Analysis Overview
SHA256
cb0cdb1ad01fa87c11eacbbaeef9f646206ec99046c32f3b3e467bb7f6e265f2
Threat Level: Known bad
The file KissLand.apk was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests dangerous framework permissions
Acquires the wake lock
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-03-19 18:42
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-19 18:42
Reported
2024-03-19 18:46
Platform
android-x86-arm-20240221-en
Max time kernel
3s
Max time network
132s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation1658285600473383036tmp
| MD5 | d4a3b72443d731b96217a4f9cfb5ff50 |
| SHA1 | 64c7a06c2f950217219385a7256990daa5744632 |
| SHA256 | 7170ea61930e8bb706cf8d3295945d13a30eb8d99737232990cd8eec18175635 |
| SHA512 | e9d601e560f3da9ee869247415cefc865269fbd5b9fb869e111dc163a90203f74d21fd274d3e7075388b0373425586b3ee57edf8c1b40262a363cef9c8b1d5f8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-19 18:42
Reported
2024-03-19 18:46
Platform
android-x64-20240221-en
Max time kernel
3s
Max time network
145s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 142.250.187.195:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation800610503989390784tmp
| MD5 | c35ba1389bd63b66d00b737e09f7d007 |
| SHA1 | f20c8a1117148fd311072cdd52a0f96d94abcf5d |
| SHA256 | 905dc60143e921d8c38a9bf80de7fd951a6f25ce88867833591ddffb20f7cad2 |
| SHA512 | b09040fd8d1fce72750d43be05862c06ca5534a0524ccf76d89f7d380b0fe74a1b365be4007de297593ba0be86497d42a8be8ef20d052b2d6e3237e162b13f32 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | b27e30b4775aae47a7bf1fd4886b394e |
| SHA1 | f1ae1ae607de77c92a758324c43319d354dbcd06 |
| SHA256 | 3302c2c4755145f96e614d37ce9590d6f4b5e9fea394f090d5030df797ca639a |
| SHA512 | fb1b88794724e3a9e6588548d41a4408c77298ef073677f0ae2ec1a3bb907cf44609782eff935557370ac57432301403ac1f275679af412089c05edceeb3eed6 |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | c37b04e1c5341ba6ea283ba0f7964664 |
| SHA1 | c13868849b1b85de3232d5677ab62908bcf94897 |
| SHA256 | 93847d79b16e79b0c497c2b33803e2e2eea12b2ca86c6e9e1c0a24918ada71de |
| SHA512 | 69f56aadf8e8b731431f535a09500f18c73a734905b0c3baa86e1f03cc1efbc98aff04339dea8fd672025c9eeed759c8d4f945e2d3b2e4e779daa5c054ce9392 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | e5cfa65ed75c9f6a111ad1f85381e810 |
| SHA1 | 25e4e5bd43bed1a769a88bd1c1b41f617ee43e1c |
| SHA256 | 21421cf5124775253f61716209f9e9d40db7ed41ec1a0cfef9d8ae1e8188a14a |
| SHA512 | 994b7f0c5cf42f37cfe4ba995c56c5acd258f6b3e720324ac39119d8b9b9dc5729c86d97c67668f17130e9adde0e1692a82f47d954a16ecb57f13c8a360b8b8d |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 7faec33c1ef20faad02ff3c5ac0d6861 |
| SHA1 | 95010721a333412a2103f0251a4ee048b041ceb6 |
| SHA256 | cd3d4393c66e1bfa86b22f900cb9de29ace835dfff1c395ab2a4eb99fe912811 |
| SHA512 | b0a380b442d7a04c40c94b1d611d792fd2c537881bd31cd36a2083b16b62277b3b4127757e91e3b35f6b804b950743dc1b28e0ddf195816a97342e270433862a |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 431567ed7ad735fe73425367e9d243cb |
| SHA1 | f5fd47f79b9e4ababa4263ee80e91826fbaebb35 |
| SHA256 | 3f9c1c245af118d256a8573848c17845319f3cc226ef322f73d573ae86e7b7b5 |
| SHA512 | e21c203ce4970cd9d031cda4e2fe4c94b2d7018db5752f07ddd1f78a06dd7a12d84acfc7f6cdff17aa28a85365db339dff58cc13ad6157c3a940a4e4b1594788 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | a909b0ce4114e991ff6a1b9e8b4ddbe6 |
| SHA1 | 190fd38f0ca7fe3952b3dbe5a9bb800c51120525 |
| SHA256 | 5d9cf5fa9c6d16429d7829b8fb5e1cdb2ff4b9bbb727063d406e1a9e516b2764 |
| SHA512 | f41df82ffdf93763db4e937fe93d9be1936b228ccfbcfc4060d6575b974ec559bd42a4f75225ec7f8d1f950746aef046b7eab29a642ce57ad7214a3c91dae125 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-19 18:42
Reported
2024-03-19 18:46
Platform
android-x64-arm64-20240221-en
Max time kernel
3s
Max time network
157s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.74:443 | udp | |
| GB | 216.58.213.14:443 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.213.8:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.4:443 | tcp | |
| GB | 172.217.169.4:443 | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation4120450746596684658tmp
| MD5 | abbd76815582b7c28a98d5509ea22a3c |
| SHA1 | 3fa313aa72b73e4abe2d8b7b7f2316651bea7e60 |
| SHA256 | 1cad34c1ca12240a67a008e61f889ceae1747f4f47273ccd66b02cddc76812ed |
| SHA512 | d06df59c830ca5c295f88cd0a4a694548252fc9dff51f3a24630144954b60ba56da025ce97720ca351d3cddc85c6d88f0c2d69f57b34bfa2eac858a14d730cfc |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | c165b62bff94a1af3dc3b32785d20af4 |
| SHA1 | b2491694556bc15bfdc598b64e58f953d9875de8 |
| SHA256 | 26868b9c48af0b11df35e8d9f8ed8eeb2775e2c420ed8086c4903e0e4921f6ac |
| SHA512 | e13e7bee54cec092c62a10e6e83fa77db9597e325d942fde4e2fe62200a19534d0cbb6a2345e2b62385d69c6d93020887bb8f1cc1161b1e0a7ba788bf3f6f791 |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | e7b815e4af399b77192eafcec8276b80 |
| SHA1 | f1129fb7127a4c129b1a714d8d28f8b397c3cba8 |
| SHA256 | 8868bd2239690d19b6fc38db757b97ef1be9b918ef4faf6d2308540ad3785c51 |
| SHA512 | 125e3da5e8773193c37b792f8b6a98c2bb17ce0ca9689eb627b70f8d0ccda234081d2e505d6acf04fbc98391895bbc8341f06764f07df7467df5923829b36abc |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 8f54d9cd8c763257dcbadb7935f9ab30 |
| SHA1 | 08e601afa1a98ba183087d9dd6e58b335d3ec2eb |
| SHA256 | 42a862a33359c81d7fa5544b175f2284901c491905a56b8adc35dbf9cc00b0ae |
| SHA512 | eecbe8837194a9c71b78613a7c1200371135c31932f90ab69715e89a15d3ac68a1cd380e52f8915c42b07599b481104be4a6ee22faac460963a38775a1c6f9b2 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 8e7acab227fd0dec59e175511f64e480 |
| SHA1 | 6ff59057523c95d5ae0f8de803f0e95b5c143611 |
| SHA256 | 12744458362edae3d8d70f0e82ffb9d1ba76a7c507d52bbb8d37af64f5ce1482 |
| SHA512 | 9b14bd7dfca5efaf105819b7aa181710096b57762d99fc0da441efbb615faa1ecc6f1487acf4cab3ab163ecaa89ccd822bed6eec5d136e78f64adb063013a62d |
/data/data/org.bax.project/files/PersistedInstallation1939267155279060640tmp
| MD5 | f0b56c283e945f9b3b53a2f6b3477ed1 |
| SHA1 | ede2f6b699e05cdaef1ef9d1f98ab007426eb779 |
| SHA256 | 3f1e227325f8976739c077ab5f94e0b7bbccb67707b8aff2fd803e51293beb04 |
| SHA512 | e6c8088a6f715b5576d25b9c837102b46dfa3ea2a55f2f1fc0ea8eecfa6d150588934e23e2a3425f199c3e51444a607e56de97948da4700a9d557cbdbe8ebb60 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 420787b4195d67a5512282d7fbe94bb4 |
| SHA1 | 3b1bbbec32b532733ea76d83922333fa714d2b01 |
| SHA256 | c9ef01761bdab5ae3f7465ab86f91c70e5fb8694655cc97e71dcf4251b1ef0b1 |
| SHA512 | 321976d3d39a9c067c6261ab6ae08dc82b896a8b8b17e1cbc2284ae51f31511e757a6e319e151e0a511f3539b451e496c6e6784e3bb30c5e0fda17628ff1a7cf |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | c6315f5a344d9739550b88fc25100f6c |
| SHA1 | ee0c6c1ee1a78355d8ad79ac147aa485ac6033cb |
| SHA256 | 2ac0f80564ca6f298902dbd2894d88669365241b63516c761e4d2f663bdbbf8e |
| SHA512 | 9e34fdc1846e0410969b6917039ec67556f6d0bc382fb0a985b5377c12b5c99d83a01aa9a02ad51f3ce5cc5b4db0e01ecff34c03abe5be4bbec4396daebbba98 |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | d017ddb521655d4608a72cdc5e1d3ebe |
| SHA1 | 90276d4df2d4ec258239d8fd7832f3a622cf9ef8 |
| SHA256 | 13c7e19f642a8be12ac7e602cdcd8f7128c4d3412070869331d8c7885a783670 |
| SHA512 | a80ea13a89bea3c76bcea912d79ff716416e761e108056e172505e17cf57f72551e09b327e3af638948a945637c3670554032e0e5f45b3a05d6a0beeff3f3fdd |