General
-
Target
BetaGrabushka.rar
-
Size
71.0MB
-
Sample
231225-yfqq8achhn
-
MD5
0b01e4d379a614c9745b3a123918cc6a
-
SHA1
6a3138fc60690d1dd30eee0d2b917a24c8b23867
-
SHA256
0abf435906313239d4801e1e709d8b7dfccc8f9cd418a12376741bda27439b84
-
SHA512
2f2b977dae791e2abe9ae132b8738bee152cdfb8c492c2b70f73a1da4fc8431b19ced7e39c9c5748ea217d6de8f02c3ba2f9ec943ab61fdd7860026b05dbb793
-
SSDEEP
1572864:rh3ZdIZdl75hZ4rfti9vXa6d4rXyogkcsO6fW:933al75SVWvXaW4uDIO
Static task
static1
Behavioral task
behavioral1
Sample
BetaGrabushka.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
BetaGrabushka.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
BetaGrabushka.exe
-
Size
70.9MB
-
MD5
6280c09fcfacffc7b9714a662de0d5ef
-
SHA1
1c9301708caa9450c0328513e91e41cef42d2a26
-
SHA256
0fcc1ab0068e89a33b2ae8b911f7658caadd3d9dfb32d4614b827089f073ad07
-
SHA512
efbc9b7f838c46fab19c7325d4ff76d50a6ce7a54c08d5367de49ab0bb6588a07c3c16e30875f0f4d4967d2cf8c78f54ee42efdba7e5c439333a2227d20e54f6
-
SSDEEP
1572864:u4/4rzOchPFmClIqkzA1dz0zGTqw5L0e8t8JgnC7:lkqcd7Kq4A1i87L0et7
Score10/10-
Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
-
Irata payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-