General

  • Target

    Sims 4.exe

  • Size

    70.8MB

  • Sample

    231206-d2c22aah25

  • MD5

    836cebedf47b3a86afae416cb0b9d547

  • SHA1

    f0141ac491bd87d2409e0ae359f18f749288d103

  • SHA256

    908777a11bcfda6d3f398dd0ec832ec5f7a2b8416ef0df07a1fbf49fd4deed44

  • SHA512

    dae15564ae26c30f3592d2b0af18ac2cf7af43490644f3b6668283e9cb858b23b70ee8c9b5814274badac6a6a14e559323de05383866262dc73ff5c86587bf91

  • SSDEEP

    1572864:p4/4rzOchPYToBuBVha6vjO1LXoLlpf6LmVl208hX9es86Uh5jc7:ukqcdYToBKVr4L0pfhh819h8ZZc7

Malware Config

Targets

    • Target

      Sims 4.exe

    • Size

      70.8MB

    • MD5

      836cebedf47b3a86afae416cb0b9d547

    • SHA1

      f0141ac491bd87d2409e0ae359f18f749288d103

    • SHA256

      908777a11bcfda6d3f398dd0ec832ec5f7a2b8416ef0df07a1fbf49fd4deed44

    • SHA512

      dae15564ae26c30f3592d2b0af18ac2cf7af43490644f3b6668283e9cb858b23b70ee8c9b5814274badac6a6a14e559323de05383866262dc73ff5c86587bf91

    • SSDEEP

      1572864:p4/4rzOchPYToBuBVha6vjO1LXoLlpf6LmVl208hX9es86Uh5jc7:ukqcdYToBKVr4L0pfhh819h8ZZc7

    • Irata

      Irata is an Iranian remote access trojan Android malware first seen in August 2022.

    • Irata payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks