Malware Analysis Report

2024-10-19 13:15

Sample ID 240402-mccveafb79
Target 674311b16307f337b352940bbaa796db58638dd402cb27c42569cc7ebb79a0df.zip
SHA256 04fa699b1c19398dc8f060f047855c3fe6d8e03c4c2f4fc7f2272bb368771915
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

04fa699b1c19398dc8f060f047855c3fe6d8e03c4c2f4fc7f2272bb368771915

Threat Level: Known bad

The file 674311b16307f337b352940bbaa796db58638dd402cb27c42569cc7ebb79a0df.zip was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests dangerous framework permissions

Acquires the wake lock

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-02 10:18

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-02 10:18

Reported

2024-04-02 10:31

Platform

android-x64-20240221-en

Max time kernel

152s

Max time network

162s

Command Line

kisi.com

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

kisi.com

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp

Files

/data/data/kisi.com/files/PersistedInstallation4673538003106452730tmp

MD5 45b790d65939fa22f4cfef7eab2fcfb2
SHA1 a45b47643460ce5b9f17f53a68ba14af33894be6
SHA256 b201195d7130225418cc197feaedbdb1fcb13e4aa9f11ed907175f8809755565
SHA512 f5cc8a9fbd29c85fe14e4e470fd223928e2e57f9133884aa7d75129f334ce643ae631b9b3f22741cdffdaef92f3e57a201cf4f6e4111f4d77ff913377b7a5d46

/data/data/kisi.com/databases/google_app_measurement_local.db-journal

MD5 4fbb236c02d7d6638ef72b760e359a4c
SHA1 05dc98c717529b6d37aeed79b75b3af614a88d83
SHA256 00ac884719c78b30cea075395d1d4222f1fc6003f21d1ee36323c6ad6035eae2
SHA512 e88c537e43a70430a56534de4ab71d2f4969b732bf623c828e429e4c1222dbc919e8347678f7c830268dfd768a9d611906ae8c8e148abb2530b4d6546816f774

/data/data/kisi.com/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/kisi.com/databases/google_app_measurement_local.db-journal

MD5 22ab1cc6c4b9172690514e9dc5ca07d3
SHA1 1f46b387a1b0f53de5ac5527ef91f36f41f3a5be
SHA256 800cbae8fcfb198922884c912c07ecdfc081798dc1bddbfe61205b4d83eb03fc
SHA512 528ac1a409ad3b85289dbf61f029299e8f25c3beccdbf2f35b7dc2070750eee167f7f7fad554181444bb8e6534b91c7032cc0057d8a785d77bff810511ba5a8c

/data/data/kisi.com/databases/google_app_measurement_local.db-journal

MD5 0b784b5761d3d44d2c5a0e9498a69f2a
SHA1 2f035984b7a06d470133e5569bb4b948ba74dc64
SHA256 1bd20816dd5eef7cf218d7c51f31fca468b09db363640f722e3a46f570df875f
SHA512 89674d334437ac68480c160755e17b920d0747849ab4f13d865e52c633fe48664a218037d7ce6a8025700b5883678cebf0ab184ac382103cf881bddb02429f0a

/data/data/kisi.com/databases/google_app_measurement_local.db-journal

MD5 e53faf27aa7f50b312d2c838a2dcc502
SHA1 53660bd4fd0d2ceca591ad0093376739c95db743
SHA256 f12d3d5ef394c99465574ce11250a2cb0c732c385e00d7519357c695966a20f9
SHA512 fa0956e5637e07840c98afafeb61263637bf491d531dd36d2debabb0ba7637ff8f960d04dea8adcf56dd43b1df8a3e4cf05a5edbf21007d6599f7e940f27f61d

/data/data/kisi.com/files/PersistedInstallation6329112721753753014tmp

MD5 dc0712590f0f52a8e5a918d782c5ed2b
SHA1 af2431a31d8b63ddcfc1521630c0585edb5cd045
SHA256 8f22b056e5c5fd73e87883fbeb97a1e3e137405685a6b4f8673f217994afdbc0
SHA512 4d1eee7f9a2537afcdc35d499a31a597c91e6ffef636b2c508dcb7ed63201782b1c05faac857e65812cb0973b345470248af3b42b87cca74930c05b2e826a70a

/data/data/kisi.com/databases/google_app_measurement_local.db-journal

MD5 1c581347650707da37a3cce477009004
SHA1 7c37963dbf94fdb8cd497eff4886673fab202f53
SHA256 d4b2cbd42c68b2d7d8a6df168af96fa1c2a1aae97f0091c050ca5d595a0c8bd3
SHA512 100bacd61ca8f45d98cf344fd4b7223d71a27c25c0827ffeaca31156e2131a6deba16a75f62997cd852f5420f5790e349bc9057f5b3bd443eb14945c3a0f1f4f

/data/data/kisi.com/databases/google_app_measurement_local.db-journal

MD5 21bf793a4251cbfb960a06d4d83cc8dd
SHA1 3120eaac2c01df0498d0ad17ebeae15baa853b21
SHA256 80e7077e2bb593ec7013157f18242cfdabeab408aee42723f2f9413ae3cc42ac
SHA512 3ede7399ed9f8a62a3d49187a3b3f5337c817a4cbc080bccc0d810fa16a2aeaeb0cd3696fed3de189ab8c205d5bdc83b25eb8f305339efe8f5a8c01ff6f33298

/data/data/kisi.com/databases/google_app_measurement_local.db

MD5 fb0d28dc624b23841ee974fe8977a504
SHA1 9f2f951ce085b1316db1a036555a0aa69c1e8939
SHA256 ffd8584756015d5d6c0b17d6707534505784b171690713bc635893b1dbdcf0da
SHA512 4f51fc8e5ad52a7f1bed441a528f4066e6a11ed2856d5cb8a92e26024cc47a6cc8e9ff5052d3eacc9bf8a137bd94d1abd90d2d45f83df805d43ae71e26f458e7

/data/data/kisi.com/databases/google_app_measurement_local.db

MD5 44e3e39aedb3c0a4c594aac4e81d7cc4
SHA1 2fe84d83a5e9401f411b95416d6791b27143863c
SHA256 4b7ece146407fac0905c4f76f382bb4991c10783dcbd1936593c0657cf79303b
SHA512 cf328a95f22401d48efc3f7c2da66a56a1034f1f9842c9acca8acac952cd8aad73844e3183d05b7fc2c9921695a74bde1eab8c46ebe40e1fd70d5af09596293f

/data/data/kisi.com/databases/google_app_measurement_local.db

MD5 8d3fb01bd4724d1ba2792d46dde3ca32
SHA1 2e8216157f6cef31248895378f49688c5feacb95
SHA256 0f9db24654d9267c6e1ed651329baad6aa91421003f55dd012128c30dd5a6208
SHA512 63739a4e995410df200ebf04d98d07309389208e5c4fc84b3837232c04bb1560dc136310b4a0a60e568b1acba627035785b8d18beef9c5efb1a93199a5711304

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-02 10:18

Reported

2024-04-02 10:31

Platform

android-x64-arm64-20240221-en

Max time kernel

153s

Max time network

141s

Command Line

kisi.com

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

kisi.com

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 172.217.169.4:443 tcp
GB 172.217.169.4:443 tcp

Files

/data/data/kisi.com/files/PersistedInstallation6202019831587793893tmp

MD5 ccb613b44082244b9d57cd64e5470977
SHA1 d6472d47c6431f2986564c05c1bcfc504e236ecf
SHA256 8b40b7f316e89099734c867d7c42c7f391008418f2e3aa198a1b6d82e141e9b4
SHA512 089a28b62a79e58390d59e1058506d25a6e0b1a09d46a5e9b18baf3b118197fc4d329437fda3560a802afcbb3935fd6b7ef4e0b724fe6a03a5b77b67495813b8

/data/data/kisi.com/databases/google_app_measurement_local.db-journal

MD5 c335a8eb84d03f58df60eb87ba4dd58d
SHA1 355b36fdad175f795d4beb1b0132031a6260b4c1
SHA256 1ec95430f6c0c50b045521799ff6b8b0542af9eaa592700cac73fc5592868c93
SHA512 4b57d49d92de77463768d6d7b51d242125639ad7dae58c7199b6599eaeaba8f6355137634e1a0c8f464f9bb94bdcbd2f8a03e4ea9b44a3c62f8a555ccff760e6

/data/data/kisi.com/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/kisi.com/databases/google_app_measurement_local.db-journal

MD5 9e9b493e9bff2fce9f2283cfb1ce48b8
SHA1 8cb6b5ebace0704da39e91f3e08aa0e362227fad
SHA256 1c233f1a0cbb830477fb4f820ae71d653293fb12668594b34a5a704db0f44611
SHA512 8ffcb71a44339b98e69ad36dc63d3044391551a0f2717abb0ab1cddc5786bfce7c031a48c34ad7dbbbaa50bf51c9e8a4ecca367cc56db025f65fe696beb48cde

/data/data/kisi.com/files/PersistedInstallation3767487564518879603tmp

MD5 9ca2467a1fb194750b3a9d8a889e892e
SHA1 0dd61883e4e61c6ac50660a78f294b710be0b876
SHA256 6add8b9edd5021f3690a623111a238456ba501b40734a2b0a9015e294aea06a5
SHA512 a8246b5dd7ce0c7d2580763c680ff1425ee78269fa57c64d5918ecf08d24388a701ec3382d0ad1dbdbcfd59fb60f40606d876ac5b39d8c21e80fcd5963157e71

/data/data/kisi.com/databases/google_app_measurement_local.db-journal

MD5 024ca56dc2b425d7065aea3213126cc4
SHA1 d4d38a250fff31d07c6cbef2972b02a29e80502a
SHA256 b0ce9637c8e4cf95ae87a01e3a66b1adfa650764435fe8ce817b06645a7db84f
SHA512 716bedb082862d33ed9da894d2119b010977292b0362676550e1b08de9507808f59edef6006676029c8cbe429849715a75f358b9fdc9cdc597f30788ed58ecda

/data/data/kisi.com/databases/google_app_measurement_local.db-journal

MD5 6fcf6873bbecfb5b31e06754ce9d79a1
SHA1 55797c281ada5242f92d720c6c107c077d73e7f7
SHA256 f9a03cac5d258815327aa3523d0ae92056fafa69912bcf185c034ad30d56bddc
SHA512 f955dd1a4bf30d69fdc9a4f88a9db32934e6478b16ad62e19471d234b9d4a0ae2f4314c83cb2c8e312169108d8896bd42f0dd8544069ad075d9199d9950e9191

/data/data/kisi.com/databases/google_app_measurement_local.db-journal

MD5 d997952fcdaef1f790a7f420a7279442
SHA1 76a8ee787027c2a4a869c82bef9991aa727293cb
SHA256 4e6788d556873f8319063b4039a140d6c50df0819c3ac32cf9302507920d3b9d
SHA512 a1377de1f3b4544c299bebf5234cccb157bedee59b25c2d5b6dad3367d238b123b396868ba106092acaf4c69ea7a455b57ec7b7c9a7821f08d62782826cd180a

/data/data/kisi.com/databases/google_app_measurement_local.db-journal

MD5 97d778770b6f69c38740f61152c21a40
SHA1 c6a33d2987a50ffa570d67b3455fcc40e79562a7
SHA256 93cd3c1f0d9e6efa89d5bd7aa69cea5b84ad80c4d0b70c404fd9afa8e3ba31be
SHA512 0acd9a1e0cf1eaeadf11b391e755a77a4ff3547f5f39ea40e7f8cac96be098b331d42ad94b8848a6225cf4c307fb65809fcf020e6a9a2fa83941cf19c2ce1f00

/data/data/kisi.com/databases/google_app_measurement_local.db

MD5 d96a06edaaa6b9c8c80b60f33719445b
SHA1 0f943180afef0d2d3ed0454c137370ae59a0151e
SHA256 fb4d3dd02cf756dd94c884e9c8e9beace135719af83fd991f5b2f8438b27257b
SHA512 02bda0ad10ff2f4f4b36de659517c339499efa0553eae8bb56785e21df06ec950f7ca5cff4343464f0b2d21fe9f6a6b44aff8db49324e0cb2cf30d32dc7a8c5b

/data/data/kisi.com/databases/google_app_measurement_local.db

MD5 50781ec0443bd521afa1b073cfba7767
SHA1 e92bf2957cb1b27da5252bd7a98ce30d482f2dd3
SHA256 6339c435548806bb5b759c016e555bd2d4fe3ee0f436716d98db34f5f08a8e52
SHA512 c1ca42f6909baae86c291ac23e21b6a4a3adad495f6d974a89d2e523d490ba2f437c7d4f02b7801440a58565384c33c02bcee7bcb6bdba80c97175c2744a018f

/data/data/kisi.com/databases/google_app_measurement_local.db

MD5 3fc711384af033cc9eabe4940a0a44c0
SHA1 5a279454624f909fb1117ce5189a2f33b2f39fc3
SHA256 09298fd26dffb1a562bd22a1a2cf420fe976bddabbe4e9b74db65d3e035aad45
SHA512 72e63217da4b89a18e25b86d24e49b993565dda537dae588eb217cc07234309f9f3922130048e961c165d67335ef9a2debdfa5b908f5f51d98ee3c75fc26e853

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-02 10:18

Reported

2024-04-02 10:30

Platform

android-x86-arm-20240221-en

Max time kernel

122s

Max time network

138s

Command Line

kisi.com

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

kisi.com

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp

Files

/data/data/kisi.com/files/PersistedInstallation5355387049880933341tmp

MD5 0fed89a2c4b5fd85add8f618fc2c67a7
SHA1 a410128b021c5c924b78fa936cdd512c093de8c2
SHA256 024aaa67ba898c5ef496e3a9454366c3870e8ef6ba7b7b1bb43ca374b71fe1f8
SHA512 ff9536a7f3e1440ae3476c3164deb192de8f50710927e677087527190c9ec5548fb56dd69d696d53541770fee8e5e9a1761f986e5dd1d90759521f5d1019133c

/data/data/kisi.com/databases/google_app_measurement_local.db-journal

MD5 3eb2beafb2d946c8219140fba9f32d4e
SHA1 8fc8f6f52c5150742d59cf1a3de795b47d5a5ca5
SHA256 df1d9292a7aaf53f9cd973b78e11a6d80c8846ea948ef93ca9c848a574aab61f
SHA512 10afededb05ee04c7688dc0fd9d1d19f1ec572f4f769efe2882a109ee581ef4de0505172af6c6449c5c00868fcaeafa84f4fc89d94543fa6e306b72bfac076b3

/data/data/kisi.com/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/kisi.com/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/kisi.com/databases/google_app_measurement_local.db-wal

MD5 e320cfda9a854f421a04afcab39cc4f7
SHA1 076068b217f3ae761088579c5d1e87a3bb6bf159
SHA256 21f2e02f896ad9876dd50dc3b43c1208eeb4a437496d811c17213f1957960811
SHA512 b21730ae7deffb5d9491ec4bffd8759b1cd9110649c898fe930873b35b9432c6d5d1efed6c1604c2325af99c7ba5bbd239d0363e86ea1d9ee818b019bdcb63d3

/data/data/kisi.com/files/PersistedInstallation6975836983620404384tmp

MD5 08aa665be3d5c5a320333d283c76a239
SHA1 e8ad97a916bbefa694bf6408a2e533ddd312682a
SHA256 9f7a64f1d4e230e4ae1f2b7a8452370e90c53196d1c0f5e046bd70e64828fa60
SHA512 3f0bb5f68e6012343eaee9ab59c325e6a3375223cd7c7002030fd1a9d74b752d38bf7492d438800eab4757ce46f39a40af96e180198e7eb136cdc1d13f8c730c

/data/data/kisi.com/databases/google_app_measurement_local.db-wal

MD5 fdb8b6baecda727e4ad4eb751b35140d
SHA1 d8886909b3b838fd6e5028e34e80c3fae0638f17
SHA256 2b0ff31fa2643a01816f52a0c253691e55d52c4eb38d16607a76c13da18a2bb5
SHA512 4fb0421f437b84be9bd82adbd9a6209b8c6eece7d28f09e6cc0a1f3ca430721da81a69eea32937d20d8d67e5bb7154b5c6d6f2738b7f091a3bbd3fb38a99a4bc

/data/data/kisi.com/databases/google_app_measurement_local.db

MD5 cb65efbd1e4b55d27c126684c25d7c9b
SHA1 8a817b0714fddc3d9b7d2e7c5a37f2aad775bdb0
SHA256 4c2dd423f1bd7f6d8bf2d73e2cb90573192e5283e187aeaf9598812db878a0ee
SHA512 7e2d8e6c87a9895e2638313c740474130321b6d10185c68c277d5b8dfd7aa6fc238a43ef8f33d7625cc18eb2bb813d7b8e259e36474b939506e0704a782e872a

/data/data/kisi.com/databases/google_app_measurement_local.db-wal

MD5 14083ce66c1097c9022bcc6b7385f2f0
SHA1 27fe9d0d965c214e405f9287708b0a0d37a5a87c
SHA256 4ec4707389e819b16cfb3933850412e6ac618659831d7d66564574a43c9896cf
SHA512 bfe60e038977b7a553349a9376890caedbaaf16d746161b389084977fcc6a263e8e96b9deab53658eb3af0260a173579685620811ea1ba4824968b831d0c6c82

/data/data/kisi.com/databases/google_app_measurement_local.db

MD5 cb21d689e5eb9b5d7de50c966220fe1d
SHA1 3dad66e7c1fa6ad621c83c69116402e2adb1a108
SHA256 11dcc6b3e9c788f02d5482cb570c1bd1247ed76b293f90aa1b121214cb336b8f
SHA512 ddba598025962562b52667921ae7bbe449f03bd9a7805056f7a7b20198248d31c998ef0bcb3faef5498a77f2d0972ceb05a651dc967de5e2af8eaa7a83919b0b

/data/data/kisi.com/databases/google_app_measurement_local.db-wal

MD5 dfdf7bda464922562ce46ec6e00d829d
SHA1 b05dd15a7d33939d858cd4ab59d5a0cfe133edb5
SHA256 c108eb368e05321bebecbf46b4f77160a532308369031f9c195697391f3e77fb
SHA512 32fca9939fe1709ed9de10a66ae9e967d8b9860b35b6ebb4079c518f90073db79d6a596647cbd0b89e45f66af4410621c936439318a283a52a28bfc1a115f575

/data/data/kisi.com/databases/google_app_measurement_local.db

MD5 f86b395a51c9af3cf82d2c43781f526b
SHA1 aace75823b2fcfad4969bcc7a489588a93fab907
SHA256 f1bc4530a03b554c4e1c12913bc8b0a4d678a8ff20ff60f3121065343c70bc59
SHA512 7ee520447ca3fdd48cef6b9f989d737eaee146a752ef59ec3363192fb0815f0df9e206a612445cf2ab8b1ba9f5c4ccf800c98fe155fa15dbd3d3135c25f04ece