Malware Analysis Report

2025-01-19 06:44

Sample ID 231220-g99mrafgdq
Target 8bed9331434439b7068e69a531209d9a8620f33ea59aee6c82211ea89701c422
SHA256 8bed9331434439b7068e69a531209d9a8620f33ea59aee6c82211ea89701c422
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8bed9331434439b7068e69a531209d9a8620f33ea59aee6c82211ea89701c422

Threat Level: Known bad

The file 8bed9331434439b7068e69a531209d9a8620f33ea59aee6c82211ea89701c422 was found to be: Known bad.

Malicious Activity Summary

irata

Irata payload

Irata family

Requests dangerous framework permissions

Acquires the wake lock

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-20 06:31

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-20 06:31

Reported

2023-12-23 00:03

Platform

android-x86-arm-20231215-en

Max time kernel

2482621s

Max time network

139s

Command Line

com.frankygoes.myapkspro

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

com.frankygoes.myapkspro

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
FR 216.58.204.78:443 android.apis.google.com tcp

Files

/data/data/com.frankygoes.myapkspro/files/settings.dat

MD5 50cb1d9313b2d8d47ea1cb3f32fa1607
SHA1 d5c8c509bcc3c2730dc754d6c906c79373bf175b
SHA256 bf209056a9143621026907d8f0a25e0ac196a85d332e8c6653be0b1ad83738b7
SHA512 a05a9b8b4c2312e3c6ff7cf2ea20af4ad05c56395ee321e2e998199b2f7708bec489dd5408689e7d4f4b75f4d5227f56a6557f0e466679c7de3f214ce436d946

/data/data/com.frankygoes.myapkspro/files/settings.dat

MD5 57cc334497f08a7f7c4f0803b608d9b3
SHA1 eac5a6c3ce57a042e5ca5c6b620ae03fdf53a019
SHA256 0282f38c3d46954a8ba9613e098b7f679d2ca5680b1a769f188f2ea72bc5585f
SHA512 326aa8565114b8a0d9180f860383fb056b6c1f9a58dbb56fa25935e3359fc5c75145d99e009e90c6f7e1a0c7bbb0a26e82c508c2101c210d059466a0cbe90132

/data/data/com.frankygoes.myapkspro/files/settings.dat

MD5 72a0bd9ecf251b58f0ee1d24d701cc7b
SHA1 6e35e4862473cfba41e168c082d943ffea61b5c7
SHA256 133a846290b64f65c3e85cc3c624d617f2667c6bb1fd195238e6cb4cc750c368
SHA512 163d136aecf00c6cb0a05e7497010406ce4b1585a2b8338f903ff52de85529a478f0e01698005f19f40d504154943536954ab8a34c4358bf4a9e6a75013e6bf8

/data/data/com.frankygoes.myapkspro/files/settings.dat

MD5 f79660f724dd700bf3b656777332b40e
SHA1 28323f27d535e0425bf9c79850ea5b59ce02d763
SHA256 ef1266068b974782b3adc784cc429120259d15bb93769362376e1f4a43178463
SHA512 4ba0c2e53575162ff145777f250a24c305d96983471dab916885be94be3ab3fa06c6d910b6a9ba5d85571db159d70cb069a281c4220a16c7d446b5925e891767

/data/data/com.frankygoes.myapkspro/files/settings.dat

MD5 b141deb4a3c0fabb535b152681a5c436
SHA1 f2a46a183b73ae63d2d8e4dc2c2b723d49e027b5
SHA256 3539a9466ff719aab520ec3598f9c02d6b597cd8cebb171852eac03fe7ab0b6b
SHA512 d4d819c3ad2c24c4220ce270a543607147900b520ce0011c7a9dac23ce5e8d83e9145063a5d914ea9a2545ab1bba551a510a51ab7e7a4e0addf27fa5f07f24be

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-20 06:31

Reported

2023-12-21 17:59

Platform

android-x64-20231215-en

Max time kernel

2374411s

Max time network

161s

Command Line

com.frankygoes.myapkspro

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

com.frankygoes.myapkspro

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/data/com.frankygoes.myapkspro/files/settings.dat

MD5 a5311e1b6a01aa957b56e2809a21ac9d
SHA1 2fa871dc639cdb8b452f08feb545f33c462dcefa
SHA256 54263cef4bf2a50f52629df8b58b163fab4b8926a65cbb47e484b52111214090
SHA512 f6b53d248d83e87b3c9a753063ea16551eb93c1312bf91cbf4b1066d41d868b9cc9a37cae713db65165bfe9de0f9e009a48ddd5e21dd307c4f7da6ccf4c968d4

/data/data/com.frankygoes.myapkspro/files/settings.dat

MD5 3962a862a5e1d6b73f492cafc6ad9845
SHA1 a43612c4da1c32c2751252a8a3cfa4886d610519
SHA256 f5912946dedb3280c387dc25110a0ee7f3fefce53159cb61501171b99ade1d5e
SHA512 d92d38736012a7f1d48290c0f00ea11050128235032d779ce1cf1ff7940e1270e62ac67705c06a603c629db983d35748b3fb799c505a8d7a937759ac9e0b70f6

/data/data/com.frankygoes.myapkspro/files/settings.dat

MD5 76d4e03da85d746bfb0dbd942e7344b6
SHA1 7d7eff0742864e3dd40895a27d647aec2f857d5c
SHA256 1b0acd53326705a7394e045ab72d0544593cc3ba2d34f2701bedba87431da392
SHA512 31924886425fe5585efffdf17910dd193941b24d5379188bf5571511dd325fdaffd09309ecdaaefcca06fa51a218a85e1c3ad3ba5a7cf0e0bf6aecf93f376436

/data/data/com.frankygoes.myapkspro/files/settings.dat

MD5 368b2230efbc44547e3fc16485efdf89
SHA1 ba3a6103f66df98600f410e533365514155012df
SHA256 83c4aece05d9d5e319668ed0dcfca0b56ca1975015c80786c4185c2cda51bcdf
SHA512 5b8ecb2833016d5791a6d02c158ff2299fe4f19c312165744924766c39998f5e4a2022e4cd737aa21225484373afff4da1d3b22d293d27d0c39a3a5a099127e1

/data/data/com.frankygoes.myapkspro/files/settings.dat

MD5 f1b1295fbadf50a69b6c6c04ebb8956e
SHA1 94563ecd002ea006237fe292cd9baaf9240bf9bf
SHA256 690584bb33c4b02a59e2d36e3e9d9899740c62f84df7b1de7770eb48a2b2c210
SHA512 6e646dbd2a98cebaa9364b32f615c3ef32af6185aff453fdfd2d932d33852e39de002df5b12df8e2f713c4129a03443d8c26fec88956520900a9584069b632d7

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-20 06:31

Reported

2023-12-21 18:00

Platform

android-x64-arm64-20231215-en

Max time kernel

2374420s

Max time network

149s

Command Line

com.frankygoes.myapkspro

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

com.frankygoes.myapkspro

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.10:443 udp
GB 142.250.178.14:443 udp
GB 172.217.169.14:443 tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
FR 216.58.204.74:443 tcp
GB 142.250.187.238:443 android.apis.google.com tcp
FR 216.58.204.74:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
FR 216.58.204.72:443 ssl.google-analytics.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/data/user/0/com.frankygoes.myapkspro/files/settings.dat

MD5 fb785e929ad0b68b19cc52838f9c4a02
SHA1 19a7cf541a6039d2e8bda7baa7f842355d66faf2
SHA256 ad39b0c468b903b3cfadb47b661b1c3ce7f68ce5f4ef301a6eed0bc68b69de6f
SHA512 68af48242dcc09a2b089728a0b10dfeadef42d2a8228dbae93be00ecb348928f0d5f5684809b1fdc2b3c15b7cc6f358957df490bfddb957ba87c04ab3d0ac6fc

/data/user/0/com.frankygoes.myapkspro/files/settings.dat

MD5 988095b2c00c14944711609d944e765d
SHA1 8071eef638ef32199f992cb078675b75dbd1b904
SHA256 6608a447699dd7ee4a8052c109262008e1644062a8263dec1f5e7de3c958a16e
SHA512 eaa0cc33e5020bc6a1b51176cff2f824d6f2343b22131fd65e4e69360efaaeaeb0db4977193a5a9b01d67b140ba71db6adfa982bf28d26f081204fbdb7c7a087

/data/user/0/com.frankygoes.myapkspro/files/settings.dat

MD5 fd1baa5c666bb26b415b20822be7b2b9
SHA1 a830c080872b11e0eec1cb9db5df9029eda79ddb
SHA256 ff622399a316c707db1ab3092d641a36811a142efb3eba412ff81b7332054121
SHA512 ef201b7b2740ae980bad5bae855e6f10b5fbb8dd6451a748888e39c49188681ee511de3e5af6f95fa029d0526694116833f622b6f0e030827ecd09fe7504b236

/data/user/0/com.frankygoes.myapkspro/files/settings.dat

MD5 21f019953852dedbac8b6534cf022f54
SHA1 8443888173ff6706ca341e6caf86b48239ee3b22
SHA256 5b3cb1bc971b663bfb01d94b667f3cb8b9d4ce85531b5ece34978f570aa4b5c1
SHA512 74201d148bf591411feb32a012b0f7f266173a95992498a7fcff9167b41a6b37e8638062e5ceed9c9efc8fe28e884f2af01e729cf1f2c985fd77898c45b0e813

/data/user/0/com.frankygoes.myapkspro/files/settings.dat

MD5 608942539e0bb9793cc40e6d79b927b2
SHA1 119ca96926b0c5ecda72279fbd7c5aedf801b9cf
SHA256 bcd935161c05940a65320c3db82923756fa5b303a21690491b8b13b26e2ef604
SHA512 ff797b76b1b86c90a469e2c132ac4c5eba71da8262e01cd979d9d6d90f52d3c30590fbe7b8ea7994215f44c2f194b629f730560e77ab294fb2f61719455c4541