Analysis Overview
SHA256
be4c1b703300fdfb906b392e86ee7ff6c03414fc0d824e97035a33e06d3c4918
Threat Level: Known bad
The file 6251ea2e5b4de643e03bd61ac1736bb804e0ca01e9ee773dfd72946e3c446abb.zip was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Acquires the wake lock
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-04-02 10:18
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-02 10:18
Reported
2024-04-02 10:29
Platform
android-x86-arm-20240221-en
Max time kernel
3s
Max time network
149s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation4520217427367208847tmp
| MD5 | 9d8594231445393e0cc57a8a896c31f3 |
| SHA1 | 72ee58d99a309021c68f66845491c9bff45dccb0 |
| SHA256 | 765e433d7d13b114f56b9d60b063df8dbfd3b19a040251e80891efb6279d1860 |
| SHA512 | f105fefdbbc37c3f8ee48157fd049fc9d73e1ed73c2ad941288bf97b33e052baea88287ee3ae0d6be5b7bd16b21296fd71f138735991bcfc9414626a926566e2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-02 10:18
Reported
2024-04-02 10:29
Platform
android-x64-20240221-en
Max time kernel
3s
Max time network
135s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation8795498186713919352tmp
| MD5 | e777f3f4fb0c986c9c58d840d6dbc732 |
| SHA1 | 2767a0f2e26f41b81b157c9dd3920eef9411d42e |
| SHA256 | cbbde70d73c682aef1dcb868184a832d709d780586d4d7f17725ae11bf7ff4da |
| SHA512 | 77c56b6beb622529d50444cfeacf57e866c2a848b78291ed120719240344f2d12c24eebc64b6e58a35884cfca2ea8723b76e161ae76970197f32f34a4ef20e9c |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 0c220490fa72f38cb0f81698de92c35d |
| SHA1 | 6056f81fe751080005a2c6af721459c62a7d003b |
| SHA256 | 1466ebcdf3a8b10b85c14f56f9218078c2a68d5b559e9b60c0e89c577279f1bb |
| SHA512 | 375db6218063a24ee18259987ecb8e642d9765f7e18a00fc2450a8e78d5b2014e8fab12195e13b1101657aaf5822192c1f20d25dd6071a518dacdba08c73e6b0 |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | eb52a90bb70b76e946b62f50b6f7fb85 |
| SHA1 | 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0 |
| SHA256 | 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4 |
| SHA512 | b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 4c81eefa10efa678307a58b0c6089aee |
| SHA1 | 4122e9c1d6fe3a07a14feba3f24451827b5fda88 |
| SHA256 | ea31905649fbe4dd0b647a43c8267ee6bca087a8a6e4bb1da8a3043da7fdc64b |
| SHA512 | cf6d7aac6f276d4bd463b344d38a1d2c5da1843c8cd4e2f718ad7d7e5afb35f2f41a9f0024e99e90e821ae2c28fa42dfb3feabaa0c646aea064e1912a00ffb37 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | dda84247994eee5bc93da7bf897bba50 |
| SHA1 | 3ce02a05408a9f8a96eeaf8631afcfa68d1cacd7 |
| SHA256 | 19644098a5f98eeb11f39a8125d048cc8a8bb7d6ec17ba63e58aa0db5437fe97 |
| SHA512 | dff2975289463375bfd5edd1cfd218e1bf615e423cc9cf65efa65c0511e2a4d336fb568865f714c46d65c2b0a2a6de9bd234dcc9e9ea943976caf77d91743c50 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | b079e08d422faea3d8dbf7f139c61def |
| SHA1 | feecd98cd30488f58aaf4e7b3a583edd5396d612 |
| SHA256 | 68e676c7207db46e14aa0a7eb6e79b32fb4d8269c0295cf7e4d36a254a67b403 |
| SHA512 | e7f5d0c3f6fae5113fa7bdcca4156805cf5157e91df8cfd05d700d426ad4b3ea892ee828833217e0ac213a242a5fb357064ced6521be8f4288638c72044ad068 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | b2e034646392b245be1700b0c05972d7 |
| SHA1 | d350cd7e7364b2bceececa7b94199aa251a9cbeb |
| SHA256 | 5922f0ee250c5f933d2a16752ea569e9d739254220b37b533b8e36b732e60ffb |
| SHA512 | ccdc027946d42b2d85613e674d23f8dfcee8d61af06ff0595b29fc6d410b76e4c4f6e31011a95239cbb2154e2a1783b1679ff3787f63279184d9bb4b19f0b184 |
/data/data/org.bax.project/files/PersistedInstallation5205573884960101694tmp
| MD5 | ba464cbbb64f43fb6ff8a09ecf8adf69 |
| SHA1 | 398eb8f7cf6e0e92331fd53ba9d3b9bbabaa2772 |
| SHA256 | 206ba8fe5cc7bd25c5e469b8b06ccabea8e4052ad64e2ef3133338e3d4ab6ca2 |
| SHA512 | a7d322bd965f9b471caeb5c19271f928f8e6d3b7236de4a91c9017e0dd34a2d7880872985cdaeedff85605eb74a37223e0c7f83900e07826cdcad3ca1e301603 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-02 10:18
Reported
2024-04-02 10:29
Platform
android-x64-arm64-20240221-en
Max time kernel
3s
Max time network
133s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.213.10:443 | udp | |
| GB | 142.250.200.46:443 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation5378850908336322976tmp
| MD5 | e8bb448af1195e36b926ae1301ae09df |
| SHA1 | 773fac7c3ae3279d6345ad76d0caca21add70cb7 |
| SHA256 | 1ca0b09354bdf91c138fd16a99db13a6aaf501d73496745207f7db5a1c91d79b |
| SHA512 | e9f120a6399aaf099393b12853f2f563a752679afeb942ea5cbf03e11ff93edb8f80a93592817aae8ec231ff0fb058d8438d44134d9e01f56d6edebc5d3f287b |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 3317a9c1006cf6097406d4600d161461 |
| SHA1 | 594c948a7fe24ea5628d77497d22231427fbbcee |
| SHA256 | 300cc50a7490bd3732726aee9cc3f83ad79a562aa44df6a7575914ba2539a310 |
| SHA512 | e1a3d6aca69a807b5e345204943ba46b8b8ea610fd81057d11ba3b121018598616c9ff1622331d4baa6215785e9a0b31c240b7749154556a942b1687364c765c |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | f85370292944e6e1e21e549191d9ea04 |
| SHA1 | f635c16bdce3cd4100411c5c639518538b474466 |
| SHA256 | f93da1341e7b3ee0127be1449045473a8c07c4df457c3f57eebc6b5b02bb327a |
| SHA512 | 9649e79b8b6861809599cacdbb8db8f68000208752210c4cf5194f32e60ecdb21e3bc3c7f58bc92572f63073e0566c904840e57bc759e03d4ed673eddefa6b4f |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 93e3bc604654058b79f313976d65683d |
| SHA1 | 6eeac2e412fdd97abbb16d6b52dba3c148c949c4 |
| SHA256 | f0dc899a20db11590befe5b105097d64be5c04624f5c00819d43dcd1f310c75f |
| SHA512 | 6a3affc4e0baf2236a75f01ceaf4787b08e381280ad882b22ddd53341adca35de5e84a15e05defa8b6aee3f46f16f84a398c438599313bdc0904a9db50f7b346 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 0daee5a89dcf5374bf230947cb9035d0 |
| SHA1 | 573c0f79bb28d333ef44b40380200eb00296fcd3 |
| SHA256 | ee942d25a653ff67bfee16cb13733706b020bb9042c81d2cb9e9859d6082ab14 |
| SHA512 | 72623c87e1daf002e714459ba84f156143fa24e7381b0eb682efde766c7fefc8812e720787e586ab8e3c88972d563012135b0564d84c6690a995b8ed64aae4b1 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | a1a89a07a633087e0e3f00605b3ec395 |
| SHA1 | 3ec65b20b6abf215b3871993ffaa5b103665bf81 |
| SHA256 | f1f004fe19687ce505a3736426de7ea92ec2da502f260649604239db0ab8f0e4 |
| SHA512 | 4665efc4642c2e8c1e5107e9e3754457451495725c29f31b0e61335abe502f66a8f7ef0ec023256d2995e91055f599fcc6313dccb7b41585ef2ff86d8efc96c9 |
/data/data/org.bax.project/files/PersistedInstallation2306166883246570978tmp
| MD5 | e3a983d3d325ed1a35b48beae10c870d |
| SHA1 | bc07a4bd64c9ad6b8a4a881798d93e8bc5ba6ab0 |
| SHA256 | d887d91f8e14dfbc6d7e5705f6a62c95ab4cbb95095701836975a77e8a2e714b |
| SHA512 | c8e7e529b6a02cf3d6b7da1a4e9d05f11a9548fdb0fad0e6697545311530f905a019b72e6829a109e68dd8b546e94fdc4134e2903580a5de69ae26724d69dc12 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 1eb4ea854ce5966a684a64beafd10d50 |
| SHA1 | f6b5797c2c893a6bf258a21ff24d7969ba8631c5 |
| SHA256 | 744ae7090262f4a8bfd76e7302d9550a34ea39aa985df781440f488423bd7445 |
| SHA512 | 118de4bbea08db8f2179558253b1724f5e9dc3d0ffbf4447c2b2a5926cfb88af70dbd784224999467da289b4fba7ed165387d1d82ce5f102261bfb8bd68b13ff |