irata | 139469bc35124b11ea955c4fcd577013_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

139469bc35124b11ea955c4fcd577013_JaffaCakes118
Size

20.4MB
MD5

139469bc35124b11ea955c4fcd577013
SHA1

246aa1fc79f0b82046b23d2ba8d1b2dd63cf3182
SHA256

3463f2bf09900e924cd2dc0acb1a4ca89e37c74122425c43526dce9aa7a53b6a
SHA512

6ac61abad9d2f96b9119b937f9c635305f229e22d7b90c55fd79534671e0584204d507cd139c86ab2ac6650f47dbd62596c68b6a358365f0ebcdcd518a145942
SSDEEP

393216:+ZyS5xEFZ8YPOClYU6CWTjyoZcUIti3obKETR0+C79wlCaFYdLrOaVtjt7a4aOAH:+ZZ5aFZ8YPpaCWTe1gkKEt0RZvpTNtb6

Score

10^/10

pdf link irata

Malware Config

Signatures

Irata family
irata

Irata payload 4 IoCs

Processes:

resource	yara_rule
sample	family_irata4
static1/unpack001/cxt.tpl	family_irata4
static1/unpack001/pdfapp.aspx	family_irata4
static1/unpack001/websiteapp.aspx	family_irata4

Requests dangerous framework permissions 3 IoCs

Processes:

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

HTTP links in PDF interactive object 2 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

Processes:

resource	yara_rule
sample	pdf_with_link_action
static1/unpack001/pdfapp.aspx	pdf_with_link_action

Files

139469bc35124b11ea955c4fcd577013_JaffaCakes118
.apk android

com.appmaker.appmaker

.main

Activities

.main

android.intent.action.MAIN

Permissions

android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
com.android.vending.BILLING
android.permission.VIBRATE
android.permission.READ_PHONE_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.READ_EXTERNAL_STORAGE

Receivers

Services
cxt.tpl
.apk android

com.myapp.exs

.main

Activities

.main

android.intent.action.MAIN

Permissions

android.permission.INTERNET

Receivers

Services
pdfapp.aspx
.apk android

com.appmaker.testpdf

.main

Activities

.main

android.intent.action.MAIN

Permissions

android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET

Receivers

Services
websiteapp.aspx
.apk android

com.appmaker.testappsx

.main

Activities

.main

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.READ_EXTERNAL_STORAGE

Receivers

Services

Android Permissions

139469bc35124b11ea955c4fcd577013_JaffaCakes118

Permissions

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.INTERNET

com.android.vending.BILLING

android.permission.VIBRATE

android.permission.READ_PHONE_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.READ_EXTERNAL_STORAGE

Sharing

General

Malware Config

Signatures

Files

com.appmaker.appmaker

.main

Activities

.main

Permissions

Receivers

Services

com.myapp.exs

.main

Activities

.main

Permissions

Receivers

Services

com.appmaker.testpdf

.main

Activities

.main

Permissions

Receivers

Services

com.appmaker.testappsx

.main

Activities

.main

Permissions

Receivers

Services

Android Permissions

139469bc35124b11ea955c4fcd577013_JaffaCakes118