General

  • Target

    8b52027cd37308ed21535fd02c5c2754879e2a6045479fdee71411c6ae14b697

  • Size

    1.8MB

  • MD5

    de17637e6d2ad45664b2353c5fd5f699

  • SHA1

    30052aeb62e759f67e46d119b9a61df0e0893cbe

  • SHA256

    8b52027cd37308ed21535fd02c5c2754879e2a6045479fdee71411c6ae14b697

  • SHA512

    f01c34ce3265eb7072f2ceb89ad689336eb5668408b03942fc6b23174454eabbe8614fb5be8ba4cab981ccba74297b91f17f098a41111f9e7ad8612571825bc6

  • SSDEEP

    49152:YcoYrKAwjTVUG6O1Ehy87g1nGkRPj+bzZBZudgRiSojR4TttYkudbX3lQ:H1KbTVqiEv7+nl+BjegklQ

Score
10/10

Malware Config

Extracted

Family

irata

C2

https://sana-eblgh-gov.tk/pay.php

https://sana-eblgh-gov.tk/ratsms.php?phone=

Signatures

  • Irata family
  • Requests dangerous framework permissions 2 IoCs

Files

  • 8b52027cd37308ed21535fd02c5c2754879e2a6045479fdee71411c6ae14b697
    .apk android

    realrat.siqe.holo

    ir.siqe.holo.MainActivity


Android Permissions

8b52027cd37308ed21535fd02c5c2754879e2a6045479fdee71411c6ae14b697

Permissions

android.permission.INTERNET

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.RECEIVE_SMS

android.permission.READ_SMS