Analysis Overview
SHA256
def02d3f63d1c787762e099678a7d8369dd391a296433ef0880a5f5ba16b6ddb
Threat Level: Known bad
The file 50b31094574176ab12d7a32fe9066d43_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Queries information about the current Wi-Fi connection
Checks CPU information
Checks memory information
Obtains sensitive information copied to the device clipboard
Registers a broadcast receiver at runtime (usually for listening for system events)
Acquires the wake lock
Reads information about phone network operator.
Schedules tasks to execute at a specified time
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-17 17:44
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-17 17:44
Reported
2024-05-17 17:47
Platform
android-x86-arm-20240514-en
Max time kernel
22s
Max time network
139s
Command Line
Signatures
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
ir.naderh.iran2018.walkietalkie
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.213.3:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-17 17:44
Reported
2024-05-17 17:47
Platform
android-x64-20240514-en
Max time kernel
25s
Max time network
147s
Command Line
Signatures
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
ir.naderh.iran2018.walkietalkie
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-17 17:44
Reported
2024-05-17 17:47
Platform
android-x64-arm64-20240514-en
Max time kernel
100s
Max time network
134s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
ir.naderh.iran2018.walkietalkie
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.106:443 | tcp | |
| GB | 216.58.201.106:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | 31e9479c25cb4e25b64e8195a679312c.s.adad.ir | udp |
| BE | 74.125.71.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| GB | 216.58.212.196:443 | www.google.com | tcp |
Files
/data/user/0/ir.naderh.iran2018.walkietalkie/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db-journal
| MD5 | f198453ffebd18ab2ee5a5d479e4f798 |
| SHA1 | 0dbc369b058bf3eede99dfbc6c246f3115ae5b4c |
| SHA256 | 9294757b85a21b8ec36379585eece55cac7a2a09516ee62e6e511926c1f9b073 |
| SHA512 | b62a5b6964ea9fbb3550394bc2e86fe0d528b13acd1cd21cdf90c92f01fe326a02d310c81b1fae5e6a40206d022dd6620fe0ed62c4b82a104dc705ed03e1b4dd |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db
| MD5 | 47080e3bfcf2db9b8620f2faf6c5857a |
| SHA1 | 6f63c1851255e0fa99567f047382074b086d38bc |
| SHA256 | dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb |
| SHA512 | e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473 |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db-journal
| MD5 | 88d813c48eaf021f883cd57883aed3e6 |
| SHA1 | 88193e0ea3aef5ebbdebd0a1bdf39db27fe4abfb |
| SHA256 | 9f2e33bed49ea374f509b82910352c45645f9ac4cab8c39725754c92963879a0 |
| SHA512 | 6704e8862aeb2ce74d0d491146c689f1677119ff19d19f1b91adf543a776fd75eef65d2bc767cba64798d71bbe420828fdf3ce0762bc43205cf85ab9cb6e7263 |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db-journal
| MD5 | 78a604fc95144528bd26c096d290e919 |
| SHA1 | d7e734a910ca2e967f99a06894489b1ed01a85d1 |
| SHA256 | bd8f38c5e95294c48ba71c3c4c4e8559e18e397e941cc06563ed1dc6b3cbf696 |
| SHA512 | 9454b199fe32dcdfdf976fd430294fec206f0fc28f4405f6e25d97ff7c3693ef79f1544a4100a9b0e92675bbd1b469bb0f70b273a172bc015dae7bb170d7c5f3 |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db-journal
| MD5 | a07391e2e359003189c13455cc679d10 |
| SHA1 | 442aa45a68dfeecbd1c3a80a18d8aa7fa5585eba |
| SHA256 | a9a28dc04a8c4fc4bd728b135211c76fce6bab0569256f277de49881fbbfd45a |
| SHA512 | 19f06f5c7e3d5c542ce088e7e4237ce3ff522f95f9f25e41a0df0a147162c7831562b969a60f3c3e572e24571c514d39f63ceff69ecdcd0ca00e969b50e02dcf |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db
| MD5 | 25164aa717b922d7ca9990c5cf46e889 |
| SHA1 | a888b641c8a11c7f97dbc620f40916ddb1c0bdae |
| SHA256 | 4a35806a697ccae82f2b29154cb6649d5b06b959042a234e2ad1420bfb700541 |
| SHA512 | bc2c848fead4da0d8d0f03eb71fa59f3d0d00bc73ae13ecf8cac80b3506626b316d5f3ded1701a4270561fcfea71aeee0939e08a45dd2bb93e0529121a555879 |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/__pushe_base_lib_db-journal
| MD5 | ea6fd301a5a776d53a7f55cd90a9a138 |
| SHA1 | 1c0f30efa228abdd405df40751c47b4f1f9f98aa |
| SHA256 | 66e6702d48e16f9c597ad94314fa792c9569bb1104a1ab821cf76e1d1d680d34 |
| SHA512 | 5bdb541501b107cd3352d8a9509c3a738611b81141d0b0cdc516a70381b11ef78756b1e537397fec79f98610d8bd57d413bb37c715e6cad0ca77d2fa599e5a58 |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/__pushe_base_lib_db
| MD5 | 5ebbf2da59a359130ddec2aa7b6395f2 |
| SHA1 | acd3ddd881f4008dafebabc43ad5eac6a1a22311 |
| SHA256 | e9906f016d21019db121da5ec2beef247a8b00106b44cfe802ede801b82a52e9 |
| SHA512 | 817b20d5361f52192488a4906f605bc385b7bced58fee58216fc5173e8ca70892242f7a6e466c25a061a105c49b1e4d065865e101377608d73b142d5f86361b8 |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/__pushe_base_lib_db-journal
| MD5 | 336923e542d7bddfee587d6a39492cbf |
| SHA1 | bc9a19bd50a7d27c667ed8f2c683011d4bfba713 |
| SHA256 | 93febdb5051158b0baac837cb176c74a73f087e78c476b795723088c60500541 |
| SHA512 | 38d03d77992ccfb3a4d1a1c2d932740572adc4e13abcd50d9fe1db62f7b0e67200224dd4fe3201986ee6b1f9498b978c3a0face8724ba6c3e5e3a4a09cc49f46 |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/__pushe_base_lib_db-journal
| MD5 | 30a00e2818793c599be19934a35e2e4c |
| SHA1 | 5ea1ccbb57903edfd111b3c9c2ccd6b99c76b594 |
| SHA256 | 8f449e756a83e50e89bbef6339e2a7ef17d40f75fb9c6169e239f081d1345ac0 |
| SHA512 | f08a6c677c74d9dea1ba93541684ada16c722802f5ab9bd541bb1f3f270102a5d3343d1dba0160a9f9244e55c98e7d1ddb36baf0d642d170dde359c584643086 |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db-journal
| MD5 | ba90f7d53c6ec94e38cab8e89588cdb1 |
| SHA1 | e79ca10edb6451d6126c2cc8c787157b5daea7bf |
| SHA256 | 73884596571e20a1b9effdf7922bc98152566b698ba83561e8bfca620546e02b |
| SHA512 | d49063822512c66f8865892903301c9ff31c048712111fdc3b4283cf1321f5dce5d14f605046eab4e02cf83e68b839da098c1e53a09b2929b5f69ed9dc8fcbd5 |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db
| MD5 | 88267be05d8d1452ce467d1db69b0be9 |
| SHA1 | 2101ae1fcfb18a7c05f8596431998b1aca4bf906 |
| SHA256 | 85132df83bfe02acc8df1a343878897033c679887776f12fdfb44d7add6fc5f1 |
| SHA512 | 82e9479c0c2cca3d5ecc70449924d0a6686e131fb53ef0486da3fbe56b965c7744daad1fea45fddfcbbcf96e65bd0f3c99bc40b311bb4d2970b717e7dd62a383 |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db-journal
| MD5 | 01d20bd3b1de49c5f1abd0e2f7953215 |
| SHA1 | d59dd4d3a8032d89be03dc4a8052eb1c8f20e2a6 |
| SHA256 | f99b8d8d3d7b981e2b55892b60694398918baa34b2218b55dd7008a9cb258a8c |
| SHA512 | 01bba3e3176664b16c92e0d2d7ed6c7e744b22ebae559a0087c59b4ca8a357f83dba3224acdc9a2e63ebbd9c4159c0ea02423fbd4b8203adb39f73cfde75a41b |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db
| MD5 | 378799b91450a1c883d55793a0edb71c |
| SHA1 | ebf615cf12cc8f6560583368161e0c9c45d32423 |
| SHA256 | 1f0b64e047bd9d8ba58f82760ed3d1f216106fa870ac2f1c4c2abb1e7eea0fa2 |
| SHA512 | b35ad44a5b889d2222a9518a04bbe5bcea99293d4cbeb978804488278d559c964715c7f2afdda89a2c1460e55555255807780e97e0a59a0c54a75c7d1b34c67b |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db
| MD5 | 116eeaa5121fb610009f1927ade6290e |
| SHA1 | 6bd329c08ca79a926e487e275507eaaf19e95e54 |
| SHA256 | 8a746093fdf0fc51eae52c091a7af4aab96451b3553194ceb14206698ad1f585 |
| SHA512 | b43d92409158e83b703af5035c74ab68079873640f649a3f54c96339014107a9a0246256ae267b6457d8f95d28ba60bbe231a354b81541df9d86ba14777a368d |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db
| MD5 | c083a1d67763b9656547e062a7bb83e4 |
| SHA1 | e2f01103ccc9dd1036009b8edc5bc2245debaf83 |
| SHA256 | 3e70eb6a806a6002851979c52bbee675adf0b0ca9cc08c19217ea276eccecb33 |
| SHA512 | dd083bd40bebb9479aa84d81a2ae9b791a986f3e2d69a866d1d4087479862338a9f97081d10288d59119ef895d841d668701de71028418b4c791a33fed83302a |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/__pushe_base_lib_db-journal
| MD5 | d66285ec078e14ac628fe86b10849982 |
| SHA1 | 97d37be9d17bb1870ed62ae81a9440885528723b |
| SHA256 | 1c839d70caa6f8d485ed3e4b635887144c1c7344d773b211620a0078b7ff9665 |
| SHA512 | f552a8f3c4831738e18e8ab50ae32f89171a16904389db03622dd42481a1430d00446fa24885b29d2d6cd3fa30af97d2e196affe3deb985f89a6c29eda1fb7d9 |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/__pushe_base_lib_db-journal
| MD5 | 885ea96caafc60b6607515eaa9d0c398 |
| SHA1 | 42c940227358284fbfd0d6e79dfa8ad5940cd3a0 |
| SHA256 | b0043dda93d2def6b1f6abb3de62c6fd1c129281ed0982998bfba6cdee8e3ac3 |
| SHA512 | 9f7d4725466f3cfd9ff39fc0725efe2aab98ae12f4fcb37d987e3c6a7130acbdc193dbc14d876ac7473ab8265b429d623474f7251944e150ead0baabfeb9f96b |
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/__pushe_base_lib_db-journal
| MD5 | 29cd71bf824e2f82906f3c0d1a879fc4 |
| SHA1 | 05beef2b5709eaf8219d6b2d6a32b11685da1291 |
| SHA256 | 259030e360ac8a37bb42cfe7980cd75497c6095209b9d2e328a672f32d4a1a62 |
| SHA512 | 46ed1186dcea49b0b857ec21a724dc2c685c3b4baa2a787bdf4af6a960c6c12f6c5d94855696ed4f49761954f65742f80a999e571132a5d432040ba6b68b8cb8 |