General

  • Target

    caca.exe

  • Size

    70.7MB

  • Sample

    231217-hkexhsdhfr

  • MD5

    b9d9aa95d2ca87f91a016fda462a26f9

  • SHA1

    d45b6786540880c618e4c0baec0a090d773817c3

  • SHA256

    2d3a331a98699a67cd900d40ec320e599ae58ce342239f4abaab08847f77161a

  • SHA512

    7aee63646d978e29c3b52d0b38ef889ae370a2118b083fb8bcf07896384bd8ce4b4426847e16c057d56f9196b337187405ee845862b8d274968812808b781aa4

  • SSDEEP

    1572864:V4/4rzOchPopkQDe/HATRxTndXx2QVkh8w61pdvQNbfdEc07:ikqcdopkQEHAT3djkGwazsfdEc07

Malware Config

Targets

    • Target

      caca.exe

    • Size

      70.7MB

    • MD5

      b9d9aa95d2ca87f91a016fda462a26f9

    • SHA1

      d45b6786540880c618e4c0baec0a090d773817c3

    • SHA256

      2d3a331a98699a67cd900d40ec320e599ae58ce342239f4abaab08847f77161a

    • SHA512

      7aee63646d978e29c3b52d0b38ef889ae370a2118b083fb8bcf07896384bd8ce4b4426847e16c057d56f9196b337187405ee845862b8d274968812808b781aa4

    • SSDEEP

      1572864:V4/4rzOchPopkQDe/HATRxTndXx2QVkh8w61pdvQNbfdEc07:ikqcdopkQEHAT3djkGwazsfdEc07

    • Irata

      Irata is an Iranian remote access trojan Android malware first seen in August 2022.

    • Irata payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks