General

  • Target

    Moyetu_bEtaa.exe

  • Size

    70.9MB

  • Sample

    231220-kppzdsgcb3

  • MD5

    682d0ca4044efad7307105ab3d282d27

  • SHA1

    87ef8cd31c9170a825528e325a8cad7fee172547

  • SHA256

    f99869fda6a82fa11cd3265d8ddfcf0bdb0f185f1e20ac05a4a231e7852b0ad4

  • SHA512

    8c87b90bf0cee02043e4366da7486d72ed4d7854c1ad744ea9c8060538da6e8a063059368802af663c1be157bd08699e8c8bb505ff13f50f4ad85c6b5712e23a

  • SSDEEP

    1572864:R4/4rzOchP40+ZJ3GPir4aKCt4Rkb6n7IFWEOUuqPf7Jv4FGl7:mkqcd4XLWPoMdRkmn7IFqDqPTh4gl7

Malware Config

Targets

    • Target

      Moyetu_bEtaa.exe

    • Size

      70.9MB

    • MD5

      682d0ca4044efad7307105ab3d282d27

    • SHA1

      87ef8cd31c9170a825528e325a8cad7fee172547

    • SHA256

      f99869fda6a82fa11cd3265d8ddfcf0bdb0f185f1e20ac05a4a231e7852b0ad4

    • SHA512

      8c87b90bf0cee02043e4366da7486d72ed4d7854c1ad744ea9c8060538da6e8a063059368802af663c1be157bd08699e8c8bb505ff13f50f4ad85c6b5712e23a

    • SSDEEP

      1572864:R4/4rzOchP40+ZJ3GPir4aKCt4Rkb6n7IFWEOUuqPf7Jv4FGl7:mkqcd4XLWPoMdRkmn7IFqDqPTh4gl7

    • Irata

      Irata is an Iranian remote access trojan Android malware first seen in August 2022.

    • Irata payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks