Malware Analysis Report

2025-01-19 05:52

Sample ID 231225-hfwpgafehj
Target 0c53eb7c1f0b4d1b9a5a87317848244d
SHA256 6adc7bc2b19e1212cf01b95793483b20819121b5937d9d40d5427563c858221e
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6adc7bc2b19e1212cf01b95793483b20819121b5937d9d40d5427563c858221e

Threat Level: Known bad

The file 0c53eb7c1f0b4d1b9a5a87317848244d was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-25 06:41

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-25 06:41

Reported

2023-12-27 21:21

Platform

android-x64-arm64-20231215-en

Max time kernel

2904912s

Max time network

130s

Command Line

ir.mystore

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.mystore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
BE 173.194.76.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.36:443 www.google.com tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp

Files

/data/user/0/ir.mystore/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/ir.mystore/databases/evernote_jobs.db-journal

MD5 764de028536d7b5fdc1aae92ff3ac128
SHA1 c9162beffe6f9f447f96a579394a9cc17105c35f
SHA256 d615ae6c3bf5c8d1c874bda8bf5af2068b70e17a56e98b055e838f2c1d71534c
SHA512 194d2e8a454846e76474649b77553ca520748b8723d4c095a3ce7141b41d936049504af1aed93bb8b19f66616f812cd3df2a81de473bd2a994e9a7ac8c5e9c1a

/data/user/0/ir.mystore/databases/evernote_jobs.db

MD5 47080e3bfcf2db9b8620f2faf6c5857a
SHA1 6f63c1851255e0fa99567f047382074b086d38bc
SHA256 dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb
SHA512 e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

/data/user/0/ir.mystore/databases/evernote_jobs.db-journal

MD5 cba77a6dac27fc83d70ee7bca4307b8a
SHA1 d12e93bea47d48e39bd2d3f596f708ef956a2d32
SHA256 fa058c7876491c630037f0bef3841f7c8c65c26ec09756eafe6d5786e3f47ab0
SHA512 765e406ef944bcf69ef9a339e568f45cd7e6d1cc4cdf730072f243074491a069b7531b2d87939f89e2017d20ffb3706195a77d662314406c1a2092dcf92e8c68

/data/user/0/ir.mystore/databases/evernote_jobs.db-journal

MD5 1147cf27f58037065f63ab59ed380af1
SHA1 1b54b65e558423d30b6829ec5b473d2410d33ca2
SHA256 78a24b0ff304e089e0f76b7561d86a887ebd307b733c2d69ccb8e67dd95655f1
SHA512 bc241d77d9404c35ee44932c16744762b70d1bb4f5859dbd253bc05212d1572c4ce42836bd243bd3283422974c3e50184a819b980c279070f8c373e896fd697e

/data/user/0/ir.mystore/databases/evernote_jobs.db-journal

MD5 7d052e6da41ebc76345db697924e1b46
SHA1 59131fe8efa6f2019ae733ef2696afee92d33586
SHA256 945140e91020b00d68a43a3b2ecc85cd6bf3cf9812063ab8bb328d0fb2a8806e
SHA512 8387d074ff04741fe6a5bbcfe0aa981f8dcf970190bbe680dd19ffe54ee5e6edbf4030c5d6a53b659b46ab09a75cebb3dd8e464183bfa020edccb20f8911decb

/data/user/0/ir.mystore/databases/evernote_jobs.db

MD5 0a4303f8ddd77f8c89a2cfd9f6fe976c
SHA1 6937e344672fcb928d00c4496677d7302e3bce88
SHA256 05fc2e0677d3722d795a431fbc152014952bd449963d36f8a8179fb11fe938c8
SHA512 169116f44597af03796d39de21b383cf175c86465081f1d8b017ab85f587f5b5945117efeec6b20c578d4a307493441d79191f46c24bafd3007f386a0fbc53dd

/data/user/0/ir.mystore/databases/__pushe_base_lib_db-journal

MD5 efe23565ea9a54ce7a1fc21fb226aa08
SHA1 2aceafca1ccc33c8180622dd5bfb053c5c7534cc
SHA256 d72984fa8c697e4f66c79dc99aea09f0463375559e446a854e0acec4ddb46ff3
SHA512 dde7480e5ab23db002e2147f552853f7c3c252986b4c0e3596aa1a41b71938b5efdee09c167129d6347023b102b79a181a6fc405b98fa95432eeea868f4808c4

/data/user/0/ir.mystore/databases/__pushe_base_lib_db

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/ir.mystore/databases/__pushe_base_lib_db-journal

MD5 6a562bb4ccef1267262bd309823b7d49
SHA1 840d85c7c9b944421ff72209b62934ab086fe0c5
SHA256 bdec803f294b5729a4c2c3dbaec0b50a6ae9eb051f29f0eae88087112ecc6547
SHA512 ce4f4dba963f0472d5e3d9ec79a88ef497e845b9450f2bf76592093f6397c330f7258c25d4d315ac9e9ae880ce7b8c44077a9e2104cde6c0da7dd990c40be0ae

/data/user/0/ir.mystore/databases/__pushe_base_lib_db-journal

MD5 da520d6341518353105d0c7a320beab2
SHA1 31314dca0d26317723d5636290d9ad2016454ed3
SHA256 e16605f092c198e7bcc7da89d737b20dc32974a13cbe5e6b76b2e0cacc6d6cb5
SHA512 cdfe0dac3ef17ee8213485ef318bd3d25fd343b26158c6929f6b1b2c52cf49fa0a379bef82d09705bb6df92cf3983e23ce45939257fec8c33887fd7d53e4e510

/data/user/0/ir.mystore/databases/evernote_jobs.db-journal

MD5 ea0d6cccbba792354ae67d9cb4a7f687
SHA1 144a43a2269eca2ae869932e3b339f9f5eca4ae2
SHA256 29c8bd588ae71561951fead976a4828417e8edaca5607c643ef2677d68ba65a6
SHA512 2239c97bccc394e3bfb603a52f5c7f2fc8ecfd03179abee746315e78de3c02675dca560630b17bf1ba927a105fd1f69c13398f08aec4128be32436c45b05c509

/data/user/0/ir.mystore/databases/evernote_jobs.db

MD5 b3170c5a0a2ab91390462e26b5f819c2
SHA1 9592828ea094b5af9af672bd56a15cb7a432d1ca
SHA256 05c213bbd10742d02dfcf319fb9a1c361b063bddd56c26311b68531f2c22c36d
SHA512 21f1c0807dfad22b126ca3e8876ce16f3c8060218a29c12663e47902c6c8bba3d96fcea9a13aac4004c37e105f744c8e3af6f13ac18e7bef133a8227b20d240e

/data/user/0/ir.mystore/databases/evernote_jobs.db-journal

MD5 50ef86323cbcad1805dd2996644ade77
SHA1 a6f42b561af3455c17999254168927296970d435
SHA256 602c45a1276e29680e664fc293c01fcbdc26430bedf42aca37ffdc595c2519b0
SHA512 8fe6848fac0c5a779e79fcb4fb3a4e5e737b35d3d562706c77eb262a8b885c4deb9147985a59f53e5aae09cf6938cd1eb917e7344020f2692623047d3db940eb

/data/user/0/ir.mystore/databases/evernote_jobs.db

MD5 304a633598d74b1872e4549e1a461219
SHA1 e4fd2210688ef6feef991e508b49b4bbf84ee721
SHA256 1d097059a687b537bbb17bc2034073867e1c23b206eac57591793476d9648669
SHA512 8c5cabb005385d824e1a525de24043a9347a98010279d0288caf60e7b1545e5c6a01da9ef98ef87da50248dac9e6ff1a4640b883ffd0eb19c918a122122592b9

/data/user/0/ir.mystore/databases/evernote_jobs.db

MD5 464791c2d43eb574d4022071fd25f3ec
SHA1 98e025ea62fdf47450999a0eea612163d7bbacd2
SHA256 6656048f0197b7d0bb7e372a4e4a493cc8c2ab2bd8537614b257512253521250
SHA512 76d3b67991599ecda3be97e14f113a4617f924381a8a08ed68d28ac63bb3f37a3e2983a258dfe85b6d5c901244c92f9fd739d57be4bc2aa7f527f03d2f67eea0

/data/user/0/ir.mystore/databases/evernote_jobs.db

MD5 dccc73c7728bb4de6b32b691b6cb629b
SHA1 74b95ab58a9eda4d5bcbac8408585d07ca011678
SHA256 a000858e56c6f1a95af43f53c7dafd581775a26a6df3ec8a233ca6594093ebb2
SHA512 c7cf9bddb2435f5cdaf2ab3f799e1632678a33386f1434c803f85766e6361ccfbd535e83cf5f03df6bdb4b5620b005bfa45bd9acf5a3c1b0ef33fced873548fc

/data/user/0/ir.mystore/databases/__pushe_base_lib_db-journal

MD5 e3e195b7a1586f7cad37f2997290277b
SHA1 7341818621366c4f970eaebe421e0c5b373c7733
SHA256 c187fbc4ba2438e708bc701354f2b844b6b48420c974b31896564edac5cb3e31
SHA512 067bea58ed6f1032d49c6ce97903fee90cb4e4c3a396566b15128d98ffbd82830b897fc86cb8e0dba547cf2e1e8ba57b4ca4fb3c1cbd5c9e1b0526b64e327554

/data/user/0/ir.mystore/databases/__pushe_base_lib_db-journal

MD5 fd9d3282c901a422ebb21f049bbb1b49
SHA1 8f7473abcffe6c251c7e11cbdc344cccee6917a8
SHA256 73445953c28c38cd97b9e5f047374723d83e64dfcef72a1df2ab396de981582a
SHA512 e135211726a0fbee79bbea6f3c86b1fa789cb4f554719eba0bd29b8c30dc09d6657f396c3b389d83a1068fd953f8bc85b24e0342d87162cf39b2d89ee86168f2

/data/user/0/ir.mystore/databases/__pushe_base_lib_db-journal

MD5 cf6258567ec47151fa0895d329e13794
SHA1 186765811d5125883dc55410e7b4ef9705494d21
SHA256 8fcaaabb06bacbe047f6a4b86217f00cebde034cb064ff20f62632f2e8630c4c
SHA512 a189cdcea2fc3a60c8d5c9177f806f91720d7b6743becfcc1c51e5dcdc3cbdce44298562b524760ad4a18ac825db010f124a3c817e48092ff01c51d78d01027f

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-25 06:41

Reported

2023-12-29 11:12

Platform

android-x86-arm-20231215-en

Max time kernel

3041159s

Max time network

147s

Command Line

ir.mystore

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

ir.mystore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
BE 74.125.206.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
FR 216.58.201.100:443 tcp
GB 216.58.212.228:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp

Files

/data/data/ir.mystore/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.mystore/databases/evernote_jobs.db-journal

MD5 4db73fb54dc44cf3270b8ed3dab00464
SHA1 374765f6e6eccbf5e3c50eb82ed310aee8e7e9f3
SHA256 3ce94c298b6fbfc5a62382728b178282fb5e6b388789fe4c2c67a67286453705
SHA512 2dca12dc302bba33bfb579ded8ebc8b3a79b429c68fbf9cc120b85761efb911c9252db3c4ae5ff7f8fa6286209d67ae7578924e93a537b1a38a4d6115dd0cead

/data/data/ir.mystore/databases/evernote_jobs.db

MD5 978fdf85b8448e3a7c9015e51477eb49
SHA1 793bb88398dc9457935a4416638d5ed3974baf19
SHA256 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92
SHA512 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

/data/data/ir.mystore/databases/evernote_jobs.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ir.mystore/databases/evernote_jobs.db-wal

MD5 93d991a012fdbd180edd4907b75c3da3
SHA1 f6896b70d609b3dedb40d723d387a256caf42008
SHA256 868bee2e9a906895f2a6732dbdb2dc0482d47872074a83bb58dadad913d249b7
SHA512 9ceacec8745037c2727fda40ea8c22854173df6b3f8626c2f88e5dade39929d3816d7f31b456aba272c8fcec54d2a9f2c14d3662206a0968bc2437f8dd196823

