General
-
Target
Sims 4.exe
-
Size
70.8MB
-
Sample
231206-d2c22aah25
-
MD5
836cebedf47b3a86afae416cb0b9d547
-
SHA1
f0141ac491bd87d2409e0ae359f18f749288d103
-
SHA256
908777a11bcfda6d3f398dd0ec832ec5f7a2b8416ef0df07a1fbf49fd4deed44
-
SHA512
dae15564ae26c30f3592d2b0af18ac2cf7af43490644f3b6668283e9cb858b23b70ee8c9b5814274badac6a6a14e559323de05383866262dc73ff5c86587bf91
-
SSDEEP
1572864:p4/4rzOchPYToBuBVha6vjO1LXoLlpf6LmVl208hX9es86Uh5jc7:ukqcdYToBKVr4L0pfhh819h8ZZc7
Static task
static1
Malware Config
Targets
-
-
Target
Sims 4.exe
-
Size
70.8MB
-
MD5
836cebedf47b3a86afae416cb0b9d547
-
SHA1
f0141ac491bd87d2409e0ae359f18f749288d103
-
SHA256
908777a11bcfda6d3f398dd0ec832ec5f7a2b8416ef0df07a1fbf49fd4deed44
-
SHA512
dae15564ae26c30f3592d2b0af18ac2cf7af43490644f3b6668283e9cb858b23b70ee8c9b5814274badac6a6a14e559323de05383866262dc73ff5c86587bf91
-
SSDEEP
1572864:p4/4rzOchPYToBuBVha6vjO1LXoLlpf6LmVl208hX9es86Uh5jc7:ukqcdYToBKVr4L0pfhh819h8ZZc7
-
Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
-
Irata payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-