Overview

overview

10

Static

static

10

app.apk

android-9-x86

7

app.apk

android-10-x64

7

app.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    app.apk

  • Size

    1.9MB

  • Sample

    240422-1y6aqsha4v

  • MD5

    946f4da12572cc7370be6ed6778f3854

  • SHA1

    7f6f21471c160eda9af5dbb796a99b410b9bbee6

  • SHA256

    52770b424a389e606b326221af03dbe770eac840d4f291f32df3deb6a4fc47db

  • SHA512

    df753a7f17fb40b51de7e568857e68819c717c905982a17ade6e7d21a8453942daf6fd793c908adea318ebbdbe294198eb4150274bac6427106fd60d8998c807

  • SSDEEP

    49152:k/EZL9zHbY+B0TXud1WB79IKrPWI5RAeuTvKC03T1dy15ltJv:yOL9DbY++Y1k75PFAeavl81dCJ

Score
10/10
irataandroidcollectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Extracted

Family

irata

C2

https://my-admin-sql.org/data/6977722252/rat/140Wa69Z/contact.php?result=ok&action=upload&androidid=

https://my-admin-sql.org/data/6977722252/rat/140Wa69Z/requests.php

https://my-admin-sql.org/data/6977722252/rat/140Wa69Z/sms.php?result=ok&action=upload&androidid=

Targets

    • Target

      app.apk

    • Size

      1.9MB

    • MD5

      946f4da12572cc7370be6ed6778f3854

    • SHA1

      7f6f21471c160eda9af5dbb796a99b410b9bbee6

    • SHA256

      52770b424a389e606b326221af03dbe770eac840d4f291f32df3deb6a4fc47db

    • SHA512

      df753a7f17fb40b51de7e568857e68819c717c905982a17ade6e7d21a8453942daf6fd793c908adea318ebbdbe294198eb4150274bac6427106fd60d8998c807

    • SSDEEP

      49152:k/EZL9zHbY+B0TXud1WB79IKrPWI5RAeuTvKC03T1dy15ltJv:yOL9DbY++Y1k75PFAeavl81dCJ

    Score
    7/10
    discoveryevasionpersistencecollectioncredential_accessimpact

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    • Checks if the internet connection is available

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks