Overview

overview

10

Static

static

1

c7f19eae9f...52.apk

android-9-x86

10

c7f19eae9f...52.apk

android-10-x64

10

c7f19eae9f...52.apk

android-11-x64

10

Analysis

  • max time kernel
    1081665s
  • max time network
    160s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230831-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
  • submitted
    13/10/2023, 02:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852.apk

  • Size

    1.8MB

  • MD5

    473bd3af0b898b23a3faf79bf8bb0389

  • SHA1

    49b613fbd3e7cd2e62b913b0a9297decd242b3b4

  • SHA256

    c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852

  • SHA512

    6ffdfe2a0826f49197c6b69141106829340723cd189a6fa669abb5c8a08b330232d58cfcf1690c537642709c477bd3ab993193dacef8d604423ea6e821fdcd50

  • SSDEEP

    49152:CU6jDVzOat8p0HPZ9gz2KsoGcQlIh7Q05kACh81LUssOrFN:CU6nVtt8p0vPgsoGcQckACh81oYrFN

Score
10/10
iratainfostealerrattrojan

Malware Config

Signatures

  • Irata

    Irata is an Iranian remote access trojan Android malware first seen in August 2022.

    trojaninfostealerratirata
  • Irata payload 1 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs

Processes

  • admin5.testing.brother
    1⤵
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    PID:4610

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/admin5.testing.brother/code_cache/secondary-dexes/base.apk.classes1.zip
    Filesize

    3.2MB

    MD5

    d129f743289499f73abb1d8ac2f60a53

    SHA1

    7d47c71106e989b612182071bcc006cd72ef3a3d

    SHA256

    8cbcc6896ce2ee891d8cef4b7befdc980ab612d2dc2a9b10c19f49c73b8aa703

    SHA512

    4d811de72f201e6576496a5cc503ac4e83d84fbf564e3b10728a20760131fdc3c86b4707f58770d7e381efd79b5596006a83744641732f09b7e81ff7e30d09cf

    Download Submit

  • /data/user/0/admin5.testing.brother/code_cache/secondary-dexes/tmp-base.apk.classes7345351121571487394.zip
    Filesize

    1.1MB

    MD5

    b3ae1bc54a2326fe3998aff1b02e515e

    SHA1

    b1d21dc0456d085a703984d827a0ef1d10af121a

    SHA256

    c6a71f83e1c6044e43e8f2f7147cb413460533c8d5b565c17b234257150bae33

    SHA512

    fd53678e0c3c7ddf1f3640286308abfd9b9abb9458bd6c682e37eb84ef424576a481d29e8700b2a9f015b73f21c102ae2dc05a8dd6755b0b923d843abdfdd520

    Download Submit

  • /data/user/0/admin5.testing.brother/files/a11y
    Filesize

    8B

    MD5

    18969d3b36f62f71d3b915a0a1cef24f

    SHA1

    810c6836d73c3d75b1bfdb13c8975daa105819d0

    SHA256

    c6b406c745f3bbf5987f8b047d9d6aae86f02600986d25e64d60d6c25d54c063

    SHA512

    f0b08a42f70face6b93e11f4417084467eda552a09939b00bfefb36fc77570ae58fd5734f7b20fabae8f9e5915b6f87f342640e6c6d34d2d09d6e8ae2caccc11

    Download Submit