Malware Analysis Report

2025-01-19 06:24

Sample ID 231220-bzz3nsefgm
Target 7925e578438caee171ea09986b7b5189ef550d2b009ca556ef9895acf678e865
SHA256 7925e578438caee171ea09986b7b5189ef550d2b009ca556ef9895acf678e865
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7925e578438caee171ea09986b7b5189ef550d2b009ca556ef9895acf678e865

Threat Level: Known bad

The file 7925e578438caee171ea09986b7b5189ef550d2b009ca556ef9895acf678e865 was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests dangerous framework permissions

Acquires the wake lock

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-20 01:35

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-20 01:35

Reported

2023-12-21 02:28

Platform

android-x86-arm-20231215-en

Max time kernel

2318544s

Max time network

130s

Command Line

net.LydiaTeam

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

net.LydiaTeam

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 erbilqh.xyz udp
FR 216.58.201.110:443 tcp
FR 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
DE 45.147.230.25:80 tcp

Files

/data/data/net.LydiaTeam/files/PersistedInstallation492789917615057752tmp

MD5 51fc3239e8cd0abec873cec4ddc274b3
SHA1 6468b130ed1a0a954bf3f2a01050c283c3c9dc4b
SHA256 35a3e9e0b31e6604d2b1ce6cd024b8de27d1d298ee83457c6aa27118e2cf1fa9
SHA512 e297e7e8ca04a14be403abd0b7a073aaddbfe93f700730162a53e28a863dcabb420dc5129a6356477a5540589876aabe25703466713792e3c0ffe3394db3510c

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 3031e1a949a39db5d948bb1f5bd6d368
SHA1 d9fa545ef0726b67f494363d455fc37e118fe73a
SHA256 358f097a0bb9d5b09ab23ba01c150e5139ba3b8c698d5673882e5124e63d0b33
SHA512 38f12a150e2c74af21f43344f80746ce5785f5973a0f746b80da2eb936a2d772f6e0b5a54f9e0d2e0f97fcc67a7cfe0bc0c973718995f48c0ccb27ba9b0f08c1

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-wal

MD5 8489c4e8a3b98814259ef35639e09a6e
SHA1 024732333ce0a8178ccf5050874ff29579d86d33
SHA256 9f2eb5e02d608555937ba13e9e17e01b85711ba3d0e90123404f08ec70109b54
SHA512 5d97456449abe3138181a2cd32b8f13faa3433b9d28e098912b7fb36f1413c6c88b66185dcd386d85b726da497d8cc3b7d7f0f20996fda645d67107908ec4dea

/data/data/net.LydiaTeam/files/PersistedInstallation4417598595562571330tmp

MD5 5385f30e5824aace6ad299c03af4ae1d
SHA1 7f2d8de89d6acc1d9b1356a25cda9467dfde3c1a
SHA256 aa509d73c92450b873198f86ca9b8c7f3ef19b733db14014775a9343c27b7073
SHA512 cd060e0b69de9a44d332743fbff3ab3138f09f4d042bd34918b1198e177727da15bebb8b38599da08c3c519b682089c18b41e1c747e9d950763f9ac5f244b672

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-wal

MD5 57e060459761240ac94ffdbbfdf91cf1
SHA1 fc727be4cd8f83044e4180b3385d8cd37f2a3e1d
SHA256 6e91d80bff638083731a89898e86c8c2d5f7e2fdbae224fd39179ac2874ac6e5
SHA512 265d47a63dc52f3820cfbe632aec8355b477c03a6d98697e15e04369fa3613ecd3ac11eec1aba9a2d91e9a2721b001de45edcf077e99f654c8f3ffb8ee446f0a

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db

MD5 54e1049b9086738fca305104587f8a82
SHA1 bbd18c0adc5cd023ebcaae3f9e970f16288a1169
SHA256 18f07586d58afc4239b03587b3a6a84a40a0eff18a1eb76ae49068b5b7056a54
SHA512 90a02455eb98446ddd2aab714f5c2237efe3d07b3bda3cf99a40c08c941896e444e755e353a0caca3ff49d7811e20d15e468930be11badf5359ebe0d5fcbde8e

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-wal

MD5 9c3dcdaa738ab8d5fe8e0d6706d892bd
SHA1 b601594fd8cc4e264bb9971ef4a58664878e7f21
SHA256 6cc6a548eff0a3c5b66894445e773da23bb27c427ccb1f520b9cb1b73fd67a18
SHA512 b6f2d1a0f90aa72027b0281e9089a2d8d154843a583817aa2167bb65c4e1e2a0bc1ff178a7aa6b8831f1bb2ba064c49317744c8ba192cc14d26dbfe7eda7b805

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db

MD5 1341141f7c84292e0ffc780b2148d523
SHA1 2a98dd53af99ae5338dc1fba10d3989c26ee9fe9
SHA256 e5e21cb5c9c7b16170682872cbca4b13b8f743df7ab5436760c35cc0052475f9
SHA512 9c82a102b0481e36df3e3ecbed615a02d913c5e653241ea3efc3712bdb321a85d683d53f4ed56e89a1fc661d809142863b9be04e0ba75c489d29c908ce2d9799

/data/data/net.LydiaTeam/files/LydiaTeam11112222333344445555

MD5 570120d1d3086969f0f7c9b65cdea0b5
SHA1 086c50ee46a8a1aa5d026ff3730622c9e12188bf
SHA256 4f4c9ef111ed00688e0ddd209e27bd6bdf941593ecea40576c8284e6888c4bfb
SHA512 d0684c7d3ecc0ee5bad68de5a734638da4bab6bcba2d08d03ff0e0edac7f264a827d26b4f4540d715b1b0ba53e003023682b4fef28ada814a3b324ed702eae92

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-20 01:35

Reported

2023-12-20 18:26

Platform

android-x64-20231215-en

Max time kernel

2289663s

Max time network

161s

Command Line

net.LydiaTeam

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

net.LydiaTeam

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 erbilqh.xyz udp
DE 45.147.230.25:80 tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/data/net.LydiaTeam/files/PersistedInstallation7858835840779700042tmp

MD5 edda73532f63985706266f66ae5ff57d
SHA1 f83a21a27c9268ce99c1a7bc841750ed3d437fa3
SHA256 7e8bbdb07610725d8e5a965d5b539635c086b7a5a01f1964239a26e3edafa82b
SHA512 46690f452e9ea969a9c4b10533ab4477f979a7bc9d40ce7b5c66f143b6fceb6c056bdb0a41182a803f61d87e5eb8d99e0c360b6cbbc454901c16be66895984ca

/data/data/net.LydiaTeam/files/PersistedInstallation8134301638908991979tmp

MD5 058056abf43a9a70d8ee1f1939cf1bf6
SHA1 5b268aeec8f12b82f18ee5b32d74b5543a1bac18
SHA256 3938179b06fb253076d3d4c321a80236b9746611d0e83cfaf0bbe95b79f50320
SHA512 f81f2a4d3354f619e85b1e960121ba65beed6c75f424349c5ba7faac5498ec62b798ec5b06fcd75e8570229fdb151478ff74c7d2adf0648b097be84b2e83d52b

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 9c6281a20c972e8cd387b82c7d6b1183
SHA1 ba217dee25d7de0b9eae2fb0681fe41bcdd5cb2d
SHA256 0109652e2aa60bb7eef32c552611b00161254b09cf00224c3165fabcea0fd520
SHA512 3f617473b60436381f4097fcb09d28afc63c50a6ed6393de8e419fcd983996cb63c61dd6ea1a20e23fb464c5a8f0a5e64325a1351704411a4062cbd61b47c1dd

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db

MD5 163b0e3f017becbc89b9d7f330b78f09
SHA1 1ef9cd8ac8655190468d0ccece0a4738634ab0f9
SHA256 cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36
SHA512 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 540b8dec86d0cff8872fa89e8c73355b
SHA1 ef64da4301fdc7804b85b517d2b87f761e95a772
SHA256 8685ab4480f63e57fe3eb38cb1032d6d4a3987530ca08c99d4198d355fbe6dea
SHA512 c823f246d1221b72f5ced839bc73ccfd1893132b704dae01e77a9ee9ea943092f3a9dd75c3a8672ed00ca3e68a33657ad3f80e404c003a0fb452d2d5b746b70e

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 e141a3597106ef775766c505e1a51915
SHA1 6850cd73533c6d42ab046fdcf238c027813b7193
SHA256 f863bcf650d31a4e57f985e15e7593e634ac26ca9064f07a40e99db0941cc321
SHA512 44c66ab82b319dafd9cb7f4a715be983ec676d0ba07300b9113473d0529182aeff5e0206308fa5b1866304e084584341829794d2ed124502496f32f7c4804039

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 2a0bc2c2f06668b599b483c6bb387c76
SHA1 02e001ee1d46b1bf17961a0a09ef49802ac3c9d6
SHA256 35d37cbc0be8155239fe273b6de09f4476b830db241443c3b12e798742c27e1e
SHA512 b55361d8ebbcbede5dab8f89a0f83794e71dbc7899fc616cc8d25862a1a52fad35246802b661d4cbe0cc75b1c4e1689f8d2c6da35421dfe5b40245d00fa08f5f

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 c9db69b58da7534148ea99ac2ed850ad
SHA1 275bbcbf368ff73fef055f4a384e386f0a7099fb
SHA256 ce304f63ba2485e1a858e00935f548dbf98bd78531afa4bd168512057ad9f09d
SHA512 3c3d01dcb1e09334c6a2a97020fad9e1b6ffb242a73ce10395fdc3ee5838d12ce52fa28ec37dedb2f14d49ef9080c3922c0e60ed994041418160f52cd0619afb

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 ac5088ff5e964302de6d61d3b95be2fb
SHA1 ed1a2d2f9d22d274b51866b77576ad3143315763
SHA256 3ee6c6bbbd8e717338d7e28540809898b0aeb7beb18497c12c897aa56e9d3506
SHA512 f7f325471fb0a2e16e2fc8fb0d8a24aae83f2a0b81c4293b783d319011d67986e89c0f7664fd4e98709e32c5e3409a2d7827f1e026f9ce52417bcec682d2acba

/data/data/net.LydiaTeam/databases/google_app_measurement_local.db

MD5 a4e3a47cfdddd95f73ff2c13f2a8ee40
SHA1 c673204ab3abaf3ce0d53c28fddab6145d0bd3f0
SHA256 4aa6ead86eff19a3f10e8b5944336d37dee9b2d77d0964154585f1b0e29ce8f5
SHA512 e9186886e842994b561d92851c916eba08895d0ca50d406e5c1b412b0babe1adca81b905af0578b1408bac57f62ead0cfb5ee2a6d58552e47cddc74c20cbe4b7

/data/data/net.LydiaTeam/files/LydiaTeam11112222333344445555

MD5 570120d1d3086969f0f7c9b65cdea0b5
SHA1 086c50ee46a8a1aa5d026ff3730622c9e12188bf
SHA256 4f4c9ef111ed00688e0ddd209e27bd6bdf941593ecea40576c8284e6888c4bfb
SHA512 d0684c7d3ecc0ee5bad68de5a734638da4bab6bcba2d08d03ff0e0edac7f264a827d26b4f4540d715b1b0ba53e003023682b4fef28ada814a3b324ed702eae92

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-20 01:35

Reported

2023-12-20 18:26

Platform

android-x64-arm64-20231215-en

Max time kernel

2289658s

Max time network

132s

Command Line

net.LydiaTeam

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

net.LydiaTeam

Network

Country Destination Domain Proto
GB 216.58.213.14:443 tcp
GB 216.58.213.14:443 tcp
GB 216.58.213.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.234:443 udp
GB 142.250.187.238:443 udp
GB 142.250.187.234:443 tcp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 erbilqh.xyz udp
DE 45.147.230.25:80 tcp
FR 216.58.201.100:443 tcp
FR 216.58.201.100:443 tcp

Files

/data/user/0/net.LydiaTeam/files/PersistedInstallation8501717908209075540tmp

MD5 1377706e4bcbed2d281ac5df433a28f3
SHA1 0ff2d407278d5858a1abc70d29e6efa6dd64f544
SHA256 574d235fb32e9339a1da270a3da43a84d9d578b3180c019e940714a3c00f31c6
SHA512 1bfef49041270cae583f7008f8641594e1d6c58fd5e3b29e2a7173af3e3bca2328cc8196c8620ca2d792a79f3046fbc121cbd45328942dc58653be209abfb40c

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 bc79de573a8e966f584e52ee294a7da5
SHA1 1ce8609d3eb6b7749e0be846de9fe55d16d54d3e
SHA256 e0548fea2572e36f3edcda9da29fa8b7b0bd30d8e4f1c8a08f6a6929f14afa74
SHA512 208ca4cfc0a93f9f70b30dec46282812b84787d03efbe60e53b8929fc0b326442e073bd9897f612bdfee9569a10bf4efb336f847408de8fa02f634b356213167

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db

MD5 73dde037d43818d6392e51665bee0446
SHA1 79d2b7aaad055aaa21aa371d61b05684c2164073
SHA256 d8aa44c8b932aa136e23d352f22689c2173c343125e0e7588bb111fb635b30be
SHA512 95c88a7ca75a3f60fc3715bcac6a0a0f67bcf8a3a9fde5482f15e8da321521faf184548fc7a31df3f6019c48214b97a683b9fd7d0d2b1bd5595e50fb5d80f4fe

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 587213e23212b604682c02ec55cae878
SHA1 0382a866557f618d43bd05828203a7970fea1302
SHA256 a296d5205906bc7e2e92d3baa0a83e07e74796a59772ac3968b2ba3acb989ba3
SHA512 a536a641d38f3e5c1b08a4275b8d32dcd85f6207a85777f4bbac7888f24879c9e6279110c58ddac3a9a27fc627f87a91a58871889ad542a4ad96004c546a6f81

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 280dbc8feb451a3cb993592e6617ff74
SHA1 b3ac261459f0bfee73efa1865bfbbe70612a3383
SHA256 1d6d542fe64a50c80a062c001da75ca44a20d657b1062a2fcd955b1408c1168a
SHA512 82a097cb619f549dddb6b82dbab24b8b949b28701f7dd4b86439499f97e0f5fe94f2ec69a40a3a09700e0e42c515ffc2ef97ef73c15d200d34a2534e070729c9

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 f4681f8acbc4c496d56c7a87430dbbe5
SHA1 edf8048d0723b9a57b1535348e9086f76fdaf64e
SHA256 6d85b246426ffc7cfac356b6954e0ad6be62e4e27dae0f2043605aa4b5e3b901
SHA512 0b25858f7e913e93915da8c11fede6779aaed4f3e7630935ce284fc27649adc6f51aa6c123a435457ffca87ebdd75ee01a20049ad266176e70b18e4d8fdc0954

/data/user/0/net.LydiaTeam/files/PersistedInstallation2071327122953262210tmp

MD5 32817bc67a7f93af0d8804ed7b341b72
SHA1 5682675884654f7b7435f5de7eadd77656fb0a4f
SHA256 8be6aa1b7be6b00b8441ed229674007da50963871c76f3f8902e3f1350fd3699
SHA512 f31cb08279837e52acf39fca082e3bfb4941a68d7d58e633ecade709edef173ff35aab49ef63bf41583f0e9a6099bcc62030c6f0088882252caa6fa8b75ccbca

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 408e032b34962cc380e1bdafa9ca036b
SHA1 34607dac22d571ee437290c49f84b0c319873e31
SHA256 493cd7653d3845c16323eb3be9a610caaea60ba3234f23cbe1eb0eaf215be4b0
SHA512 6e27a52da0c70075e92797504fa7908415ac613042e4e146a918dddf1ab43b954dc6c44f74638a293b4144fb9caf63abc48fab8739034d57fcc316de1bbe3684

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db-journal

MD5 b863ea2e17878c648a6b66c56f76c215
SHA1 fc7a7fea2e470070499330ebb355fb67f0e6311e
SHA256 ff4a484b7ee5d6b0fb948d6bd7dae41180ed79e57aabdf5b1321d9db506527f1
SHA512 905f1d605eb193ce763d906eb4fb9dc7ce21d263bf16363c8ebbcbaa40f61abb8c514d05462f88fb878f69566c0683d6e89ea30a60541122c1d5d62179c1744e

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db

MD5 990bee7836c6c547ef36be519d9e2c99
SHA1 d6baf408e5186495ef67461a1f9336664d0f9d7c
SHA256 50d11f33141902a8fbfdd5b90a31845224b18a3ee44dc32ea692cf013cb768d4
SHA512 6897d2e0f02ccb7eac1b430221273d1e7c0bd54e173bf6caa1881e6d1857424c07082efabc2aee9698eb3e263fee1811d5dd4161cff208255067ccb7d7a20f98

/data/user/0/net.LydiaTeam/databases/google_app_measurement_local.db

MD5 7a362b8ff060deecd4d01679a0d1bd0c
SHA1 06ec0fe505c1fdf4f2e3a16845680d79d6f79829
SHA256 583780685f77eba62c0e0ce35343769ab6b9b03e87f6eeeba853d0df4539547b
SHA512 1b815f29d8d26d178c474200bafdfa0accfa2e0e3155f1a56f3c73db8a7aff102bf7e0693b20aa04eb0f753812e813fb3bee8624f9c265317d87fb7dea8ed39d

/data/user/0/net.LydiaTeam/files/LydiaTeam11112222333344445555

MD5 570120d1d3086969f0f7c9b65cdea0b5
SHA1 086c50ee46a8a1aa5d026ff3730622c9e12188bf
SHA256 4f4c9ef111ed00688e0ddd209e27bd6bdf941593ecea40576c8284e6888c4bfb
SHA512 d0684c7d3ecc0ee5bad68de5a734638da4bab6bcba2d08d03ff0e0edac7f264a827d26b4f4540d715b1b0ba53e003023682b4fef28ada814a3b324ed702eae92