Malware Analysis Report

2024-10-19 13:16

Sample ID 240319-xfrg3sbf45
Target KissLand.apk
SHA256 cb0cdb1ad01fa87c11eacbbaeef9f646206ec99046c32f3b3e467bb7f6e265f2
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cb0cdb1ad01fa87c11eacbbaeef9f646206ec99046c32f3b3e467bb7f6e265f2

Threat Level: Known bad

The file KissLand.apk was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Acquires the wake lock

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-03-19 18:48

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-19 18:48

Reported

2024-03-19 18:51

Platform

android-x86-arm-20240221-en

Max time kernel

3s

Max time network

130s

Command Line

org.bax.project

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

org.bax.project

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.169.10:443 tcp

Files

/data/data/org.bax.project/files/PersistedInstallation6084237016423307240tmp

MD5 6ce6a3a5861b3febe5f2a2699afe58be
SHA1 bea8f18233654d01677d6ce35084d3c791f942c4
SHA256 f5c221271a88edcc7a7b415a083336effcefefe658bf7bde01abf88c059b9ea5
SHA512 4005984428695172b71c4975004bb581df058fcea9a726340224e578a9a375eb3e12ece7deb4a5d6324eb793bade07643fcf57de65a05ef0829dd8dc68bcc8d9

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-19 18:48

Reported

2024-03-19 18:51

Platform

android-x64-20240221-en

Max time kernel

3s

Max time network

137s

Command Line

org.bax.project

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

org.bax.project

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/data/data/org.bax.project/files/PersistedInstallation7585241794579797916tmp

MD5 dcebe35d20fbd1f01e2c6ec68d109b35
SHA1 a2d7f7646c9e3b03caee2fb8013d7baf42944df6
SHA256 15a41225c839ed49ed2f963d4e550217a3d8823742d712281ad45e4b4aef88fa
SHA512 d593e95e9df2f58419ef068042d5fc0148081128ecc6598e9999717e5c00a21c354d5b7efbf8dc26572dfb3f1b62f50d2404a2e51cc94723fbf1b438e6ceb0f8

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 0e1482e63ef02c96fb3aee8f3884b34c
SHA1 c44d82a8a3e10ed3ad296fed23a0c98ab58e6cd4
SHA256 c6b42d9c2a26fa035d487be009a8f1e52c753a09bb1ea4858fd151b356a4792f
SHA512 75f5525128800ebbe72a0b9aecee22689375e7c1a74e52648aedd3a9e86b8caf904ca3fccf5890080e50f6d53af9c9d1cc62a339e99bf3f6c0e9b5bda77b1f7d

/data/data/org.bax.project/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 18f28b43aef3d835d2f7e440f763961c
SHA1 0f38c44ea2a37ccabc7beac94fa7db7cd0c9a133
SHA256 1d087bd7478270bb2595e93c3779b1cfb2cf9be6ab83d589924472748f18c3ef
SHA512 3f54b71cfd26d81510a5209d378a9fc69895058fa515fceca2091f782658d4dfeb8401bea88c9dbdcd26b9c581ea69656b470ddd729e69ad33bf9cbf73913fbe

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 da73a30a11cde1379e691c36107b5c74
SHA1 c127f027fd61bbccb62bda4a7c1da9292bf204f1
SHA256 62221678ac605a97eac855fe00f2d13af3e191906e5d6f2571bd6400c01d9db3
SHA512 94098ef7843283294f20946b4afb3467b6c9ef6e28e27a66d74904a8f088ab3791fbf2c5aed7d45fa9903bf78678c30fd561e2a102ed8386395b3baa29b90035

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 d255c2a1d21ed6257b998cd2fbdf92ed
SHA1 376c1ba1781f5e662aa385cb307d4fd6aba787cb
SHA256 c00530f4e6080e1083e6185c168d5e7d63c0c924e5dcb63350198c82f703f962
SHA512 c8a6fca654812682716a502c7ac2cfe5ca18b1dd422746644da0f666eee47b04c80ee13ef00d5c1c6a6054d7f63a1c10bfdeed78b41b9f28e4552594eba251de

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 a4189acf3c556e94591a7f398bf54dab
SHA1 399d78f357d1119d57d4f36f018305b94d654445
SHA256 36c599f4267c8abd4044f82857d39df6e54909500ad7e432bcd4bdf39b26e79a
SHA512 69043916a21023a59304c13d5422de3b8d9f21b4e76d1cfb05e168003209db79d96fe399d7a7583f83ecc5a02277f4fe21a84ac3ed9664b41b5cdccc80d36cbc

Analysis: behavioral3

Detonation Overview

Submitted

2024-03-19 18:48

Reported

2024-03-19 18:51

Platform

android-x64-arm64-20240221-en

Max time kernel

3s

Max time network

157s

Command Line

org.bax.project

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

org.bax.project

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 udp
GB 172.217.16.228:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp

Files

/data/data/org.bax.project/files/PersistedInstallation8923622154571710281tmp

MD5 d2daf2cc7babcd255a3e24eace58cc09
SHA1 de479188ec69883b401a8be6fa198152ec3038ee
SHA256 920bf8c30ac7fdfffdcce51ecfdcdbacc601e2635197e0435a6111de4f782464
SHA512 9e9fb93b3ca79f57673a2cca20a63417d49b94d9ce3ff0ae26f927e229b9387bd79ebfbc8f19877d3cbf5006514a6a531fce83f90829305aa16716f993abe793

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 7027af88acfdfdf8f576b9a7aee4f9f7
SHA1 cb69910043f3d629e690e0afe7830e003525cd88
SHA256 0e98c56c7950353db1bf5a5ff25a4652e13e2b7ba60b248f27a9a60a56b9aac0
SHA512 540c7341d6598075bb94ba38e7db6ca1cf671baaf4634520e8bfaa1b90d83d940eefe310be66ead498293d62142c4514e54e6fca424bc2922cd11f37cc9e7cff

/data/data/org.bax.project/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 75d87a3e04791165e6b4fd32e1603a7d
SHA1 c79ec7ddb1d4ed1732005a67534fd43d3a7b9674
SHA256 56a5558cd5f5b367fd63258427afbb5c2a652c1089ad4f3d3b088ffef2c8962e
SHA512 b96edefafb2d22d3f06912f84a37f4c17bed4389b8a0b1724ef7fa5f8177d445c22fc34b287ece73754789d9a0d4eb068c32506a1ab6218f9610b5e890c5c840

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 a0b0883d6a74b420546075b38e72f1d0
SHA1 84fa2342ff8de8890f985876e810ce7cfdd3cdd2
SHA256 c7d0349af67025eb36482106e63dd6f039aaf2300965fc0faae97153dfd28275
SHA512 85f99068d7ec7343b0de7ee13fff85ed093e2e8a3c6ae78c5ba076b980790e4c6b73f9272eeac9574fcf608433370096d403cfeb68497eba713a1cc74768c709

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 1704f6e8b3851dc3166b67853f0b0216
SHA1 321d7c70865518270d131a2cbdb66db374f3425d
SHA256 942fc101681db53753c040323fa0dfd3517e60b5d702f487ecad087498cd3c3d
SHA512 7961a20f442e6676f77f3b2587198cecfdfd42ac247b10087f49ca63e8f26552157aa104e7daf5ced537e84809af514a4878e3858d8dd5866b7800a009011621

/data/data/org.bax.project/files/PersistedInstallation3401337094257209784tmp

MD5 480cd33b798340f7650970c2c30bed17
SHA1 f0ad6567482112d819006423e180982104602364
SHA256 2d9434eb65ea9ef4ce4bbcd1abed33f19943d55b873f0ccc4a10dc206c8d59ec
SHA512 a0eacc733fccca41fc0c2362dc47e33a088b832da3f30370d575e2aeeb6a92eb9d8c88100cf588148a040809d5f037403e0dbe841099569a33640a4decdef8f3

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 c35db66110de348b7422d964ac051321
SHA1 e3bf70dce19e9a60c840a39b223bee53b9e713b4
SHA256 617110426508e9bf370470dc73f22cd073cde6dc8ab7d685775ee18239173928
SHA512 2b27c3a2f269cba38166d3516fe07d3cf8ba443deb23df8884e9206d0c07efcc9e887da989d6fa5f6771ad0a2890b75696b8fc21b372d7d70c25aaf0dd1fb6b4