General

  • Target

    8c51d677df5b35eb6a737cffa020b323d989cb904d8bbf18ef0c2addf3f00eac

  • Size

    3.3MB

  • MD5

    fe3b5985245adca99a4f2adfd6275303

  • SHA1

    998b433f96dfeee09774257d4b3042308665e1d5

  • SHA256

    8c51d677df5b35eb6a737cffa020b323d989cb904d8bbf18ef0c2addf3f00eac

  • SHA512

    53070327191fc5857855e7627c1b0b615fdd4f426a3660880d0d3900276d0e087a321a0557d7a57b4867df3a42a8bcf0284270debaecf05dfea2c41a97e924b3

  • SSDEEP

    98304:sxK963fpHI4iYoIytk5GLf1G1eAZQsk9sCOpBs3fS2Hj6Fsbc:QKGRo4ihOeAZ2Ei7Dnbc

Score
10/10

Malware Config

Extracted

Family

irata

C2

https://sana-prox.tk/sana

https://sana-prox.tk/vip/ratsms.php?phone=

Signatures

  • Irata family
  • Requests dangerous framework permissions 6 IoCs

Files

  • 8c51d677df5b35eb6a737cffa020b323d989cb904d8bbf18ef0c2addf3f00eac
    .apk android arch:arm64 arch:arm

    realrat.siqe.holp

    ir.siqe.holo.MainActivity


Android Permissions

8c51d677df5b35eb6a737cffa020b323d989cb904d8bbf18ef0c2addf3f00eac

Permissions

android.permission.INTERNET

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.RECEIVE_SMS

android.permission.READ_SMS

android.permission.READ_LOGS

android.permission.FLASHLIGHT

net.dinglisch.android.tasker.PERMISSION_RUN_TASKS

android.permission.BLUETOOTH_ADMIN

android.permission.VIBRATE

android.permission.SYSTEM_ALERT_WINDOW

android.permission.CHANGE_WIFI_STATE

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.ACCESS_NETWORK_STATE

android.permission.USE_FINGERPRINT

android.permission.ACCESS_WIFI_STATE

android.permission.CAMERA

android.permission.READ_EXTERNAL_STORAGE

android.permission.BLUETOOTH

android.permission.WRITE_SETTINGS

android.permission.READ_SETTINGS