Analysis Overview
SHA256
457a210b7bf23be5efb5f495cdef257ab5a1151b7e813ded1cdb903b0917332d
Threat Level: Known bad
The file 457A210B7BF23BE5EFB5F495CDEF257AB5A1151B7E813DED1CDB903B0917332D.apk was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Acquires the wake lock
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-27 08:24
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-27 08:24
Reported
2024-06-27 09:23
Platform
android-x86-arm-20240624-en
Max time kernel
7s
Max time network
130s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
ir.quicklearn.nodbeh
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.42:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | dl.quicklearn.ir | udp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/data/ir.quicklearn.nodbeh/files/ArabicFont
| MD5 | 1f0e3dad99908345f7439f8ffabdffc4 |
| SHA1 | b3f0c7f6bb763af1be91d9e74eabfeb199dc1f1f |
| SHA256 | 9400f1b21cb527d7fa3d3eabba93557a18ebe7a2ca4e471cfe5e4c5b4ca7f767 |
| SHA512 | 8d89aa701de5a35b24cfadbd2088986ae13311d1a7c63abe5c780c62bc939a0577c3a78cf7ee4951c1b09f6849074c21ca1f7023e89bee683c1dbb2134a984d0 |
/data/data/ir.quicklearn.nodbeh/files/FarsiFont
| MD5 | aab3238922bcc25a6f606eb525ffdc56 |
| SHA1 | fa35e192121eabf3dabf9f5ea6abdbcbc107ac3b |
| SHA256 | 8527a891e224136950ff32ca212b45bc93f69fbb801c3b1ebedac52775f99e61 |
| SHA512 | 5f3a799ba20c20a225f75d4fe2acab79912dfcd2f2b333bf062b37acbb6463388c344430d5ba1e9fd318d3ed8263074e999e2b2e811bc51c5e2dfea4e2f32e58 |
/data/data/ir.quicklearn.nodbeh/files/nodbeh
| MD5 | be3fd52252d0611fc64d843eb37ed3c4 |
| SHA1 | 00edc638d33534530c33cbae03854cdc7d9c3163 |
| SHA256 | 747a43b47b9dc9eff37f17e36523a4b546b46bd3633dabab360b51e1a43e6f08 |
| SHA512 | 9a70d2856b3ca80a32642fd20057f53c1baa45d19e0432f68264cfc782dee3fe8c4d82b39d538fcf2dba191e947764dd1d15359699740db6184f064f63d26ab6 |
/data/data/ir.quicklearn.nodbeh/files/nodbeh-journal
| MD5 | 86890898f5c23ae08d3c5c557cd28096 |
| SHA1 | ea41f457964f0f8b2b07922855cc72d05f5a3e9f |
| SHA256 | f45a6f4b346d19c487606b3772a147bbed3e039de3cd017c98c87f778e007d17 |
| SHA512 | 2cadc2262a78747cf2fa474b3b1ff972385090e821b0947b3f0f55abb12ade027c7c5daf00f4325d86623fe83333c42f17759166b7fed80a8723924e46b7001f |
/data/data/ir.quicklearn.nodbeh/files/nodbeh
| MD5 | ac2632d34f8d16871ab845b9f7eac136 |
| SHA1 | 4f99ece4b0f0879bba5386ac5549f6d0145f3af5 |
| SHA256 | 5c163bf9c8c0b603efdaed7f0e5ebe9540f5e25493da909e41f933fdedc68e64 |
| SHA512 | d43be798abb4c7855f030f51ae7a057bfafd4b157f21616a10a188ff12261d4f7f132f217f894a6163a294d06b2315ed69e2549007f8e6f60a7b3b56b4650cae |
/data/data/ir.quicklearn.nodbeh/files/nodbeh-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/ir.quicklearn.nodbeh/files/appversion
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
/data/data/ir.quicklearn.nodbeh/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-27 08:24
Reported
2024-06-27 09:15
Platform
android-x64-20240624-en
Max time kernel
6s
Max time network
155s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
ir.quicklearn.nodbeh
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | dl.quicklearn.ir | udp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 216.58.213.14:443 | tcp | |
| GB | 142.250.178.2:443 | tcp |
Files
/data/data/ir.quicklearn.nodbeh/files/ArabicFont
| MD5 | 1f0e3dad99908345f7439f8ffabdffc4 |
| SHA1 | b3f0c7f6bb763af1be91d9e74eabfeb199dc1f1f |
| SHA256 | 9400f1b21cb527d7fa3d3eabba93557a18ebe7a2ca4e471cfe5e4c5b4ca7f767 |
| SHA512 | 8d89aa701de5a35b24cfadbd2088986ae13311d1a7c63abe5c780c62bc939a0577c3a78cf7ee4951c1b09f6849074c21ca1f7023e89bee683c1dbb2134a984d0 |
/data/data/ir.quicklearn.nodbeh/files/FarsiFont
| MD5 | aab3238922bcc25a6f606eb525ffdc56 |
| SHA1 | fa35e192121eabf3dabf9f5ea6abdbcbc107ac3b |
| SHA256 | 8527a891e224136950ff32ca212b45bc93f69fbb801c3b1ebedac52775f99e61 |
| SHA512 | 5f3a799ba20c20a225f75d4fe2acab79912dfcd2f2b333bf062b37acbb6463388c344430d5ba1e9fd318d3ed8263074e999e2b2e811bc51c5e2dfea4e2f32e58 |
/data/data/ir.quicklearn.nodbeh/files/nodbeh
| MD5 | be3fd52252d0611fc64d843eb37ed3c4 |
| SHA1 | 00edc638d33534530c33cbae03854cdc7d9c3163 |
| SHA256 | 747a43b47b9dc9eff37f17e36523a4b546b46bd3633dabab360b51e1a43e6f08 |
| SHA512 | 9a70d2856b3ca80a32642fd20057f53c1baa45d19e0432f68264cfc782dee3fe8c4d82b39d538fcf2dba191e947764dd1d15359699740db6184f064f63d26ab6 |
/data/data/ir.quicklearn.nodbeh/files/appversion
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
/data/data/ir.quicklearn.nodbeh/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-27 08:24
Reported
2024-06-27 09:15
Platform
android-x64-arm64-20240624-en
Max time kernel
7s
Max time network
132s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
ir.quicklearn.nodbeh
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.213.10:443 | tcp | |
| GB | 216.58.213.10:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | dl.quicklearn.ir | udp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/user/0/ir.quicklearn.nodbeh/files/ArabicFont
| MD5 | 1f0e3dad99908345f7439f8ffabdffc4 |
| SHA1 | b3f0c7f6bb763af1be91d9e74eabfeb199dc1f1f |
| SHA256 | 9400f1b21cb527d7fa3d3eabba93557a18ebe7a2ca4e471cfe5e4c5b4ca7f767 |
| SHA512 | 8d89aa701de5a35b24cfadbd2088986ae13311d1a7c63abe5c780c62bc939a0577c3a78cf7ee4951c1b09f6849074c21ca1f7023e89bee683c1dbb2134a984d0 |
/data/user/0/ir.quicklearn.nodbeh/files/FarsiFont
| MD5 | aab3238922bcc25a6f606eb525ffdc56 |
| SHA1 | fa35e192121eabf3dabf9f5ea6abdbcbc107ac3b |
| SHA256 | 8527a891e224136950ff32ca212b45bc93f69fbb801c3b1ebedac52775f99e61 |
| SHA512 | 5f3a799ba20c20a225f75d4fe2acab79912dfcd2f2b333bf062b37acbb6463388c344430d5ba1e9fd318d3ed8263074e999e2b2e811bc51c5e2dfea4e2f32e58 |
/data/user/0/ir.quicklearn.nodbeh/files/nodbeh
| MD5 | be3fd52252d0611fc64d843eb37ed3c4 |
| SHA1 | 00edc638d33534530c33cbae03854cdc7d9c3163 |
| SHA256 | 747a43b47b9dc9eff37f17e36523a4b546b46bd3633dabab360b51e1a43e6f08 |
| SHA512 | 9a70d2856b3ca80a32642fd20057f53c1baa45d19e0432f68264cfc782dee3fe8c4d82b39d538fcf2dba191e947764dd1d15359699740db6184f064f63d26ab6 |
/data/user/0/ir.quicklearn.nodbeh/files/appversion
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
/data/user/0/ir.quicklearn.nodbeh/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |