irata | 45f956a3eef5517b7341c119f62cc970c7f2dee4e906481148a1f716891105c9 | Triage

Sharing

General

Target

5bf740d33b8654c1888b6ff6f2f2d32895cdfd9b205be5acb550e3d15cd705fd.zip
Size

2.3MB
Sample

240402-mb8wfsfb73
MD5

16d4c0a13543add2091ab986d7d52d0d
SHA1

d2af809af93630bfc9cb93b8b63a555a42478fd2
SHA256

45f956a3eef5517b7341c119f62cc970c7f2dee4e906481148a1f716891105c9
SHA512

df6b3f0776757ef3192c32b9e5163f0fcdfba93dfb172207fdaafac59a6b248c5f7138fc07995e37baa15d8b9e9263ffd03df7d77814dae44d8ae68d5b6c3598
SSDEEP

49152:lmGPt99bd2aEFjIGfLg0wUirGgDvayUeChcNms9Sbw2nKoNsxv25y570fUXvp:lmO99Jp4IwLgoKnUeChAmuS02nKBOUtR

Score

10^/10

irata android discovery evasion persistence

Malware Config

Targets

- Target
  
  5bf740d33b8654c1888b6ff6f2f2d32895cdfd9b205be5acb550e3d15cd705fd.apk
- Size
  
  3.4MB
- MD5
  
  185103d45cb5c8d59319e8488035e3b4
- SHA1
  
  dfbe249d9af8289ebe83f6c6436054498e9759d5
- SHA256
  
  5bf740d33b8654c1888b6ff6f2f2d32895cdfd9b205be5acb550e3d15cd705fd
- SHA512
  
  eb104556ef2cb685a0a8bca9b71d8bba9ecb857b34c29307a1b37834ae5cb029742e5576315ef0ce57421b698d90b2630e233247edd7d5b23b21184bef4a742a
- SSDEEP
  
  98304:css9Dft3aCrCMr1GoTwr5qUa8Eeu0XVvetu85W:DWDFrDRevmW
Score

7^/10

discovery evasion persistence
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Acquires the wake lock
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistence