Analysis
-
max time kernel
2507723s -
max time network
165s -
platform
android_x64 -
resource
android-x64-20231215-en -
resource tags
androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system -
submitted
20-12-2023 11:35
Static task
static1
Behavioral task
behavioral1
Sample
ac230a51c49d651e6bb95903b04c989d7ae8456658d917e4da2d39c3a3a36979.apk
Behavioral task
behavioral2
Sample
ac230a51c49d651e6bb95903b04c989d7ae8456658d917e4da2d39c3a3a36979.apk
Resource
android-x64-20231215-en
General
-
Target
ac230a51c49d651e6bb95903b04c989d7ae8456658d917e4da2d39c3a3a36979.apk
-
Size
2.0MB
-
MD5
901bc9b3fd27e4b80a874dfe2f901584
-
SHA1
200731a47d14b744b87577d3bcbcd1fec52d55f3
-
SHA256
ac230a51c49d651e6bb95903b04c989d7ae8456658d917e4da2d39c3a3a36979
-
SHA512
c62fbd5844b605b6683b2315550ec89f0d436a1144a81a79f16913f6e5c2710b5c016f7b2e7b57b2f7cf16bd778b83c503cb568aa286ba3ceb6976b16599b39d
-
SSDEEP
49152:GqHfQ/jMNcKZ+rd+3RY7UNUaMPS5Rg7xII29QxAmLAi/szCt:VHfWjMNcCyk3qarMq5m7OvwA4A16
Malware Config
Signatures
-
Brata
Brata is a banking trojan malware first seen in 2019.
-
Brata payload 2 IoCs
resource yara_rule behavioral2/memory/4960-0.dex family_brata2 behavioral2/memory/4960-0.dex family_brata3 -
Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
-
Irata payload 1 IoCs
resource yara_rule behavioral2/memory/4960-0.dex family_irata4 -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/koala.kerox.vip/code_cache/secondary-dexes/base.apk.classes1.zip 4960 koala.kerox.vip -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock koala.kerox.vip
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
631KB
MD573e4710b3893c3b8836480724ac17d26
SHA1f4e14bf67dfb4c67774d14095084c4bea2d3623c
SHA256a8180e6ccb81c771fb3c61c5e41e705bd186c25aba8617982a5d70a70a828dde
SHA5125f683622f9370072c983cb0a75ad2c0caea003d1c38cea63c77335cde72006bb36c9c17896ab8cbd6bb159be11092c507bdb07a59a7a7851ee0d4305303dd4a1
-
Filesize
8B
MD52e5d8aa3dfa8ef34ca5131d20f9dad51
SHA13cc1d5a427a45820b04fe30f78a972b784952460
SHA256cde0fb0dec1400c54a0f7e7eafa73624c53e4da258bbd34b3380a0defeba95c1
SHA512a0527c1de9df8c529337f73be73cf98fcde155fcf00c7522f67a4a6298b52853d9767815d8811c2a7e5e829871a5dea9174b2b7e90fb7c98a62467240dd78434
-
Filesize
7B
MD57dc22b2c6a992f0232345df41303f5ea
SHA1d6df1ab7ac275f8c7aff9d010ccfd0db08bbe2d8
SHA256ec72b9566a9c3501838ae30aeeadb527f0b7545902376fe63b7f9739a8ee4acd
SHA512e9ce661a7e6e66e4aa7e35fc8da1248f04347b8b24afc6df1d42cc05ec562ec12102dc5b3b2537be5bbe966f767b7cca2b4f38da80693d02f7f7f4e189c9137e
-
Filesize
3.8MB
MD5da33e18f0db2af353917b89c0493f1ad
SHA1102c2bc5c0ac0bb284c4746b7d8000f4e8d1a554
SHA256faf02c51ea1d6fac1469345a5cb55b4b8540e19c1f04c9c85cd0cc1e54843f41
SHA512fcd87776a7b50a133e252af6e19e5373367ef3f959aa9636ed817a7e61ed6962c8c058d6b57a0b96eeed8b764703ae2bae97c26f12bb2b1b4b3b6c01d493c8e2