Analysis Overview
SHA256
73ec42013f549f3b709852770c9e2769a56943173d304f939f6bcdf567cda4f1
Threat Level: Known bad
The file 73ec42013f549f3b709852770c9e2769a56943173d304f939f6bcdf567cda4f1 was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata family
Requests dangerous framework permissions
Acquires the wake lock
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-20 00:22
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-20 00:22
Reported
2023-12-20 13:19
Platform
android-x64-20231215-en
Max time kernel
2271143s
Max time network
148s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
com.sckandar.android
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | scandarremote.xyz | udp |
| GB | 216.58.213.4:443 | tcp | |
| GB | 216.58.213.4:443 | tcp | |
| FR | 216.58.204.78:443 | tcp | |
| FR | 216.58.201.98:443 | tcp |
Files
/data/data/com.sckandar.android/files/PersistedInstallation8309861323326626995tmp
| MD5 | 902d20c2db2729131c7073c188183ae0 |
| SHA1 | c49241ae6432518e3e3da4dea8619fe962614002 |
| SHA256 | d1567c3c6d0fb493d241eeaf3a4267e42339ce72d2344fc357aff77185bd6044 |
| SHA512 | cd1c5d13a07838bbbec3d263ed3df3987f83d5514328905112df81293ab07647c11a35d7e67f6b28714b905f4a64f1b8e12da50c92c86ec2c4c0332b94a60774 |
/data/data/com.sckandar.android/databases/google_app_measurement_local.db-journal
| MD5 | e5388f793db94c30d8c1586cc5ab7143 |
| SHA1 | 26945a5a746cd85be6242d463e804de3ad738685 |
| SHA256 | c081f9faf87f3bd800cdfbf461c4a0add6e270186d25c323f64c6d728732781f |
| SHA512 | 9bc03a7b6f6943dffd708355d32e324560b791eaf915c1ce6c626f74b1a6fb034ff00294706beaad698fd15e9826a46be9d967fd7345f013ead1664a3ac5a183 |
/data/data/com.sckandar.android/databases/google_app_measurement_local.db
| MD5 | eb52a90bb70b76e946b62f50b6f7fb85 |
| SHA1 | 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0 |
| SHA256 | 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4 |
| SHA512 | b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c |
/data/data/com.sckandar.android/databases/google_app_measurement_local.db-journal
| MD5 | c9d1cd5dd5deea16eea8838563d906da |
| SHA1 | cf574621c106c30c5bd9ee1c313552e5993d6d48 |
| SHA256 | 7a3a7741d37b7542ca00156621d4cc2f450fd807013a27313f4d43d9fd147ea7 |
| SHA512 | f99325480d89a86560e897c8b51fbf2aeee4ba72911635285ad7baa7bfde107460d0d54521fa4782ef066acf728c9db26ca23db169b63ecff47944c82d6aea28 |
/data/data/com.sckandar.android/databases/google_app_measurement_local.db-journal
| MD5 | 0b60b3a85ad1854aac9cbdbba197fc0a |
| SHA1 | 85d3513c34c4975a461549b3dacbb319a2427a4f |
| SHA256 | 10e659400b2568c22bdbff2f79833b0c26702e5ba133f78525da454810d2a054 |
| SHA512 | d1f0d17ee602f8096665e122aeebd0af4254774366a9d7bd13f65027c5ebdd65375e51bddace259ee72dbfc6a6d182dd87b42f70dee0ed087ad0a36e152d7149 |
/data/data/com.sckandar.android/databases/google_app_measurement_local.db-journal
| MD5 | 43fd1b52d148f2f20485089f1a22ac51 |
| SHA1 | 9ba7da505a60b2af4f65a38fab8e269e48ea61de |
| SHA256 | 96d800d1ad1f07fb4e7b951805add7402892e596eecbb15b28823b20123bed85 |
| SHA512 | 36ec5f8baa83772192327943eee100ca41c4685c7d778d1af37b261dd1ad62ddfe57b20d85abaa078b0d6c52edb883db2d1e07f78eb5234a81f34a11a25cff98 |
