Analysis Overview
SHA256
dc38116ac7cf6773634d75096d321fb8088cd25fc82ce27d031acad8ce668225
Threat Level: Known bad
The file a7e6348f990e0ab400e7a5710922c5a3b02050163e68403175524197bbbcdbc4.zip was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests dangerous framework permissions
Acquires the wake lock
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-04-02 10:20
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-02 10:19
Reported
2024-04-02 10:36
Platform
android-x86-arm-20240221-en
Max time kernel
3s
Max time network
147s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation6701562048134340319tmp
| MD5 | e5359ba84a3e459e584ac53e792ff668 |
| SHA1 | b389c4493b3f02c206d433c2de85d6d584cd877d |
| SHA256 | 652157db5e62b06ab494c8aec7f9db4fbbdd606d60500caa30aa5c2ad03c6ed8 |
| SHA512 | 59cd72c4809a1f0a45480f0730713c7b7a816a1d25e637ef03b5c63fb895e1feed8e4eff7f4e0432fb0124e23cba43be6137c61e6fa608ab53e709afb812ecd3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-02 10:19
Reported
2024-04-02 10:36
Platform
android-x64-20240221-en
Max time kernel
3s
Max time network
135s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation176100407309691309tmp
| MD5 | 5f24d59acb15d2afe4213b839d82d59d |
| SHA1 | d4beaafde8eee71c9e8ad701c2716df69fab125c |
| SHA256 | 12d5d9b076eec361bdcf5bb2dcca55420764f6f9728f23ac1929ca652f18f305 |
| SHA512 | dc35ada17c461b787367dbf65091d9aeb9bd25b5ab7c190b09c652b49e50dfc971429a0b9937c8b93fbdb0e2d5aeb08dbab63f473b4fa124acc63ef645c355b5 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | ca0b242348ec3e602a76dcea1a980f7c |
| SHA1 | 1d2539b022e4ea94fe8b2c6a0354544577c09b20 |
| SHA256 | 9d232290aa6d41b8724ed9eb256701b457e226eea568d244e93e4bfe5b6231ef |
| SHA512 | 05feed23086f647ade516e8940cca684c5faefd123b5c6b17c13a04589f568709258f25a360737ce347bdaeb71eb23982d14d0d1d8d1c3ad18413d575a73dcb8 |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | 188c0542bc062e48b614e5ca8c1081af |
| SHA1 | 0eb9b89a5c92957cd1fe748cc063b32853339774 |
| SHA256 | c1ccc325c2699ed7f556cf171566317f706a911c4d02b1644a2a7908b93da58b |
| SHA512 | 62a67f2c56bc3b40d49c80094f160d355a8f67130e1924109426e0481008bc2cd11a9e2675a901abd03cad1e7fe0028031e20d826437edcf35b6f86e2499c2b4 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | f3df210ad81e114f298d603661c485ea |
| SHA1 | 4370e8ef362cf0501f04232320ea77ad0106e2a7 |
| SHA256 | 8b0755cb922ec9f604e238aa647d39842eac15310a30181e31b6032506fe4988 |
| SHA512 | 654a5a9921514529955b02b3931619e81e1ce9a60f698f7e26dd3d6777775125061a1cecfc8d27c896a4697ddf4a1be7f7228764b32f74d03da73b8a58449142 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | b1ae77edbb352d0ee373d8bc51f4d75d |
| SHA1 | e76e2d3158d8ea01b86cfc9abbb12aacd8cb1567 |
| SHA256 | fab6d628e890988730ee7a0f7ebdaf1a69743f0afda91de5390c1871671089e4 |
| SHA512 | 66eb13c2ac4a9fb3c5528425716c2201fba6f9a6e877ff8d55d0554820cd1b5a0d7a5e261cb3b6c6746dc264dd506074ba390d882e7323093b2f15a8782ec7e9 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | d5cb8c41278b0d5f05a6ab55c8e2be56 |
| SHA1 | 1bdabc743b0ad63583916e8e77ba938cd92637f6 |
| SHA256 | f6e1c451d695537b72d0368fafe6677d1a48c617c86fa8e3717871adfedf1434 |
| SHA512 | 710e8f03171d195f9f364153237c2f0e8abe9cfbc30736bc42b888c47f0eeb6459227366c2723a468d6a0d07b5ec0ef749a057bf2aa8a8529c069dd9c7e3fe32 |
/data/data/org.bax.project/files/PersistedInstallation4470375404869842071tmp
| MD5 | c6b8f908869bb4b1d874f00237aa5feb |
| SHA1 | 13775d6d0f926240ae56126a2f057b254b1a880c |
| SHA256 | 0c790d7bd23cc3417ccd10ab6d7ccf1c8aaf4b965ad7433fd22006dbb9ab918e |
| SHA512 | ad773a6531df9f12e36fb61e60c44636f0fec992856a81801ac9d8e748561f82c2cfefa9e92a3d140640f1671f6dad97dca90ba4f180684e828f549efd4f222e |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 84efb280623f6c82a2511b367c6e41c2 |
| SHA1 | 60d9d7f1ef900e07382fd5c8ac1e674fc7731762 |
| SHA256 | 23ea42474aef0d2aeab61a1eeac441b21b3a18a68bc8afa38bb16f1d541c2d27 |
| SHA512 | 3aa5acc3f90298896872575e22585d6b44679d9abe319dd2e6758fd5ce0448b672cf1eb6a394d6cdf50fbdd4a6ebe3ad0c58bcc31d3a21016e5cbeb79c9d4e95 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-02 10:19
Reported
2024-04-02 10:36
Platform
android-x64-arm64-20240221-en
Max time kernel
4s
Max time network
145s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | udp | |
| GB | 142.250.200.14:443 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.46:443 | android.apis.google.com | tcp |
| GB | 172.217.16.228:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation4865849837843548768tmp
| MD5 | c240c17c59378c82c01d82fc71331a69 |
| SHA1 | bdd2fd646936d1ad0d06c0f0525e142b3d8bbe16 |
| SHA256 | 8bf966b4eb839a21accb412afe831f30a67289c66d6bd47707efdfa89a072939 |
| SHA512 | a07009dcefcbe5079076755593020e538ad8fcf538e1850878a4446d0353b1e20ad86b02095b6bbabc199a4de3b5ca650c3c12bde63a05a0c951020cb1629092 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 7e5d0720b32bcabc50fcaba28a0e9f78 |
| SHA1 | 3e337d4c09841377ebe8b6c61e50758fba23b388 |
| SHA256 | 54a8099fbcd40aab38e96b1eb8729f7cc5aeece778b9aee023060c496e20b257 |
| SHA512 | 2ccc4f32b67c46a17a195c4d8e162fd514244816b8cef69db83ce0bb54e9c511854fa267ab046a22d76ac71e22a41e268f8e905ac9000ef0fde932db5ea6d338 |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 3a128eab39adcaca8cf9627a9ebf6390 |
| SHA1 | 56fd1ab56fe2e98b7f0d4e1d5d187bfbbde04dea |
| SHA256 | 664ad73f9c0c8539cb9e8f32541fca197ca281d88e81571fbf6c37b6f21f3f05 |
| SHA512 | 8ba3bd1f30a8d1355869862e17c578e15ec3e707c17f6942688ad21ab8cf2ac0af128c54584899bcd5e2253d74dfe0d6f3e4d003d40b36d68bf69414931eb015 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | c48e58338721d7e9341ab6cfa32cc3b3 |
| SHA1 | 9a5f87764ff869d4a749624af235e4d8dee2bc5a |
| SHA256 | ed18ae6195f831df13afc4b74bd6f16669d6e3353ae42afc07cdf8ef29cc7db6 |
| SHA512 | 5c5ce083d8e4af72e59f611453d9dc1ad4b83e7fa6caac42601dac4abaafd50fe5ea205e8f275ce51f514f3c9ced78d6a6c84fc1047179e476ee8f11ef1a504c |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 4751c558618490e463aa2f6457783398 |
| SHA1 | ef0b3120892f394ce2890ab6db911eca8aff72de |
| SHA256 | 5e06e0b6786e14ab899a29969d70c4c4a27c9260dd11684fa4a5a87aee755179 |
| SHA512 | 53a63315385b838a2f84a2344868328fa9825627533882dd0586aca73abe6b422a4d6275ea786aac5192a6a91d9cd8203232b4afb5712b905f22aeb6756c6d1f |
/data/data/org.bax.project/files/PersistedInstallation7550919598926581425tmp
| MD5 | 25474f27696584085fb354b6c6b2f598 |
| SHA1 | de3968ae0396903c53f1aa6ffe97041d7f9c70a7 |
| SHA256 | 73fc9ea94e331c3d494d8a5db390f8e1bae518ad5535f06b679007b4b4334eed |
| SHA512 | 5fa2ed389d85b640f64bae7646934f1535249d9819b0cc4e002c8a12a755f6629af10406315a1836af856a7680f1b6c0ca40afa18d00ec44fb3b44cb24f1a77f |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 18c74f714495e4258558ef481baf86e8 |
| SHA1 | 7403645ebe5b4eb2fc51fc80631803bcea10e5ad |
| SHA256 | fbf2560f9e4a391a96677cf981186dec17ad73d264bf33e48d9746a514105b74 |
| SHA512 | 3f226be074ff3b4caeb89f538e5d6960851fea89e16ce88d1bd41a566a009b4395df89066edab8405e3b0be3bfb6f1d13367d2aeb1f72309a1d90fa788bf1c01 |