irata | BankerSpanish[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

BankerSpanish.zip
Size

5.5MB
MD5

4cfdab0560c81ebed7e2c45fd73c01fb
SHA1

e39edc87e4cf92a3985c1c8676c5d3d27c9abbf1
SHA256

f0d9d0e872347e343b600a8ff72f2926356fefedefc3cc6bfcf105bb6deb6757
SHA512

a3e3f59cd517dda0d69724b45933663637003c260707d65227992051786699bf0b1a7c64fd7cffd9c62f96d8e14461b39ee5c3fa026d1b8eb0c9ee5f0ef2779b
SSDEEP

98304:2gnH7yA0BuRlKLtvUrwiDqTxGZsAUARe0nVURa8hwc8YFQfuw4UEWl4byu5:RH+ADLKLtvtiDKxGZsAc02R5wNmYwUVW

Score

10^/10

irata

Malware Config

Signatures

Irata family
irata

Irata payload 3 IoCs

Processes:

resource	yara_rule
static1/unpack001/BankerSpanish/57f75ad95573f857fcfe13aaa3847511	family_irata4
static1/unpack001/BankerSpanish/92624244ee4834560efedb66224b16ab	family_irata4
static1/unpack001/BankerSpanish/f7793d6e66757aaf6b8af5b0abd4cf41	family_irata4

Declares services with permission to bind to the system 1 IoCs

Processes:

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 9 IoCs

Processes:

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Required to be able to access the camera device.	android.permission.CAMERA
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to read SMS messages.	android.permission.READ_SMS

Files

BankerSpanish.zip
.zip

Password: infected
BankerSpanish/57f75ad95573f857fcfe13aaa3847511
.apk android

es.adadda.ujd

.main

Activities

.main

android.intent.action.MAIN

Permissions

android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.VIBRATE
android.permission.RECEIVE_SMS
android.permission.WAKE_LOCK
android.permission.BIND_ACCESSIBILITY_SERVICE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.FOREGROUND_SERVICE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_NETWORK_STATE
android.permission.CAMERA
android.permission.READ_PHONE_STATE
android.permission.SYSTEM_OVERLAY_WINDOW
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.WRITE_SETTINGS
android.permission.READ_CONTACTS
android.permission.CALL_PHONE
android.permission.READ_SMS

Receivers

.starter$starter_BR

android.intent.action.BOOT_COMPLETED

.bulacha$bulacha_BR

android.intent.action.BOOT_COMPLETED

Services

.bulacha

android.accessibilityservice.AccessibilityService
BankerSpanish/92624244ee4834560efedb66224b16ab
.apk android

es.adadda.ujd

.main

Activities

.main

android.intent.action.MAIN

Permissions

android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.VIBRATE
android.permission.RECEIVE_SMS
android.permission.WAKE_LOCK
android.permission.BIND_ACCESSIBILITY_SERVICE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.FOREGROUND_SERVICE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_NETWORK_STATE
android.permission.CAMERA
android.permission.READ_PHONE_STATE
android.permission.SYSTEM_OVERLAY_WINDOW
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.WRITE_SETTINGS
android.permission.READ_CONTACTS
android.permission.CALL_PHONE
android.permission.READ_SMS

Receivers

.starter$starter_BR

android.intent.action.BOOT_COMPLETED

.bulacha$bulacha_BR

android.intent.action.BOOT_COMPLETED

Services

.bulacha

android.accessibilityservice.AccessibilityService
BankerSpanish/f7793d6e66757aaf6b8af5b0abd4cf41
.apk android

es.adadda.ujd

.main

Activities

.main

android.intent.action.MAIN

Permissions

android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.VIBRATE
android.permission.RECEIVE_SMS
android.permission.WAKE_LOCK
android.permission.BIND_ACCESSIBILITY_SERVICE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.FOREGROUND_SERVICE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_NETWORK_STATE
android.permission.CAMERA
android.permission.READ_PHONE_STATE
android.permission.SYSTEM_OVERLAY_WINDOW
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.WRITE_SETTINGS
android.permission.READ_CONTACTS
android.permission.CALL_PHONE
android.permission.READ_SMS

Receivers

.starter$starter_BR

android.intent.action.BOOT_COMPLETED

.bulacha$bulacha_BR

android.intent.action.BOOT_COMPLETED

Services

.bulacha

android.accessibilityservice.AccessibilityService

Sharing

General

Malware Config

Signatures

Files

Password: infected

es.adadda.ujd

.main

Activities

.main

Permissions

Receivers

.starter$starter_BR

.bulacha$bulacha_BR

Services

.bulacha

es.adadda.ujd

.main

Activities

.main

Permissions

Receivers

.starter$starter_BR

.bulacha$bulacha_BR

Services

.bulacha

es.adadda.ujd

.main

Activities

.main

Permissions

Receivers

.starter$starter_BR

.bulacha$bulacha_BR

Services

.bulacha