irata | cfa83a8a73df1bb5c1cc81d8528695529ac8004e9076d1677876226fab67bbf9 | Triage

Sharing

General

Target

418a4f1832bb257443f24395ffa33f7ab17c308cee40843fb08cf708181f2f34.zip
Size

2.5MB
Sample

240402-mb7y6aef6v
MD5

98fe4738c6192e73e7e3b70a1c013d64
SHA1

73d2675a82a9d84ac296429b4d47f6628bc2dc8d
SHA256

cfa83a8a73df1bb5c1cc81d8528695529ac8004e9076d1677876226fab67bbf9
SHA512

f6f5c2943ca0af459f4c55914ed1f43f35c5aed21f02f573e7a90521e825c1682b8fa997760102c3cdb83f7a325af8a1bdcdcdef79086de8ac7475a40f4b6c24
SSDEEP

49152:FMaRQ/RfP+oG1Aex4uBul0mz7Q1zuxHQKiZqebRBcGVNnwXLeExxN/UC:tR6P+ou4mul0ZzqiICRBdb0mC

Score

10^/10

irata android banker discovery

Malware Config

Targets

- Target
  
  418a4f1832bb257443f24395ffa33f7ab17c308cee40843fb08cf708181f2f34.apk
- Size
  
  3.7MB
- MD5
  
  d51b1a442498b0cb27be21f174fa534a
- SHA1
  
  7dec82f84efd643c6b9aa7a536d21f1ae1a0a96d
- SHA256
  
  418a4f1832bb257443f24395ffa33f7ab17c308cee40843fb08cf708181f2f34
- SHA512
  
  ffe077b06c555794b96ebb5cd38e23b961e61845e5f0a08095bd9d0d71cc50c1c43da6d39ba983855fff6e8140f05cf3678c174f1aa72666b6090883ac9b47d5
- SSDEEP
  
  98304:du/c4rvTwEbl4RoTwr5qcY8ROfjfShYe4LhLuXZF1Iw9eGnLeVI:duU0blDHBL8
Score

8^/10

banker discovery
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankerdiscovery

behavioral2

bankerdiscovery