Analysis Overview
SHA256
05ff22637856bb0edd57cb710afa0d6f944c977fd1045dbd78ea3fb634fa8fb0
Threat Level: Known bad
The file KissLand.apk was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Acquires the wake lock
Reads information about phone network operator.
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-21 06:44
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-21 06:44
Reported
2024-03-21 06:47
Platform
android-x86-arm-20240221-en
Max time kernel
2s
Max time network
138s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
edward.org
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.42:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/data/edward.org/files/PersistedInstallation7875911931552853808tmp
| MD5 | 260b0a8d8c633a6f6bbb2a519f86681f |
| SHA1 | 147b8fd6fe113c4ab83de266579aa7fe414a5768 |
| SHA256 | 55f5644397c4adb88741c5bd02a3646fa234a05c654f1cb1cc1a819fdd257ded |
| SHA512 | b0dff9c578ef06dde39a04a6e789e0ae016b246631991443b7e9a208c0a9b1af69acee56d07f256579c3cb0af6fcc3d0c4d7cc176a63300fb261f42ae76ce5ac |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-21 06:44
Reported
2024-03-21 06:47
Platform
android-x64-20240221-en
Max time kernel
3s
Max time network
146s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
edward.org
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/data/edward.org/files/PersistedInstallation7948621223151726513tmp
| MD5 | 1f9ab292d4fab46eac6daede9eb3494c |
| SHA1 | ac3ccf4c2e08dc24e6ecaf1db0d5342e250e6725 |
| SHA256 | 216a82f8ece4e373da03c4dd2c70ac77a8290822894c1f5cb1bb90c867d8a470 |
| SHA512 | 4ec291151bb9c996c7f67b28be6cabbc7100b7fc7c58c0c34497e5111deb27215a3551941c44fea606bb9fffa143a80dbbf084cf910d87cd4bceb05c054d5c46 |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | 7fbb69978898b9149f49542824b65f9d |
| SHA1 | 0a1db0390a63bde5123cf6aa71240b87cc498a0a |
| SHA256 | c76c0a18bd3b95b9208aedba1b4b57650fcdc7be7fa592bb03601577fa4f07cb |
| SHA512 | 45247d0f6246616e87d078f1d5fa6bf725966c1b1f2e875280a56364f1c5eaa0c0e79e75c6076849f9494cf63baf484dcc37023a02eb111ddf4b3a5d70aa771d |
/data/data/edward.org/databases/google_app_measurement_local.db
| MD5 | 188c0542bc062e48b614e5ca8c1081af |
| SHA1 | 0eb9b89a5c92957cd1fe748cc063b32853339774 |
| SHA256 | c1ccc325c2699ed7f556cf171566317f706a911c4d02b1644a2a7908b93da58b |
| SHA512 | 62a67f2c56bc3b40d49c80094f160d355a8f67130e1924109426e0481008bc2cd11a9e2675a901abd03cad1e7fe0028031e20d826437edcf35b6f86e2499c2b4 |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | 0d13e4c497cd5a44b3b300f7c033e57d |
| SHA1 | 09b88ec38d1e7dc092740090e0d06f32cad2b0c1 |
| SHA256 | 6f98796326ed48c79feaadc80cb4027e785597a02c0e248ae55750074d32e2da |
| SHA512 | 09aa172dbcc82ef261198c2df439a6a698912e1bab75053b0b7e11632fc932f59e9d86bae9c7e220334379a54dc7f981d22f4724517b415b5f7eba9d09be971a |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | 15aa4c92de118c449b1019fd1ecb6031 |
| SHA1 | d5e143d4ad8afffc1039909ecdd0ec4d76faf7ac |
| SHA256 | 8be299dd1663c03d43d075a8b233c92c51ef188d165e724bf8468ba6bb00f7a5 |
| SHA512 | 7bfe26318712a2e099018ab790995608bd550bf1895c0041f90738a624aab058d938282e0be4709ae0673829d0eafe16795d4e5ca717861868386cd40239eaba |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | a26387dbec5c13e019f8285f8e066347 |
| SHA1 | 8dab2596a84a05f86f2a3f6648f70055791febe1 |
| SHA256 | 5fd28d2acfb2e24e2006e538c9fa05853f669e20f492a7922379e6b7f2effaac |
| SHA512 | 60c04c59e0b65544a995bb5a19b28f87e70ef53a1d0f72b3ecc570190369adf865bed13fd32a752a4866331a2bc533e515b7c995481b9eff46cbf55d2e230206 |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | 25acee076b0e4b351f191da37eda141f |
| SHA1 | ef8927936c877a16520245429a0a1518e693f63c |
| SHA256 | d6ffb9a687f2a2a811db8bf1262fe3d7c354dd4ed10830c26de7c61a9a0748f7 |
| SHA512 | 1f5e84ab763ad3d2d853f69dc012300338e18ae5083159d13247abeb099eb984ef9a9c6a3e17fff305654c79501709a0637e3d565afa863d4f79f5fc6f02de0c |
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-21 06:44
Reported
2024-03-21 06:47
Platform
android-x64-arm64-20240221-en
Max time kernel
3s
Max time network
150s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
edward.org
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/data/edward.org/files/PersistedInstallation6648116360390667377tmp
| MD5 | 2b3d152ef53f30a84dcb9e9e45d31f36 |
| SHA1 | 2bfb1143ef7021db7b0376f9cc298b09f864c975 |
| SHA256 | 3553f079c8a639f9e0587b34d6ed9d3d8bd0bd36fa1114fc0aac8d2c38a0b2cd |
| SHA512 | 5402b9a91f526a0b2d6f71abd40ec7fef8dc96b07519836fb084af271ae87a8877d586e5ae03e70ce951afdf8556dc50328526fd2cfc9853946ed93337b0ba2e |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | eedfecba8b7b3e1e5da5f8dbe67d25ed |
| SHA1 | e6340a9087d67b2fad2da7af05deb836414ce4a9 |
| SHA256 | bdf8c0f67cb47073eb86202b6839afb8b295cfc0a84c3686869a32e2e4bda986 |
| SHA512 | c9fa7c62bf7dbfb37803d5d39ebef9922f38c2a8a47c16ad4b9741e20b324191b53d2a98cc3983a4a929a548a3636244d538934aa24ed342f8a9818102a3914f |
/data/data/edward.org/databases/google_app_measurement_local.db
| MD5 | 73dde037d43818d6392e51665bee0446 |
| SHA1 | 79d2b7aaad055aaa21aa371d61b05684c2164073 |
| SHA256 | d8aa44c8b932aa136e23d352f22689c2173c343125e0e7588bb111fb635b30be |
| SHA512 | 95c88a7ca75a3f60fc3715bcac6a0a0f67bcf8a3a9fde5482f15e8da321521faf184548fc7a31df3f6019c48214b97a683b9fd7d0d2b1bd5595e50fb5d80f4fe |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | ae446d2bbbcb01ed625ab22af260b32d |
| SHA1 | a41e7914913fccbf957611b9d46d5504dca8df6c |
| SHA256 | 7bde2ec2de3898b046109058f1881019ba17744b2c5a38890b05850d71e0e730 |
| SHA512 | d5186481407767d5916963ef14915e3c5dc8002707be97d99088c50b5bdc35a40440032a8961680a6e10fda9434eccae34be5581d73eb759cce34b143964b138 |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | bc3064bd7f30def0420a175d8912c0a7 |
| SHA1 | a742f5b569cca7c110a7dc5fffd3335d7c88370a |
| SHA256 | 40604aae2c03f7e42ed0de565a9ea40176a6e1b5fc86c7ed0a449b9df858b375 |
| SHA512 | d80deedcf77f00a9100b9a23ab500e44595e10005a3e0a6895bdf1f1523cfcfb8916bb928bed4595c597f9d6dca54ac84b9e25865e7e7245b6cdc67f01fd1153 |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | bd093446decc91502e06517cd490e87f |
| SHA1 | b6273be2db39261137ead87de889caa0c552290b |
| SHA256 | 3cf6712be2ef4098d641ba8d18a39eb2c594fb35e77444f9ece2aba52a5cd4ba |
| SHA512 | 56e8b19c0e20634c7744efaf287d33b49010904f57670f9b27004dd8a7f5597e7d699da54874446a55a0ff3b2a36f0dfddff1ae316a96c01a6628ca5b4683632 |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | cda6f261a8535210ce74736e80fceedd |
| SHA1 | d32c5d8b24373e6e8561e1fcf79d001b729cb9a4 |
| SHA256 | 5b26869e1f0474f48bd6839bba24527602d01d0ebe1c15c9cfce885d25813857 |
| SHA512 | dfa60c152482e0c4a4c8cead131abaaee8e9afdccd117f2356478bab50a60ce1b9e9e4a67854e7ad4e21b9039984ee25bf82080b6b1275d9ea0dbc56421ba8fd |