Analysis Overview
SHA256
8c3c2efa7ce3d34fecb6672fdedda1026c5cf763d41165a824e055bf450e9d39
Threat Level: Known bad
The file 8c3c2efa7ce3d34fecb6672fdedda1026c5cf763d41165a824e055bf450e9d39 was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata family
Requests dangerous framework permissions
Acquires the wake lock
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-20 06:39
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-20 06:39
Reported
2023-12-21 18:29
Platform
android-x64-arm64-20231215-en
Max time kernel
2376172s
Max time network
146s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
caco333.ca
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.10:443 | udp | |
| GB | 142.250.178.14:443 | udp | |
| FR | 216.58.204.74:443 | tcp | |
| FR | 216.58.204.74:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | api.texrcc.tk | udp |
| US | 1.1.1.1:53 | dl-shaparak.tk | udp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp |
Files
/data/user/0/caco333.ca/files/PersistedInstallation1278383722775491989tmp
| MD5 | 3ee4be55085915bdb233ab36ab7f8acb |
| SHA1 | 4ee95d50386242efa5dde5141921a65a8a405a3c |
| SHA256 | 412b0f649e854edb4f701ab41aba8608789d6453d001997dcb9c6394d72f64e3 |
| SHA512 | 4ccee3f58deb6865f7f5138903eed942ca8e7158a1c294623bfc61c3dc31edb2f12ac50a242057584508967417ff6fa408daac21265ed6f28f85031403d4b578 |
/data/user/0/caco333.ca/databases/google_app_measurement_local.db-journal
| MD5 | 63c767cf695066a716ced5a3e32125d3 |
| SHA1 | 193aa8ebd423364fb9adc8a693cb4f9cbd916c3d |
| SHA256 | 67e375728c787438035d6c4c0f7f8686ff8f4da5dda9f3359d72a22c3a85f6ad |
| SHA512 | f6396cd2a56ebcf8d1d68f53f1de3a8554c77fc42f9867f65c4c771ca0cda474b79f974ac2e585ba25e80c5ac48135d375d52cdfc40b07ca9202a3af86820433 |
/data/user/0/caco333.ca/databases/google_app_measurement_local.db
| MD5 | 171aedf968e17a2744d2585715606cb9 |
| SHA1 | bbeddeb3b89fcf809619c35b4a318a80e7d5b029 |
| SHA256 | d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e |
| SHA512 | 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b |
/data/user/0/caco333.ca/databases/google_app_measurement_local.db-journal
| MD5 | 9591512f5ab9d49711bd97650b939f20 |
| SHA1 | 3785f0ab753c2f729a1bd10e9b2d7269776779f2 |
| SHA256 | 22893a87c4ec79f504db3d0516767fdf237f76fe8208fc4a43adab6d1a4fe6b6 |
| SHA512 | 5631404a75683005cbe53bf7715a746065c7a0297d85660a37b21e4fbf112f41f1357406f2a295db6a12f20f4db1cc0375900b3d30fa7cc1b9cb08c096573b24 |
/data/user/0/caco333.ca/databases/google_app_measurement_local.db-journal
| MD5 | f3d1709734da137a75c1d1fec093f2f1 |
| SHA1 | 0dd5970aaf6d42173ebac2b5c763fcc4600582e1 |
| SHA256 | 5f2513ae31d82d9f8556fab4a2ac5d803744417a69786d270f3a0960b3045db7 |
| SHA512 | 251f9856988a79640b127fc42c7cc866ffad1a08f0e15a4d71555060e7f8b78eb0d1794410b6862fd3714fa8edd9c3095ace09d9bcf409d8c8be2bc14bcc8821 |
/data/user/0/caco333.ca/files/PersistedInstallation6179761425977516941tmp
| MD5 | a89f19fbab699d739b480690eda87b25 |
| SHA1 | 8b41f72f02f7e1c1ed0bf3ef074e25a86429241f |
| SHA256 | 16d42425aefba61aa9ef80d12b1d1eaa352734310c727b1bd2e609a81d4ea328 |
| SHA512 | 5feb2ed2d465f78f4089baf8296000ab120a474edf17154faa6b4dafb124f31507cf9c2c8c69f9d7e83ef66632cee97c7f41f2c69789071e42d405cb51af8124 |
/data/user/0/caco333.ca/databases/google_app_measurement_local.db-journal
| MD5 | 7afd9eae0cdb6e681e6ef66999f95ab1 |
| SHA1 | 844f5f9eaeed6177a694ee6605f4cad3081980f6 |
| SHA256 | 631de70fe5457bea5069538607bf52118265f07b0c44057ee0fac4e6b6a26b67 |
| SHA512 | 8857200f55ddfa9a84d8068251819567c8cebe54e6db50975345fe4ac4ce72366c698a33348c624688daaba3548ca004e886ee37903f870f9544d2a1f892d3d1 |
/data/user/0/caco333.ca/databases/google_app_measurement_local.db-journal
| MD5 | 70f66be3919ba6e9f84e670a68c221cb |
| SHA1 | 4bdde596605ac10786a4630752a1936552eb2366 |
| SHA256 | 410f7f4e874ba624d42ff2cbd8726a5a0fe609ce5a793a4f88541602568f9558 |
| SHA512 | 252bd02ab807787537f0bc86396debf6869648d87ec028800fbad480a9fe1ad77cadbe8b36ccccf44b83942be89c9743b409d39909de3597f2fde7c40cb48012 |
/data/user/0/caco333.ca/databases/google_app_measurement_local.db-journal
| MD5 | afca548c5c5130a72edde81dee8a8e7e |
| SHA1 | 4b05653aaedcf564cd423a85db4afa496ebb42f2 |
| SHA256 | ec85371d01e70021fd2816cd4b306c8c985098e46dbfa71c7a34cf5dcf205ef9 |
| SHA512 | 9d6e59178c0692c9aaf4bed1064d51f0b0bad0bbbf54455ac19fdca5883916b1c3410917ab445de61e5b28770f0c4fa17fcb8fa138f00251ac5fe035610ff8e5 |
/data/user/0/caco333.ca/databases/google_app_measurement_local.db
| MD5 | eb9bdb7b8fb216afd390568185b0c630 |
| SHA1 | b9c44b6e66f8b544e45868566c860d17d2343353 |
| SHA256 | ed18e3c7fbfd602b951b38e74f6b8fd9ab4b6f4c64141c6c85a61f4f8d5480cc |
| SHA512 | 5b7a96e66ccaef4d3c5c6a93bc59e2e4dbce3038d65eb37a663debc1b8feef1a304b2ee2124e462cd0a60eb5cdc464ff26ae79b66c696ce4058b48c0dd7a2b05 |
/data/user/0/caco333.ca/files/29209dj20d392j3dk0jirjf0i3jf203
| MD5 | 1f700b6e214cc8de0ef624b0195624af |
| SHA1 | 849fd882c03063118d549e2110f3dd26ab7ffcb4 |
| SHA256 | ecc49981f6a8e03159310663585732c0eaa9da226bc0fd7f227b4d277cd2e05e |
| SHA512 | 337bd14f0e66ed79ad8b89a309a7ffee93bd05823debc1ede3a74f9f7488e1ea3b3e235615f057bd9029c0d69ac1ae5b8db67be6438a8f1c64c6a5a392b81a34 |
/data/user/0/caco333.ca/databases/google_app_measurement_local.db
| MD5 | f79b196853aefdd231dd71b7544eab7e |
| SHA1 | 5d7699753c220bc983af7bad609813762be20462 |
| SHA256 | 0d1ef7a6d12bb74b38e0fc8fad977a7bae8771cfc8e2e952b3a75296dada75c8 |
| SHA512 | c21c4c1bb6b840bfe35862a3ae27a26afd3d06dc97980b6d704e482d589af2bbae55549460057bcd591d4df834a8e2363ba403abda16206ba8bd91477847b824 |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-20 06:39
Reported
2023-12-23 01:05
Platform
android-x86-arm-20231215-en
Max time kernel
2486311s
Max time network
139s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
caco333.ca
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | api.texrcc.tk | udp |
| US | 1.1.1.1:53 | dl-shaparak.tk | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| FR | 216.58.201.110:443 | android.apis.google.com | tcp |
Files
/data/data/caco333.ca/files/PersistedInstallation3534894346595443682tmp
| MD5 | 803f20f973cb8f371464ae6bff2390bb |
| SHA1 | 1e8abd6ee73d0ff811f7689258d6d83eb6a17f3d |
| SHA256 | a57dcaf5447a8e5dbeb553581f4fd90c5551808cb2b5c7ac93a0bb6fb7bf0551 |
| SHA512 | 85e0a8af9af9fba6d895e88a320dfa493387012bf92c0784def3ee67ef05e1c454872903133a86082e7649e380fffcd2b7232a2f9ac420f78db43edfb30fbc0f |
/data/data/caco333.ca/databases/google_app_measurement_local.db-journal
| MD5 | f54efb70eec374fb1c0a090a1a092163 |
| SHA1 | 3aba86e65b0bf4f7940be5d4eb96cf30b5897970 |
| SHA256 | c6b89817564849cc409241b29960b130f7cf1f6ab0fe90461be13f5294615bd9 |
| SHA512 | ac1031b3cb19bc7b71127d073b13b03f92b9fe25d239f41cfc4789935b05ea8a5c2fa8cbe1bad7a96114c18a9b0e6ab89030726cde205125022ceb2726364e81 |
/data/data/caco333.ca/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/caco333.ca/databases/google_app_measurement_local.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/caco333.ca/databases/google_app_measurement_local.db-wal
| MD5 | 25c624ca872d39d3a9847832fc57b17e |
| SHA1 | 9ecc998d111b5087e43c30829d5f6b9b7addc2af |
| SHA256 | e6b6ad2bbccbba91cd96e9b23da6242fdb098a0d73ada5a61e76fd712bfa205a |
| SHA512 | 5a3d621d0f99e898365fd69e80c2dcdca0d7bc5fef96ad729b2abc7d6123e875a4aab6b0f5a03c054c3de24377ce5a29c84d43e6f0ef7403897e8c1ad4ccaa4e |
/data/data/caco333.ca/databases/google_app_measurement_local.db-wal
| MD5 | 383e424b9d882cb0fd059060d6974d21 |
| SHA1 | 269b555a0410d6aec62ab723af4f24625cbca674 |
| SHA256 | 4f070e67fd6086c848ce56e6843a09923427cd46a443970dcbd7c418240d104a |
| SHA512 | 261df38950ac51a056cb472c5c3b5fe1db30e60525ba8e6633ef2fc1fdd60bdc342856cb0af351e45d1fe84defb3bea77a8f5c6ffe1b08cb1cd930558039e8af |
/data/data/caco333.ca/databases/google_app_measurement_local.db
| MD5 | a4dbbd49e5ce358b6a65f6bd326caa2c |
| SHA1 | e927db6f5562180d7755e79ebc84cc3ef6d3c4c5 |
| SHA256 | 875a56bd98b32623dcd9eb08e437e01f5cbe764e60e9ecd657a9e602da3ffca3 |
| SHA512 | a60d5cbeffcddba1d9dc93124464facaffc997fff70e05e3dd7cb5e885277b0f8ec2dee5777ea18a926ce37932dd0cabcd538f8fc9a6a7ddd4a13da774ecc44f |
/data/data/caco333.ca/databases/google_app_measurement_local.db-wal
| MD5 | bf78a9abbf066fb4a6f3bbd6b09bfa50 |
| SHA1 | dafd9a04f4bbe2d6dacd5018585b613743ceee6f |
| SHA256 | 59969e6583377fe8ce05fa1dd6186f8d24b305fd41292331b9573c41c29b5b3b |
| SHA512 | cbe8cd63fe1c37e5ba49ecff508641d68cc7e1a3bfd8866d037009e23f609c6056a68f5c0e3b73772942c3474605410818dc02acf018e6de585707251ec9eec1 |
/data/data/caco333.ca/databases/google_app_measurement_local.db
| MD5 | 8e678df6f3470aa1d68b1ec287d8e203 |
| SHA1 | f042fefebb10b56889b25fbb1d3486b70541958e |
| SHA256 | 76c66d6036c82aace7c84f76ba34c032804b47615d12169624a75af0206edc6f |
| SHA512 | 3c305040131260572d329668151a403318cdbf5f75dd9a49de7dd14c24ddb997e339434aea6cf19863d17bab61b4a11d1f9f9611b2d02bed5dd294577e426973 |
/data/data/caco333.ca/files/29209dj20d392j3dk0jirjf0i3jf203
| MD5 | 1f700b6e214cc8de0ef624b0195624af |
| SHA1 | 849fd882c03063118d549e2110f3dd26ab7ffcb4 |
| SHA256 | ecc49981f6a8e03159310663585732c0eaa9da226bc0fd7f227b4d277cd2e05e |
| SHA512 | 337bd14f0e66ed79ad8b89a309a7ffee93bd05823debc1ede3a74f9f7488e1ea3b3e235615f057bd9029c0d69ac1ae5b8db67be6438a8f1c64c6a5a392b81a34 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-20 06:39
Reported
2023-12-21 18:29
Platform
android-x64-20231215-en
Max time kernel
2376163s
Max time network
146s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
caco333.ca
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.8:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| FR | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | dl-shaparak.tk | udp |
| US | 1.1.1.1:53 | api.texrcc.tk | udp |
| GB | 216.58.212.228:443 | tcp | |
| GB | 216.58.212.228:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.169.66:443 | tcp |
Files
/data/data/caco333.ca/files/PersistedInstallation4309105090580420026tmp
| MD5 | a1710d3f0ebd13e51c747e1613734093 |
| SHA1 | 7e08b50ae0a2d09fc9fc6c487240672a00bf0178 |
| SHA256 | c8818ee9f0c8c0be51dd499d69a0e14248108ef70ba2ae4394100dd3e6aa845d |
| SHA512 | f7d57e6f3f40288d40f2f05eebbba63d76b8ab78f9b2aa1163b339c6ae8508abc4895dfb6f585f09f0bff42631cab43f0bbc167ff6aca4214927d596818d07ce |
/data/data/caco333.ca/databases/google_app_measurement_local.db-journal
| MD5 | 21ebe26cde6b41a23a4323e816112882 |
| SHA1 | bac3f396f97cfb71871909d529f5f1047e550ba5 |
| SHA256 | c1f91636845d9572db892d0029c37d4591bcf0a7234f786f2d722579e91f4529 |
| SHA512 | 24375ca6c37033cab5b5cd26fe3e04c0b2c73eb722254424466288ad04660f10a3d975f78d1866f993d2f43c55dc632108555fc9c0c166c2b6fc1056870cd4ed |
/data/data/caco333.ca/databases/google_app_measurement_local.db
| MD5 | 163b0e3f017becbc89b9d7f330b78f09 |
| SHA1 | 1ef9cd8ac8655190468d0ccece0a4738634ab0f9 |
| SHA256 | cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36 |
| SHA512 | 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd |
/data/data/caco333.ca/databases/google_app_measurement_local.db-journal
| MD5 | 27f3677f4eed56e430bbdd29c8fcea19 |
| SHA1 | c1d30d1035634c353f66a77437f639d6fd964725 |
| SHA256 | 380ef58fc0104b90b1c81f8ddcc86addb4109d1363a1fadb54b671dda7b6e5c3 |
| SHA512 | 1f9cc1e8b3662174d14e50ccde2030613aec1fbef16f6faae104654897e8ecba4001333a505377c4f238cb5751a7d009467a5e3d78fc912ea441ee5afe7d0057 |
/data/data/caco333.ca/databases/google_app_measurement_local.db-journal
| MD5 | 5e7e4f35aca3351ea0d0baa5a794daf6 |
| SHA1 | c342db92c25cc29060a032e9992e79ba124437cc |
| SHA256 | 8fddd2a568f049657bac1d514c46c5b544b2c24dd735925ea3418e095c23ff77 |
| SHA512 | 979973d8f8c00bcb9fdd89e0ee477e209f66dba3c5f731cbff762fdca6302c0042f3d151a0801e80487d8e4eb48fb6526ba19c8d6c513ffb979313f456cec9b0 |
/data/data/caco333.ca/databases/google_app_measurement_local.db-journal
| MD5 | 58e0d194af472cd1ab485abafff7a29c |
| SHA1 | a7c942d038013bccb08ab84dc97f740ae508811c |
| SHA256 | f65f1006a65ef0fad3f24e698d8ddf8308fe95ff747495458759390baeef8914 |
| SHA512 | 2ebaf15e918bde313753155608fb59f7e915ba2b2ab26a60bea1bfd6d6c8821a3b5dbf6491e584cc6b9287404eabc452497db8bf56c5bc76383aba7e0eedd237 |