irata | 7a02c5eb86106247a3e744caced3b621918e7033dcae40c8d4015d12e246abb7 | Triage

Resubmissions

27-11-2024 19:28

241127-x639kasrgp 10

27-11-2024 19:28

241127-x6nh4swrcx 10

Sharing

General

Target

7a02c5eb86106247a3e744caced3b621918e7033dcae40c8d4015d12e246abb7
Size

3.8MB
Sample

241127-x639kasrgp
MD5

0d5b966d999d4801bc81b225a29a2f31
SHA1

b338c125cfcb68e8aeb053d718488a7bf7de9e55
SHA256

7a02c5eb86106247a3e744caced3b621918e7033dcae40c8d4015d12e246abb7
SHA512

9f50d7c5858a1559102e2b764dd95cced75fecea8b5481d5eee9091aee773216d7c75e6286e2216b61b18cc9c24a4ce84b13f80081442ca425b68a9508026dc6
SSDEEP

98304:7oTwrHKDwj/yK2DM+F742qs7QOCbwQb0fES:aDwjo7NNCbPxS

Score

10^/10

irata android banker collection credential_access discovery impact persistence

Malware Config

Targets

- Target
  
  7a02c5eb86106247a3e744caced3b621918e7033dcae40c8d4015d12e246abb7
- Size
  
  3.8MB
- MD5
  
  0d5b966d999d4801bc81b225a29a2f31
- SHA1
  
  b338c125cfcb68e8aeb053d718488a7bf7de9e55
- SHA256
  
  7a02c5eb86106247a3e744caced3b621918e7033dcae40c8d4015d12e246abb7
- SHA512
  
  9f50d7c5858a1559102e2b764dd95cced75fecea8b5481d5eee9091aee773216d7c75e6286e2216b61b18cc9c24a4ce84b13f80081442ca425b68a9508026dc6
- SSDEEP
  
  98304:7oTwrHKDwj/yK2DM+F742qs7QOCbwQb0fES:aDwjo7NNCbPxS
Score

7^/10

banker discovery impact persistence collection credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

bankerdiscoveryimpactpersistence

behavioral2

bankercollectioncredential_accessdiscoveryimpactpersistence