Analysis Overview
SHA256
cb0cdb1ad01fa87c11eacbbaeef9f646206ec99046c32f3b3e467bb7f6e265f2
Threat Level: Known bad
The file KissLand.apk was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Acquires the wake lock
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-03-19 18:48
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-19 18:48
Reported
2024-03-19 18:51
Platform
android-x86-arm-20240221-en
Max time kernel
3s
Max time network
130s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 172.217.169.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.10:443 | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation6084237016423307240tmp
| MD5 | 6ce6a3a5861b3febe5f2a2699afe58be |
| SHA1 | bea8f18233654d01677d6ce35084d3c791f942c4 |
| SHA256 | f5c221271a88edcc7a7b415a083336effcefefe658bf7bde01abf88c059b9ea5 |
| SHA512 | 4005984428695172b71c4975004bb581df058fcea9a726340224e578a9a375eb3e12ece7deb4a5d6324eb793bade07643fcf57de65a05ef0829dd8dc68bcc8d9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-19 18:48
Reported
2024-03-19 18:51
Platform
android-x64-20240221-en
Max time kernel
3s
Max time network
137s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation7585241794579797916tmp
| MD5 | dcebe35d20fbd1f01e2c6ec68d109b35 |
| SHA1 | a2d7f7646c9e3b03caee2fb8013d7baf42944df6 |
| SHA256 | 15a41225c839ed49ed2f963d4e550217a3d8823742d712281ad45e4b4aef88fa |
| SHA512 | d593e95e9df2f58419ef068042d5fc0148081128ecc6598e9999717e5c00a21c354d5b7efbf8dc26572dfb3f1b62f50d2404a2e51cc94723fbf1b438e6ceb0f8 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 0e1482e63ef02c96fb3aee8f3884b34c |
| SHA1 | c44d82a8a3e10ed3ad296fed23a0c98ab58e6cd4 |
| SHA256 | c6b42d9c2a26fa035d487be009a8f1e52c753a09bb1ea4858fd151b356a4792f |
| SHA512 | 75f5525128800ebbe72a0b9aecee22689375e7c1a74e52648aedd3a9e86b8caf904ca3fccf5890080e50f6d53af9c9d1cc62a339e99bf3f6c0e9b5bda77b1f7d |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | eb52a90bb70b76e946b62f50b6f7fb85 |
| SHA1 | 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0 |
| SHA256 | 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4 |
| SHA512 | b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 18f28b43aef3d835d2f7e440f763961c |
| SHA1 | 0f38c44ea2a37ccabc7beac94fa7db7cd0c9a133 |
| SHA256 | 1d087bd7478270bb2595e93c3779b1cfb2cf9be6ab83d589924472748f18c3ef |
| SHA512 | 3f54b71cfd26d81510a5209d378a9fc69895058fa515fceca2091f782658d4dfeb8401bea88c9dbdcd26b9c581ea69656b470ddd729e69ad33bf9cbf73913fbe |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | da73a30a11cde1379e691c36107b5c74 |
| SHA1 | c127f027fd61bbccb62bda4a7c1da9292bf204f1 |
| SHA256 | 62221678ac605a97eac855fe00f2d13af3e191906e5d6f2571bd6400c01d9db3 |
| SHA512 | 94098ef7843283294f20946b4afb3467b6c9ef6e28e27a66d74904a8f088ab3791fbf2c5aed7d45fa9903bf78678c30fd561e2a102ed8386395b3baa29b90035 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | d255c2a1d21ed6257b998cd2fbdf92ed |
| SHA1 | 376c1ba1781f5e662aa385cb307d4fd6aba787cb |
| SHA256 | c00530f4e6080e1083e6185c168d5e7d63c0c924e5dcb63350198c82f703f962 |
| SHA512 | c8a6fca654812682716a502c7ac2cfe5ca18b1dd422746644da0f666eee47b04c80ee13ef00d5c1c6a6054d7f63a1c10bfdeed78b41b9f28e4552594eba251de |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | a4189acf3c556e94591a7f398bf54dab |
| SHA1 | 399d78f357d1119d57d4f36f018305b94d654445 |
| SHA256 | 36c599f4267c8abd4044f82857d39df6e54909500ad7e432bcd4bdf39b26e79a |
| SHA512 | 69043916a21023a59304c13d5422de3b8d9f21b4e76d1cfb05e168003209db79d96fe399d7a7583f83ecc5a02277f4fe21a84ac3ed9664b41b5cdccc80d36cbc |
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-19 18:48
Reported
2024-03-19 18:51
Platform
android-x64-arm64-20240221-en
Max time kernel
3s
Max time network
157s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | udp | |
| GB | 172.217.16.228:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation8923622154571710281tmp
| MD5 | d2daf2cc7babcd255a3e24eace58cc09 |
| SHA1 | de479188ec69883b401a8be6fa198152ec3038ee |
| SHA256 | 920bf8c30ac7fdfffdcce51ecfdcdbacc601e2635197e0435a6111de4f782464 |
| SHA512 | 9e9fb93b3ca79f57673a2cca20a63417d49b94d9ce3ff0ae26f927e229b9387bd79ebfbc8f19877d3cbf5006514a6a531fce83f90829305aa16716f993abe793 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 7027af88acfdfdf8f576b9a7aee4f9f7 |
| SHA1 | cb69910043f3d629e690e0afe7830e003525cd88 |
| SHA256 | 0e98c56c7950353db1bf5a5ff25a4652e13e2b7ba60b248f27a9a60a56b9aac0 |
| SHA512 | 540c7341d6598075bb94ba38e7db6ca1cf671baaf4634520e8bfaa1b90d83d940eefe310be66ead498293d62142c4514e54e6fca424bc2922cd11f37cc9e7cff |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 75d87a3e04791165e6b4fd32e1603a7d |
| SHA1 | c79ec7ddb1d4ed1732005a67534fd43d3a7b9674 |
| SHA256 | 56a5558cd5f5b367fd63258427afbb5c2a652c1089ad4f3d3b088ffef2c8962e |
| SHA512 | b96edefafb2d22d3f06912f84a37f4c17bed4389b8a0b1724ef7fa5f8177d445c22fc34b287ece73754789d9a0d4eb068c32506a1ab6218f9610b5e890c5c840 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | a0b0883d6a74b420546075b38e72f1d0 |
| SHA1 | 84fa2342ff8de8890f985876e810ce7cfdd3cdd2 |
| SHA256 | c7d0349af67025eb36482106e63dd6f039aaf2300965fc0faae97153dfd28275 |
| SHA512 | 85f99068d7ec7343b0de7ee13fff85ed093e2e8a3c6ae78c5ba076b980790e4c6b73f9272eeac9574fcf608433370096d403cfeb68497eba713a1cc74768c709 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 1704f6e8b3851dc3166b67853f0b0216 |
| SHA1 | 321d7c70865518270d131a2cbdb66db374f3425d |
| SHA256 | 942fc101681db53753c040323fa0dfd3517e60b5d702f487ecad087498cd3c3d |
| SHA512 | 7961a20f442e6676f77f3b2587198cecfdfd42ac247b10087f49ca63e8f26552157aa104e7daf5ced537e84809af514a4878e3858d8dd5866b7800a009011621 |
/data/data/org.bax.project/files/PersistedInstallation3401337094257209784tmp
| MD5 | 480cd33b798340f7650970c2c30bed17 |
| SHA1 | f0ad6567482112d819006423e180982104602364 |
| SHA256 | 2d9434eb65ea9ef4ce4bbcd1abed33f19943d55b873f0ccc4a10dc206c8d59ec |
| SHA512 | a0eacc733fccca41fc0c2362dc47e33a088b832da3f30370d575e2aeeb6a92eb9d8c88100cf588148a040809d5f037403e0dbe841099569a33640a4decdef8f3 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | c35db66110de348b7422d964ac051321 |
| SHA1 | e3bf70dce19e9a60c840a39b223bee53b9e713b4 |
| SHA256 | 617110426508e9bf370470dc73f22cd073cde6dc8ab7d685775ee18239173928 |
| SHA512 | 2b27c3a2f269cba38166d3516fe07d3cf8ba443deb23df8884e9206d0c07efcc9e887da989d6fa5f6771ad0a2890b75696b8fc21b372d7d70c25aaf0dd1fb6b4 |