Analysis Overview
score
10/10
SHA256
0c41a6b7c502d2b21d3a42817339dcb64f4d00ce94941d7b951cef899bb9e68e
Threat Level: Known bad
The file cập nhật android.apk was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests dangerous framework permissions
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-03-24 05:18
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-24 05:18
Reported
2024-03-24 05:21
Platform
android-33-x64-arm64-20240229-en
Max time kernel
47s
Max time network
147s
Command Line
android.upgaraa.shah
Signatures
N/A
Processes
android.upgaraa.shah
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.178.4:443 | udp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| BE | 64.233.166.188:5228 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| GB | 172.217.16.234:443 | remoteprovisioning.googleapis.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.227:443 | tcp | |
| US | 1.1.1.1:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| GB | 142.250.178.4:443 | udp | |
| GB | 216.58.213.4:443 | udp | |
| GB | 216.58.213.4:443 | tcp | |
| GB | 216.58.213.4:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 172.217.169.3:443 | tcp | |
| US | 172.64.41.3:443 | udp | |
| GB | 172.217.169.3:443 | udp | |
| GB | 142.250.179.238:443 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | i2.ytimg.com | udp |
| GB | 216.58.204.78:443 | udp |
Files
/data/user/0/android.upgaraa.shah/files/new
| MD5 | 7215ee9c7d9dc229d2921a40e899ec5f |
| SHA1 | b858cb282617fb0956d960215c8e84d1ccf909c6 |
| SHA256 | 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068 |
| SHA512 | f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768 |