Malware Analysis Report

2025-01-19 06:25

Sample ID 231220-aclq4adea6
Target 70ea43cc01fc151a91d7404db1754de886ac1e72ece27b29064ee4139227d1e8
SHA256 70ea43cc01fc151a91d7404db1754de886ac1e72ece27b29064ee4139227d1e8
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

70ea43cc01fc151a91d7404db1754de886ac1e72ece27b29064ee4139227d1e8

Threat Level: Known bad

The file 70ea43cc01fc151a91d7404db1754de886ac1e72ece27b29064ee4139227d1e8 was found to be: Known bad.

Malicious Activity Summary

irata

Irata payload

Irata family

Requests dangerous framework permissions

Acquires the wake lock

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-20 00:04

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-20 00:04

Reported

2023-12-21 03:21

Platform

android-x86-arm-20231215-en

Max time kernel

2321768s

Max time network

135s

Command Line

net.LydiaTeam

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

net.LydiaTeam

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 edalat-hamarah.com udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
DE 45.147.230.25:80 tcp

Files

/data/data/net.LydiaTeam/files/PersistedInstallation6377511764624105697tmp

MD5 0d82cecfdd28836145e7e8322477a160
SHA1 a13f4f3a0af1240378f16c106206f339a5833dc9
SHA256 1872c42ba5a158f31516047ca5513ea134add99a74b77fb4deb8e0c98c32b79c
SHA512 fffd8e8433a597e7abc6ab2266c56a54ea58e5deba38730daa1e999d1822c32348960cfb8bca18f46dcb88949f57ff10b312deb21a3f5037d9076cda32de97a0

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 7949734d4d39d07285669c0692ecc721
SHA1 dd1d56025cc92c97a8dc8d4760f4d456e8319c3e
SHA256 292efd574da92508b9ea9bcf0b01a5c087b1f2be85bc97d012a9801bdb0f73b5
SHA512 f3df6028b20116536ffc8e0d190537e5fef14aa24e856ece640954d34809b47fb7ea4e847692fe05e1ed24311175d4c7fde124cc20cd3f6eadd2695b8cb855f0

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-wal

MD5 97e63a6c44a137fcac6ac5655f7a3b67
SHA1 211b09996833547a8380b7d527b236281c062172
SHA256 fe8cc1f7ec29868af3b0c0c4c0597e601baceb510f2015c246deb04249b1c278
SHA512 26bacc2c76dcdcaf2944a4e10593579bd73b63153814766f3d75049d1110ccc25ef2f031e029cabb7b58c9c74f4a1895c2652af68ad6feb118d9d8b4f3884632

/data/data/net.LydiaTeam/files/PersistedInstallation5972923633334461996tmp

MD5 ee5b8ba2d4315573abaec2f54528dec2
SHA1 302826995f654d4848946414334a3255f857a61a
SHA256 b5bf56e55718768903c7019129ffb8947c3a87aba21dab8ab3d77a94c6de487b
SHA512 19f7657c56a6133d1496367ae54a03c29143d82cbf8b3d0a53b392667d7de0f3e3b053168bd2fdc8517de4a970733d285cf9080f5848f0dbe81db9137627919f

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-wal

MD5 9a597d51f232d535bcdfd4f88accef21
SHA1 4c851f9b1302dffb2db229024778a3653b8206ab
SHA256 a704c27cda8ababba7152d3d13941aed5ba19ba6c04fb427d9cb522fa149013e
SHA512 667d3093a22976c34e9ba0d28fa1632efbd72b677e0641af9bf42730c460bdfd4ae4bb3f09e77d2d26ce540f3c9d1937bfd545e5f6f644efa452874ac244e801

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db

MD5 9fee418bbfe21d9be00af6f5754d45b7
SHA1 8838d5862bff8ccb07131418323f42773cb321fe
SHA256 996403dd77fd49cdcba0fce66d80f9050413498f742ab5f8b626c1e5c8034d62
SHA512 45491752bbbd089061cb3bc8639e05546fdcf55edbdb4e520d43e1e0f8e4a27fd7cc4e2510ce3b94d6efbc0596c7d4a73e97f4b19bca456191620c0951306602

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-wal

MD5 650d25ed17d3a74841de357eb3a06ac6
SHA1 93edc7d93e2df9b8dbcc1e96b43fa346823e69e8
SHA256 74c175661aff4f8bbb0bc2dc9921af3f15d2f473de477387b920f3227d6f3157
SHA512 b295aba47525e27d5020ccba768f6b986fef7afae3ddfb0f800184cb5722bb457a09856c59085ac995fa8b11522c763fc790cc3f1196f08c40de2c7a4b3cbdeb

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db

MD5 7656bc4c4205eed1e86feccc66e9dde2
SHA1 9e8ef9eaefede873a089024a6b25bfa041636d32
SHA256 6b01d73a67263f3d15aaaf9811a27bdadd92afbd92cd3a43b7814c333d225254
SHA512 99e3bc63bc0b321b33761d7e6523bcb663555ee73f33a629f99e48e1c76b15606a4e733424f9b1d5449cdaf94e5e3e04c95f6c813cbc14733f842e94facc2bce

/data/data/net.LydiaTeam/files/LydiaTeam11112222333344445555

MD5 570120d1d3086969f0f7c9b65cdea0b5
SHA1 086c50ee46a8a1aa5d026ff3730622c9e12188bf
SHA256 4f4c9ef111ed00688e0ddd209e27bd6bdf941593ecea40576c8284e6888c4bfb
SHA512 d0684c7d3ecc0ee5bad68de5a734638da4bab6bcba2d08d03ff0e0edac7f264a827d26b4f4540d715b1b0ba53e003023682b4fef28ada814a3b324ed702eae92

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-20 00:04

Reported

2023-12-20 23:47

Platform

android-x64-20231215-en

Max time kernel

2308890s

Max time network

152s

Command Line

net.LydiaTeam

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

net.LydiaTeam

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 edalat-hamarah.com udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
DE 45.147.230.25:80 tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp

Files

/data/data/net.LydiaTeam/files/PersistedInstallation88159970872198045tmp

MD5 d12201d4d3c829a0a0f5b09e559b590e
SHA1 26218060b6d42bd14c5781a947d7035b8c83eece
SHA256 0665890a3456bd392e542cba984f5d5dc50c694f2af146dcbc53b73b5def8f40
SHA512 1c90fdd169b50b54818d4bdaea2ad1af1e37fe9a4656d85857d4717c353abc9231c7b1a34da0c3e478bae2c619609e918a836949c13a7641f6c65690193158e9

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 c7720f02f047fd084a87ed99038c585b
SHA1 ccfe96974ff5a49f6f859015c86df91d9ac6df83
SHA256 03aca24ada206196c3ecd45843a8131b6c4a0f6f6f60cf6082999e1e2a7cc3ba
SHA512 29bb07fc4e52ebcf35e1323ed010a0b76d87ca77dface0e7c89359c127a5d9cbafd89f0587244cbe905000c1a2c31ff94c06183038b988c99e5d8e225140c421

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db

MD5 7b73b68dcd49ffb9859a5f9f7c0f307b
SHA1 ef269805d90f16eef19043534477c7adf9080c7d
SHA256 dcafbcd3a753de3e0952ac315a62f825c24a1b9c0c4d01e0936e9cdcca3ed1b0
SHA512 a18c7058104a9f7da297afa631791c37a0621186463cc166268dff761687209fc6a4e37962ca0f3d6c9e60be3bc881472593db8b96d379fb61814a878903cba4

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db

MD5 47414f84760df88aad32ba90f2cf1787
SHA1 5bc4644c6a8df3b3731b231234ed6a5d8c758a06
SHA256 2180b7c46324835ce99711e8090d5e7b75ac858887c9c376fba51d746768a7cb
SHA512 f8642abc5b9c3e9a31fbf969993ab851ca2f5f57472c91bb1f922fd910197d46f5c02462428e4091042d4dc26402c45a8a78a72074a97fb3f67c657b9e2533a1

/data/data/net.LydiaTeam/files/LydiaTeam11112222333344445555

MD5 570120d1d3086969f0f7c9b65cdea0b5
SHA1 086c50ee46a8a1aa5d026ff3730622c9e12188bf
SHA256 4f4c9ef111ed00688e0ddd209e27bd6bdf941593ecea40576c8284e6888c4bfb
SHA512 d0684c7d3ecc0ee5bad68de5a734638da4bab6bcba2d08d03ff0e0edac7f264a827d26b4f4540d715b1b0ba53e003023682b4fef28ada814a3b324ed702eae92

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-20 00:04

Reported

2023-12-20 23:48

Platform

android-x64-arm64-20231215-en

Max time kernel

2308938s

Max time network

138s

Command Line

net.LydiaTeam

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

net.LydiaTeam

Network

Country Destination Domain Proto
FR 216.58.204.74:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 edalat-hamarah.com udp
DE 45.147.230.25:80 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/data/user/0/net.LydiaTeam/files/PersistedInstallation289798134487563670tmp

MD5 b51859ac7f2baf319cfde8acad4c768b
SHA1 3dd553d36e915194b3971f24e19122335f0483e9
SHA256 20b80dfa1fb4244aabb92396d6f8026e13635374409d0c71316ee7eb3fdcf277
SHA512 2b57eaf2b7deca6b175f387f80838a827f5b878b17bef45e0d3fbba6f6010b9cc2d012a84d30a68cc562ad08646ffdd51fe41eceee890efcfa5c607cd683e9b6

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 e2a22d801e061c1cf23ffdc4ff7412e3
SHA1 5e855e1c2b4e0cd32b4f3babf8b8480128b508d1
SHA256 e254e6e62045eba890d26b6fabe579701160945c41fa02c42687899791f41e7b
SHA512 31646c202148dd915c2241fcee4c69a7c54cc01fd480511e1198258d01113937c6a1fb2b031c4c9e9c755dd4dfde196ef7227d71e12379f16165ffec35ef98aa

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 9b7c4aaf068b1ca5fb5108dc73bb3677
SHA1 594a8ace963d09249cd02a19124272764f206802
SHA256 9336dc6e94b7d348ade0a76d30cfc595c720bc290aa2019cd35eb7ab2dabc60b
SHA512 6bcc05f311eef7b9cce3af15826e4b4944d44406a645ef0f3537bf115ab895fc31d0fa9748db1583b214980005131f0e552076f0c2f0aac3b01760803ce1df4d

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 76d7e79f4d91b281fddf27c494c7bd5c
SHA1 fa68507a2ea3c5c73474af6e30f5b8438382cc30
SHA256 6d9b3fcb8501ad782ab1e4cd8fb101dd5ef82818a3201ca1da6766c0b59928c7
SHA512 aa8bbeb60638dd53c0c04f427a11ccd2e00d2910338a4de066982a3351380001ed37bf42f40246770d2d73c893e1a342f8be2fc16716940b41bbdfb6fc1b62af

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 c1172663472585da6590ffeadf610b2f
SHA1 d4000ac5c41420aef02e156b2bd638c4e4995a74
SHA256 95a16436783106f8fbf2803f7d39aece3ae6b2243a818364a730c269f6fe0ff8
SHA512 4a3a03a137db6d83033e2558dd0615079afdc5489d6c2712852dad3609422981bb1143d8260b7e6ae99eecee31788d13e7051b25f50501b3b2533e2bd9315deb

/data/user/0/net.LydiaTeam/files/PersistedInstallation2707655363995821614tmp

MD5 3f17473f03f6f569a79f598b73528e4d
SHA1 713b9c95e63b80a9b0077e9d2fdf7ac66a6df00c
SHA256 a026e42bb004e8e813cde5e6734e24e7fde3fb2461881aa4e899b1723aca9a07
SHA512 778a1feaa51092cc50aa3d0d182ceab35836277fe8671db541c7086de0cbe5f74092b480b023bee83a6c274b50ff8169d716c7422c07d8a822a6f4873f7f300d

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 51db37341f6874627d45e7eff396bc5e
SHA1 4eed1f7f3523fc8fa96bab17d667cc5bd50881c0
SHA256 d36c152124092a2032a5c9d322b81bf5522d4ec61019ff8fdcea9f69c23e788d
SHA512 0be0b92897eac77d16f6a21f02abd834f0483686e45928e45d23ff4a437803a3ea1ba703c6206f8a5d881f1717dc9e846f58413c8ff6128112891844f306c96a

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 b12660b7ed141a43d5fa4e5851926db5
SHA1 4b5c823c7ba167ab3930dfa7718e52e4438e7f71
SHA256 3f2ba840925511d101df370b35208484687c1683680037754eafc1f07cbd1729
SHA512 74baf2985423bd51983866b4a847a63e5822aba46afb7251f65415f5cd628014f53c2318e38f8b62b58d695e4be33180bce8bb1bbc79f1e068fa392b37f70968

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db

MD5 0e317d14e05d110e0d66ab883043348d
SHA1 8de7a85f971d1d0a8bbb231e61f868c7b7eaf142
SHA256 83aea3a09cbf01bc95594a5a5957a6cd6bddd1ea25c0e1defb9f4ceaf681bdd6
SHA512 64efcd7f57a896e3955ff50359e48c2d36dd04280441dd27adff3224d29a7da1527a6adecf11067709aac0ed0ccca6f143eeb53139b303dfc427661c4cc8cdd8

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db

MD5 6803c81f26049330dff0c256e417b19f
SHA1 608251d649a97a7ae4c6db6919e3e2501302bcb1
SHA256 9829fa2ebfdba7030a510c727f819c9720f46118bd99ecb08e71faf1cf961b9c
SHA512 8af3745e7246e75b56b4e90576f3b7f1e67876878c0c4cd06bbfc6e56368621cf6d1d75ab9c004b6bb8a2831d7e1c4b61b32b880a31aa7c3edc68d1313744972

/data/user/0/net.LydiaTeam/files/LydiaTeam11112222333344445555

MD5 570120d1d3086969f0f7c9b65cdea0b5
SHA1 086c50ee46a8a1aa5d026ff3730622c9e12188bf
SHA256 4f4c9ef111ed00688e0ddd209e27bd6bdf941593ecea40576c8284e6888c4bfb
SHA512 d0684c7d3ecc0ee5bad68de5a734638da4bab6bcba2d08d03ff0e0edac7f264a827d26b4f4540d715b1b0ba53e003023682b4fef28ada814a3b324ed702eae92