Analysis Overview
SHA256
3463f2bf09900e924cd2dc0acb1a4ca89e37c74122425c43526dce9aa7a53b6a
Threat Level: Known bad
The file 3463f2bf09900e924cd2dc0acb1a4ca89e37c74122425c43526dce9aa7a53b6a was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
HTTP links in PDF interactive object
Checks memory information
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-07-28 09:58
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
HTTP links in PDF interactive object
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-28 09:58
Reported
2024-07-28 10:01
Platform
android-x86-arm-20240624-en
Max time kernel
22s
Max time network
132s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.myapp.exs
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-07-28 09:58
Reported
2024-07-28 10:01
Platform
android-x86-arm-20240624-en
Max time kernel
44s
Max time network
139s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.appmaker.testpdf
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-07-28 09:58
Reported
2024-07-28 10:01
Platform
android-x64-20240624-en
Max time kernel
48s
Max time network
166s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.appmaker.testpdf
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 172.217.169.46:443 | tcp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-07-28 09:58
Reported
2024-07-28 10:01
Platform
android-x64-arm64-20240624-en
Max time kernel
173s
Max time network
139s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.appmaker.testpdf
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-07-28 09:58
Reported
2024-07-28 10:01
Platform
android-x64-20240624-en
Max time kernel
45s
Max time network
165s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.appmaker.testappsx
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 142.250.179.226:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-28 09:58
Reported
2024-07-28 10:02
Platform
android-x64-20240624-en
Max time kernel
123s
Max time network
165s
Command Line
Signatures
Processes
com.appmaker.appmaker
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/data/com.appmaker.appmaker/files/apps.db
| MD5 | c2a1f88133779c380ff4af26d8fc3487 |
| SHA1 | 4473bf8ac5691a8444f6044b89e38c106262e895 |
| SHA256 | b1664dca893df407378fedd3ce41f0f72a353d0080b5b0e37c1a7b69708a5d2e |
| SHA512 | 32ed897c268115a8632ef8c8da7328b2ee0b14ab065ecfe61192dc65f5a64ce375aa8ae3eb2ea5ced07b588ffa0d505d2c6cd1c68d14306b9a826553a58cb2fd |
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-28 09:58
Reported
2024-07-28 10:02
Platform
android-x64-arm64-20240624-en
Max time kernel
123s
Max time network
136s
Command Line
Signatures
Processes
com.appmaker.appmaker
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |
Files
/data/user/0/com.appmaker.appmaker/files/apps.db
| MD5 | c2a1f88133779c380ff4af26d8fc3487 |
| SHA1 | 4473bf8ac5691a8444f6044b89e38c106262e895 |
| SHA256 | b1664dca893df407378fedd3ce41f0f72a353d0080b5b0e37c1a7b69708a5d2e |
| SHA512 | 32ed897c268115a8632ef8c8da7328b2ee0b14ab065ecfe61192dc65f5a64ce375aa8ae3eb2ea5ced07b588ffa0d505d2c6cd1c68d14306b9a826553a58cb2fd |
Analysis: behavioral6
Detonation Overview
Submitted
2024-07-28 09:58
Reported
2024-07-28 10:01
Platform
android-x64-arm64-20240624-en
Max time kernel
67s
Max time network
138s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.myapp.exs
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.212.238:443 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-28 09:58
Reported
2024-07-28 10:02
Platform
android-x86-arm-20240624-en
Max time kernel
124s
Max time network
133s
Command Line
Signatures
Processes
com.appmaker.appmaker
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
/data/data/com.appmaker.appmaker/files/apps.db
| MD5 | c2a1f88133779c380ff4af26d8fc3487 |
| SHA1 | 4473bf8ac5691a8444f6044b89e38c106262e895 |
| SHA256 | b1664dca893df407378fedd3ce41f0f72a353d0080b5b0e37c1a7b69708a5d2e |
| SHA512 | 32ed897c268115a8632ef8c8da7328b2ee0b14ab065ecfe61192dc65f5a64ce375aa8ae3eb2ea5ced07b588ffa0d505d2c6cd1c68d14306b9a826553a58cb2fd |
/data/data/com.appmaker.appmaker/files/apps.db-journal
| MD5 | 92934336642f93514c146d7d239a07d8 |
| SHA1 | d19d756b435abf1edbb0df561b464c8eb6b7e796 |
| SHA256 | 2d7b3fdf35246318391e352c98812c83a6d7ec9cc154c6ebd082d3f75f685cea |
| SHA512 | fab8dd7c91b64445758f3e32f16276e41cd8aea096da77a66151b9e8c29c0489ea169829a4620f6d488ddb0a56bbafb373a778f9642b72c77f02874d0789398b |
/data/data/com.appmaker.appmaker/files/apps.db
| MD5 | 62a4d9612947a6efb4dbc5d05a0c0feb |
| SHA1 | 67514e7ddc9b4b638c6bfb011973f96b6f3ae914 |
| SHA256 | 51d4ce3345eabb9f2ae966d6e1c1ee9934e37e3840d77ff02bd724dd7a940258 |
| SHA512 | d2cf9c2339c855d4a6caf5e620d27f0cfa661a70d0f7dc2e6c4839479858da44cbd06148f0683806817d02108a968dc8433ccb471946cc5f7a740ba8008b1df3 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-07-28 09:58
Reported
2024-07-28 10:01
Platform
android-x64-20240624-en
Max time kernel
29s
Max time network
168s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.myapp.exs
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.200.34:443 | tcp | |
| GB | 216.58.204.78:443 | tcp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-07-28 09:58
Reported
2024-07-28 10:01
Platform
android-x86-arm-20240624-en
Max time kernel
33s
Max time network
134s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.appmaker.testappsx
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:80 | www.google.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-07-28 09:58
Reported
2024-07-28 10:01
Platform
android-x64-arm64-20240624-en
Max time kernel
34s
Max time network
134s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.appmaker.testappsx
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:80 | www.google.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |