Analysis Overview
SHA256
6e2f1ac9cd516a3f3d967c2f853279afbca37e44b347b4b6924b7e66e1bb054c
Threat Level: Known bad
The file 6e2f1ac9cd516a3f3d967c2f853279afbca37e44b347b4b6924b7e66e1bb054c was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Loads dropped Dex/Jar
Requests dangerous framework permissions
Acquires the wake lock
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-19 23:43
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-19 23:43
Reported
2023-12-20 09:42
Platform
android-x86-arm-20231215-en
Max time kernel
2258128s
Max time network
136s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.firedl.aidymatic.gp/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
com.firedl.aidymatic.gp
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | aidymatic.co.uk | udp |
| GB | 188.74.70.101:80 | aidymatic.co.uk | tcp |
| GB | 188.74.70.101:80 | aidymatic.co.uk | tcp |
| GB | 188.74.70.101:443 | aidymatic.co.uk | tcp |
| GB | 188.74.70.101:443 | aidymatic.co.uk | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/data/com.firedl.aidymatic.gp/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/com.firedl.aidymatic.gp/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-19 23:43
Reported
2023-12-20 08:53
Platform
android-x64-20231215-en
Max time kernel
2255223s
Max time network
155s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.firedl.aidymatic.gp/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
com.firedl.aidymatic.gp
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | aidymatic.co.uk | udp |
| GB | 188.74.70.101:80 | aidymatic.co.uk | tcp |
| GB | 188.74.70.101:80 | aidymatic.co.uk | tcp |
| GB | 188.74.70.101:443 | aidymatic.co.uk | tcp |
| GB | 188.74.70.101:443 | aidymatic.co.uk | tcp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.4:443 | tcp | |
| GB | 216.58.213.4:443 | tcp | |
| FR | 216.58.204.78:443 | tcp | |
| FR | 216.58.201.98:443 | tcp |
Files
/data/data/com.firedl.aidymatic.gp/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/com.firedl.aidymatic.gp/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-19 23:43
Reported
2023-12-20 08:53
Platform
android-x64-arm64-20231215-en
Max time kernel
2255223s
Max time network
148s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.firedl.aidymatic.gp/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
com.firedl.aidymatic.gp
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.10:443 | udp | |
| GB | 142.250.178.14:443 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| FR | 216.58.204.74:443 | tcp | |
| FR | 216.58.204.74:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | aidymatic.co.uk | udp |
| GB | 188.74.70.101:80 | aidymatic.co.uk | tcp |
| GB | 188.74.70.101:80 | aidymatic.co.uk | tcp |
| GB | 188.74.70.101:443 | aidymatic.co.uk | tcp |
| GB | 188.74.70.101:443 | aidymatic.co.uk | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp |
Files
/data/user/0/com.firedl.aidymatic.gp/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/com.firedl.aidymatic.gp/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |