Analysis Overview
SHA256
05ff22637856bb0edd57cb710afa0d6f944c977fd1045dbd78ea3fb634fa8fb0
Threat Level: Known bad
The file 05ff22637856bb0edd57cb710afa0d6f944c977fd1045dbd78ea3fb634fa8fb0.apk was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests dangerous framework permissions
Acquires the wake lock
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-03-22 02:02
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-22 02:02
Reported
2024-03-22 02:04
Platform
android-x86-arm-20240221-en
Max time kernel
3s
Max time network
131s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
edward.org
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.200.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
/data/data/edward.org/files/PersistedInstallation109252973779557542tmp
| MD5 | e9c69f8bc1d967a4eb9a98e726913205 |
| SHA1 | 2b654cdab9dcaec8be08c3e969e85f6a9038b388 |
| SHA256 | 5bdf2bf21d295410e7fcf6ff779f4a7ef4adc9942e7b115992f06389e64d83f4 |
| SHA512 | e0efb8bfe69fa012fdeee8aa350a77980b1ea5ea4489932ed388f78d2efe7ba9462be99dc3bf2822bf9e88067f0258ef88f7030bfd52cdc0a29058a2183c5221 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-22 02:02
Reported
2024-03-22 02:04
Platform
android-x64-20240221-en
Max time kernel
3s
Max time network
159s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
edward.org
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |
Files
/data/data/edward.org/files/PersistedInstallation3779041740180212250tmp
| MD5 | 922d55ab1c2af16315f78ff29452ee06 |
| SHA1 | 9a28c3d0b9092e75c7e31ebab52ca226f3641f76 |
| SHA256 | 410ad9ea0dc5b96c9c9e3aa2a310c9fee3feba23a411e26b76a8126964df3b63 |
| SHA512 | 7203feda6a6d6b651c8321c68cd6f768782c3f050c380471a2b53ee81bb434c54b6a889b1ea5f46439c3a4e25e3cbbd5327047aa19a1c764c6469709d4d187c4 |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | bee46609f8d9a1e1429ade38aee1feb0 |
| SHA1 | dc067e3195e012aa246f5482787cd4d9a9aa038d |
| SHA256 | 966e52006b9bba9fa3ceab8cb35095ed38ce35bad610a74d1dbda1b179732c97 |
| SHA512 | d586eefab0742fa0e49691340585fc57226278a72ab2ec79dcf7e18f4ecc1fa3dd4fe913c4c29c8384b84b82ff91ab76da0415db6cfad179c76a5abd2c7babfc |
/data/data/edward.org/databases/google_app_measurement_local.db
| MD5 | 188c0542bc062e48b614e5ca8c1081af |
| SHA1 | 0eb9b89a5c92957cd1fe748cc063b32853339774 |
| SHA256 | c1ccc325c2699ed7f556cf171566317f706a911c4d02b1644a2a7908b93da58b |
| SHA512 | 62a67f2c56bc3b40d49c80094f160d355a8f67130e1924109426e0481008bc2cd11a9e2675a901abd03cad1e7fe0028031e20d826437edcf35b6f86e2499c2b4 |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | f2f30b156e55ec48298f19be85ce54f8 |
| SHA1 | 6fb6497e8879adc057e79fa9c5112b1f1dda09d3 |
| SHA256 | cf01890de3e0c960a9b1a9548f71c65205c93560b16292b60d41f51ad384807c |
| SHA512 | 7d08d61aa3dd66667fb05f7955d40eb55240accaa51a324b766018e5f556d42ead061b6b356e642e863047a526d840cb0517b2912c0479da2bed76699e360aba |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | 36cce03937cd59e65226e72644bdb072 |
| SHA1 | 833365fdd497dca88c69b15e30cb647c414a2d6d |
| SHA256 | 43abce5d8f96e20ea96fa50b5f5947b5d326f0a4d9c06311e5265f013b2be8e2 |
| SHA512 | 034cb0ba517e3221e92bfc6d61b9894938faebe6a69d63709e3fac5e9ba7b7712205f4a37fcb6d652e4f80f5cbedd32ece48c05c53b50d7a04f58ab8fb715b8a |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | fe7a85ccf661a5de151266ceb28cbe3e |
| SHA1 | 60a7ca9960b4b05093db2517d913e8479cd0e004 |
| SHA256 | 8caa5894a47e682f90a2be7cc72c5c07288930d0eb7a6568f1c3de5315d2563f |
| SHA512 | 330b126f3f43cbf173e69a69fcabe68181d164b382ff5c1573def1364c0577c71a91bc28082d3e23efe182e40f012bedadbc3eaed855fa7cdb5df925c7311fea |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | 6c96ddb3aa9ca6706e514e933fd27541 |
| SHA1 | 48d79a94b4454b636779200b83f13e441fb0b7a5 |
| SHA256 | 9a6d8485efd013b1c8cfd16faf7ea6eef1e50159043cbaec12d352109a2c24e1 |
| SHA512 | c0359437694e1fa8e08843d67e688dc532e587f51c30275be121cb11aa90d7346d87259aa3ccc996f7a8b7bbc557cc72c12d82d53a9c0bd56ccdd20805a8ed2f |
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-22 02:02
Reported
2024-03-22 02:04
Platform
android-x64-arm64-20240221-en
Max time kernel
3s
Max time network
150s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
edward.org
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.234:443 | udp | |
| GB | 172.217.169.46:443 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.228:443 | tcp | |
| GB | 216.58.212.228:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
Files
/data/data/edward.org/files/PersistedInstallation791728842917813143tmp
| MD5 | f97bb34bda983c32ef7fa3ebb41a5868 |
| SHA1 | 3a3c8ef2701b998ddaf4ded2990324194391c27e |
| SHA256 | 7adbcb422cf0da4d914e79a91bddce324d997a078a7db6d6930c11f488ca5a70 |
| SHA512 | cd79705396e9fb17d003b49a9653dff9711dbf0af2013578c43e1e3abfb77e4f425da9b3cb85f81c1bb4864351f26ed3c9c62e6013000ee20ec472dd1ca6a0bd |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | 576246b7a2ac8bc54fb874987b8f1ee2 |
| SHA1 | d7c656687129a236b4b020b742a0a1869673bdb0 |
| SHA256 | 114f59edeab01c036c2d7a36be03d274f5d124435985e163131461a17541691f |
| SHA512 | a592e8ca0fab299d3d2e78390c5ec6cfb513bcb338b97cda3ebff7d8d01ec1fcf76a61a8efe4cbbcb2960842a8da8d4cb8164781578daf17f939eb5a307f4baa |
/data/data/edward.org/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | 10e459b5c4df57a85502dd9aa634254a |
| SHA1 | 3d1cb215020ae8e1b086f09125dbdf3e68fb4b1c |
| SHA256 | c62ecdd57b98c1e9d3d91760d7b2e469680eff3207d124a559ff3f931bc62494 |
| SHA512 | 9ba0ce3fec68b3fb9d77b095f1732a3fc838d5b8e5a78804868571604e39ad0be5e418fcbb3a4b1e9028eab7d8846fa3edbb937474cbcbb866595fdf1b312d15 |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | 1ba226bac628af412a54abf964bdbda3 |
| SHA1 | e969ef5e253a10be29c6984d60edddc9c7cb71f5 |
| SHA256 | fa234511753ba7ac4d5c7c21236c47df71eaffa3ec2c2e2274f30eba08b191c9 |
| SHA512 | a586f5659298a1a73faebedf1451a9f20a31f33edcc5b5dcf974c34b13b702920b67a7f610bb922fe102af3b584953efbbc0548bcda26d76617db76c46e9ebde |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | fc2bb2df8b3560f378d7dea27412c10b |
| SHA1 | c3e8f90f372fdf87c305df2800c6fd100f492ba2 |
| SHA256 | 3e8490ff43df509d09e931aff16f06a65c759c4fc5ebd25e93284e5ae6c5e3b9 |
| SHA512 | 3f0e580acd34d9a5c4bccf332f9d6def547c27785df457ff631c7d7ba8aadda264007afaca4138d41499d40b029c1cf9489d894b21bfb75af8313922bc03e187 |
/data/data/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | cd023e6c844010fc558486190b3568b1 |
| SHA1 | a7589c16880470022c62dfe0771f816c4f81ce74 |
| SHA256 | 12e75cd5609f72aad56b4ae772cff680879d530dc9c7d5514c316b31e73e2f8d |
| SHA512 | 5fc44b4b1b6ce6c4977bc7cc345bfa41a855e79bb2a595497eedfc23cd610d893261119762322bf83d1f26c825f65b9a25c545923e1c8b77b3298c9a3c88d6ca |