irata | e1fd8b7039c0958b3c60b52852bd339a6011ee45f1d8aea23f3f3b5cad24d0b9 | Triage

Sharing

General

Target

app.apk
Size

3.6MB
Sample

240808-kgfqra1gnr
MD5

4b7437e4617978c96fc5932b868fea4f
SHA1

bc064c601906b25374b0a84e041e74057c6c48cf
SHA256

e1fd8b7039c0958b3c60b52852bd339a6011ee45f1d8aea23f3f3b5cad24d0b9
SHA512

e517721e9febff4741f5fab2e1df795c14f69c996397b6dfcb689258cb440cc4ef38e71cc549fbc243d420868873d2498fea582739bc1dfa9dd271e1bfbbccec
SSDEEP

98304:NhgxDJOzORUH+OiKT/ZxilcSvVwlanPV29JhtC:N0lO6RKxTxUlcUwmPV+htC

Score

10^/10

irata android banker collection credential_access discovery impact persistence

Malware Config

Targets

- Target
  
  app.apk
- Size
  
  3.6MB
- MD5
  
  4b7437e4617978c96fc5932b868fea4f
- SHA1
  
  bc064c601906b25374b0a84e041e74057c6c48cf
- SHA256
  
  e1fd8b7039c0958b3c60b52852bd339a6011ee45f1d8aea23f3f3b5cad24d0b9
- SHA512
  
  e517721e9febff4741f5fab2e1df795c14f69c996397b6dfcb689258cb440cc4ef38e71cc549fbc243d420868873d2498fea582739bc1dfa9dd271e1bfbbccec
- SSDEEP
  
  98304:NhgxDJOzORUH+OiKT/ZxilcSvVwlanPV29JhtC:N0lO6RKxTxUlcUwmPV+htC
Score

7^/10

banker collection discovery impact persistence credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Acquires the wake lock
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Clipboard Data

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

bankercollectiondiscoveryimpactpersistence

behavioral2

bankercollectioncredential_accessdiscoveryimpactpersistence

behavioral3

bankercollectioncredential_accessdiscoveryimpact