/data/data/com.sckandar.android/files/PersistedInstallation7230352468703446096tmp
| MD5 | 649219aec4b83d5a6b55538ca22e9561 |
| SHA1 | dc76991adb7002d536244469c47303c8a42e0409 |
| SHA256 | cc37b308ff61c202ca11c8ba21cc4784870fa98945c67e08d1e195aa2bf870f4 |
| SHA512 | b5e7bc01948975a186f1b1f0255629a5ce0d16077e082422b24f9bcc34a7221eed1eaa28c5d4df20645f6a2c09a629aa827ae13a9722eed81c7dedfda7cdcacd |
/data/data/com.sckandar.android/databases/google_app_measurement_local.db-journal
| MD5 | 7d2e571fbf1fc7832353a6726e987e36 |
| SHA1 | 54209510e534683dd727801df8a0832eea4a2195 |
| SHA256 | 61eabedf8fa20a8a8a7b08bda46b4dd8c08b3fc56cbb138e829f50a4bb7765f7 |
| SHA512 | 4abea5761211aa57a4b8f37a55a181218d8782a31fbf0c6838cc8d40431c5c5f4fe96d6c2f139e0d2945660546fffdc2fa3b1acafd1687d9dee3dbb9fe7dec2b |
/data/data/com.sckandar.android/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/com.sckandar.android/databases/google_app_measurement_local.db-journal
| MD5 | 03acbb0e3ba9b2a1aaa98d55b1604071 |
| SHA1 | 7e0433abcd77f5c1a55541beeaa0b8d9462a36da |
| SHA256 | 7325203576951dd2eeab5bacf8a6086e56e584356927f65656dad6b5a374901f |
| SHA512 | 3b6964652a426ef325d357f35263fe849f541da132bc0346ce3bb9dfa2e1f1105db272eb85eb1cd00d2b4ff67697dc1aee48953b4f81941b1829e08fbc4763a0 |
/data/data/com.sckandar.android/databases/google_app_measurement_local.db
| MD5 | 726c4716158d598351d83ce1b8047808 |
| SHA1 | a83f7c1a24acb09af12ab27937fee0a78776d5d7 |
| SHA256 | bc8881ca6e3de4d91d3f7bac23832cb4426f1c302f4d18612a675c9c2ab4a068 |
| SHA512 | 6041272de772c480e7bc3783a8a27c4a4ad0737852125ed9830e751eab46a67a7bf5a2f524fd9b02de6faec85194a60d541b8017db4fa7bf9d594d47423d4f12 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-20 00:22
Reported
2023-12-20 13:19
Platform
android-x64-arm64-20231215-en
Max time kernel
2271175s
Max time network
132s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
com.sckandar.android
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | udp | |
| GB | 142.250.178.10:443 | tcp | |
| GB | 142.250.178.10:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | scandarremote.xyz | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp |
Files
/data/user/0/com.sckandar.android/files/PersistedInstallation6917877492295856103tmp
| MD5 | f5cee7a76b0bcf2bbf56a21b382575be |
| SHA1 | 0119ce582a0a0d90032f3aedfcb2f2dd8088c504 |
| SHA256 | 45dc412e32e3fa9284954a067397881ebea57b3e67e6b534a6253f2158c2a338 |
| SHA512 | 958aa42e073f9369a40bb3581083cf5b29cc5960325cdb5bf388017a15cd8c2d542c92b94281170858b3b48d4e6acd8626a622f0a49ca5eade582f861ff7d8ab |
/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db-journal
| MD5 | 0429c253fcd831bc2294ce4114b86832 |
| SHA1 | 96e62991509897f2685c88dc0de5771e36f2d3e1 |
| SHA256 | 2f28ccb7c206d2b1417a886c6c5f861a35ef4f1a0dd91986fe541e9a580a736f |
| SHA512 | e0b835ee0e351a66530979115506d313d2f598b1c0a71a8a182dc242b332fb30afd6ad0abd1001e84fc99c535ceda868914e04c6658b8bf2b0c6306a01102a5b |
/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db
| MD5 | 73dde037d43818d6392e51665bee0446 |
| SHA1 | 79d2b7aaad055aaa21aa371d61b05684c2164073 |
| SHA256 | d8aa44c8b932aa136e23d352f22689c2173c343125e0e7588bb111fb635b30be |
| SHA512 | 95c88a7ca75a3f60fc3715bcac6a0a0f67bcf8a3a9fde5482f15e8da321521faf184548fc7a31df3f6019c48214b97a683b9fd7d0d2b1bd5595e50fb5d80f4fe |
/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db-journal
| MD5 | a5ba95d3a8c93c333aa74a8be5f820f8 |
| SHA1 | f061bd515d80463cfb26688e39c97d748b7b41a7 |
| SHA256 | dd054504316ebaf35fbc4c71ad39a356b4e6f26b79ed29017bb0421cbb6dcf9d |
| SHA512 | 6f0b5b24d6cd1263ece7361a7c6028f1cb780213fe1ced8c9d88a347a339e6cf4faa8f72ad731c5c15d1aaa0728131731a57ac229a09643ae71799b81aacae95 |
/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db-journal
| MD5 | 3417a07ba31fe728689e862481bfed71 |
| SHA1 | 0b5d563df783a0dd9b48e8b806d097fa8c08c7e6 |
| SHA256 | 9c2c4c1cfcdb3e6a601d235ed4edb759314b122ba94eeac41aae9950b7c35f15 |
| SHA512 | 84178849d1bd119be1a7afc51709b9be9a05f5f1025cea1535661bbd58a5583c505c0426ded695302305962aee8ebca671961498ec71e0f42b2cd8ae97f76a01 |
/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db-journal
| MD5 | aae3a6ff6d2947dc0e8b0444280bf987 |
| SHA1 | 4779554ec181724e4c2882157e1e7a18dc417858 |
| SHA256 | e894460f42865fbfb83fc5666f3532c48755961134cbc9ff4e1e6c691c6ec5ea |
| SHA512 | 3bff0ba94764048acb81249fc6b53da135c76571b3bd99bab5fe64f039ed5cf8a92576ef32e527de2d0500b132f8b5afe82abfffad6ee374bdb7c6b7a205a7e5 |
/data/user/0/com.sckandar.android/files/PersistedInstallation8642685985555183904tmp
| MD5 | ebb96c79bd2b44049e572a5b3777dc05 |
| SHA1 | c345e69cf040afc86e773fabe325132735d2f32d |
| SHA256 | 532bf61d369d06860309c5a3d611166d27e72a16b3d37f16d1d5d20028957fd0 |
| SHA512 | b89c068ce457a06f5a0e76349dc72ae42055b2d9c8d65700bc30131d0e492b47525601e838e8937edbfc5f12dab03fd614c42b325f908779704621b2dcbf78de |
/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db-journal
| MD5 | 13647b609fa879b15df00b7efd2411cf |
| SHA1 | 4b8cb33a6dbda89b64a36fc243170c9ba53c523b |
| SHA256 | f8f9966b2f8c823fa2b35b83ca5cfeba6f50cc085108dc63b1ba3dfb952016b7 |
| SHA512 | 6ed589571bb295713c9eea85c98ad6ff22c3c1186903509a26eb493b6f471258994b2f2b11c75816c52c40f2e861ac0d413c759cbbc29637da06c82c6bf8f837 |
/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db-journal
| MD5 | 353babd39b07369e51aa013f66a3da32 |
| SHA1 | f8f86f0fa59348a6f961c24f379179fe04c306b2 |
| SHA256 | 5cd60eef1f73ff90fc6c96681cf81d65c48d732816603a873d7f5095694d209d |
| SHA512 | bb50b75579e266c473bcb1b9c7f1755c5cf48ba72b90b4954044d9c641a36dc02811f52b1eb566b8355c07d12367e044ed58d16e2546a78e43999bb9d7d83b55 |
/data/user/0/com.sckandar.android/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db
| MD5 | d83c1f4cbac0b3034bea6a5c464ccf9d |
| SHA1 | 0329d48cd0c278dc8ee6dda136df459fc745362a |
| SHA256 | 7fd557efcd2857e4aabfb6d600fc845d34ba9ce5f7efdd5f9cf442c769094508 |
| SHA512 | e898943c16fe1cf81ad7b9edee470c7dfc799638957a1945e26d420fef13d89f380098010ae5bbb667f1cd2d79420a17faedfd2b9444be5fe6d8809c34d7235b |
/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db
| MD5 | 6a73126b30fed2c8e28b1bd6c8f93841 |
| SHA1 | ffcaad4e8806bc85f225517a114bb15bfcf4c6c9 |
