Resubmissions

07-12-2023 11:05

231207-m6zahahh25 10

General

  • Target

    Gen (1).exe

  • Size

    70.9MB

  • Sample

    231207-m6zahahh25

  • MD5

    73ad2032f4d740e4cac02184e7f523b0

  • SHA1

    6e636935fc8d9afc1e65a9ce088e34d36afe670d

  • SHA256

    0183f676a448fc1aaeb561dc84aa400e4ae792b707641560f2b534f6bb353021

  • SHA512

    aa2b8147a82272d7c75e5e9d3af6c5c3ec16dcc59f0f45924b08fc7b1916994123195d52b8d007efc2e0c2187530321c207caa3b1a6978af4c76126269058baa

  • SSDEEP

    1572864:fU4/4rzOchPKZ3QBDvQ3Vhb7/0ogoL9oZI7Kk1TeLAjSu3I7:ffkqcdoivYhUuBoZw4tT7

Malware Config

Targets

    • Target

      Gen (1).exe

    • Size

      70.9MB

    • MD5

      73ad2032f4d740e4cac02184e7f523b0

    • SHA1

      6e636935fc8d9afc1e65a9ce088e34d36afe670d

    • SHA256

      0183f676a448fc1aaeb561dc84aa400e4ae792b707641560f2b534f6bb353021

    • SHA512

      aa2b8147a82272d7c75e5e9d3af6c5c3ec16dcc59f0f45924b08fc7b1916994123195d52b8d007efc2e0c2187530321c207caa3b1a6978af4c76126269058baa

    • SSDEEP

      1572864:fU4/4rzOchPKZ3QBDvQ3Vhb7/0ogoL9oZI7Kk1TeLAjSu3I7:ffkqcdoivYhUuBoZw4tT7

    • Irata

      Irata is an Iranian remote access trojan Android malware first seen in August 2022.

    • Irata payload

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks