Analysis Overview
SHA256
a3d9af3a503dd47d7e1614438127cb8720093b632d787037f7b2cfb335bd39a1
Threat Level: Known bad
The file 30e32b40f5fbbc3e81150e35b2bb703832c557c742c80de15140a9272d03f715.zip was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Acquires the wake lock
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-04-02 10:18
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-02 10:18
Reported
2024-04-02 10:25
Platform
android-x86-arm-20240221-en
Max time kernel
3s
Max time network
130s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation6006999319805590098tmp
| MD5 | e1659af3a0056650500dc5322359184b |
| SHA1 | 7d77bfb9aae7037a9a6047adb9fea18e6c07a9f7 |
| SHA256 | 3fcab14a9bcd0f5ea70940f397a5e1eec27792be529bca12518a2a480cc68d6f |
| SHA512 | 91ef25e6c8ad76b3915ae221409e57de5490a912e26995f5e038c38ec8618170708d372676735c345f3a3b6f261109f744cdb02787e5b1131bb6d7877c66d4ed |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-02 10:18
Reported
2024-04-02 10:26
Platform
android-x64-20240221-en
Max time kernel
3s
Max time network
138s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 142.250.179.238:443 | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation194707102747799948tmp
| MD5 | a0177bc086f4320ad59326e6d6c60fb6 |
| SHA1 | 070e347523673e4c153c6835e5d19798cfee9951 |
| SHA256 | d37ac93165160961e1208771bb46f08dce6915aac62cba28c1ed0b0c4cafdff3 |
| SHA512 | 3dfa113aa558ad3fb5ebf452f2d5d53f724b0fb5c6b0af8e3ec09ff4d44cbbb87078ba68e175482c5b023e6069b37cb4844afa7256cab2ea77c82b01ac1e9b9f |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 7a740230957380eee9ca25522c13afd0 |
| SHA1 | 69308db38905501b5ba19b7ad021cd7795b02da0 |
| SHA256 | 0da5c0c7d07fd92991733d323506f26a8e6422c4d26c532dee6fad1ceba69f79 |
| SHA512 | 1e9de9d5e96054125e6059b4f07757f513fb3745d7c0acca3699ac6ff40aa3262fb85020fc9b642896a727de96ef7cd68e3903fc7784d8ac1a48dfee136ed27d |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | 188c0542bc062e48b614e5ca8c1081af |
| SHA1 | 0eb9b89a5c92957cd1fe748cc063b32853339774 |
| SHA256 | c1ccc325c2699ed7f556cf171566317f706a911c4d02b1644a2a7908b93da58b |
| SHA512 | 62a67f2c56bc3b40d49c80094f160d355a8f67130e1924109426e0481008bc2cd11a9e2675a901abd03cad1e7fe0028031e20d826437edcf35b6f86e2499c2b4 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 43a0bde53144791a71206db3616d0dfa |
| SHA1 | edaeebf64ca1c9397477e857897b597c93b6a27c |
| SHA256 | a248a752f2b24d6a0fac052ec98c1b3d7effdf6d4163c2b9b87fdc898121964d |
| SHA512 | a442d02943c98f2bb734b9450840b6d840d70f4712526204006d2b68104ab7e23c15b043c065356516b28479d3f33bed8330371ae8e9f2a87a3ba701d382e23f |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | c39744bc46760e9ec41a6990f0bc9d17 |
| SHA1 | 77323fef75c14a813ac6485a30b30a6db9c21dc2 |
| SHA256 | 4d7d7ca5ffe6b73e1f37ae16e4424a82e2ed6c8825c8f67e1b01695d4c9e7e9e |
| SHA512 | 3c47b06ec945caba236e606c33ff36b119959f978392e0b0eccc5d13859172138950562d4a09ba2196664d5f50e85697e72fabeac14753e830888814a36bd344 |
/data/data/org.bax.project/files/PersistedInstallation5115037497705985553tmp
| MD5 | 63ab7f2534623833be149529ba590a59 |
| SHA1 | 040fb88d18d22bbe7d5d92109e1beafefd004bc1 |
| SHA256 | 7d64f67b48eae330a6969c05a5946dde1c328e742e1a430f1d34a99e613d4f41 |
| SHA512 | 8994146a8bb385f872e300610f0cc0966cb7a2a07f002417116453d2c55b749f18b1ea4f2c02009a034307ec516860b228a0d66f6b8fb534c6c3c84d87aebab4 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 48404ab1738166caaf2033a197bb903e |
| SHA1 | a07247328c002c4a14cf3021b49a2140a26634ff |
| SHA256 | 18198d63a7986838570e9bf25af78fa9a49f466cf7723fdf3085cda75b9be3cd |
| SHA512 | 1b9fed566020aec4fef7417fed15f46850e9d1cd0cafd07431fa2818c30e84ed5ed8bb3cc86816742d05390e0d529b31f04c8455ef150c34b1665c57eba7960f |
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-02 10:18
Reported
2024-04-02 10:26
Platform
android-x64-arm64-20240221-en
Max time kernel
4s
Max time network
140s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.10:443 | udp | |
| GB | 216.58.213.14:443 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation6647591081611359857tmp
| MD5 | 3fb1e4726eac242946db4b8f98aff771 |
| SHA1 | dbb7e8c2e17d79ac5c45e80a452ad9ff45eede0d |
| SHA256 | 6b81516fac74be83580cc8adab7fc596f7ee50c7c44f68783ed6ae187b4857cb |
| SHA512 | 9d3630b3f257e68ae4145a8f4a7c036b47c88e418fad054d95c883930514089eb5a95a9ced27ca81923397782c55ced1fcbd685fca082f732f7475f419d0444a |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 0b366529a4805d85576875a8d6538612 |
| SHA1 | 83a3ecebf9e8ce2be643669c919741a1edb8a2aa |
| SHA256 | 37f38dd02487c45d055892989a28acb0b9eedd83968ff5cd63610c901338580a |
| SHA512 | 8bf3acc99c11420a7ccf6286f0aabe5b3a625097251e3b0a47f0460aa045dad7857f8c54849299014a3632c3e65f42572e706326598a884c1a30d29171aa98c4 |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 4e906784995cea407a416c571dcff8cc |
| SHA1 | 9ed21d53ef6b7cf8179f66554f8206ae2db710c4 |
| SHA256 | 327861fa3cecd50ddfae16793e577c61781b2aff6e8eb75399b21c134291bda1 |
| SHA512 | 874c7805c9bf4ecc30c9fd5a0697492051d79b4d5188c5227a276e31241f45bd7c90b97e3a6028d6686eba86b072defbcdfc77542fd3ff62bb36970fb7028868 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 12fee822f24d801401945c38a9d9df10 |
| SHA1 | da936aa264945dc98b737204635ab09ab5ed29b3 |
| SHA256 | 886535dffd63a0ba94c7e8be9f085a1ae239bc9178c7d6b30f8f6902f4375146 |
| SHA512 | 91ded9b6ff70ff7ca65e72b10a230777634fce84c92980b29c563656c2e93450c47a857818e0bac1a32402d6bbbba5c83d4de3febec10c94687067f472ebf07f |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 5532c26097fdcbbffd5ed8009c80ce77 |
| SHA1 | ab38c62befcf9f984cd91102990da146ddb88926 |
| SHA256 | 2aee75d587f7fc8fd439d6f210b1497722215cf7006cd56ebc6edb637612f9c5 |
| SHA512 | f761ea7cf8b0d93e7a47396d2c207d5e6bf0837724dda48916ccbfe36ac5cfe3d06f991009683ae91e1f9870b732e53fc24f51b89f306795e730e33a3adf9bea |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 30623978771e140fda5ca43f9d1e5698 |
| SHA1 | 23e866c441b5bffa6ba054e7268d471feb6a7170 |
| SHA256 | e2e804bab1613e8a0389087ad0d5d0abe4fb64725a3fdac29950445a5300c446 |
| SHA512 | 7466f1dd4df87e74a7ec0b2698fb6d0d77d99c9614f8870051470d42cf38b87ead9471b84bb1f52894319cabe8d372d626d56c0b7a39134bed95edc0636dc7d2 |
/data/data/org.bax.project/files/PersistedInstallation7704769096697778756tmp
| MD5 | 66800d6ac42beb6a1acb1e7536062727 |
| SHA1 | c19d3f0ad866d0baa11c8b8c5db2813d36632935 |
| SHA256 | bb9aaa0a2e15ab172cd5fdb8e6718f160c955c9365c2a6134a0bc5e3d73625b0 |
| SHA512 | a6b1a8f76617738495f45216bc3c8f37a6bf7087335dd0a1658903f8743938d5da5b15be0f6797fd8c449de54f2acdad22d9fbf9a4750e43a71358b157dde101 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 0419d1eeb841441e3fb41c4e4fd13ab4 |
| SHA1 | 002e1107531fcbf61e78edff2b63532a5cf5e576 |
| SHA256 | 649193457a59f9765b6279ee8ce07ae868b132208f29649b8be15818c315c8d1 |
| SHA512 | 24a3c4959cdd7f1fe083b135b42b78ec0a40ce82711202b54786c3171fe0abcbf9c293e814ba068644f905ab62feddb1a7333c436b66a4c12af46d41d57a6f80 |