irata | 7dee2bd718931147672c1b3aa77e2719ce0dae5b5295658502b9b67deae4ce2b[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

7dee2bd718931147672c1b3aa77e2719ce0dae5b5295658502b9b67deae4ce2b.bin
Size

4.6MB
MD5

84507928bb0052812d347e9e20c43929
SHA1

d8db28c4a979a76a46f1d01312f73ad2b70ba050
SHA256

7dee2bd718931147672c1b3aa77e2719ce0dae5b5295658502b9b67deae4ce2b
SHA512

8b446715a600c5dfd287ed55a87ced31fe37b5b094cd1f28c1d7be07b166a742f0615feea8cff108313c93364693ed73f84dc9da7125de38e87b4a3783e1adff
SSDEEP

98304:C4uzKrIqT+3PGS97IY4/2mSVYGxC2s+HE73qKxKFJvkHEjxrDvM1:C4uzUHTsTIY62v6iHE7qmKYHEjh0

Score

10^/10

irata

Malware Config

Extracted

Family

irata

https://eblaqie.org/pishgiri

https://eblaqie.org/ratsms.php?phone=

Signatures

Irata family
irata

Declares broadcast receivers with permission to handle system events 1 IoCs

Processes:

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Requests dangerous framework permissions 5 IoCs

Processes:

description	ioc
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read SMS messages.	android.permission.READ_SMS

Files

7dee2bd718931147672c1b3aa77e2719ce0dae5b5295658502b9b67deae4ce2b.bin
.zip
Group3/20F4CD2BAA09E0BD5E12DAB50C0898CD
.apk android

com.ilnlhpcoiq.icgsw

com.ilnlhpcoiq.icgsw.bvxsvak

Activities

com.ilnlhpcoiq.icgsw.bvxsvak

android.intent.action.MAIN

Permissions

android.permission.RECEIVE_SMS
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_PHONE_STATE
android.permission.WRITE_SMS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_CONTACTS
android.permission.INTERNET
android.permission.WAKE_LOCK
android.permission.READ_SMS
android.permission.GET_TASKS
android.permission.RECEIVE_BOOT_COMPLETED

Receivers

com.ilnlhpcoiq.icgsw.hynupqnrk

android.intent.action.BOOT_COMPLETED
com.ilnlhpcoiq.icgsw.wakeup

com.ilnlhpcoiq.icgsw.jrgpznjpo

com.whats.process

com.ilnlhpcoiq.icgsw.fwogzw

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED

com.ilnlhpcoiq.icgsw.xiocyjqw

android.provider.Telephony.SMS_RECEIVED

Services
Group3/355cd2b71db971dfb0fac1fc391eb4079e2b090025ca2cdc83d4a22a0ed8f082.zip
.zip

Password: infected
355cd2b71db971dfb0fac1fc391eb4079e2b090025ca2cdc83d4a22a0ed8f082.apk
.apk android

realrat.siqe.holo

ir.siqe.holo.MainActivity

Activities

ir.siqe.holo.MainActivity

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.RECEIVE_SMS
android.permission.READ_SMS

Receivers

ir.siqe.holo.MyReceiver

android.provider.Telephony.SMS_RECEIVED
Group3/7A99B60349703AED3AB28F498320F247
.apk android

com.xubnspjqeb.lgtyzwlp

com.xubnspjqeb.lgtyzwlp.yhepfka

Activities

com.xubnspjqeb.lgtyzwlp.yhepfka

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
android.permission.GET_TASKS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECEIVE_SMS
android.permission.READ_CONTACTS
android.permission.READ_SMS
android.permission.WRITE_SMS

Receivers

com.xubnspjqeb.lgtyzwlp.aewxlh

android.intent.action.BOOT_COMPLETED
com.xubnspjqeb.lgtyzwlp.wakeup

com.xubnspjqeb.lgtyzwlp.gxkrqa

com.whats.process

com.xubnspjqeb.lgtyzwlp.uexfgjvsaf

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED

com.xubnspjqeb.lgtyzwlp.cjmawlf

android.provider.Telephony.SMS_RECEIVED

Services
Group3/8D0A03981DAA93210E184E7FFF02883C
.apk android

com.bwgmvd.pbxvikhr

com.bwgmvd.pbxvikhr.crzfw

Activities

com.bwgmvd.pbxvikhr.crzfw

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
android.permission.GET_TASKS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECEIVE_SMS
android.permission.READ_CONTACTS
android.permission.READ_SMS
android.permission.WRITE_SMS

Receivers

com.bwgmvd.pbxvikhr.korltirkcq

android.intent.action.BOOT_COMPLETED
com.bwgmvd.pbxvikhr.wakeup

com.bwgmvd.pbxvikhr.slskvz

com.whats.process

com.bwgmvd.pbxvikhr.kczjl

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED

com.bwgmvd.pbxvikhr.lgwtlja

android.provider.Telephony.SMS_RECEIVED

Services
Group3/9E9D9A3717EED4D558A3F5EDDB260901
.apk android

exts.whats

.Main

Activities

.Main

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
android.permission.GET_TASKS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.READ_SMS

Receivers

.Starter

android.intent.action.BOOT_COMPLETED
exts.whats.wakeup

.DevAdminReceiver

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED

.MessageReceiver

android.provider.Telephony.SMS_RECEIVED

Services

Sharing

General

Malware Config

Extracted

Signatures

Files

com.ilnlhpcoiq.icgsw

com.ilnlhpcoiq.icgsw.bvxsvak

Activities

com.ilnlhpcoiq.icgsw.bvxsvak

Permissions

Receivers

com.ilnlhpcoiq.icgsw.hynupqnrk

com.ilnlhpcoiq.icgsw.jrgpznjpo

com.ilnlhpcoiq.icgsw.fwogzw

com.ilnlhpcoiq.icgsw.xiocyjqw

Services

Password: infected

realrat.siqe.holo

ir.siqe.holo.MainActivity

Activities

ir.siqe.holo.MainActivity

Permissions

Receivers

ir.siqe.holo.MyReceiver

com.xubnspjqeb.lgtyzwlp

com.xubnspjqeb.lgtyzwlp.yhepfka

Activities

com.xubnspjqeb.lgtyzwlp.yhepfka

Permissions

Receivers

com.xubnspjqeb.lgtyzwlp.aewxlh

com.xubnspjqeb.lgtyzwlp.gxkrqa

com.xubnspjqeb.lgtyzwlp.uexfgjvsaf

com.xubnspjqeb.lgtyzwlp.cjmawlf

Services

com.bwgmvd.pbxvikhr

com.bwgmvd.pbxvikhr.crzfw

Activities

com.bwgmvd.pbxvikhr.crzfw

Permissions

Receivers

com.bwgmvd.pbxvikhr.korltirkcq

com.bwgmvd.pbxvikhr.slskvz

com.bwgmvd.pbxvikhr.kczjl

com.bwgmvd.pbxvikhr.lgwtlja

Services

exts.whats

.Main

Activities

.Main

Permissions

Receivers

.Starter

.DevAdminReceiver

.MessageReceiver

Services