b20fabae8f9e5915b6f87f342640e6c6d34d2d09d6e8ae2caccc11
-
Filesize
3.2MB
MD50313a12bcd74d43c341f560d2409125c
SHA154e8677c004288df335d179f7a37fdb814b52a69
SHA256c50c40251edfb43ff18a05c88a09c5b8ab3e18cb4f1d373ca5b204571102ecbe
SHA512b651d8f2f34a4d6f5a84b7730c5fcc7500093739b204ce8b9d33c6ef8b443363065275090afc1d81109ca2462c1c6a00cbfbab262da4b78708af4081d1d01126
-
Filesize
3.2MB
MD5d129f743289499f73abb1d8ac2f60a53
SHA17d47c71106e989b612182071bcc006cd72ef3a3d
SHA2568cbcc6896ce2ee891d8cef4b7befdc980ab612d2dc2a9b10c19f49c73b8aa703
SHA5124d811de72f201e6576496a5cc503ac4e83d84fbf564e3b10728a20760131fdc3c86b4707f58770d7e381efd79b5596006a83744641732f09b7e81ff7e30d09cf