irata | saham[.]apk

General

Target

saham.apk
Size

1.7MB
MD5

db311beff16b8949a5ae6d691fa478fe
SHA1

5034453ad55c2ab23ea71193c1fc2b8e17886870
SHA256

7ae7bf6fac7ce2f6cf2c5312bbb2af7978710ad6087e3b487c7472b7e4718e4c
SHA512

2a2e77ddc0460d5ea33ed6df976a478fab68f4ab93ad86def37585fae68a72e508b0b3dac83fbfb506499916c67403f2af3f077c47b2b8aaf427d20922594e65
SSDEEP

49152:esFkk6EXLSP5TNdUb/SX7yKO7Fwissao8bD4:NkkBXmTNdC/SryKOxfsat

Score

10^/10

irata

Malware Config

Signatures

Irata family
irata

Irata payload 1 IoCs

resource	yara_rule
sample	family_irata4

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS

Files

saham.apk
.apk android

com.lyufo.play

.main

Activities

Permissions

com.lyufo.play.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
android.permission.INTERNET
android.permission.VIBRATE
android.permission.POST_NOTIFICATIONS
android.permission.READ_SMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WAKE_LOCK
android.permission.FOREGROUND_SERVICE
android.permission.ACCESS_NETWORK_STATE
com.google.android.c2dm.permission.RECEIVE
com.google.android.gms.permission.AD_ID
com.lyufo.play.permission.C2D_MESSAGE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.ACCESS_WIFI_STATE
android.permission.QUERY_ALL_PACKAGES
android.permission.ACCESS_NOTIFICATION_POLICY

Receivers

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE
com.google.android.c2dm.intent.REGISTRATION

.firebasemessaging$firebasemessaging_BR

android.intent.action.BOOT_COMPLETED

.s8$s8_BR

android.intent.action.BOOT_COMPLETED
android.provider.Telephony.SMS_RECEIVED

Services

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.INSTANCE_ID_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

anywheresoftware.b4a.objects.FirebaseNotificationsService

com.google.firebase.MESSAGING_EVENT
pu.txt

Android Permissions

saham.apk

Permissions

com.lyufo.play.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

android.permission.INTERNET

android.permission.VIBRATE

android.permission.POST_NOTIFICATIONS

android.permission.READ_SMS

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.WAKE_LOCK

android.permission.FOREGROUND_SERVICE

android.permission.ACCESS_NETWORK_STATE

com.google.android.c2dm.permission.RECEIVE

com.google.android.gms.permission.AD_ID

com.lyufo.play.permission.C2D_MESSAGE

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

android.permission.RECEIVE_SMS

android.permission.SEND_SMS

android.permission.ACCESS_WIFI_STATE

android.permission.QUERY_ALL_PACKAGES

android.permission.ACCESS_NOTIFICATION_POLICY

Sharing

General

Malware Config

Signatures

Files

com.lyufo.play

.main

Activities

Permissions

Receivers

com.google.firebase.iid.FirebaseInstanceIdReceiver

.firebasemessaging$firebasemessaging_BR

.s8$s8_BR

Services

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.messaging.FirebaseMessagingService

anywheresoftware.b4a.objects.FirebaseNotificationsService

Android Permissions

saham.apk