General

  • Target

    87f30af436938f2a776e7d2020457ea5599558e401a3389faaa8b5414e6e2721

  • Size

    2.2MB

  • MD5

    a492cf1a84c67ed311f4f519082956be

  • SHA1

    0d9150161259c752b6dcafe21e6f501582ae1625

  • SHA256

    87f30af436938f2a776e7d2020457ea5599558e401a3389faaa8b5414e6e2721

  • SHA512

    466a36c13465bcbb72faa070b41fd0f2b7c54abd899e262b770df3a4bd6c4394a60b7905df9deefea066bfa2df113f5082b09ed161a7ae2c244ec1c68a9b1f43

  • SSDEEP

    49152:yvg1pMZjfr8sTD1ht9YktvhgiYqsm9/4jO8qXO076Fpf:yvgPu3rTDd9Y6yqsm9YeVu7

Score
10/10

Malware Config

Signatures

  • Irata family
  • Irata payload 2 IoCs
  • Declares services with permission to bind to the system 1 IoCs
  • Requests dangerous framework permissions 10 IoCs

Files

  • 87f30af436938f2a776e7d2020457ea5599558e401a3389faaa8b5414e6e2721
    .apk android

    ir.stop.devsalmedime

    .main


Android Permissions

87f30af436938f2a776e7d2020457ea5599558e401a3389faaa8b5414e6e2721

Permissions

android.permission.INTERNET

android.permission.WRITE_SETTINGS

android.permission.WAKE_LOCK

android.permission.FOREGROUND_SERVICE

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.ACCESS_NETWORK_STATE

android.permission.INTERNET

android.permission.READ_SMS

android.permission.SEND_SMS

android.permission.WAKE_LOCK

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.FOREGROUND_SERVICE

android.permission.ACCESS_NETWORK_STATE

com.google.android.c2dm.permission.RECEIVE

ir.stop.devsalmedime.permission.C2D_MESSAGE

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

android.permission.ACCESS_COARSE_LOCATION

android.permission.CHANGE_NETWORK_STATE

android.permission.WRITE_SETTINGS

android.permission.WRITE_SECURE_SETTINGS

android.permission.READ_PHONE_STATE

android.permission.RECEIVE_SMS

android.permission.READ_CONTACTS

android.permission.READ_CALL_LOG

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.ACCESS_BACKGROUND_LOCATION