Analysis
-
max time kernel
1081665s -
max time network
160s -
platform
android_x64 -
resource
android-x64-arm64-20230831-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system -
submitted
13/10/2023, 02:59
Static task
static1
Behavioral task
behavioral1
Sample
c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852.apk
Resource
android-x64-20230831-en
Behavioral task
behavioral3
Sample
c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852.apk
Resource
android-x64-arm64-20230831-en
General
-
Target
c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852.apk
-
Size
1.8MB
-
MD5
473bd3af0b898b23a3faf79bf8bb0389
-
SHA1
49b613fbd3e7cd2e62b913b0a9297decd242b3b4
-
SHA256
c7f19eae9ff56d59c8d9139fcb29fe93a7bad4b6ed66fe82814271465ebbd852
-
SHA512
6ffdfe2a0826f49197c6b69141106829340723cd189a6fa669abb5c8a08b330232d58cfcf1690c537642709c477bd3ab993193dacef8d604423ea6e821fdcd50
-
SSDEEP
49152:CU6jDVzOat8p0HPZ9gz2KsoGcQlIh7Q05kACh81LUssOrFN:CU6nVtt8p0vPgsoGcQckACh81oYrFN
Malware Config
Signatures
-
Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
-
Irata payload 1 IoCs
resource yara_rule behavioral3/memory/4610-0.dex family_irata4 -
Acquires the wake lock. 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock admin5.testing.brother -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/admin5.testing.brother/code_cache/secondary-dexes/base.apk.classes1.zip 4610 admin5.testing.brother -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS admin5.testing.brother
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.2MB
MD5d129f743289499f73abb1d8ac2f60a53
SHA17d47c71106e989b612182071bcc006cd72ef3a3d
SHA2568cbcc6896ce2ee891d8cef4b7befdc980ab612d2dc2a9b10c19f49c73b8aa703
SHA5124d811de72f201e6576496a5cc503ac4e83d84fbf564e3b10728a20760131fdc3c86b4707f58770d7e381efd79b5596006a83744641732f09b7e81ff7e30d09cf
-
/data/user/0/admin5.testing.brother/code_cache/secondary-dexes/tmp-base.apk.classes7345351121571487394.zip
Filesize1.1MB
MD5b3ae1bc54a2326fe3998aff1b02e515e
SHA1b1d21dc0456d085a703984d827a0ef1d10af121a
SHA256c6a71f83e1c6044e43e8f2f7147cb413460533c8d5b565c17b234257150bae33
SHA512fd53678e0c3c7ddf1f3640286308abfd9b9abb9458bd6c682e37eb84ef424576a481d29e8700b2a9f015b73f21c102ae2dc05a8dd6755b0b923d843abdfdd520
-
Filesize
8B
MD518969d3b36f62f71d3b915a0a1cef24f
SHA1810c6836d73c3d75b1bfdb13c8975daa105819d0
SHA256c6b406c745f3bbf5987f8b047d9d6aae86f02600986d25e64d60d6c25d54c063
SHA512f0b08a42f70face6b93e11f4417084467eda552a09939b00bfefb36fc77570ae58fd5734f7b20fabae8f9e5915b6f87f342640e6c6d34d2d09d6e8ae2caccc11