| SHA256 | a4d52d75278848264ae503fa3cf0eddee4fb9d5772492dd8af92887b946cc822 |
| SHA512 | a69a12f1222f767e0bd155f1489832e55dde67251695e5781a644c9ebdf45e04d922f59cad31cbc391ba4bec382e991b462c451fb1d5fa0e83c331762acc6bb6 |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-20 00:22
Reported
2023-12-20 17:12
Platform
android-x86-arm-20231215-en
Max time kernel
2285131s
Max time network
130s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
com.sckandar.android
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 216.58.201.110:443 | tcp | |
| FR | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | scandarremote.xyz | udp |
Files
/data/data/com.sckandar.android/files/PersistedInstallation6141121134997643351tmp
| MD5 | fa003f13152e2dc42230563af8383c59 |
| SHA1 | 630ff64b5571950b13586150469a047c445b7eb2 |
| SHA256 | 1d7c9ae0aa16c7451347c88144b29c7fd0d2026630251c3e22b40b3e7b3bc741 |
| SHA512 | ff0b1b2f987cf453721c9ac29d453c8a6b13dfb5fc1ac119dda8fd617368442f14067afdd0fa4be54574565b5f5827b80c904ce99050634311b1feee0013678a |
/data/data/com.sckandar.android/databases/google_app_measurement_local.db-journal
| MD5 | 13e15e76a580eb121b0c939bb4bd9518 |
| SHA1 | 9373f47b437b8c40a104bd39c43e42da7cb054e9 |
| SHA256 | 40d335262d6ba086311283cad63b868a3f1bcd476a8647aef5842fbf40404f33 |
| SHA512 | 119716eb653091a947d6890fbc240ef943d9616d2657799c5430c57204d3f630af99ccc3fae09c861378b3be1187ea059492e8fa0b56ea2e39d49cb524e00d59 |
/data/data/com.sckandar.android/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/com.sckandar.android/databases/google_app_measurement_local.db-wal
| MD5 | b77b9fc5f96e37c6114da2e2be6d6cb8 |
| SHA1 | 90d1235d99bab5c4aa3eee6aed2bab8d34f79d22 |
| SHA256 | 884873951b5f7b14627c1708a798f7e872bdde8e5474a3d9ef807bc7943dee9b |
| SHA512 | ac699f947afe44691eb0012480fb67594e3e790884a194151a5880b60070df1de795a13dd4415e7e58adf8e508d130fbad26852b7be9bb56b8193cce13a758f1 |
/data/data/com.sckandar.android/files/PersistedInstallation3173853543847265605tmp
| MD5 | afad88f134fea4c924b2db896264d9cf |
| SHA1 | 5cd44c365717a3a4627c1ecfe4c489316226362c |
| SHA256 | c335f3922f87605b88751bdb988d5b17c8d7a0584e6bdeff8dd15c92de6ee74c |
| SHA512 | c65a070f79cf929522c1a1210e86402fec882f687f011a3cbc8d3f87d0c1eb242fc936d2c89539bf9fdb1171f59ed8d01fcfdb2bd0188dbecbbfcbc1dfb27f2a |
/data/data/com.sckandar.android/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/com.sckandar.android/databases/google_app_measurement_local.db-wal
| MD5 | c44647d4f29ecbf94c43e10b1f631f82 |
| SHA1 | 46e00b9d35cca348a109afd9ecc063d5611962fd |
| SHA256 | 5e4d22da8d825d36d904d78d91206e87941df4e764028b8e48b56fd560d75c04 |
| SHA512 | 097ce916a34421798c3298e648684165d6e4d0941a673b14e1364a5bedaa7325081a0b1c767adbeed2b5a46c30c0e876d2df764d4039e75b4979ea4b5c2e3fc8 |
/data/data/com.sckandar.android/databases/google_app_measurement_local.db
| MD5 | bd9dad5748c3d403cd56c493e436377f |
| SHA1 | 0de4e6c4054edafbdf1d8e40ea3ba5eca24786d4 |
| SHA256 | 64142815f18d10008b920264787712ab0ce96cc7d0316f0c15c8cf58b3e5eed3 |
| SHA512 | 4103c725fb48c2aee300b68340d96f4eb722532b3b653b741099a83963c8cb2a39c0a7125c6521ee1939377fe0cd4062d003994a1bb6b9de1eaacb86f1ef02f7 |