Malware Analysis Report

2025-01-19 06:44

Sample ID 231220-hep6asgacj
Target 8c3c2efa7ce3d34fecb6672fdedda1026c5cf763d41165a824e055bf450e9d39
SHA256 8c3c2efa7ce3d34fecb6672fdedda1026c5cf763d41165a824e055bf450e9d39
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8c3c2efa7ce3d34fecb6672fdedda1026c5cf763d41165a824e055bf450e9d39

Threat Level: Known bad

The file 8c3c2efa7ce3d34fecb6672fdedda1026c5cf763d41165a824e055bf450e9d39 was found to be: Known bad.

Malicious Activity Summary

irata

Irata payload

Irata family

Requests dangerous framework permissions

Acquires the wake lock

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-20 06:39

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-20 06:39

Reported

2023-12-21 18:29

Platform

android-x64-arm64-20231215-en

Max time kernel

2376172s

Max time network

146s

Command Line

caco333.ca

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

caco333.ca

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.10:443 udp
GB 142.250.178.14:443 udp
FR 216.58.204.74:443 tcp
FR 216.58.204.74:443 tcp
GB 172.217.169.14:443 tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.texrcc.tk udp
US 1.1.1.1:53 dl-shaparak.tk udp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/data/user/0/caco333.ca/files/PersistedInstallation1278383722775491989tmp

MD5 3ee4be55085915bdb233ab36ab7f8acb
SHA1 4ee95d50386242efa5dde5141921a65a8a405a3c
SHA256 412b0f649e854edb4f701ab41aba8608789d6453d001997dcb9c6394d72f64e3
SHA512 4ccee3f58deb6865f7f5138903eed942ca8e7158a1c294623bfc61c3dc31edb2f12ac50a242057584508967417ff6fa408daac21265ed6f28f85031403d4b578

/data/user/0/caco333.ca/databases/google_app_measurement_local.db-journal

MD5 63c767cf695066a716ced5a3e32125d3
SHA1 193aa8ebd423364fb9adc8a693cb4f9cbd916c3d
SHA256 67e375728c787438035d6c4c0f7f8686ff8f4da5dda9f3359d72a22c3a85f6ad
SHA512 f6396cd2a56ebcf8d1d68f53f1de3a8554c77fc42f9867f65c4c771ca0cda474b79f974ac2e585ba25e80c5ac48135d375d52cdfc40b07ca9202a3af86820433

/data/user/0/caco333.ca/databases/google_app_measurement_local.db

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/caco333.ca/databases/google_app_measurement_local.db-journal

MD5 9591512f5ab9d49711bd97650b939f20
SHA1 3785f0ab753c2f729a1bd10e9b2d7269776779f2
SHA256 22893a87c4ec79f504db3d0516767fdf237f76fe8208fc4a43adab6d1a4fe6b6
SHA512 5631404a75683005cbe53bf7715a746065c7a0297d85660a37b21e4fbf112f41f1357406f2a295db6a12f20f4db1cc0375900b3d30fa7cc1b9cb08c096573b24

/data/user/0/caco333.ca/databases/google_app_measurement_local.db-journal

MD5 f3d1709734da137a75c1d1fec093f2f1
SHA1 0dd5970aaf6d42173ebac2b5c763fcc4600582e1
SHA256 5f2513ae31d82d9f8556fab4a2ac5d803744417a69786d270f3a0960b3045db7
SHA512 251f9856988a79640b127fc42c7cc866ffad1a08f0e15a4d71555060e7f8b78eb0d1794410b6862fd3714fa8edd9c3095ace09d9bcf409d8c8be2bc14bcc8821

/data/user/0/caco333.ca/files/PersistedInstallation6179761425977516941tmp

MD5 a89f19fbab699d739b480690eda87b25
SHA1 8b41f72f02f7e1c1ed0bf3ef074e25a86429241f
SHA256 16d42425aefba61aa9ef80d12b1d1eaa352734310c727b1bd2e609a81d4ea328
SHA512 5feb2ed2d465f78f4089baf8296000ab120a474edf17154faa6b4dafb124f31507cf9c2c8c69f9d7e83ef66632cee97c7f41f2c69789071e42d405cb51af8124

/data/user/0/caco333.ca/databases/google_app_measurement_local.db-journal

MD5 7afd9eae0cdb6e681e6ef66999f95ab1
SHA1 844f5f9eaeed6177a694ee6605f4cad3081980f6
SHA256 631de70fe5457bea5069538607bf52118265f07b0c44057ee0fac4e6b6a26b67
SHA512 8857200f55ddfa9a84d8068251819567c8cebe54e6db50975345fe4ac4ce72366c698a33348c624688daaba3548ca004e886ee37903f870f9544d2a1f892d3d1

/data/user/0/caco333.ca/databases/google_app_measurement_local.db-journal

MD5 70f66be3919ba6e9f84e670a68c221cb
SHA1 4bdde596605ac10786a4630752a1936552eb2366
SHA256 410f7f4e874ba624d42ff2cbd8726a5a0fe609ce5a793a4f88541602568f9558
SHA512 252bd02ab807787537f0bc86396debf6869648d87ec028800fbad480a9fe1ad77cadbe8b36ccccf44b83942be89c9743b409d39909de3597f2fde7c40cb48012

/data/user/0/caco333.ca/databases/google_app_measurement_local.db-journal

MD5 afca548c5c5130a72edde81dee8a8e7e
SHA1 4b05653aaedcf564cd423a85db4afa496ebb42f2
SHA256 ec85371d01e70021fd2816cd4b306c8c985098e46dbfa71c7a34cf5dcf205ef9
SHA512 9d6e59178c0692c9aaf4bed1064d51f0b0bad0bbbf54455ac19fdca5883916b1c3410917ab445de61e5b28770f0c4fa17fcb8fa138f00251ac5fe035610ff8e5

/data/user/0/caco333.ca/databases/google_app_measurement_local.db

MD5 eb9bdb7b8fb216afd390568185b0c630
SHA1 b9c44b6e66f8b544e45868566c860d17d2343353
SHA256 ed18e3c7fbfd602b951b38e74f6b8fd9ab4b6f4c64141c6c85a61f4f8d5480cc
SHA512 5b7a96e66ccaef4d3c5c6a93bc59e2e4dbce3038d65eb37a663debc1b8feef1a304b2ee2124e462cd0a60eb5cdc464ff26ae79b66c696ce4058b48c0dd7a2b05

/data/user/0/caco333.ca/files/29209dj20d392j3dk0jirjf0i3jf203

MD5 1f700b6e214cc8de0ef624b0195624af
SHA1 849fd882c03063118d549e2110f3dd26ab7ffcb4
SHA256 ecc49981f6a8e03159310663585732c0eaa9da226bc0fd7f227b4d277cd2e05e
SHA512 337bd14f0e66ed79ad8b89a309a7ffee93bd05823debc1ede3a74f9f7488e1ea3b3e235615f057bd9029c0d69ac1ae5b8db67be6438a8f1c64c6a5a392b81a34

/data/user/0/caco333.ca/databases/google_app_measurement_local.db

MD5 f79b196853aefdd231dd71b7544eab7e
SHA1 5d7699753c220bc983af7bad609813762be20462
SHA256 0d1ef7a6d12bb74b38e0fc8fad977a7bae8771cfc8e2e952b3a75296dada75c8
SHA512 c21c4c1bb6b840bfe35862a3ae27a26afd3d06dc97980b6d704e482d589af2bbae55549460057bcd591d4df834a8e2363ba403abda16206ba8bd91477847b824

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-20 06:39

Reported

2023-12-23 01:05

Platform

android-x86-arm-20231215-en

Max time kernel

2486311s

Max time network

139s

Command Line

caco333.ca

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

caco333.ca

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.texrcc.tk udp
US 1.1.1.1:53 dl-shaparak.tk udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
FR 216.58.201.110:443 android.apis.google.com tcp

Files

/data/data/caco333.ca/files/PersistedInstallation3534894346595443682tmp

MD5 803f20f973cb8f371464ae6bff2390bb
SHA1 1e8abd6ee73d0ff811f7689258d6d83eb6a17f3d
SHA256 a57dcaf5447a8e5dbeb553581f4fd90c5551808cb2b5c7ac93a0bb6fb7bf0551
SHA512 85e0a8af9af9fba6d895e88a320dfa493387012bf92c0784def3ee67ef05e1c454872903133a86082e7649e380fffcd2b7232a2f9ac420f78db43edfb30fbc0f

/data/data/caco333.ca/databases/google_app_measurement_local.db-journal

MD5 f54efb70eec374fb1c0a090a1a092163
SHA1 3aba86e65b0bf4f7940be5d4eb96cf30b5897970
SHA256 c6b89817564849cc409241b29960b130f7cf1f6ab0fe90461be13f5294615bd9
SHA512 ac1031b3cb19bc7b71127d073b13b03f92b9fe25d239f41cfc4789935b05ea8a5c2fa8cbe1bad7a96114c18a9b0e6ab89030726cde205125022ceb2726364e81

/data/data/caco333.ca/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/caco333.ca/databases/google_app_measurement_local.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/caco333.ca/databases/google_app_measurement_local.db-wal

MD5 25c624ca872d39d3a9847832fc57b17e
SHA1 9ecc998d111b5087e43c30829d5f6b9b7addc2af
SHA256 e6b6ad2bbccbba91cd96e9b23da6242fdb098a0d73ada5a61e76fd712bfa205a
SHA512 5a3d621d0f99e898365fd69e80c2dcdca0d7bc5fef96ad729b2abc7d6123e875a4aab6b0f5a03c054c3de24377ce5a29c84d43e6f0ef7403897e8c1ad4ccaa4e

/data/data/caco333.ca/databases/google_app_measurement_local.db-wal

MD5 383e424b9d882cb0fd059060d6974d21
SHA1 269b555a0410d6aec62ab723af4f24625cbca674
SHA256 4f070e67fd6086c848ce56e6843a09923427cd46a443970dcbd7c418240d104a
SHA512 261df38950ac51a056cb472c5c3b5fe1db30e60525ba8e6633ef2fc1fdd60bdc342856cb0af351e45d1fe84defb3bea77a8f5c6ffe1b08cb1cd930558039e8af

/data/data/caco333.ca/databases/google_app_measurement_local.db

MD5 a4dbbd49e5ce358b6a65f6bd326caa2c
SHA1 e927db6f5562180d7755e79ebc84cc3ef6d3c4c5
SHA256 875a56bd98b32623dcd9eb08e437e01f5cbe764e60e9ecd657a9e602da3ffca3
SHA512 a60d5cbeffcddba1d9dc93124464facaffc997fff70e05e3dd7cb5e885277b0f8ec2dee5777ea18a926ce37932dd0cabcd538f8fc9a6a7ddd4a13da774ecc44f

/data/data/caco333.ca/databases/google_app_measurement_local.db-wal

MD5 bf78a9abbf066fb4a6f3bbd6b09bfa50
SHA1 dafd9a04f4bbe2d6dacd5018585b613743ceee6f
SHA256 59969e6583377fe8ce05fa1dd6186f8d24b305fd41292331b9573c41c29b5b3b
SHA512 cbe8cd63fe1c37e5ba49ecff508641d68cc7e1a3bfd8866d037009e23f609c6056a68f5c0e3b73772942c3474605410818dc02acf018e6de585707251ec9eec1

/data/data/caco333.ca/databases/google_app_measurement_local.db

MD5 8e678df6f3470aa1d68b1ec287d8e203
SHA1 f042fefebb10b56889b25fbb1d3486b70541958e
SHA256 76c66d6036c82aace7c84f76ba34c032804b47615d12169624a75af0206edc6f
SHA512 3c305040131260572d329668151a403318cdbf5f75dd9a49de7dd14c24ddb997e339434aea6cf19863d17bab61b4a11d1f9f9611b2d02bed5dd294577e426973

/data/data/caco333.ca/files/29209dj20d392j3dk0jirjf0i3jf203

MD5 1f700b6e214cc8de0ef624b0195624af
SHA1 849fd882c03063118d549e2110f3dd26ab7ffcb4
SHA256 ecc49981f6a8e03159310663585732c0eaa9da226bc0fd7f227b4d277cd2e05e
SHA512 337bd14f0e66ed79ad8b89a309a7ffee93bd05823debc1ede3a74f9f7488e1ea3b3e235615f057bd9029c0d69ac1ae5b8db67be6438a8f1c64c6a5a392b81a34

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-20 06:39

Reported

2023-12-21 18:29

Platform

android-x64-20231215-en

Max time kernel

2376163s

Max time network

146s

Command Line

caco333.ca

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

caco333.ca

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
FR 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 dl-shaparak.tk udp
US 1.1.1.1:53 api.texrcc.tk udp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp
GB 172.217.16.238:443 tcp
GB 172.217.169.66:443 tcp

Files

/data/data/caco333.ca/files/PersistedInstallation4309105090580420026tmp

MD5 a1710d3f0ebd13e51c747e1613734093
SHA1 7e08b50ae0a2d09fc9fc6c487240672a00bf0178
SHA256 c8818ee9f0c8c0be51dd499d69a0e14248108ef70ba2ae4394100dd3e6aa845d
SHA512 f7d57e6f3f40288d40f2f05eebbba63d76b8ab78f9b2aa1163b339c6ae8508abc4895dfb6f585f09f0bff42631cab43f0bbc167ff6aca4214927d596818d07ce

/data/data/caco333.ca/databases/google_app_measurement_local.db-journal

MD5 21ebe26cde6b41a23a4323e816112882
SHA1 bac3f396f97cfb71871909d529f5f1047e550ba5
SHA256 c1f91636845d9572db892d0029c37d4591bcf0a7234f786f2d722579e91f4529
SHA512 24375ca6c37033cab5b5cd26fe3e04c0b2c73eb722254424466288ad04660f10a3d975f78d1866f993d2f43c55dc632108555fc9c0c166c2b6fc1056870cd4ed

/data/data/caco333.ca/databases/google_app_measurement_local.db

MD5 163b0e3f017becbc89b9d7f330b78f09
SHA1 1ef9cd8ac8655190468d0ccece0a4738634ab0f9
SHA256 cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36
SHA512 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

/data/data/caco333.ca/databases/google_app_measurement_local.db-journal

MD5 27f3677f4eed56e430bbdd29c8fcea19
SHA1 c1d30d1035634c353f66a77437f639d6fd964725
SHA256 380ef58fc0104b90b1c81f8ddcc86addb4109d1363a1fadb54b671dda7b6e5c3
SHA512 1f9cc1e8b3662174d14e50ccde2030613aec1fbef16f6faae104654897e8ecba4001333a505377c4f238cb5751a7d009467a5e3d78fc912ea441ee5afe7d0057

/data/data/caco333.ca/databases/google_app_measurement_local.db-journal

MD5 5e7e4f35aca3351ea0d0baa5a794daf6
SHA1 c342db92c25cc29060a032e9992e79ba124437cc
SHA256 8fddd2a568f049657bac1d514c46c5b544b2c24dd735925ea3418e095c23ff77
SHA512 979973d8f8c00bcb9fdd89e0ee477e209f66dba3c5f731cbff762fdca6302c0042f3d151a0801e80487d8e4eb48fb6526ba19c8d6c513ffb979313f456cec9b0

/data/data/caco333.ca/databases/google_app_measurement_local.db-journal

MD5 58e0d194af472cd1ab485abafff7a29c
SHA1 a7c942d038013bccb08ab84dc97f740ae508811c
SHA256 f65f1006a65ef0fad3f24e698d8ddf8308fe95ff747495458759390baeef8914
SHA512 2ebaf15e918bde313753155608fb59f7e915ba2b2ab26a60bea1bfd6d6c8821a3b5dbf6491e584cc6b9287404eabc452497db8bf56c5bc76383aba7e0eedd237