irata | 5175de8c62639156f351a42d563492440884885d38f895475f4f060597e5f6c6 | Triage

Sharing

General

Target

app.apk
Size

2.9MB
Sample

240801-vjzlravbqg
MD5

2f9e86a38a6fffb11558d6574f0c34d6
SHA1

3a8dee7c2126324d207495d11088030a887fffde
SHA256

5175de8c62639156f351a42d563492440884885d38f895475f4f060597e5f6c6
SHA512

3646f04d461512d51db50b1cd81e67f34c6c5e21b1d3f8354be5efffb8c32e050f5427ce7305c031d1c2cffdfd95ce47c7079d981ddd746f4e27544fb951f616
SSDEEP

49152:EgWFAXE+483B4UYjZsj51LUg4+/UUwXVF6G8hL8P790ewYJWIzLDhMOJfjMtM9xq:EgXEW3B45ZsjzD/UUcVPO6J0eHsIzLDi

Score

10^/10

irata android collection credential_access discovery evasion impact persistence

Malware Config

Targets

- Target
  
  app.apk
- Size
  
  2.9MB
- MD5
  
  2f9e86a38a6fffb11558d6574f0c34d6
- SHA1
  
  3a8dee7c2126324d207495d11088030a887fffde
- SHA256
  
  5175de8c62639156f351a42d563492440884885d38f895475f4f060597e5f6c6
- SHA512
  
  3646f04d461512d51db50b1cd81e67f34c6c5e21b1d3f8354be5efffb8c32e050f5427ce7305c031d1c2cffdfd95ce47c7079d981ddd746f4e27544fb951f616
- SSDEEP
  
  49152:EgWFAXE+483B4UYjZsj51LUg4+/UUwXVF6G8hL8P790ewYJWIzLDhMOJfjMtM9xq:EgXEW3B45ZsjzD/UUcVPO6J0eHsIzLDi
Score

8^/10

discovery evasion persistence collection credential_access impact
- Checks if the Android device is rooted.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Checks the presence of a debugger
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

collectioncredential_accessdiscoveryevasionimpactpersistence

behavioral3

discoveryevasionpersistence