Malware Analysis Report

2025-01-19 06:25

Sample ID 231220-an9bjabgdq
Target 73ec42013f549f3b709852770c9e2769a56943173d304f939f6bcdf567cda4f1
SHA256 73ec42013f549f3b709852770c9e2769a56943173d304f939f6bcdf567cda4f1
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

73ec42013f549f3b709852770c9e2769a56943173d304f939f6bcdf567cda4f1

Threat Level: Known bad

The file 73ec42013f549f3b709852770c9e2769a56943173d304f939f6bcdf567cda4f1 was found to be: Known bad.

Malicious Activity Summary

irata

Irata payload

Irata family

Requests dangerous framework permissions

Acquires the wake lock

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-20 00:22

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-20 00:22

Reported

2023-12-20 13:19

Platform

android-x64-20231215-en

Max time kernel

2271143s

Max time network

148s

Command Line

com.sckandar.android

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

com.sckandar.android

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 scandarremote.xyz udp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
FR 216.58.204.78:443 tcp
FR 216.58.201.98:443 tcp

Files

/data/data/com.sckandar.android/files/PersistedInstallation8309861323326626995tmp

MD5 902d20c2db2729131c7073c188183ae0
SHA1 c49241ae6432518e3e3da4dea8619fe962614002
SHA256 d1567c3c6d0fb493d241eeaf3a4267e42339ce72d2344fc357aff77185bd6044
SHA512 cd1c5d13a07838bbbec3d263ed3df3987f83d5514328905112df81293ab07647c11a35d7e67f6b28714b905f4a64f1b8e12da50c92c86ec2c4c0332b94a60774

/data/data/com.sckandar.android/databases/google_app_measurement_local.db-journal

MD5 e5388f793db94c30d8c1586cc5ab7143
SHA1 26945a5a746cd85be6242d463e804de3ad738685
SHA256 c081f9faf87f3bd800cdfbf461c4a0add6e270186d25c323f64c6d728732781f
SHA512 9bc03a7b6f6943dffd708355d32e324560b791eaf915c1ce6c626f74b1a6fb034ff00294706beaad698fd15e9826a46be9d967fd7345f013ead1664a3ac5a183

/data/data/com.sckandar.android/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.sckandar.android/databases/google_app_measurement_local.db-journal

MD5 c9d1cd5dd5deea16eea8838563d906da
SHA1 cf574621c106c30c5bd9ee1c313552e5993d6d48
SHA256 7a3a7741d37b7542ca00156621d4cc2f450fd807013a27313f4d43d9fd147ea7
SHA512 f99325480d89a86560e897c8b51fbf2aeee4ba72911635285ad7baa7bfde107460d0d54521fa4782ef066acf728c9db26ca23db169b63ecff47944c82d6aea28

/data/data/com.sckandar.android/databases/google_app_measurement_local.db-journal

MD5 0b60b3a85ad1854aac9cbdbba197fc0a
SHA1 85d3513c34c4975a461549b3dacbb319a2427a4f
SHA256 10e659400b2568c22bdbff2f79833b0c26702e5ba133f78525da454810d2a054
SHA512 d1f0d17ee602f8096665e122aeebd0af4254774366a9d7bd13f65027c5ebdd65375e51bddace259ee72dbfc6a6d182dd87b42f70dee0ed087ad0a36e152d7149

/data/data/com.sckandar.android/databases/google_app_measurement_local.db-journal

MD5 43fd1b52d148f2f20485089f1a22ac51
SHA1 9ba7da505a60b2af4f65a38fab8e269e48ea61de
SHA256 96d800d1ad1f07fb4e7b951805add7402892e596eecbb15b28823b20123bed85
SHA512 36ec5f8baa83772192327943eee100ca41c4685c7d778d1af37b261dd1ad62ddfe57b20d85abaa078b0d6c52edb883db2d1e07f78eb5234a81f34a11a25cff98

/data/data/com.sckandar.android/files/PersistedInstallation7230352468703446096tmp

MD5 649219aec4b83d5a6b55538ca22e9561
SHA1 dc76991adb7002d536244469c47303c8a42e0409
SHA256 cc37b308ff61c202ca11c8ba21cc4784870fa98945c67e08d1e195aa2bf870f4
SHA512 b5e7bc01948975a186f1b1f0255629a5ce0d16077e082422b24f9bcc34a7221eed1eaa28c5d4df20645f6a2c09a629aa827ae13a9722eed81c7dedfda7cdcacd

/data/data/com.sckandar.android/databases/google_app_measurement_local.db-journal

MD5 7d2e571fbf1fc7832353a6726e987e36
SHA1 54209510e534683dd727801df8a0832eea4a2195
SHA256 61eabedf8fa20a8a8a7b08bda46b4dd8c08b3fc56cbb138e829f50a4bb7765f7
SHA512 4abea5761211aa57a4b8f37a55a181218d8782a31fbf0c6838cc8d40431c5c5f4fe96d6c2f139e0d2945660546fffdc2fa3b1acafd1687d9dee3dbb9fe7dec2b

/data/data/com.sckandar.android/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.sckandar.android/databases/google_app_measurement_local.db-journal

MD5 03acbb0e3ba9b2a1aaa98d55b1604071
SHA1 7e0433abcd77f5c1a55541beeaa0b8d9462a36da
SHA256 7325203576951dd2eeab5bacf8a6086e56e584356927f65656dad6b5a374901f
SHA512 3b6964652a426ef325d357f35263fe849f541da132bc0346ce3bb9dfa2e1f1105db272eb85eb1cd00d2b4ff67697dc1aee48953b4f81941b1829e08fbc4763a0

/data/data/com.sckandar.android/databases/google_app_measurement_local.db

MD5 726c4716158d598351d83ce1b8047808
SHA1 a83f7c1a24acb09af12ab27937fee0a78776d5d7
SHA256 bc8881ca6e3de4d91d3f7bac23832cb4426f1c302f4d18612a675c9c2ab4a068
SHA512 6041272de772c480e7bc3783a8a27c4a4ad0737852125ed9830e751eab46a67a7bf5a2f524fd9b02de6faec85194a60d541b8017db4fa7bf9d594d47423d4f12

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-20 00:22

Reported

2023-12-20 13:19

Platform

android-x64-arm64-20231215-en

Max time kernel

2271175s

Max time network

132s

Command Line

com.sckandar.android

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

com.sckandar.android

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 udp
GB 142.250.178.10:443 tcp
GB 142.250.178.10:443 tcp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 scandarremote.xyz udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp

Files

/data/user/0/com.sckandar.android/files/PersistedInstallation6917877492295856103tmp

MD5 f5cee7a76b0bcf2bbf56a21b382575be
SHA1 0119ce582a0a0d90032f3aedfcb2f2dd8088c504
SHA256 45dc412e32e3fa9284954a067397881ebea57b3e67e6b534a6253f2158c2a338
SHA512 958aa42e073f9369a40bb3581083cf5b29cc5960325cdb5bf388017a15cd8c2d542c92b94281170858b3b48d4e6acd8626a622f0a49ca5eade582f861ff7d8ab

/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db-journal

MD5 0429c253fcd831bc2294ce4114b86832
SHA1 96e62991509897f2685c88dc0de5771e36f2d3e1
SHA256 2f28ccb7c206d2b1417a886c6c5f861a35ef4f1a0dd91986fe541e9a580a736f
SHA512 e0b835ee0e351a66530979115506d313d2f598b1c0a71a8a182dc242b332fb30afd6ad0abd1001e84fc99c535ceda868914e04c6658b8bf2b0c6306a01102a5b

/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db

MD5 73dde037d43818d6392e51665bee0446
SHA1 79d2b7aaad055aaa21aa371d61b05684c2164073
SHA256 d8aa44c8b932aa136e23d352f22689c2173c343125e0e7588bb111fb635b30be
SHA512 95c88a7ca75a3f60fc3715bcac6a0a0f67bcf8a3a9fde5482f15e8da321521faf184548fc7a31df3f6019c48214b97a683b9fd7d0d2b1bd5595e50fb5d80f4fe

/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db-journal

MD5 a5ba95d3a8c93c333aa74a8be5f820f8
SHA1 f061bd515d80463cfb26688e39c97d748b7b41a7
SHA256 dd054504316ebaf35fbc4c71ad39a356b4e6f26b79ed29017bb0421cbb6dcf9d
SHA512 6f0b5b24d6cd1263ece7361a7c6028f1cb780213fe1ced8c9d88a347a339e6cf4faa8f72ad731c5c15d1aaa0728131731a57ac229a09643ae71799b81aacae95

/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db-journal

MD5 3417a07ba31fe728689e862481bfed71
SHA1 0b5d563df783a0dd9b48e8b806d097fa8c08c7e6
SHA256 9c2c4c1cfcdb3e6a601d235ed4edb759314b122ba94eeac41aae9950b7c35f15
SHA512 84178849d1bd119be1a7afc51709b9be9a05f5f1025cea1535661bbd58a5583c505c0426ded695302305962aee8ebca671961498ec71e0f42b2cd8ae97f76a01

/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db-journal

MD5 aae3a6ff6d2947dc0e8b0444280bf987
SHA1 4779554ec181724e4c2882157e1e7a18dc417858
SHA256 e894460f42865fbfb83fc5666f3532c48755961134cbc9ff4e1e6c691c6ec5ea
SHA512 3bff0ba94764048acb81249fc6b53da135c76571b3bd99bab5fe64f039ed5cf8a92576ef32e527de2d0500b132f8b5afe82abfffad6ee374bdb7c6b7a205a7e5

/data/user/0/com.sckandar.android/files/PersistedInstallation8642685985555183904tmp

MD5 ebb96c79bd2b44049e572a5b3777dc05
SHA1 c345e69cf040afc86e773fabe325132735d2f32d
SHA256 532bf61d369d06860309c5a3d611166d27e72a16b3d37f16d1d5d20028957fd0
SHA512 b89c068ce457a06f5a0e76349dc72ae42055b2d9c8d65700bc30131d0e492b47525601e838e8937edbfc5f12dab03fd614c42b325f908779704621b2dcbf78de

/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db-journal

MD5 13647b609fa879b15df00b7efd2411cf
SHA1 4b8cb33a6dbda89b64a36fc243170c9ba53c523b
SHA256 f8f9966b2f8c823fa2b35b83ca5cfeba6f50cc085108dc63b1ba3dfb952016b7
SHA512 6ed589571bb295713c9eea85c98ad6ff22c3c1186903509a26eb493b6f471258994b2f2b11c75816c52c40f2e861ac0d413c759cbbc29637da06c82c6bf8f837

/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db-journal

MD5 353babd39b07369e51aa013f66a3da32
SHA1 f8f86f0fa59348a6f961c24f379179fe04c306b2
SHA256 5cd60eef1f73ff90fc6c96681cf81d65c48d732816603a873d7f5095694d209d
SHA512 bb50b75579e266c473bcb1b9c7f1755c5cf48ba72b90b4954044d9c641a36dc02811f52b1eb566b8355c07d12367e044ed58d16e2546a78e43999bb9d7d83b55

/data/user/0/com.sckandar.android/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db

MD5 d83c1f4cbac0b3034bea6a5c464ccf9d
SHA1 0329d48cd0c278dc8ee6dda136df459fc745362a
SHA256 7fd557efcd2857e4aabfb6d600fc845d34ba9ce5f7efdd5f9cf442c769094508
SHA512 e898943c16fe1cf81ad7b9edee470c7dfc799638957a1945e26d420fef13d89f380098010ae5bbb667f1cd2d79420a17faedfd2b9444be5fe6d8809c34d7235b

/data/user/0/com.sckandar.android/databases/google_app_measurement_local.db

MD5 6a73126b30fed2c8e28b1bd6c8f93841
SHA1 ffcaad4e8806bc85f225517a114bb15bfcf4c6c9
SHA256 a4d52d75278848264ae503fa3cf0eddee4fb9d5772492dd8af92887b946cc822
SHA512 a69a12f1222f767e0bd155f1489832e55dde67251695e5781a644c9ebdf45e04d922f59cad31cbc391ba4bec382e991b462c451fb1d5fa0e83c331762acc6bb6

