General

  • Target

    PlanetsBeta.rar

  • Size

    71.0MB

  • Sample

    231218-wsnfhsdff7

  • MD5

    849c690bbd7cf73af9cf7173b0ab74f2

  • SHA1

    f64521e57bff7667337fa9afb8c95e6898952f2d

  • SHA256

    4ccdc6e7c8fd112a6168c37ac6b315717e34c2767e7c36b04e74fd2e20fbd97e

  • SHA512

    cf5a41ed01a6ddc3d16e693a21038d765422a191f69c7d179260caad3421706355bceda371b52ae51386716256b9d4d8f345b5e0adead5fa6b919e9f827d7950

  • SSDEEP

    1572864:gWW1aX8kJJsX3XapmApMlG0CH8xuTtFqs7ly2C6ocbEu9ovHsT91L0MQ:m1aX8muXawzlGRRTtFqs7ESocbB9mALG

Malware Config

Targets

    • Target

      PlanetsBeta.exe

    • Size

      70.9MB

    • MD5

      04f8a87e314087206804ebe35944bec7

    • SHA1

      486450db8334dac38aa0ee8a5a99c1e57ee86db2

    • SHA256

      c4bf1d484d2eb014f1e1d7c6196d2f6d4303baf408dae9fa7694f1ec2e83754c

    • SHA512

      faf3661fd85d58592f6c8143a60ccdd6a4a89deacdd4b27c8090daa82f41d3ad7b60436b7737fc38212f5c5b7493ff6b954ee4811db35b70310e061e241a6259

    • SSDEEP

      1572864:S4/4rzOchPtr7gixVLqNoO/il6/MsLsBSEJ/10MwKztSJc9fGe7:Rkqcdt/ZQNLi/sLsBd/VwR+Oe7

    • Irata

      Irata is an Iranian remote access trojan Android malware first seen in August 2022.

    • Irata payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks