Analysis Overview
SHA256
924d6d57bcd7290f66a38a0821f3746e30d50024695e585e96827c6adbcc2b67
Threat Level: Known bad
The file 924d6d57bcd7290f66a38a0821f3746e30d50024695e585e96827c6adbcc2b67 was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata family
Requests dangerous framework permissions
Acquires the wake lock
Reads information about phone network operator.
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-20 08:00
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-20 08:00
Reported
2023-12-23 12:14
Platform
android-x86-arm-20231215-en
Max time kernel
2526498s
Max time network
130s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.psiphon3
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.180.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | scjohnson-me.com | udp |
| US | 1.1.1.1:53 | khobanmanoiop.ml | udp |
| US | 1.1.1.1:53 | khobanmanoiop.ml | udp |
| US | 1.1.1.1:53 | khobanmanoiop.ml | udp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/data/com.psiphon3/no_backup/com.google.InstanceId.properties
| MD5 | 4dec0656eff5de4b4b84cd91c42302a2 |
| SHA1 | 62d9437745da7fab436d5670be118d3c3c1391d4 |
| SHA256 | 11b3c3944dcfc7746b67d45dbc297751f046cbe6394e80278c6f37e280b7a8a1 |
| SHA512 | e10ced3eec58dfedc713c60fce66d9b32f93b5452943694038a479ead56ed33c897fc4c3f81fea901d19d5b365de164925f0eec6e3399b013f2ddfc0a5bf0904 |
/data/data/com.psiphon3/databases/google_app_measurement_local.db-journal
| MD5 | 097d6c0ace51a2ecbe4d5082a96e3eed |
| SHA1 | c8147f99849def160d9f993f77a425745bb1a2c9 |
| SHA256 | 77ace2d14b37ea51c5132c3bff8f8d8f8f11c90b30db9e1fc87c1e9573f90a7f |
| SHA512 | 29b85d6350b7e33a103501c77728f1ba1e7dd267a36ac800807a1492a31c47b1b6c6d4c3544499a5459c159bdac80eb285db44ba1ff4083bdd2f4bd34bc2b199 |
/data/data/com.psiphon3/databases/google_app_measurement_local.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.psiphon3/databases/google_app_measurement_local.db-wal
| MD5 | 9356ade0a322f3173b7f339b7124ab59 |
| SHA1 | 8f84e3ff3e86132c7c08b8bde59a18432e3d2675 |
| SHA256 | de0eef4e460b9b60139c86ef6c070cbd1051cf10b70aa18a2d5dfcf449e2744c |
| SHA512 | 818b1a1f2ccf804182f82ea1da170498f16b96281f8c8eb85eed9246d45f308123c197fa77cb869cd8c214abe60b2cc0cd00bd1825cbd9fa2e580bf91ddcf4fd |
/data/data/com.psiphon3/files/set.txt
| MD5 | cdaeeeba9b4a4c5ebf042c0215a7bb0e |
| SHA1 | 65c10dc3549fe07424148a8a4790a3341ecbc253 |
| SHA256 | 6ee0eb490ff832101cf82a3d387c35f29e4230be786978f7acf9e811febf6723 |
| SHA512 | a702ceb437e84f953fb015c343a9ac457d3bf915b73ec4256aa9f6b348454e9c9d3393f377c2fee3067f5907561b24214beb46e8f9b6750cd24239f7b4216608 |
/data/data/com.psiphon3/databases/google_app_measurement_local.db-wal
| MD5 | 92538f73159db4e259b691b26e20ca06 |
| SHA1 | 64829c0ebb8ac89f2257e6dd2c22a84c1294db64 |
| SHA256 | dd5da5ffd06cd330daf187c51445ab2a33af6f627eec4be58f14ae9806e981b6 |
| SHA512 | 83a1d0844954a982bc08766493c3483073122d1bacd0e823ecad723a9656fbce66aad429eba9fc58f24da0758d37b4f0e1a8aa648a0c268d7e90c1a0e0b9af7f |
/data/data/com.psiphon3/databases/google_app_measurement_local.db
| MD5 | b7bb86f842d1bf9393506d2af8c47e64 |
| SHA1 | dfe4a36e1904fe0288cf3b756bd1a280236b05f8 |
| SHA256 | 93cc3a517cb70a4eeee6293ec2c29277219d01c2e48edc64c7bebd732c75ca47 |
| SHA512 | d16ee1787fc945b301a74858c1a63a21b37da7609c97e35dd77e8766eeeda6ab7dac13202f1c189fe9da4b3927c2d1985ab6e8fc13feb8786f260db8ea96031b |
/data/data/com.psiphon3/databases/google_app_measurement_local.db-wal
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-20 08:00
Reported
2023-12-22 06:03
Platform
android-x64-20231215-en
Max time kernel
2417815s
Max time network
154s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
com.psiphon3
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.213.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| FR | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | scjohnson-me.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | khobanmanoiop.ml | udp |
| GB | 172.217.169.4:443 | tcp | |
| GB | 172.217.169.4:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.200.34:443 | tcp |
Files
/data/data/com.psiphon3/no_backup/com.google.InstanceId.properties
| MD5 | cab41629cf85660f69b6e8c4fdc5f1d6 |
| SHA1 | cb6dd108ce3836ac952b029955e175af60b82872 |
| SHA256 | 8ee0cf96a2c860ee67136a02f2f98fcdda2261bde2d68c6d5ed66a9afdacc0fb |
| SHA512 | 846210be53e4d4e1fdb99b6572a22c941af5382f7f88299494195569c5503ba2d196d89060622a03f9c5a9b0720fea2ae5ddf3e9fc88c8d4961f0475308e3086 |
/data/data/com.psiphon3/databases/google_app_measurement_local.db-journal
| MD5 | 11e1f0afbaf56bd5b0195757fad1d4ae |
| SHA1 | 866f4dc2604934bede993496ade97a5d46285c96 |
| SHA256 | 417d3abb9b891d35295704a701655cf38e6fcf8d34256baf589fe3bb3b1cc670 |
| SHA512 | c5d7633abf629b4994fdf761b8f3fef7ffa5c40fa005a5038ab97876a176f638a853dcc6a5ed44fc67267019c05fa2b4ac255a8a2766e62ab50b0d5c1a1d026c |
/data/data/com.psiphon3/databases/google_app_measurement_local.db
| MD5 | 163b0e3f017becbc89b9d7f330b78f09 |
| SHA1 | 1ef9cd8ac8655190468d0ccece0a4738634ab0f9 |
| SHA256 | cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36 |
| SHA512 | 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd |
/data/data/com.psiphon3/databases/google_app_measurement_local.db-journal
| MD5 | 5cf88087cff43f3b6980642365bf8096 |
| SHA1 | e692a053e889a3582405205ed1a52dd5fb7f824f |
| SHA256 | 7db2531e069ed9ea3c64ceaf32c0b242431a96abf0038a3d509ca07c870024fe |
| SHA512 | 335e69672474ecbc79810ba77f97df9b33377061ee51fa2f7297b4033b271376afff491884dbd79105b68227457f3bb13a32d1313f93dc5e34bef0b07442e920 |
/data/data/com.psiphon3/databases/google_app_measurement_local.db-journal
| MD5 | c14d4eb2b0a9bcc6f96e0d6c511b38f9 |
| SHA1 | 70ca84520dd2a429d758b9fa027d5ac18344c089 |
| SHA256 | 81c2cf47a7b03ae8a0670e41e74924d22e02cdfbbc381d38da78f5430f281137 |
| SHA512 | 45a004c255a889f5952ba7b592b2a4993bf82a09e368b74bc33d381574f888b8bd7e5b00b28801d42d02dbe3eff5bfe0a37dadc2969aa832e63078bb5165517c |
/data/data/com.psiphon3/databases/google_app_measurement_local.db-journal
| MD5 | effc16594576ece3fb9dc14185b12b1c |
| SHA1 | c87d101b727008a2d05f4ebbeddca0abf84a9ca8 |
| SHA256 | c1eff04663195653b3013c9dabd8d7b73aa7e96a0cd9279929f8973080a609b4 |
| SHA512 | 052ff73fbc862d88e8f376ff6aed5280914810f2b7f7d2291eb33e76b45a1d5f312224c6ba74a2584cff16200bb286ede8aeb57e1e3044cab3f901a38245d9cb |
/data/data/com.psiphon3/files/set.txt
| MD5 | cdaeeeba9b4a4c5ebf042c0215a7bb0e |
| SHA1 | 65c10dc3549fe07424148a8a4790a3341ecbc253 |
| SHA256 | 6ee0eb490ff832101cf82a3d387c35f29e4230be786978f7acf9e811febf6723 |
| SHA512 | a702ceb437e84f953fb015c343a9ac457d3bf915b73ec4256aa9f6b348454e9c9d3393f377c2fee3067f5907561b24214beb46e8f9b6750cd24239f7b4216608 |
/data/data/com.psiphon3/databases/google_app_measurement_local.db-journal
| MD5 | b14062b546e9ef98810f15ecd095818b |
| SHA1 | 71a64cd4bd691e14871208dc10e7a4df41570f45 |
| SHA256 | 977d3c7c76e96099db95ad545700233b8445de8ce37e4c0ed959197372cbed50 |
| SHA512 | 7f9b5184ff9fc7503c5ded38b5adf342098180b52ca96504ea4552e22bb6c3f37fab6463bf66b98bd6a2a487c6631c2c8d4d29aa1f248e6cb868fbade36d6e0a |
/data/data/com.psiphon3/databases/google_app_measurement_local.db
| MD5 | 9af32e6e45cad9c22a0beff7e5a3b5a1 |
| SHA1 | 5a29f2bc3632484e3b47e1c6f08bf5f9de1cc49d |
| SHA256 | b9ec7ef3639b78ce794fd930256c63a5971d6c591a575b72c2565e88b226f0f8 |
| SHA512 | eccbc029247794c094a0ee62de06ac5017ef3c8097d132efb40af9487224eababd73ed51be4e681cefa2d9bb8b1041bd51fb26ddaa2f0b15368b1114ce5d1837 |
/data/data/com.psiphon3/databases/google_app_measurement_local.db
| MD5 | a50ee54952fb5c0f31327e8b160ab155 |
| SHA1 | 49ecc12dd33036567d4de629b10b7d13fb990f4d |
| SHA256 | 41bc3c42d70048855b59cc174c5333714b6a378cd2b89411a9cae7bd41647041 |
| SHA512 | 7f50ce57f7c3c682bdda04ec63f5dbd554a0c5b2189d54d53acbfe97a7d7c108dba5a78dcbc2fa2285af79e881162844f090540a5f155df8f59dc805db14f67e |
/data/data/com.psiphon3/databases/google_app_measurement_local.db
| MD5 | ae0f8a8f4ca9dc3f3cb54b416091d5f5 |
| SHA1 | ae131904811f3eae7e4c16269fb1eee2100cdeb2 |
| SHA256 | 254b326937d1b9c40a588027902b4ac33e54f25214d44589506814be148a67fd |
| SHA512 | 8b1ff90ed6004fac7680504572331311f8a2c39999104157b0dbe611e84c5d0bd3dd492278c253a803b6a845a5e8fbafc8445a4563e1d8bdef07c25606150ea1 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-20 08:00
Reported
2023-12-22 06:03
Platform
android-x64-arm64-20231215-en
Max time kernel
2417811s
Max time network
159s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
com.psiphon3
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.10:443 | udp | |
| FR | 216.58.201.110:443 | udp | |
| GB | 142.250.187.202:443 | tcp | |
| GB | 142.250.187.202:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | scjohnson-me.com | udp |
| US | 1.1.1.1:53 | khobanmanoiop.ml | udp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp |
Files
/data/user/0/com.psiphon3/no_backup/com.google.InstanceId.properties
| MD5 | 0ffa4eefc5fdea763046d2e8d230a298 |
| SHA1 | 5e974d25160f77f4d04d1a0f24c3efe06c29470f |
| SHA256 | 3f0b7cca5a3344ad1b97d2449c39072755756ab2263c2061a15b66b647b28695 |
| SHA512 | 6dbfe21c51235f788d0dc5efec6f91e81d834332f30a08637acaddb520f55669e17a612d3d34a726e39d8cd8876b3c8c336ee57ae95a871ca33671a29ecef005 |
/data/user/0/com.psiphon3/databases/google_app_measurement_local.db-journal
| MD5 | f6c0520426b8eaa6e992ad8996b43600 |
| SHA1 | 8f730e373a3464dbb0cf936e4dc32bb829248c6f |
| SHA256 | e2ebd01c69d67f6376e1f69c1e94c01406406ace6faedf0778e25f6fe4176197 |
| SHA512 | b9cd7a384f720082fd94ddb4057c7c48b4d449dacc92a4eccd940bb81236a3a226235d6f3cc5e68e9fb3e4b1b74eac6d24b828d4278f7773cd131f39b5d4bfc9 |
/data/user/0/com.psiphon3/databases/google_app_measurement_local.db
| MD5 | e6e6dc368f2002bde592e947a02713be |
| SHA1 | bdae22d26826732698e9a516a71b2a0a75f970d4 |
| SHA256 | 1eea288fb17607fb881f78f778b8c2b076e4b3fce4e9222f841b9ed0cdd0ea9e |
| SHA512 | 22de0d5cf79a740b8f878ebc9716591be858babe7ddc36e9cd997c660e80a9b74f3bdc4b078cb12110eda09d3cea824dc5e9e60bd64975ecbf05d79cb4aa3988 |
/data/user/0/com.psiphon3/databases/google_app_measurement_local.db-journal
| MD5 | 630660b36d33adab7d3c2aa7fd5cbef9 |
| SHA1 | 456760c42ef291d193c3c0ceb63adb3bda28e507 |
| SHA256 | 745054691ae11fae7cc4a523407bd6bf1fa5c515acf14a25526db06f3fb60566 |
| SHA512 | 6a761fe2f3b7b4b22e0125aa581324c390f2d5ed7b02e58f03a5999f88abe21456554fc765edab3588b44c7bc2a9530e206e552bbaaa328f2ad11dbc7ee388d4 |
/data/user/0/com.psiphon3/databases/google_app_measurement_local.db-journal
| MD5 | 263f4225cd7d13520644da32b38a3842 |
| SHA1 | 15eb50018df4b6272213efd532ed553a91fb9811 |
| SHA256 | b71b6ce965f0a9de2d024b2b81d333489e0324d43378dc84ed21f7b4f77f24df |
| SHA512 | f6ad136a893bcac4dd0364f6ae34fdda22c964ab585fa185c8bdb786ae28a3cae36a0b478d9c8838cebdb0df38b4509ade84b70f7af487f9cf68461bbb52e3bd |
/data/user/0/com.psiphon3/databases/google_app_measurement_local.db-journal
| MD5 | 611eb8e9f1867222a8c4c6373f2d9b46 |
| SHA1 | 6621ed7a90798090e9e71ef8f0b0942e2b7edc77 |
| SHA256 | 21ce33f5ee8cf872159c074a88fc3d7d9300ea9dea751754f1e02c2a069b8ae5 |
| SHA512 | 3bd007a24c540fa7dc7402c9898c749899ccc26e95d64e5955e43cc340fb1c96dfb3e4e9c0a094ed21a7c086fd789b0b8b03bdb3fe6c411d812cffd1a42ca802 |
/data/user/0/com.psiphon3/databases/google_app_measurement_local.db-journal
| MD5 | 9f6473681da82786d8f2d51de16d1622 |
| SHA1 | 0510929c05a091eeec0477a6694719c2851989ea |
| SHA256 | d3cbd492f74fa63726d59ffa1f4f6b33565ba7551f7bd84c748d2dad1a1889e4 |
| SHA512 | f9e8c2306993414f2840d43367b57c1b9a99c2b22a5c7adbe72c7804a2d114b7a61d82339174681af4815e401bc6bc442bc82e4e4832e394b933e1bebd250f19 |
/data/user/0/com.psiphon3/databases/google_app_measurement_local.db
| MD5 | 21a597f06e0db905f55ef8806bc8d695 |
| SHA1 | 7d8d6e432f05a3e29c7c3f2a14f2ae052da6c388 |
| SHA256 | bd3ed4d9639ac011120efcbc46e1e4f859bb907165c8f2617d48756ce543c2fc |
| SHA512 | 5d87f267867a221b97af79f9f2bec55c3c6b1b5ab45dec48abb689ca137046979df60cba2a01090a0af8bab7f0e0651948abb4f74a81ed98a40b0bed357afea9 |