General
-
Target
PlanetsBeta.rar
-
Size
71.0MB
-
Sample
231218-wsnfhsdff7
-
MD5
849c690bbd7cf73af9cf7173b0ab74f2
-
SHA1
f64521e57bff7667337fa9afb8c95e6898952f2d
-
SHA256
4ccdc6e7c8fd112a6168c37ac6b315717e34c2767e7c36b04e74fd2e20fbd97e
-
SHA512
cf5a41ed01a6ddc3d16e693a21038d765422a191f69c7d179260caad3421706355bceda371b52ae51386716256b9d4d8f345b5e0adead5fa6b919e9f827d7950
-
SSDEEP
1572864:gWW1aX8kJJsX3XapmApMlG0CH8xuTtFqs7ly2C6ocbEu9ovHsT91L0MQ:m1aX8muXawzlGRRTtFqs7ESocbB9mALG
Static task
static1
Behavioral task
behavioral1
Sample
PlanetsBeta.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
PlanetsBeta.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
PlanetsBeta.exe
-
Size
70.9MB
-
MD5
04f8a87e314087206804ebe35944bec7
-
SHA1
486450db8334dac38aa0ee8a5a99c1e57ee86db2
-
SHA256
c4bf1d484d2eb014f1e1d7c6196d2f6d4303baf408dae9fa7694f1ec2e83754c
-
SHA512
faf3661fd85d58592f6c8143a60ccdd6a4a89deacdd4b27c8090daa82f41d3ad7b60436b7737fc38212f5c5b7493ff6b954ee4811db35b70310e061e241a6259
-
SSDEEP
1572864:S4/4rzOchPtr7gixVLqNoO/il6/MsLsBSEJ/10MwKztSJc9fGe7:Rkqcdt/ZQNLi/sLsBd/VwR+Oe7
-
Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
-
Irata payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1