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-20 00:22

Reported

2023-12-20 17:12

Platform

android-x86-arm-20231215-en

Max time kernel

2285131s

Max time network

130s

Command Line

com.sckandar.android

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

com.sckandar.android

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
FR 216.58.201.110:443 tcp
FR 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 scandarremote.xyz udp

Files

/data/data/com.sckandar.android/files/PersistedInstallation6141121134997643351tmp

MD5 fa003f13152e2dc42230563af8383c59
SHA1 630ff64b5571950b13586150469a047c445b7eb2
SHA256 1d7c9ae0aa16c7451347c88144b29c7fd0d2026630251c3e22b40b3e7b3bc741
SHA512 ff0b1b2f987cf453721c9ac29d453c8a6b13dfb5fc1ac119dda8fd617368442f14067afdd0fa4be54574565b5f5827b80c904ce99050634311b1feee0013678a

/data/data/com.sckandar.android/databases/google_app_measurement_local.db-journal

MD5 13e15e76a580eb121b0c939bb4bd9518
SHA1 9373f47b437b8c40a104bd39c43e42da7cb054e9
SHA256 40d335262d6ba086311283cad63b868a3f1bcd476a8647aef5842fbf40404f33
SHA512 119716eb653091a947d6890fbc240ef943d9616d2657799c5430c57204d3f630af99ccc3fae09c861378b3be1187ea059492e8fa0b56ea2e39d49cb524e00d59

/data/data/com.sckandar.android/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.sckandar.android/databases/google_app_measurement_local.db-wal

MD5 b77b9fc5f96e37c6114da2e2be6d6cb8
SHA1 90d1235d99bab5c4aa3eee6aed2bab8d34f79d22
SHA256 884873951b5f7b14627c1708a798f7e872bdde8e5474a3d9ef807bc7943dee9b
SHA512 ac699f947afe44691eb0012480fb67594e3e790884a194151a5880b60070df1de795a13dd4415e7e58adf8e508d130fbad26852b7be9bb56b8193cce13a758f1

/data/data/com.sckandar.android/files/PersistedInstallation3173853543847265605tmp

MD5 afad88f134fea4c924b2db896264d9cf
SHA1 5cd44c365717a3a4627c1ecfe4c489316226362c
SHA256 c335f3922f87605b88751bdb988d5b17c8d7a0584e6bdeff8dd15c92de6ee74c
SHA512 c65a070f79cf929522c1a1210e86402fec882f687f011a3cbc8d3f87d0c1eb242fc936d2c89539bf9fdb1171f59ed8d01fcfdb2bd0188dbecbbfcbc1dfb27f2a

/data/data/com.sckandar.android/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.sckandar.android/databases/google_app_measurement_local.db-wal

MD5 c44647d4f29ecbf94c43e10b1f631f82
SHA1 46e00b9d35cca348a109afd9ecc063d5611962fd
SHA256 5e4d22da8d825d36d904d78d91206e87941df4e764028b8e48b56fd560d75c04
SHA512 097ce916a34421798c3298e648684165d6e4d0941a673b14e1364a5bedaa7325081a0b1c767adbeed2b5a46c30c0e876d2df764d4039e75b4979ea4b5c2e3fc8

/data/data/com.sckandar.android/databases/google_app_measurement_local.db

MD5 bd9dad5748c3d403cd56c493e436377f
SHA1 0de4e6c4054edafbdf1d8e40ea3ba5eca24786d4
SHA256 64142815f18d10008b920264787712ab0ce96cc7d0316f0c15c8cf58b3e5eed3
SHA512 4103c725fb48c2aee300b68340d96f4eb722532b3b653b741099a83963c8cb2a39c0a7125c6521ee1939377fe0cd4062d003994a1bb6b9de1eaacb86f1ef02f7