Malware Analysis Report

2025-01-19 06:49

Sample ID 231223-qbwsnsdca8
Target 1b0a85dcd740e483f61901c3705b026ccdbffece61f6dc85e8b4ac5383d62de1
SHA256 1b0a85dcd740e483f61901c3705b026ccdbffece61f6dc85e8b4ac5383d62de1
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1b0a85dcd740e483f61901c3705b026ccdbffece61f6dc85e8b4ac5383d62de1

Threat Level: Known bad

The file 1b0a85dcd740e483f61901c3705b026ccdbffece61f6dc85e8b4ac5383d62de1 was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 13:05

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Reported

0001-01-01 00:00

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 13:05

Reported

2023-12-27 18:18

Platform

android-x64-20231215-en

Max time kernel

2893882s

Max time network

153s

Command Line

com.bartar_books.pitzairani

Signatures

N/A

Processes

com.bartar_books.pitzairani

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
GB 172.217.169.46:443 tcp
GB 172.217.16.226:443 tcp

Files

/data/data/com.bartar_books.pitzairani/files/all.db

MD5 e811b7f755629976f15ca4e70c6c1dbe
SHA1 084b1a13310b21c71d6bfe255b1a0b501a8c0b1b
SHA256 e2dd3403dcc855e2a622251c909b482e72550bf724e6fd17e055efd6850cd27a
SHA512 53faab008d25c41e41179ab885b7883e3abe8bb6e588824d2e652f6d659cd76e8d2810994f4eeb7047eaba34eb6b58a18b6128d8b1a2707693185a5df633b842

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 13:05

Reported

2023-12-27 18:18

Platform

android-x64-arm64-20231215-en

Max time kernel

2893906s

Max time network

140s

Command Line

com.bartar_books.pitzairani

Signatures

N/A

Processes

com.bartar_books.pitzairani

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 udp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
FR 216.58.201.104:443 ssl.google-analytics.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

/data/user/0/com.bartar_books.pitzairani/files/all.db

MD5 e811b7f755629976f15ca4e70c6c1dbe
SHA1 084b1a13310b21c71d6bfe255b1a0b501a8c0b1b
SHA256 e2dd3403dcc855e2a622251c909b482e72550bf724e6fd17e055efd6850cd27a
SHA512 53faab008d25c41e41179ab885b7883e3abe8bb6e588824d2e652f6d659cd76e8d2810994f4eeb7047eaba34eb6b58a18b6128d8b1a2707693185a5df633b842