General
-
Target
Moyetu_bEtaa.exe
-
Size
70.9MB
-
Sample
231220-kppzdsgcb3
-
MD5
682d0ca4044efad7307105ab3d282d27
-
SHA1
87ef8cd31c9170a825528e325a8cad7fee172547
-
SHA256
f99869fda6a82fa11cd3265d8ddfcf0bdb0f185f1e20ac05a4a231e7852b0ad4
-
SHA512
8c87b90bf0cee02043e4366da7486d72ed4d7854c1ad744ea9c8060538da6e8a063059368802af663c1be157bd08699e8c8bb505ff13f50f4ad85c6b5712e23a
-
SSDEEP
1572864:R4/4rzOchP40+ZJ3GPir4aKCt4Rkb6n7IFWEOUuqPf7Jv4FGl7:mkqcd4XLWPoMdRkmn7IFqDqPTh4gl7
Static task
static1
Behavioral task
behavioral1
Sample
Moyetu_bEtaa.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Moyetu_bEtaa.exe
Resource
win10-20231215-en
Behavioral task
behavioral3
Sample
Moyetu_bEtaa.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral4
Sample
Moyetu_bEtaa.exe
Resource
win11-20231215-en
Malware Config
Targets
-
-
Target
Moyetu_bEtaa.exe
-
Size
70.9MB
-
MD5
682d0ca4044efad7307105ab3d282d27
-
SHA1
87ef8cd31c9170a825528e325a8cad7fee172547
-
SHA256
f99869fda6a82fa11cd3265d8ddfcf0bdb0f185f1e20ac05a4a231e7852b0ad4
-
SHA512
8c87b90bf0cee02043e4366da7486d72ed4d7854c1ad744ea9c8060538da6e8a063059368802af663c1be157bd08699e8c8bb505ff13f50f4ad85c6b5712e23a
-
SSDEEP
1572864:R4/4rzOchP40+ZJ3GPir4aKCt4Rkb6n7IFWEOUuqPf7Jv4FGl7:mkqcd4XLWPoMdRkmn7IFqDqPTh4gl7
Score10/10-
Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
-
Irata payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1