brata | ac230a51c49d651e6bb95903b04c989d7ae8456658d917e4da2d39c3a3a36979

Analysis

max time kernel
2507738s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
20-12-2023 11:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac230a51c49d651e6bb95903b04c989d7ae8456658d917e4da2d39c3a3a36979.apk
Size

2.0MB
MD5

901bc9b3fd27e4b80a874dfe2f901584
SHA1

200731a47d14b744b87577d3bcbcd1fec52d55f3
SHA256

ac230a51c49d651e6bb95903b04c989d7ae8456658d917e4da2d39c3a3a36979
SHA512

c62fbd5844b605b6683b2315550ec89f0d436a1144a81a79f16913f6e5c2710b5c016f7b2e7b57b2f7cf16bd778b83c503cb568aa286ba3ceb6976b16599b39d
SSDEEP

49152:GqHfQ/jMNcKZ+rd+3RY7UNUaMPS5Rg7xII29QxAmLAi/szCt:VHfWjMNcCyk3qarMq5m7OvwA4A16

Score

10^/10

brata irata banker infostealer rat trojan

Malware Config

Signatures

Brata
Brata is a banking trojan malware first seen in 2019.
banker trojan infostealer rat brata

Brata payload 2 IoCs

Processes:

resource	yara_rule
/data/user/0/koala.kerox.vip/code_cache/secondary-dexes/base.apk.classes1.zip	family_brata2
/data/user/0/koala.kerox.vip/code_cache/secondary-dexes/base.apk.classes1.zip	family_brata3

Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
trojan infostealer rat irata

Irata payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/koala.kerox.vip/code_cache/secondary-dexes/base.apk.classes1.zip	family_irata4

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

koala.kerox.vip

ioc pid process

/data/user/0/koala.kerox.vip/code_cache/secondary-dexes/base.apk.classes1.zip 4610 koala.kerox.vip
Acquires the wake lock 1 IoCs

Processes:

koala.kerox.vip

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock koala.kerox.vip

ioc	pid	process
/data/user/0/koala.kerox.vip/code_cache/secondary-dexes/base.apk.classes1.zip	4610	koala.kerox.vip

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	koala.kerox.vip

koala.kerox.vip
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
PID:4610

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/koala.kerox.vip/code_cache/secondary-dexes/base.apk.classes1.zip

Filesize
3.8MB

MD5
da33e18f0db2af353917b89c0493f1ad

SHA1
102c2bc5c0ac0bb284c4746b7d8000f4e8d1a554

SHA256
faf02c51ea1d6fac1469345a5cb55b4b8540e19c1f04c9c85cd0cc1e54843f41

SHA512
fcd87776a7b50a133e252af6e19e5373367ef3f959aa9636ed817a7e61ed6962c8c058d6b57a0b96eeed8b764703ae2bae97c26f12bb2b1b4b3b6c01d493c8e2

Download Submit
/data/user/0/koala.kerox.vip/code_cache/secondary-dexes/tmp-base.apk.classes3108271918219698869.zip

Filesize
1.6MB

MD5
c740e99cfd836657198d0109fca75ad7

SHA1
e4833e97ebc857b4405aa4b2d73835e557886636

SHA256
8c252a4d36f3a8f9bd0a431c04f0aa083796c8061f083cf0eed9c22dae00b774

SHA512
92d5372e9b011d60029a4a35c36f237bcc9a5e4d6e9caa5d105f4eb4b9bb91a3c14edbd48ebb870d27474cfc0134af35e16ca6671bffc68d402220cdfc7a8383

Download Submit
/data/user/0/koala.kerox.vip/files/a11y

Filesize
8B

MD5
2e5d8aa3dfa8ef34ca5131d20f9dad51

SHA1
3cc1d5a427a45820b04fe30f78a972b784952460

SHA256
cde0fb0dec1400c54a0f7e7eafa73624c53e4da258bbd34b3380a0defeba95c1

SHA512
a0527c1de9df8c529337f73be73cf98fcde155fcf00c7522f67a4a6298b52853d9767815d8811c2a7e5e829871a5dea9174b2b7e90fb7c98a62467240dd78434

Download Submit
/data/user/0/koala.kerox.vip/files/a11y

Filesize
7B

MD5
7dc22b2c6a992f0232345df41303f5ea

SHA1
d6df1ab7ac275f8c7aff9d010ccfd0db08bbe2d8

SHA256
ec72b9566a9c3501838ae30aeeadb527f0b7545902376fe63b7f9739a8ee4acd

SHA512
e9ce661a7e6e66e4aa7e35fc8da1248f04347b8b24afc6df1d42cc05ec562ec12102dc5b3b2537be5bbe966f767b7cca2b4f38da80693d02f7f7f4e189c9137e

Download Submit