Analysis Overview
SHA256
93d421b18af345591cb8b3fc3e995f5a9e78221deb0fa1e0474b2b942623d5b6
Threat Level: Known bad
The file appp.apk was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Registers a broadcast receiver at runtime (usually for listening for system events)
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-22 11:41
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-22 11:41
Reported
2024-05-22 11:46
Platform
android-x86-arm-20240514-en
Max time kernel
122s
Max time network
131s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.sistemapegasus.pgsmobile
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 216.58.212.227:443 | tcp |
Files
/data/data/com.sistemapegasus.pgsmobile/files/pegasuspedidosmob.db
| MD5 | bc89434270b2c1420b1977fd478f81d0 |
| SHA1 | 7035c7ccdd56b74ba0aaccdc3030725387700119 |
| SHA256 | 1f521b2e833a0278f287606e87f402818cb05bfae9907ef042c15c0f966a7a86 |
| SHA512 | 6a6e5245efccfd98cb326697c0f5d5e0906098e722e1773c9f83f00f7e166ca86318c98615fba268a447bb951f64683fa8bce87581809dc478a47ba83ae6c3db |
/data/data/com.sistemapegasus.pgsmobile/files/pegasuspedidosmob.db-journal
| MD5 | 5927ecef9af8904bbcdc50d8ea632fa4 |
| SHA1 | a02f145893d0a4c6b465021145480d8192f03995 |
| SHA256 | 99a110876d46c8da271dd1360407bf7f2a1d1d6564856339a383e3a9f9229365 |
| SHA512 | 1a9f2ecd633944bcb2c113262269d276f5539c2eb90c437cfde77536ca8706db627aaeba8af0ada9668c43cfc43ce4d6853e9ee93c1a64f1a91c71d2ccc57b6d |
/data/data/com.sistemapegasus.pgsmobile/files/pegasuspedidosmob.db
| MD5 | 6108783ffc9223052b7f2a45047d86eb |
| SHA1 | 88c2b26e50fc82117b4f75af8cbfdcb628805765 |
| SHA256 | addaa33114268f8da7799dd9e4caf99bc4dc158cdcaa43c2d7891b49b196a47a |
| SHA512 | bea40dd3d504a8b3eb75bfde30c6d16a81c6f459b31c72b477506adad629432b01fe79b4f547c04346cdcb2269e90059b20db6473db103fb7a1dc7a6124bbf99 |
/data/data/com.sistemapegasus.pgsmobile/files/pegasuspedidosmob.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.sistemapegasus.pgsmobile/files/parameters.json
| MD5 | e142226b21e2dc8df43f8d339bcb1a93 |
| SHA1 | 362a9f77a62af474a42cf2f641497d248fa68f1f |
| SHA256 | b48d0c107d2a2eb3c3c6ea368e0f5140be15cedc97ca28fb6f99dfd7eda3c038 |
| SHA512 | c1be5f81b790417a8d6ac55572d03cf813cbb523dd601ec09b7c5bfc1aa69cc38cc2e6558897a66ee4cb9d8d2114d1897da1b4c6027e3e9501c44d700eee1f04 |
/data/data/com.sistemapegasus.pgsmobile/files/parameters.json
| MD5 | fb9488ad10b8cf6d146cf88d273e0872 |
| SHA1 | 2d2177f36f64ef63fa0977e312e4db4dad7cbcd4 |
| SHA256 | 0e0ccc3eb67c8e8ad984dfea24733d9d7ddc6eaf52da4f25e34c3165dea37c14 |
| SHA512 | 7f68897a1490617bb68831fbeaae82ab7a87db601c4c8f52e292729b705e78f9bb8ac56658a3833794fa21aae560e83b9e983933cc4b157f9ba0a4bfad3f233e |
/storage/emulated/0/.pgsmobile_NO_BORRAR.raf
| MD5 | fbee88d44ca8a5f7c4bba1877190ac02 |
| SHA1 | fe7dc4f58e96bcc5a3fc42a4f15f712a2f43c48d |
| SHA256 | 83d8025611ffc8c9e7bc3086e3b541bfd2f6b80e5c443e545349ed629f356477 |
| SHA512 | fb984b9de18bc0e68b4a9e2aabba08cbe46e4c5c1b4d7af775a70f6588d35864ab225d7c8770d16ad09d6d5a209475eb210249642cf39570c54d38b81d950135 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-22 11:41
Reported
2024-05-22 11:46
Platform
android-x64-20240514-en
Max time kernel
124s
Max time network
150s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.sistemapegasus.pgsmobile
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.202:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 216.58.212.226:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.16.238:443 | tcp |
Files
/data/data/com.sistemapegasus.pgsmobile/files/pegasuspedidosmob.db
| MD5 | bc89434270b2c1420b1977fd478f81d0 |
| SHA1 | 7035c7ccdd56b74ba0aaccdc3030725387700119 |
| SHA256 | 1f521b2e833a0278f287606e87f402818cb05bfae9907ef042c15c0f966a7a86 |
| SHA512 | 6a6e5245efccfd98cb326697c0f5d5e0906098e722e1773c9f83f00f7e166ca86318c98615fba268a447bb951f64683fa8bce87581809dc478a47ba83ae6c3db |
/data/data/com.sistemapegasus.pgsmobile/files/parameters.json
| MD5 | 8a48e5c67c4491b2e10faecbe8ab2ce3 |
| SHA1 | 68d87a088deed86ec89f6e62323298be260671f4 |
| SHA256 | c6873a8793a2bcade9336c13406c3b01ce9537a5d65d632627ccbf01ff8ff32a |
| SHA512 | f373eb50d5acdd46213948c389337d9b2676963777feafd60394c407a3916b458b50bf5c605ce22c4767c46819e20ef9d12f81dff1cabcacc4e9f7ae79b93507 |
/data/data/com.sistemapegasus.pgsmobile/files/parameters.json
| MD5 | 37a9b9334f17e9859fae61ef7fb2600a |
| SHA1 | e17b1663b9cdc6cee2963be9a08107ac0ae05f14 |
| SHA256 | cfdcfd2df7f942f555107413ec6adb1d39e8decbe0bd92a6b99eee8a2ca68b60 |
| SHA512 | a8325dbe4e8bf7656c8bb0c2ccae37362c4f27301098de2ba362f8e380aaebeb6d2c25da30dc0a2ed5ceeb28da52616a53ef31159a261ec296bd0b74f9e6a035 |
/storage/emulated/0/.pgsmobile_NO_BORRAR.raf
| MD5 | b73b6355e6969ab93403554e71cb7ba0 |
| SHA1 | 78ce896bc7a3e916770dbb9d1dcda80def8609f6 |
| SHA256 | 047ebdad0e510dd7bff9b43f06180a9d727d8db46b02f52bfc7aba602c12161b |
| SHA512 | adf2ad985c1fe00531d12535346247d102daeb4804283e9a3935a4f2ec0041f89d1aa21b2e129205f2eca7a88086b8bab9f8814ee9e7a4d5a15a32962837f522 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-22 11:41
Reported
2024-05-22 11:43
Platform
android-x64-arm64-20240514-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |