Analysis Overview
SHA256
6adc7bc2b19e1212cf01b95793483b20819121b5937d9d40d5427563c858221e
Threat Level: Known bad
The file 0c53eb7c1f0b4d1b9a5a87317848244d was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Requests dangerous framework permissions
Acquires the wake lock
Reads information about phone network operator.
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-25 06:41
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-25 06:41
Reported
2023-12-27 21:21
Platform
android-x64-arm64-20231215-en
Max time kernel
2904912s
Max time network
130s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.mystore
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | udp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| BE | 173.194.76.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
Files
/data/user/0/ir.mystore/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/ir.mystore/databases/evernote_jobs.db-journal
| MD5 | 764de028536d7b5fdc1aae92ff3ac128 |
| SHA1 | c9162beffe6f9f447f96a579394a9cc17105c35f |
| SHA256 | d615ae6c3bf5c8d1c874bda8bf5af2068b70e17a56e98b055e838f2c1d71534c |
| SHA512 | 194d2e8a454846e76474649b77553ca520748b8723d4c095a3ce7141b41d936049504af1aed93bb8b19f66616f812cd3df2a81de473bd2a994e9a7ac8c5e9c1a |
/data/user/0/ir.mystore/databases/evernote_jobs.db
| MD5 | 47080e3bfcf2db9b8620f2faf6c5857a |
| SHA1 | 6f63c1851255e0fa99567f047382074b086d38bc |
| SHA256 | dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb |
| SHA512 | e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473 |
/data/user/0/ir.mystore/databases/evernote_jobs.db-journal
| MD5 | cba77a6dac27fc83d70ee7bca4307b8a |
| SHA1 | d12e93bea47d48e39bd2d3f596f708ef956a2d32 |
| SHA256 | fa058c7876491c630037f0bef3841f7c8c65c26ec09756eafe6d5786e3f47ab0 |
| SHA512 | 765e406ef944bcf69ef9a339e568f45cd7e6d1cc4cdf730072f243074491a069b7531b2d87939f89e2017d20ffb3706195a77d662314406c1a2092dcf92e8c68 |
/data/user/0/ir.mystore/databases/evernote_jobs.db-journal
| MD5 | 1147cf27f58037065f63ab59ed380af1 |
| SHA1 | 1b54b65e558423d30b6829ec5b473d2410d33ca2 |
| SHA256 | 78a24b0ff304e089e0f76b7561d86a887ebd307b733c2d69ccb8e67dd95655f1 |
| SHA512 | bc241d77d9404c35ee44932c16744762b70d1bb4f5859dbd253bc05212d1572c4ce42836bd243bd3283422974c3e50184a819b980c279070f8c373e896fd697e |
/data/user/0/ir.mystore/databases/evernote_jobs.db-journal
| MD5 | 7d052e6da41ebc76345db697924e1b46 |
| SHA1 | 59131fe8efa6f2019ae733ef2696afee92d33586 |
| SHA256 | 945140e91020b00d68a43a3b2ecc85cd6bf3cf9812063ab8bb328d0fb2a8806e |
| SHA512 | 8387d074ff04741fe6a5bbcfe0aa981f8dcf970190bbe680dd19ffe54ee5e6edbf4030c5d6a53b659b46ab09a75cebb3dd8e464183bfa020edccb20f8911decb |
/data/user/0/ir.mystore/databases/evernote_jobs.db
| MD5 | 0a4303f8ddd77f8c89a2cfd9f6fe976c |
| SHA1 | 6937e344672fcb928d00c4496677d7302e3bce88 |
| SHA256 | 05fc2e0677d3722d795a431fbc152014952bd449963d36f8a8179fb11fe938c8 |
| SHA512 | 169116f44597af03796d39de21b383cf175c86465081f1d8b017ab85f587f5b5945117efeec6b20c578d4a307493441d79191f46c24bafd3007f386a0fbc53dd |
/data/user/0/ir.mystore/databases/__pushe_base_lib_db-journal
| MD5 | efe23565ea9a54ce7a1fc21fb226aa08 |
| SHA1 | 2aceafca1ccc33c8180622dd5bfb053c5c7534cc |
| SHA256 | d72984fa8c697e4f66c79dc99aea09f0463375559e446a854e0acec4ddb46ff3 |
| SHA512 | dde7480e5ab23db002e2147f552853f7c3c252986b4c0e3596aa1a41b71938b5efdee09c167129d6347023b102b79a181a6fc405b98fa95432eeea868f4808c4 |
/data/user/0/ir.mystore/databases/__pushe_base_lib_db
| MD5 | 171aedf968e17a2744d2585715606cb9 |
| SHA1 | bbeddeb3b89fcf809619c35b4a318a80e7d5b029 |
| SHA256 | d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e |
| SHA512 | 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b |
/data/user/0/ir.mystore/databases/__pushe_base_lib_db-journal
| MD5 | 6a562bb4ccef1267262bd309823b7d49 |
| SHA1 | 840d85c7c9b944421ff72209b62934ab086fe0c5 |
| SHA256 | bdec803f294b5729a4c2c3dbaec0b50a6ae9eb051f29f0eae88087112ecc6547 |
| SHA512 | ce4f4dba963f0472d5e3d9ec79a88ef497e845b9450f2bf76592093f6397c330f7258c25d4d315ac9e9ae880ce7b8c44077a9e2104cde6c0da7dd990c40be0ae |
/data/user/0/ir.mystore/databases/__pushe_base_lib_db-journal
| MD5 | da520d6341518353105d0c7a320beab2 |
| SHA1 | 31314dca0d26317723d5636290d9ad2016454ed3 |
| SHA256 | e16605f092c198e7bcc7da89d737b20dc32974a13cbe5e6b76b2e0cacc6d6cb5 |
| SHA512 | cdfe0dac3ef17ee8213485ef318bd3d25fd343b26158c6929f6b1b2c52cf49fa0a379bef82d09705bb6df92cf3983e23ce45939257fec8c33887fd7d53e4e510 |
/data/user/0/ir.mystore/databases/evernote_jobs.db-journal
| MD5 | ea0d6cccbba792354ae67d9cb4a7f687 |
| SHA1 | 144a43a2269eca2ae869932e3b339f9f5eca4ae2 |
| SHA256 | 29c8bd588ae71561951fead976a4828417e8edaca5607c643ef2677d68ba65a6 |
| SHA512 | 2239c97bccc394e3bfb603a52f5c7f2fc8ecfd03179abee746315e78de3c02675dca560630b17bf1ba927a105fd1f69c13398f08aec4128be32436c45b05c509 |
/data/user/0/ir.mystore/databases/evernote_jobs.db
| MD5 | b3170c5a0a2ab91390462e26b5f819c2 |
| SHA1 | 9592828ea094b5af9af672bd56a15cb7a432d1ca |
| SHA256 | 05c213bbd10742d02dfcf319fb9a1c361b063bddd56c26311b68531f2c22c36d |
| SHA512 | 21f1c0807dfad22b126ca3e8876ce16f3c8060218a29c12663e47902c6c8bba3d96fcea9a13aac4004c37e105f744c8e3af6f13ac18e7bef133a8227b20d240e |
/data/user/0/ir.mystore/databases/evernote_jobs.db-journal
| MD5 | 50ef86323cbcad1805dd2996644ade77 |
| SHA1 | a6f42b561af3455c17999254168927296970d435 |
| SHA256 | 602c45a1276e29680e664fc293c01fcbdc26430bedf42aca37ffdc595c2519b0 |
| SHA512 | 8fe6848fac0c5a779e79fcb4fb3a4e5e737b35d3d562706c77eb262a8b885c4deb9147985a59f53e5aae09cf6938cd1eb917e7344020f2692623047d3db940eb |
/data/user/0/ir.mystore/databases/evernote_jobs.db
| MD5 | 304a633598d74b1872e4549e1a461219 |
| SHA1 | e4fd2210688ef6feef991e508b49b4bbf84ee721 |
| SHA256 | 1d097059a687b537bbb17bc2034073867e1c23b206eac57591793476d9648669 |
| SHA512 | 8c5cabb005385d824e1a525de24043a9347a98010279d0288caf60e7b1545e5c6a01da9ef98ef87da50248dac9e6ff1a4640b883ffd0eb19c918a122122592b9 |
/data/user/0/ir.mystore/databases/evernote_jobs.db
| MD5 | 464791c2d43eb574d4022071fd25f3ec |
| SHA1 | 98e025ea62fdf47450999a0eea612163d7bbacd2 |
| SHA256 | 6656048f0197b7d0bb7e372a4e4a493cc8c2ab2bd8537614b257512253521250 |
| SHA512 | 76d3b67991599ecda3be97e14f113a4617f924381a8a08ed68d28ac63bb3f37a3e2983a258dfe85b6d5c901244c92f9fd739d57be4bc2aa7f527f03d2f67eea0 |
/data/user/0/ir.mystore/databases/evernote_jobs.db
| MD5 | dccc73c7728bb4de6b32b691b6cb629b |
| SHA1 | 74b95ab58a9eda4d5bcbac8408585d07ca011678 |
| SHA256 | a000858e56c6f1a95af43f53c7dafd581775a26a6df3ec8a233ca6594093ebb2 |
| SHA512 | c7cf9bddb2435f5cdaf2ab3f799e1632678a33386f1434c803f85766e6361ccfbd535e83cf5f03df6bdb4b5620b005bfa45bd9acf5a3c1b0ef33fced873548fc |
/data/user/0/ir.mystore/databases/__pushe_base_lib_db-journal
| MD5 | e3e195b7a1586f7cad37f2997290277b |
| SHA1 | 7341818621366c4f970eaebe421e0c5b373c7733 |
| SHA256 | c187fbc4ba2438e708bc701354f2b844b6b48420c974b31896564edac5cb3e31 |
| SHA512 | 067bea58ed6f1032d49c6ce97903fee90cb4e4c3a396566b15128d98ffbd82830b897fc86cb8e0dba547cf2e1e8ba57b4ca4fb3c1cbd5c9e1b0526b64e327554 |
/data/user/0/ir.mystore/databases/__pushe_base_lib_db-journal
| MD5 | fd9d3282c901a422ebb21f049bbb1b49 |
| SHA1 | 8f7473abcffe6c251c7e11cbdc344cccee6917a8 |
| SHA256 | 73445953c28c38cd97b9e5f047374723d83e64dfcef72a1df2ab396de981582a |
| SHA512 | e135211726a0fbee79bbea6f3c86b1fa789cb4f554719eba0bd29b8c30dc09d6657f396c3b389d83a1068fd953f8bc85b24e0342d87162cf39b2d89ee86168f2 |
/data/user/0/ir.mystore/databases/__pushe_base_lib_db-journal
| MD5 | cf6258567ec47151fa0895d329e13794 |
| SHA1 | 186765811d5125883dc55410e7b4ef9705494d21 |
| SHA256 | 8fcaaabb06bacbe047f6a4b86217f00cebde034cb064ff20f62632f2e8630c4c |
| SHA512 | a189cdcea2fc3a60c8d5c9177f806f91720d7b6743becfcc1c51e5dcdc3cbdce44298562b524760ad4a18ac825db010f124a3c817e48092ff01c51d78d01027f |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-25 06:41
Reported
2023-12-29 11:12
Platform
android-x86-arm-20231215-en
Max time kernel
3041159s
Max time network
147s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
ir.mystore
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| BE | 74.125.206.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| FR | 216.58.201.100:443 | tcp | |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
Files
/data/data/ir.mystore/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.mystore/databases/evernote_jobs.db-journal
| MD5 | 4db73fb54dc44cf3270b8ed3dab00464 |
| SHA1 | 374765f6e6eccbf5e3c50eb82ed310aee8e7e9f3 |
| SHA256 | 3ce94c298b6fbfc5a62382728b178282fb5e6b388789fe4c2c67a67286453705 |
| SHA512 | 2dca12dc302bba33bfb579ded8ebc8b3a79b429c68fbf9cc120b85761efb911c9252db3c4ae5ff7f8fa6286209d67ae7578924e93a537b1a38a4d6115dd0cead |
/data/data/ir.mystore/databases/evernote_jobs.db
| MD5 | 978fdf85b8448e3a7c9015e51477eb49 |
| SHA1 | 793bb88398dc9457935a4416638d5ed3974baf19 |
| SHA256 | 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92 |
| SHA512 | 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38 |
/data/data/ir.mystore/databases/evernote_jobs.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/ir.mystore/databases/evernote_jobs.db-wal
| MD5 | 93d991a012fdbd180edd4907b75c3da3 |
| SHA1 | f6896b70d609b3dedb40d723d387a256caf42008 |
| SHA256 | 868bee2e9a906895f2a6732dbdb2dc0482d47872074a83bb58dadad913d249b7 |
| SHA512 | 9ceacec8745037c2727fda40ea8c22854173df6b3f8626c2f88e5dade39929d3816d7f31b456aba272c8fcec54d2a9f2c14d3662206a0968bc2437f8dd196823 |
/data/data/ir.mystore/databases/__pushe_base_lib_db-wal
| MD5 | 7368a640f106a26165b2e0129d3f7168 |
| SHA1 | b838b1310eeeb01d2f7218389ab98cca43c80a1d |
| SHA256 | 146219a8b247d0ad914e1b8e97b548cf66e3ce304d533e564222a138435a9011 |
| SHA512 | 39d3292374eb37272c1c89d25a1fb1850a40210108cc6654fb195a03c9f11b336ed1b4454bf4b5ef25a2838f6b6006fc78d5273acd5bef93ad9739d2717759c2 |
/data/data/ir.mystore/databases/evernote_jobs.db-wal
| MD5 | 31276ed9803ea4b54a22f5471df9664b |
| SHA1 | a1be9bcc4bb23c038e5b74ff6e9d165429a61aa6 |
| SHA256 | 72cd6460d649ac8a0de60c381c75a8d3c0815fd8772e5e418694b9f1710cbfa9 |
| SHA512 | 0d4df3e26a20fa09e9f2689b535e08e32c5128420a7615b0c89921fe607d6da5950d9cceb1867464196261da9d7394dd07d8332304f5e5fddda35573fbdebc6d |
/data/data/ir.mystore/databases/evernote_jobs.db
| MD5 | 37599f3c9a63d5149088b94a350da534 |
| SHA1 | 65fbedb0fbbf8ca78498a64565823a4b9ac9c5ce |
| SHA256 | 3b84325a18ae37cf1317f3320edb059fba44053a10379abb2273b9543627d8c4 |
| SHA512 | 7a226aa063502702e1eab10926ecb6c23b14916c9e113b07ce97be6e202efd3fc096dbb846f882dd3c0141c965e616d4f1ece9d70769d5b4f826adb0e2f1c568 |
/data/data/ir.mystore/databases/evernote_jobs.db-wal
| MD5 | b6eefda74353a8ad1b68d6efb0a3e1df |
| SHA1 | 892ff01ac6149631dc0d8c1dd4bd2070f2b737b8 |
| SHA256 | b908d49c69bd760065fc9a710609cb496625f738024be8a095012974609b8336 |
| SHA512 | acc92045ab2d323c86c39611ad0f50caffa7c0b81d5d34cbbb401b0d1d0eaedce59f638b26cc54bb9fd854512a02d051c42e01360e639a180615d0861e942020 |
/data/data/ir.mystore/databases/evernote_jobs.db
| MD5 | 8136a89a3a15c3de45034a1dd50d941e |
| SHA1 | 06f772d2d4cd42c8195b7f6f5cb829d8c0294d74 |
| SHA256 | dcc751ae7548c42042b06b378d37cc4c65662c46e35683d9178c95390e20a644 |
| SHA512 | b354f551a3fb313e7bcfe415896a0551e8df9c76e4b8106bb5720c9e88ddb5b4410d8cf526546a80693988b54e92ae7e5d7236c27a4aa18d060b3f3b8bb5873e |
/data/data/ir.mystore/databases/evernote_jobs.db-wal
| MD5 | 1c82dfd50897ee1b697b911c3de8eca3 |
| SHA1 | b1d82d652e14b4c842270b6e7d75db1f120db7c7 |
| SHA256 | bd247c1828b29f434eb638f40b100cee9f0ee4b78fe88f7473e0b712a5af9b87 |
| SHA512 | b1cf7e551ba481de2d950c65c84b1ed32a42671592a8ac228a12c97571da1827186d263c4bfb9a23d3b57ddcb7a2afb95f016628d892f50551ead4d1543521b2 |
/data/data/ir.mystore/databases/evernote_jobs.db
| MD5 | 8860744ca45b6ca7d5dca2e925903718 |
| SHA1 | d2701aef9e3ca7931c4a3afd21f522e088b329b5 |
| SHA256 | af09c585d7147e8197790ece0da63e330044fb28d79955c9632dd62a4e0b64df |
| SHA512 | 46a78e7023c418f8b579c47a8e955601fe842681e0adfe3414055846c72b9f400a9c573b81cf6dc7a05e4bd47f0042f5fbaceecbd0f1f93c706a7e82a0b283b6 |