General

  • Target

    impact_services_cracked_by_pandora.exe

  • Size

    77.1MB

  • Sample

    231225-1y9cdshhb7

  • MD5

    1743fec078098278bfde93eb29c547f9

  • SHA1

    bc38bb04f0720646678748c7969be78592b509ab

  • SHA256

    3c93eb9c890533a6712e6fb5b957b9e6b1535cbccb9bc9be7ec560abcf8ab508

  • SHA512

    d98dddd50b6d388608bf696d830d7af8e7f2e0c234f41fabb015e82c328f50a4b43c9413f1f7a9c6fd2fcb383e0a2363714844fad88a36f5157977e3f38fc0a3

  • SSDEEP

    1572864:QfMbT7Vl+NKkxzY67SPmAD23yrlF5ZD+CrUt4g37XeMD/:Q0bnVsdhtWrl1DfozLL/

Malware Config

Targets

    • Target

      impact_services_cracked_by_pandora.exe

    • Size

      77.1MB

    • MD5

      1743fec078098278bfde93eb29c547f9

    • SHA1

      bc38bb04f0720646678748c7969be78592b509ab

    • SHA256

      3c93eb9c890533a6712e6fb5b957b9e6b1535cbccb9bc9be7ec560abcf8ab508

    • SHA512

      d98dddd50b6d388608bf696d830d7af8e7f2e0c234f41fabb015e82c328f50a4b43c9413f1f7a9c6fd2fcb383e0a2363714844fad88a36f5157977e3f38fc0a3

    • SSDEEP

      1572864:QfMbT7Vl+NKkxzY67SPmAD23yrlF5ZD+CrUt4g37XeMD/:Q0bnVsdhtWrl1DfozLL/

    • Irata

      Irata is an Iranian remote access trojan Android malware first seen in August 2022.

    • Irata payload

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks