Analysis Overview
SHA256
cb0cdb1ad01fa87c11eacbbaeef9f646206ec99046c32f3b3e467bb7f6e265f2
Threat Level: Known bad
The file cb0cdb1ad01fa87c11eacbbaeef9f646206ec99046c32f3b3e467bb7f6e265f2.apk was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests dangerous framework permissions
Acquires the wake lock
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-03-20 02:40
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-20 02:40
Reported
2024-03-20 02:42
Platform
android-x86-arm-20240221-en
Max time kernel
3s
Max time network
149s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation3015649163603662045tmp
| MD5 | 7a75abb3fde1f8dc58d36410bf8bbe32 |
| SHA1 | 1186db6a6287a7759fc1e4b428a572df6b2e1ba9 |
| SHA256 | 5e6c9a26bc21af4b31abe11bc211827e291b4d5d94731761f77182e71b8fbeb5 |
| SHA512 | 1820a0ffa1d2064acd5eb4b55af96fe94544cd009b379d6c04f80b85b0a2a756519c5fce7eaed1ffe964f55b54120ba75fd6d1e653b8f76097587d905e55bc4b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-20 02:40
Reported
2024-03-20 02:42
Platform
android-x64-20240221-en
Max time kernel
4s
Max time network
142s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 216.58.201.106:443 | tcp | |
| GB | 216.58.212.228:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | nyljffbctmquo | udp |
| US | 1.1.1.1:53 | labthetqnshtowr | udp |
| US | 1.1.1.1:53 | opmdfonuabcnfh | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| BE | 108.177.15.188:5228 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| GB | 216.58.212.195:443 | tcp | |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 216.58.212.195:443 | tcp | |
| US | 1.1.1.1:53 | g.tenor.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 216.58.212.238:443 | www.youtube.com | udp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | g.tenor.com | udp |
| GB | 172.217.169.10:443 | g.tenor.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
Files
/data/data/org.bax.project/files/PersistedInstallation3045393874388878238tmp
| MD5 | 5c060a938c291438ba2cc154311c8aa5 |
| SHA1 | 47f4398ff5366ffffe43d1969424628b804f3e58 |
| SHA256 | 6f722e209f663fca1a9145bdd164abb13af89ee3a453f5045bf8020f05ca6869 |
| SHA512 | 49966f3056a6a4e87e9049cb3a4b72408fec839c26ddbd845c42b1edf7e6ea27f3e3f09a33c68947ee44b09c2d84aab6f480c87eb6c0f7d76e8620a318f3a206 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 3c64149d194cdee483ff029ebba54c3e |
| SHA1 | 9c17226c6f5cc0482a86b1b50d7cb5cb86ed01f1 |
| SHA256 | b9d43e17d1eaff688acfc4f6fd9fe01c74154a67c1ce41e49d40a99c8b07b122 |
| SHA512 | 5f8f346245c27a24f27c776a0c4f9c62db2926e3f3c845a16322cc9d3ea3aa4e623f68bd5dabbadf581fd01c132120138e70734c91a115e88c218473371e7821 |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | ea628e04765adaf4238a5dcdff4bbd51 |
| SHA1 | a801947619ea8c368efe9c006a324dc6339ac60b |
| SHA256 | 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4 |
| SHA512 | c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | bd6ff14b56c7e997d65cfadb7441b44e |
| SHA1 | f18f8e85f05046e2a5a213f9c6778ac6b678d90d |
| SHA256 | 4217a0e9d471a4e054ec37fed524f3212296ec21183d696255b147c06d2032c5 |
| SHA512 | 4728ec3e4d65802693261ab5e3c2029c2fb65dbbebe9859b899ab6754e121f3da319c01b09d03ec4859662ab9543288b2707a35aa915b551993dacb75210447f |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 5699a88520373566e83b11b50d9069ba |
| SHA1 | ce2910fff5eb83400ea1b0332463ac9c4b8117d3 |
| SHA256 | 310ff1c2948b691f3ae8b83afd7acb6990d36ec245afaa33686c26140ba022c0 |
| SHA512 | 43b029db502f4c514aeec61035304c448efd53858fe4055b479fc1ec5ec398b75a6a18e078685ae266777ba06813c5ac012385c84399c334cf3753de6c97924f |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | f97ab89128597e525c29343f8b65afd8 |
| SHA1 | 88cf7ba15d881d9218dbfb7e492a9cd9d2d37775 |
| SHA256 | 7246cee490b3feea5a29a5244e77f9ec7887e228af527775f737bdbca31a298d |
| SHA512 | fbe5a43233eb93ead783acc1ddf7b26612073657b0937868ad453eb1660871c43413482d064a6b8af5b7374249f0855ef8d7dea27d8d09f995ca0a817660c62f |
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-20 02:40
Reported
2024-03-20 02:43
Platform
android-x64-arm64-20240221-en
Max time kernel
3s
Max time network
150s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | udp | |
| GB | 142.250.200.14:443 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.228:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation1822555757171711488tmp
| MD5 | 407b54df68047506c6346a595d8804d6 |
| SHA1 | 84f0f2eb85959d468f073dd8b20689b012399d2c |
| SHA256 | ae5b98597ca5768d6123fbeed4c32a77455cf448e575070e76c349718db9502b |
| SHA512 | 8013d68a2ca82cf91be17fb22a90e56642ddf40aa778d5bfe91ac94d7e392c70dd5a90b5461d66a0084559075a5a43e58a16a247d5facbeedc71855b460c287d |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 9d3171c23939a235e420482ac3756f2a |
| SHA1 | d87f93ec91d711a9b575cc5df76fcc5d618b830d |
| SHA256 | 9602d3e082864b9f64d2736d98ae7ec892573fc1b307838915cb94add33059ba |
| SHA512 | 5e743bcee3a77929e0d98e91738c264230fbadd8326a76b05bb687ebdd9a1c57bcee2fbe6c0e8efc4c05c5078a5c03dc4aa51f6f1fce8b7a7e57d76d4fb62969 |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | 73dde037d43818d6392e51665bee0446 |
| SHA1 | 79d2b7aaad055aaa21aa371d61b05684c2164073 |
| SHA256 | d8aa44c8b932aa136e23d352f22689c2173c343125e0e7588bb111fb635b30be |
| SHA512 | 95c88a7ca75a3f60fc3715bcac6a0a0f67bcf8a3a9fde5482f15e8da321521faf184548fc7a31df3f6019c48214b97a683b9fd7d0d2b1bd5595e50fb5d80f4fe |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 6c9199a681c49802fa7c4254a46c0830 |
| SHA1 | 7f5bbb4db371c0b595697f75f270dd1a3e86ccb4 |
| SHA256 | 0256890892e5583fc3aeaa50ed68f4c3cf86c0dc77216c9f242b694b8d50c81f |
| SHA512 | 7821ed24d95de4840cd8c4e817c59476fa0a85257ae9988d0a8b95bceb71d61f6e9068703675be794dbe30cc02f084f01fe5a398ae781bb45437a6f2b025d2f2 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 61d25079d8082c70c26971322bc8e1e5 |
| SHA1 | 2d6b70e2b09b0dcb60543f1d799b0c68512ab850 |
| SHA256 | 41a45a0707d3ed8c2c8a17b94336c38d4eca7f0fe83212e49b33517352bf5dd4 |
| SHA512 | 8b69b46cb52d180598c923dda894b1ab9260c6d92c3703ebb129f6023772bef718ac020cabd91574101db383d67b1b10a1e836eeae0b7cff03dae422d24d05f3 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 0a8359ffba1ec377b34535b37dec57c1 |
| SHA1 | 7884da4929c60939c5af797bc6a832d3f2db7b8a |
| SHA256 | 4662a8c9fcbb060223c56aa128da9622f2a9cb63753341092284b87de9e9096a |
| SHA512 | 5be3dde5db24c7073114cd0aaeafb54ce62fadd51d4e52f6fe6cf5e338ac2127b800fc17f207315e1c55b935c84bc7f475847c694f7bbfcbc9e4ef1f79b391c8 |
/data/data/org.bax.project/files/PersistedInstallation6390524023868965123tmp
| MD5 | 99bbe9a913cdf8b6313e2b23fca96576 |
| SHA1 | c26afc4888ae0fbf24bc96d312ed2f5acca64cfe |
| SHA256 | 10391d2e3e469d98dd6b6a56a097164f8bb1f0390a6a604d10f4db8e3ba6d026 |
| SHA512 | c614949391fd16d347e592a1213dbf6250340bda3ecd9682a85382bd18907ccfb8f5c78dc74270b5f1185f38d4561636b441efb5f1b34346b64a0e5cf2c15130 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | be2c49a68856742568f486618106438a |
| SHA1 | 492b4f0a7e45584f6b4ab578b84d7f8828008a10 |
| SHA256 | cdb95f08dc12a15229c1e501d7d6d8256c6441afbdbbd1a3ee5b2062ebc791fc |
| SHA512 | aaf995cc29e48b9da40dcb10492719de143e30719212bdf6dc1bf3df0616671d621a50e7e436daa4ac684d0ff47393f1f2bc566b2e19943df505a7b09cd62480 |