Malware Analysis Report

2024-10-19 13:16

Sample ID 240319-xcswqsbd67
Target KissLand.apk
SHA256 cb0cdb1ad01fa87c11eacbbaeef9f646206ec99046c32f3b3e467bb7f6e265f2
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cb0cdb1ad01fa87c11eacbbaeef9f646206ec99046c32f3b3e467bb7f6e265f2

Threat Level: Known bad

The file KissLand.apk was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests dangerous framework permissions

Acquires the wake lock

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-03-19 18:42

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-19 18:42

Reported

2024-03-19 18:46

Platform

android-x86-arm-20240221-en

Max time kernel

3s

Max time network

132s

Command Line

org.bax.project

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

org.bax.project

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp

Files

/data/data/org.bax.project/files/PersistedInstallation1658285600473383036tmp

MD5 d4a3b72443d731b96217a4f9cfb5ff50
SHA1 64c7a06c2f950217219385a7256990daa5744632
SHA256 7170ea61930e8bb706cf8d3295945d13a30eb8d99737232990cd8eec18175635
SHA512 e9d601e560f3da9ee869247415cefc865269fbd5b9fb869e111dc163a90203f74d21fd274d3e7075388b0373425586b3ee57edf8c1b40262a363cef9c8b1d5f8

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-19 18:42

Reported

2024-03-19 18:46

Platform

android-x64-20240221-en

Max time kernel

3s

Max time network

145s

Command Line

org.bax.project

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

org.bax.project

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.187.195:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/data/org.bax.project/files/PersistedInstallation800610503989390784tmp

MD5 c35ba1389bd63b66d00b737e09f7d007
SHA1 f20c8a1117148fd311072cdd52a0f96d94abcf5d
SHA256 905dc60143e921d8c38a9bf80de7fd951a6f25ce88867833591ddffb20f7cad2
SHA512 b09040fd8d1fce72750d43be05862c06ca5534a0524ccf76d89f7d380b0fe74a1b365be4007de297593ba0be86497d42a8be8ef20d052b2d6e3237e162b13f32

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 b27e30b4775aae47a7bf1fd4886b394e
SHA1 f1ae1ae607de77c92a758324c43319d354dbcd06
SHA256 3302c2c4755145f96e614d37ce9590d6f4b5e9fea394f090d5030df797ca639a
SHA512 fb1b88794724e3a9e6588548d41a4408c77298ef073677f0ae2ec1a3bb907cf44609782eff935557370ac57432301403ac1f275679af412089c05edceeb3eed6

/data/data/org.bax.project/databases/google_app_measurement_local.db

MD5 c37b04e1c5341ba6ea283ba0f7964664
SHA1 c13868849b1b85de3232d5677ab62908bcf94897
SHA256 93847d79b16e79b0c497c2b33803e2e2eea12b2ca86c6e9e1c0a24918ada71de
SHA512 69f56aadf8e8b731431f535a09500f18c73a734905b0c3baa86e1f03cc1efbc98aff04339dea8fd672025c9eeed759c8d4f945e2d3b2e4e779daa5c054ce9392

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 e5cfa65ed75c9f6a111ad1f85381e810
SHA1 25e4e5bd43bed1a769a88bd1c1b41f617ee43e1c
SHA256 21421cf5124775253f61716209f9e9d40db7ed41ec1a0cfef9d8ae1e8188a14a
SHA512 994b7f0c5cf42f37cfe4ba995c56c5acd258f6b3e720324ac39119d8b9b9dc5729c86d97c67668f17130e9adde0e1692a82f47d954a16ecb57f13c8a360b8b8d

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 7faec33c1ef20faad02ff3c5ac0d6861
SHA1 95010721a333412a2103f0251a4ee048b041ceb6
SHA256 cd3d4393c66e1bfa86b22f900cb9de29ace835dfff1c395ab2a4eb99fe912811
SHA512 b0a380b442d7a04c40c94b1d611d792fd2c537881bd31cd36a2083b16b62277b3b4127757e91e3b35f6b804b950743dc1b28e0ddf195816a97342e270433862a

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 431567ed7ad735fe73425367e9d243cb
SHA1 f5fd47f79b9e4ababa4263ee80e91826fbaebb35
SHA256 3f9c1c245af118d256a8573848c17845319f3cc226ef322f73d573ae86e7b7b5
SHA512 e21c203ce4970cd9d031cda4e2fe4c94b2d7018db5752f07ddd1f78a06dd7a12d84acfc7f6cdff17aa28a85365db339dff58cc13ad6157c3a940a4e4b1594788

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 a909b0ce4114e991ff6a1b9e8b4ddbe6
SHA1 190fd38f0ca7fe3952b3dbe5a9bb800c51120525
SHA256 5d9cf5fa9c6d16429d7829b8fb5e1cdb2ff4b9bbb727063d406e1a9e516b2764
SHA512 f41df82ffdf93763db4e937fe93d9be1936b228ccfbcfc4060d6575b974ec559bd42a4f75225ec7f8d1f950746aef046b7eab29a642ce57ad7214a3c91dae125

