irata | c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3 | Triage

Sharing

General

Target

c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3.bin
Size

3.7MB
Sample

240629-1xtwba1blq
MD5

1ca1896d0ffba709220d700f7ded2aea
SHA1

f23f58bb31a9433949b48e4e9e360f73413bae88
SHA256

c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3
SHA512

78adb38b01e748287059aba30aa4ca0bb16de605de84c3dc1a280e36667df50314dba978d4d77643c1c5d542057c2d6704d48bc463a76d83b9d07c860bb7fb6e
SSDEEP

49152:t0nP/Nw8c+csg28Qo/KruohdufgFOJHbXPF2CdUDydCiWh9gAWlrZ:WN/o/KruohdAgFOJH7kCdNArfg9L

Score

10^/10

irata android discovery execution persistence

Malware Config

Targets

- Target
  
  c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3.bin
- Size
  
  3.7MB
- MD5
  
  1ca1896d0ffba709220d700f7ded2aea
- SHA1
  
  f23f58bb31a9433949b48e4e9e360f73413bae88
- SHA256
  
  c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3
- SHA512
  
  78adb38b01e748287059aba30aa4ca0bb16de605de84c3dc1a280e36667df50314dba978d4d77643c1c5d542057c2d6704d48bc463a76d83b9d07c860bb7fb6e
- SSDEEP
  
  49152:t0nP/Nw8c+csg28Qo/KruohdufgFOJHbXPF2CdUDydCiWh9gAWlrZ:WN/o/KruohdAgFOJH7kCdNArfg9L
Score

6^/10

discovery execution persistence
- Acquires the wake lock
- Queries information about active data network
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionpersistence

behavioral2

discoveryexecutionpersistence

behavioral3

discoveryexecutionpersistence