Malware Analysis Report

2025-01-19 05:51

Sample ID 241128-2drsaasrf1
Target 9a18e212ffdd94dd262de2eeab7758657dee156ee2ddebeec6b97df7227ab8be.zip
SHA256 7f15de43d3d5f54c59efde740fe02b72bc7e9cb720010520cbac9b5e99484f46
Tags
irata discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7f15de43d3d5f54c59efde740fe02b72bc7e9cb720010520cbac9b5e99484f46

Threat Level: Known bad

The file 9a18e212ffdd94dd262de2eeab7758657dee156ee2ddebeec6b97df7227ab8be.zip was found to be: Known bad.

Malicious Activity Summary

irata discovery

Irata family

Irata payload

Requests dangerous framework permissions

Acquires the wake lock

Queries information about active data network

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-28 22:28

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-28 22:28

Reported

2024-11-28 22:31

Platform

android-x86-arm-20240624-en

Max time kernel

2s

Max time network

130s

Command Line

org.bax.project

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

org.bax.project

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.78:443 android.apis.google.com tcp

Files

/data/data/org.bax.project/files/PersistedInstallation36583220604094901tmp

MD5 a1201020ccab478d7cb60a35fa6c98ce
SHA1 c61b9888585a9088649fd1cc2f462e31fee896d8
SHA256 80b3a8053b673625552658060fd6c6224c054841344cfd18b216c99af7788061
SHA512 c63d5748c50d158ed242cf546af9488adfd9fee439d5005882e8390989a2b8aeae96ec427cde15548ad38837bece7a87fe849ce0e7d443e35535bada55532b8d

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-28 22:28

Reported

2024-11-28 22:31

Platform

android-x64-20240624-en

Max time kernel

3s

Max time network

135s

Command Line

org.bax.project

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

org.bax.project

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

/data/data/org.bax.project/files/PersistedInstallation224966388910464121tmp

MD5 3968c655a776339014180824a5a73af7
SHA1 83d51c85c4dc927aed6ff4ffbe2878427b4c15c9
SHA256 aeaf9e942686c027f2e1d0538fdd2de31c3423618a7293d25ac77530ac92f230
SHA512 c6d962554ceed7ca8ae39de30bc90b03a48f2c6cf35d8873a7cafc9f395d0563efb5d449b55001eec901129d05c9a2d9a2762db4adf6f9a34858aa53108d0a53

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 f923c86ba79e772ba70fae5db89df4e7
SHA1 987a32f4d15611aae1c2c075a55a70ceaadaf768
SHA256 6b51bf1b51b8e50501c4fc4fe54e53e391e257e9eb35d2568c2cdf40d75645db
SHA512 7e210bc609c58d258b75ad2ba1f0430d22a382aff841d1407c3a099d2cf0cb1ff9c3e7cc9602ac012c29c53d6ac7c50c4231ffac63496251732b86e455768b22

/data/data/org.bax.project/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 87c86321751c9e3c6da0580f2d8f8d9c
SHA1 4e323ecd6a6bc4cc50566f774cc658ae296d4112
SHA256 8a5c5741e1549fd94ce06260450b95c25557648c2fee5ee5cd418ee8a92f4298
SHA512 3d8beecbcca33efad182806b7804603b097649b9fc27685d92898c2c9d654c1ef2b3cc1810583f50861c8f02ea4807d7a9c62c0cf5ee7123a7810467a87c8b9e

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 8112fabbbcbbeab65ad700ebfbeeebfd
SHA1 c1c9f6089eb74cf3a973f4125ecc30b41907a394
SHA256 4ced23b802670abfc803ced2f672907f166a584fe66b18767170e31bd59d6654
SHA512 ca1ef8d817c671fa0ae8e54957f155306949d097778021f54b5cb49e11e2d9e5c79cbf15ad19b0fd922160a467caf1268553607006932bcbd30d1b26e54970bb

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 21fb4c38983ec7623f1bacabfacacda9
SHA1 a76b8375f12591809a5c22fcce4553397bdc36d2
SHA256 08215253a9065f7aeee70bb0233c13d30cb784d5235cd5f17bf68f8d1a5f3291
SHA512 ac6debe6cf93707764eadf3345c0451e3dd1ff37852dc1eb5531bb0a559dbdc29bf86df219adbc9a0711768791fd741ae2d36ea5265e73896afe00a53c25e449

/data/data/org.bax.project/databases/google_app_measurement_local.db-journal

MD5 b9489d2cba933a28458c2525b86bd84c
SHA1 c2f8ab85baa1a25434e8d98e7ed0b3b8b096d3bd
SHA256 1231ae902c7e8adbcfcea825d1d3320f962ea3cc23f348fee19046fa8dcb6fc8
SHA512 e7764ff00b095e7e9fc4fc6fec1eac72375095a6c516af92da735b90b576ae532c68686784706ef7f556d503f19a5c6ed36d9fde7eae30d8daca7a08d8f75623

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-28 22:28

Reported

2024-11-28 22:31

Platform

android-x64-arm64-20240624-en

Max time network

155s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp
GB 172.217.169.46:443 android.apis.google.com tcp
GB 173.194.76.188:5228 tcp
GB 142.250.187.196:443 tcp
GB 216.58.204.66:443 tcp
GB 216.58.212.206:443 tcp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
GB 216.58.213.14:443 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp

Files

N/A