irata | Mellat[.]apk

Resubmissions

09-09-2024 06:12

240909-gx9f8avdpp 10

09-09-2024 06:11

240909-gxt2jaxekc 10

03-09-2024 10:25

240903-mgf3matgml 10

29-07-2024 19:19

240729-x1hexawamq 7

Sharing

Copy URL

Twitter E-mail

General

Target

Mellat.apk
Size

6.4MB
MD5

9cca6bc6dcd20c4e2e61e21e72bec62c
SHA1

a157d6b9f2ba4bd8124f40a8b3e3d3006b21fa62
SHA256

0bbd59618f244b78e5ef449c183be032096ed408049cf8a130508ffb928f3382
SHA512

bd6310ccd78b474aff7eb317f811e9f326c196bd681bc8a2b697000deb8f44828a620f42b11d43c5e909911eafb38353d6fe4e4be21e2c1055c914e61be3480c
SSDEEP

196608:N9ZCIRe20kC4GwFzQ1bjbYjaF8N5jxyBBfLX:lCIRezkMwG1b/iwy5jxyBBfLX

Score

10^/10

irata

Malware Config

Extracted

Family

irata

https://raw.githubusercontent.com/gadsteam/mellat/main/mel1.md

Signatures

Irata family
irata

Requests dangerous framework permissions 2 IoCs

description	ioc
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Files

Mellat.apk
.apk android

com.formelleetae.com

ir.expert.sms.WebviewActivity

Activities

ir.expert.sms.WebviewActivity

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.RECEIVE_SMS
android.permission.FOREGROUND_SERVICE
android.permission.SYSTEM_ALERT_WINDOW
com.formelleetae.com.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Receivers

ir.expert.sms.Receiver

android.provider.Telephony.SMS_RECEIVED

androidx.profileinstaller.ProfileInstallReceiver

androidx.profileinstaller.action.INSTALL_PROFILE
androidx.profileinstaller.action.SKIP_FILE
androidx.profileinstaller.action.SAVE_PROFILE
androidx.profileinstaller.action.BENCHMARK_OPERATION

Android Permissions

Mellat.apk

Permissions

android.permission.INTERNET

android.permission.RECEIVE_SMS

android.permission.FOREGROUND_SERVICE

android.permission.SYSTEM_ALERT_WINDOW

com.formelleetae.com.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

com.formelleetae.com

ir.expert.sms.WebviewActivity

Activities

ir.expert.sms.WebviewActivity

Permissions

Receivers

ir.expert.sms.Receiver

androidx.profileinstaller.ProfileInstallReceiver

Android Permissions

Mellat.apk