/data/data/ir.mystore/databases/__pushe_base_lib_db-wal

MD5 7368a640f106a26165b2e0129d3f7168
SHA1 b838b1310eeeb01d2f7218389ab98cca43c80a1d
SHA256 146219a8b247d0ad914e1b8e97b548cf66e3ce304d533e564222a138435a9011
SHA512 39d3292374eb37272c1c89d25a1fb1850a40210108cc6654fb195a03c9f11b336ed1b4454bf4b5ef25a2838f6b6006fc78d5273acd5bef93ad9739d2717759c2

/data/data/ir.mystore/databases/evernote_jobs.db-wal

MD5 31276ed9803ea4b54a22f5471df9664b
SHA1 a1be9bcc4bb23c038e5b74ff6e9d165429a61aa6
SHA256 72cd6460d649ac8a0de60c381c75a8d3c0815fd8772e5e418694b9f1710cbfa9
SHA512 0d4df3e26a20fa09e9f2689b535e08e32c5128420a7615b0c89921fe607d6da5950d9cceb1867464196261da9d7394dd07d8332304f5e5fddda35573fbdebc6d

/data/data/ir.mystore/databases/evernote_jobs.db

MD5 37599f3c9a63d5149088b94a350da534
SHA1 65fbedb0fbbf8ca78498a64565823a4b9ac9c5ce
SHA256 3b84325a18ae37cf1317f3320edb059fba44053a10379abb2273b9543627d8c4
SHA512 7a226aa063502702e1eab10926ecb6c23b14916c9e113b07ce97be6e202efd3fc096dbb846f882dd3c0141c965e616d4f1ece9d70769d5b4f826adb0e2f1c568

/data/data/ir.mystore/databases/evernote_jobs.db-wal

MD5 b6eefda74353a8ad1b68d6efb0a3e1df
SHA1 892ff01ac6149631dc0d8c1dd4bd2070f2b737b8
SHA256 b908d49c69bd760065fc9a710609cb496625f738024be8a095012974609b8336
SHA512 acc92045ab2d323c86c39611ad0f50caffa7c0b81d5d34cbbb401b0d1d0eaedce59f638b26cc54bb9fd854512a02d051c42e01360e639a180615d0861e942020

/data/data/ir.mystore/databases/evernote_jobs.db

MD5 8136a89a3a15c3de45034a1dd50d941e
SHA1 06f772d2d4cd42c8195b7f6f5cb829d8c0294d74
SHA256 dcc751ae7548c42042b06b378d37cc4c65662c46e35683d9178c95390e20a644
SHA512 b354f551a3fb313e7bcfe415896a0551e8df9c76e4b8106bb5720c9e88ddb5b4410d8cf526546a80693988b54e92ae7e5d7236c27a4aa18d060b3f3b8bb5873e

/data/data/ir.mystore/databases/evernote_jobs.db-wal

MD5 1c82dfd50897ee1b697b911c3de8eca3
SHA1 b1d82d652e14b4c842270b6e7d75db1f120db7c7
SHA256 bd247c1828b29f434eb638f40b100cee9f0ee4b78fe88f7473e0b712a5af9b87
SHA512 b1cf7e551ba481de2d950c65c84b1ed32a42671592a8ac228a12c97571da1827186d263c4bfb9a23d3b57ddcb7a2afb95f016628d892f50551ead4d1543521b2

/data/data/ir.mystore/databases/evernote_jobs.db

MD5 8860744ca45b6ca7d5dca2e925903718
SHA1 d2701aef9e3ca7931c4a3afd21f522e088b329b5
SHA256 af09c585d7147e8197790ece0da63e330044fb28d79955c9632dd62a4e0b64df
SHA512 46a78e7023c418f8b579c47a8e955601fe842681e0adfe3414055846c72b9f400a9c573b81cf6dc7a05e4bd47f0042f5fbaceecbd0f1f93c706a7e82a0b283b6