Analysis: behavioral3

Detonation Overview

Submitted

2024-03-19 18:42

Reported

2024-03-19 18:46

Platform

android-x64-arm64-20240221-en

Max time kernel

3s

Max time network

157s

Command Line

org.bax.project

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

org.bax.project

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.74:443 udp
GB 216.58.213.14:443 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
GB 172.217.169.4:443 tcp
GB 172.217.169.4:443 tcp

Files

/data/data/org.bax.project/files/PersistedInstallation4120450746596684658tmp

MD5 abbd76815582b7c28a98d5509ea22a3c
SHA1 3fa313aa72b73e4abe2d8b7b7f2316651bea7e60
SHA256 1cad34c1ca12240a67a008e61f889ceae1747f4f47273ccd66b02cddc76812ed
SHA512 d06df59c830ca5c295f88cd0a4a694548252fc9dff51f3a24630144954b60ba56da025ce97720ca351d3cddc85c6d88f0c2d69f57b34bfa2eac858a14d730cfc

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 c165b62bff94a1af3dc3b32785d20af4
SHA1 b2491694556bc15bfdc598b64e58f953d9875de8
SHA256 26868b9c48af0b11df35e8d9f8ed8eeb2775e2c420ed8086c4903e0e4921f6ac
SHA512 e13e7bee54cec092c62a10e6e83fa77db9597e325d942fde4e2fe62200a19534d0cbb6a2345e2b62385d69c6d93020887bb8f1cc1161b1e0a7ba788bf3f6f791

/data/data/org.bax.project/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 e7b815e4af399b77192eafcec8276b80
SHA1 f1129fb7127a4c129b1a714d8d28f8b397c3cba8
SHA256 8868bd2239690d19b6fc38db757b97ef1be9b918ef4faf6d2308540ad3785c51
SHA512 125e3da5e8773193c37b792f8b6a98c2bb17ce0ca9689eb627b70f8d0ccda234081d2e505d6acf04fbc98391895bbc8341f06764f07df7467df5923829b36abc

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 8f54d9cd8c763257dcbadb7935f9ab30
SHA1 08e601afa1a98ba183087d9dd6e58b335d3ec2eb
SHA256 42a862a33359c81d7fa5544b175f2284901c491905a56b8adc35dbf9cc00b0ae
SHA512 eecbe8837194a9c71b78613a7c1200371135c31932f90ab69715e89a15d3ac68a1cd380e52f8915c42b07599b481104be4a6ee22faac460963a38775a1c6f9b2

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 8e7acab227fd0dec59e175511f64e480
SHA1 6ff59057523c95d5ae0f8de803f0e95b5c143611
SHA256 12744458362edae3d8d70f0e82ffb9d1ba76a7c507d52bbb8d37af64f5ce1482
SHA512 9b14bd7dfca5efaf105819b7aa181710096b57762d99fc0da441efbb615faa1ecc6f1487acf4cab3ab163ecaa89ccd822bed6eec5d136e78f64adb063013a62d

/data/data/org.bax.project/files/PersistedInstallation1939267155279060640tmp

MD5 f0b56c283e945f9b3b53a2f6b3477ed1
SHA1 ede2f6b699e05cdaef1ef9d1f98ab007426eb779
SHA256 3f1e227325f8976739c077ab5f94e0b7bbccb67707b8aff2fd803e51293beb04
SHA512 e6c8088a6f715b5576d25b9c837102b46dfa3ea2a55f2f1fc0ea8eecfa6d150588934e23e2a3425f199c3e51444a607e56de97948da4700a9d557cbdbe8ebb60

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 420787b4195d67a5512282d7fbe94bb4
SHA1 3b1bbbec32b532733ea76d83922333fa714d2b01
SHA256 c9ef01761bdab5ae3f7465ab86f91c70e5fb8694655cc97e71dcf4251b1ef0b1
SHA512 321976d3d39a9c067c6261ab6ae08dc82b896a8b8b17e1cbc2284ae51f31511e757a6e319e151e0a511f3539b451e496c6e6784e3bb30c5e0fda17628ff1a7cf

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 c6315f5a344d9739550b88fc25100f6c
SHA1 ee0c6c1ee1a78355d8ad79ac147aa485ac6033cb
SHA256 2ac0f80564ca6f298902dbd2894d88669365241b63516c761e4d2f663bdbbf8e
SHA512 9e34fdc1846e0410969b6917039ec67556f6d0bc382fb0a985b5377c12b5c99d83a01aa9a02ad51f3ce5cc5b4db0e01ecff34c03abe5be4bbec4396daebbba98

/data/data/org.bax.project/databases/google_app_measurement_local.db

MD5 d017ddb521655d4608a72cdc5e1d3ebe
SHA1 90276d4df2d4ec258239d8fd7832f3a622cf9ef8
SHA256 13c7e19f642a8be12ac7e602cdcd8f7128c4d3412070869331d8c7885a783670
SHA512 a80ea13a89bea3c76bcea912d79ff716416e761e108056e172505e17cf57f72551e09b327e3af638948a945637c3670554032e0e5f45b3a05d6a0beeff3f3fdd