Analysis Overview
SHA256
70ea43cc01fc151a91d7404db1754de886ac1e72ece27b29064ee4139227d1e8
Threat Level: Known bad
The file 70ea43cc01fc151a91d7404db1754de886ac1e72ece27b29064ee4139227d1e8 was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata family
Requests dangerous framework permissions
Acquires the wake lock
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-20 00:04
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-20 00:04
Reported
2023-12-21 03:21
Platform
android-x86-arm-20231215-en
Max time kernel
2321768s
Max time network
135s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
net.LydiaTeam
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | edalat-hamarah.com | udp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| DE | 45.147.230.25:80 | tcp |
Files
/data/data/net.LydiaTeam/files/PersistedInstallation6377511764624105697tmp
| MD5 | 0d82cecfdd28836145e7e8322477a160 |
| SHA1 | a13f4f3a0af1240378f16c106206f339a5833dc9 |
| SHA256 | 1872c42ba5a158f31516047ca5513ea134add99a74b77fb4deb8e0c98c32b79c |
| SHA512 | fffd8e8433a597e7abc6ab2266c56a54ea58e5deba38730daa1e999d1822c32348960cfb8bca18f46dcb88949f57ff10b312deb21a3f5037d9076cda32de97a0 |
/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-journal
| MD5 | 7949734d4d39d07285669c0692ecc721 |
| SHA1 | dd1d56025cc92c97a8dc8d4760f4d456e8319c3e |
| SHA256 | 292efd574da92508b9ea9bcf0b01a5c087b1f2be85bc97d012a9801bdb0f73b5 |
| SHA512 | f3df6028b20116536ffc8e0d190537e5fef14aa24e856ece640954d34809b47fb7ea4e847692fe05e1ed24311175d4c7fde124cc20cd3f6eadd2695b8cb855f0 |
/data/data/net.LydiaTeam/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-wal
| MD5 | 97e63a6c44a137fcac6ac5655f7a3b67 |
| SHA1 | 211b09996833547a8380b7d527b236281c062172 |
| SHA256 | fe8cc1f7ec29868af3b0c0c4c0597e601baceb510f2015c246deb04249b1c278 |
| SHA512 | 26bacc2c76dcdcaf2944a4e10593579bd73b63153814766f3d75049d1110ccc25ef2f031e029cabb7b58c9c74f4a1895c2652af68ad6feb118d9d8b4f3884632 |
/data/data/net.LydiaTeam/files/PersistedInstallation5972923633334461996tmp
| MD5 | ee5b8ba2d4315573abaec2f54528dec2 |
| SHA1 | 302826995f654d4848946414334a3255f857a61a |
| SHA256 | b5bf56e55718768903c7019129ffb8947c3a87aba21dab8ab3d77a94c6de487b |
| SHA512 | 19f7657c56a6133d1496367ae54a03c29143d82cbf8b3d0a53b392667d7de0f3e3b053168bd2fdc8517de4a970733d285cf9080f5848f0dbe81db9137627919f |
/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-wal
| MD5 | 9a597d51f232d535bcdfd4f88accef21 |
| SHA1 | 4c851f9b1302dffb2db229024778a3653b8206ab |
| SHA256 | a704c27cda8ababba7152d3d13941aed5ba19ba6c04fb427d9cb522fa149013e |
| SHA512 | 667d3093a22976c34e9ba0d28fa1632efbd72b677e0641af9bf42730c460bdfd4ae4bb3f09e77d2d26ce540f3c9d1937bfd545e5f6f644efa452874ac244e801 |
/data/data/net.LydiaTeam/databases/google_app_measurement_local.db
| MD5 | 9fee418bbfe21d9be00af6f5754d45b7 |
| SHA1 | 8838d5862bff8ccb07131418323f42773cb321fe |
| SHA256 | 996403dd77fd49cdcba0fce66d80f9050413498f742ab5f8b626c1e5c8034d62 |
| SHA512 | 45491752bbbd089061cb3bc8639e05546fdcf55edbdb4e520d43e1e0f8e4a27fd7cc4e2510ce3b94d6efbc0596c7d4a73e97f4b19bca456191620c0951306602 |
/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-wal
| MD5 | 650d25ed17d3a74841de357eb3a06ac6 |
| SHA1 | 93edc7d93e2df9b8dbcc1e96b43fa346823e69e8 |
| SHA256 | 74c175661aff4f8bbb0bc2dc9921af3f15d2f473de477387b920f3227d6f3157 |
| SHA512 | b295aba47525e27d5020ccba768f6b986fef7afae3ddfb0f800184cb5722bb457a09856c59085ac995fa8b11522c763fc790cc3f1196f08c40de2c7a4b3cbdeb |
/data/data/net.LydiaTeam/databases/google_app_measurement_local.db
| MD5 | 7656bc4c4205eed1e86feccc66e9dde2 |
| SHA1 | 9e8ef9eaefede873a089024a6b25bfa041636d32 |
| SHA256 | 6b01d73a67263f3d15aaaf9811a27bdadd92afbd92cd3a43b7814c333d225254 |
| SHA512 | 99e3bc63bc0b321b33761d7e6523bcb663555ee73f33a629f99e48e1c76b15606a4e733424f9b1d5449cdaf94e5e3e04c95f6c813cbc14733f842e94facc2bce |
/data/data/net.LydiaTeam/files/LydiaTeam11112222333344445555
| MD5 | 570120d1d3086969f0f7c9b65cdea0b5 |
| SHA1 | 086c50ee46a8a1aa5d026ff3730622c9e12188bf |
| SHA256 | 4f4c9ef111ed00688e0ddd209e27bd6bdf941593ecea40576c8284e6888c4bfb |
| SHA512 | d0684c7d3ecc0ee5bad68de5a734638da4bab6bcba2d08d03ff0e0edac7f264a827d26b4f4540d715b1b0ba53e003023682b4fef28ada814a3b324ed702eae92 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-20 00:04
Reported
2023-12-20 23:47
Platform
android-x64-20231215-en
Max time kernel
2308890s
Max time network
152s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
net.LydiaTeam
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | edalat-hamarah.com | udp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| DE | 45.147.230.25:80 | tcp | |
| GB | 216.58.213.4:443 | tcp | |
| GB | 216.58.213.4:443 | tcp |
Files
/data/data/net.LydiaTeam/files/PersistedInstallation88159970872198045tmp
| MD5 | d12201d4d3c829a0a0f5b09e559b590e |
| SHA1 | 26218060b6d42bd14c5781a947d7035b8c83eece |
| SHA256 | 0665890a3456bd392e542cba984f5d5dc50c694f2af146dcbc53b73b5def8f40 |
| SHA512 | 1c90fdd169b50b54818d4bdaea2ad1af1e37fe9a4656d85857d4717c353abc9231c7b1a34da0c3e478bae2c619609e918a836949c13a7641f6c65690193158e9 |
/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-journal
| MD5 | c7720f02f047fd084a87ed99038c585b |
| SHA1 | ccfe96974ff5a49f6f859015c86df91d9ac6df83 |
| SHA256 | 03aca24ada206196c3ecd45843a8131b6c4a0f6f6f60cf6082999e1e2a7cc3ba |
| SHA512 | 29bb07fc4e52ebcf35e1323ed010a0b76d87ca77dface0e7c89359c127a5d9cbafd89f0587244cbe905000c1a2c31ff94c06183038b988c99e5d8e225140c421 |
/data/data/net.LydiaTeam/databases/google_app_measurement_local.db
| MD5 | 7b73b68dcd49ffb9859a5f9f7c0f307b |
| SHA1 | ef269805d90f16eef19043534477c7adf9080c7d |
| SHA256 | dcafbcd3a753de3e0952ac315a62f825c24a1b9c0c4d01e0936e9cdcca3ed1b0 |
| SHA512 | a18c7058104a9f7da297afa631791c37a0621186463cc166268dff761687209fc6a4e37962ca0f3d6c9e60be3bc881472593db8b96d379fb61814a878903cba4 |
/data/data/net.LydiaTeam/databases/google_app_measurement_local.db
| MD5 | 47414f84760df88aad32ba90f2cf1787 |
| SHA1 | 5bc4644c6a8df3b3731b231234ed6a5d8c758a06 |
| SHA256 | 2180b7c46324835ce99711e8090d5e7b75ac858887c9c376fba51d746768a7cb |
| SHA512 | f8642abc5b9c3e9a31fbf969993ab851ca2f5f57472c91bb1f922fd910197d46f5c02462428e4091042d4dc26402c45a8a78a72074a97fb3f67c657b9e2533a1 |
/data/data/net.LydiaTeam/files/LydiaTeam11112222333344445555
| MD5 | 570120d1d3086969f0f7c9b65cdea0b5 |
| SHA1 | 086c50ee46a8a1aa5d026ff3730622c9e12188bf |
| SHA256 | 4f4c9ef111ed00688e0ddd209e27bd6bdf941593ecea40576c8284e6888c4bfb |
| SHA512 | d0684c7d3ecc0ee5bad68de5a734638da4bab6bcba2d08d03ff0e0edac7f264a827d26b4f4540d715b1b0ba53e003023682b4fef28ada814a3b324ed702eae92 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-20 00:04
Reported
2023-12-20 23:48
Platform
android-x64-arm64-20231215-en
Max time kernel
2308938s
Max time network
138s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
net.LydiaTeam
Network
| Country | Destination | Domain | Proto |
| FR | 216.58.204.74:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | edalat-hamarah.com | udp |
| DE | 45.147.230.25:80 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |
Files
/data/user/0/net.LydiaTeam/files/PersistedInstallation289798134487563670tmp
| MD5 | b51859ac7f2baf319cfde8acad4c768b |
| SHA1 | 3dd553d36e915194b3971f24e19122335f0483e9 |
| SHA256 | 20b80dfa1fb4244aabb92396d6f8026e13635374409d0c71316ee7eb3fdcf277 |
| SHA512 | 2b57eaf2b7deca6b175f387f80838a827f5b878b17bef45e0d3fbba6f6010b9cc2d012a84d30a68cc562ad08646ffdd51fe41eceee890efcfa5c607cd683e9b6 |
/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal
| MD5 | e2a22d801e061c1cf23ffdc4ff7412e3 |
| SHA1 | 5e855e1c2b4e0cd32b4f3babf8b8480128b508d1 |
| SHA256 | e254e6e62045eba890d26b6fabe579701160945c41fa02c42687899791f41e7b |
| SHA512 | 31646c202148dd915c2241fcee4c69a7c54cc01fd480511e1198258d01113937c6a1fb2b031c4c9e9c755dd4dfde196ef7227d71e12379f16165ffec35ef98aa |
/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal
| MD5 | 9b7c4aaf068b1ca5fb5108dc73bb3677 |
| SHA1 | 594a8ace963d09249cd02a19124272764f206802 |
| SHA256 | 9336dc6e94b7d348ade0a76d30cfc595c720bc290aa2019cd35eb7ab2dabc60b |
| SHA512 | 6bcc05f311eef7b9cce3af15826e4b4944d44406a645ef0f3537bf115ab895fc31d0fa9748db1583b214980005131f0e552076f0c2f0aac3b01760803ce1df4d |
/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal
| MD5 | 76d7e79f4d91b281fddf27c494c7bd5c |
| SHA1 | fa68507a2ea3c5c73474af6e30f5b8438382cc30 |
| SHA256 | 6d9b3fcb8501ad782ab1e4cd8fb101dd5ef82818a3201ca1da6766c0b59928c7 |
| SHA512 | aa8bbeb60638dd53c0c04f427a11ccd2e00d2910338a4de066982a3351380001ed37bf42f40246770d2d73c893e1a342f8be2fc16716940b41bbdfb6fc1b62af |
/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal
| MD5 | c1172663472585da6590ffeadf610b2f |
| SHA1 | d4000ac5c41420aef02e156b2bd638c4e4995a74 |
| SHA256 | 95a16436783106f8fbf2803f7d39aece3ae6b2243a818364a730c269f6fe0ff8 |
| SHA512 | 4a3a03a137db6d83033e2558dd0615079afdc5489d6c2712852dad3609422981bb1143d8260b7e6ae99eecee31788d13e7051b25f50501b3b2533e2bd9315deb |
/data/user/0/net.LydiaTeam/files/PersistedInstallation2707655363995821614tmp
| MD5 | 3f17473f03f6f569a79f598b73528e4d |
| SHA1 | 713b9c95e63b80a9b0077e9d2fdf7ac66a6df00c |
| SHA256 | a026e42bb004e8e813cde5e6734e24e7fde3fb2461881aa4e899b1723aca9a07 |
| SHA512 | 778a1feaa51092cc50aa3d0d182ceab35836277fe8671db541c7086de0cbe5f74092b480b023bee83a6c274b50ff8169d716c7422c07d8a822a6f4873f7f300d |
/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal
| MD5 | 51db37341f6874627d45e7eff396bc5e |
| SHA1 | 4eed1f7f3523fc8fa96bab17d667cc5bd50881c0 |
| SHA256 | d36c152124092a2032a5c9d322b81bf5522d4ec61019ff8fdcea9f69c23e788d |
| SHA512 | 0be0b92897eac77d16f6a21f02abd834f0483686e45928e45d23ff4a437803a3ea1ba703c6206f8a5d881f1717dc9e846f58413c8ff6128112891844f306c96a |
/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal
| MD5 | b12660b7ed141a43d5fa4e5851926db5 |
| SHA1 | 4b5c823c7ba167ab3930dfa7718e52e4438e7f71 |
| SHA256 | 3f2ba840925511d101df370b35208484687c1683680037754eafc1f07cbd1729 |
| SHA512 | 74baf2985423bd51983866b4a847a63e5822aba46afb7251f65415f5cd628014f53c2318e38f8b62b58d695e4be33180bce8bb1bbc79f1e068fa392b37f70968 |
/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db
| MD5 | 0e317d14e05d110e0d66ab883043348d |
| SHA1 | 8de7a85f971d1d0a8bbb231e61f868c7b7eaf142 |
| SHA256 | 83aea3a09cbf01bc95594a5a5957a6cd6bddd1ea25c0e1defb9f4ceaf681bdd6 |
| SHA512 | 64efcd7f57a896e3955ff50359e48c2d36dd04280441dd27adff3224d29a7da1527a6adecf11067709aac0ed0ccca6f143eeb53139b303dfc427661c4cc8cdd8 |
/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db
| MD5 | 6803c81f26049330dff0c256e417b19f |
| SHA1 | 608251d649a97a7ae4c6db6919e3e2501302bcb1 |
| SHA256 | 9829fa2ebfdba7030a510c727f819c9720f46118bd99ecb08e71faf1cf961b9c |
| SHA512 | 8af3745e7246e75b56b4e90576f3b7f1e67876878c0c4cd06bbfc6e56368621cf6d1d75ab9c004b6bb8a2831d7e1c4b61b32b880a31aa7c3edc68d1313744972 |
/data/user/0/net.LydiaTeam/files/LydiaTeam11112222333344445555
| MD5 | 570120d1d3086969f0f7c9b65cdea0b5 |
| SHA1 | 086c50ee46a8a1aa5d026ff3730622c9e12188bf |
| SHA256 | 4f4c9ef111ed00688e0ddd209e27bd6bdf941593ecea40576c8284e6888c4bfb |
| SHA512 | d0684c7d3ecc0ee5bad68de5a734638da4bab6bcba2d08d03ff0e0edac7f264a827d26b4f4540d715b1b0ba53e003023682b4fef28ada814a3b324ed702eae92 |