Analysis Overview
SHA256
7f15de43d3d5f54c59efde740fe02b72bc7e9cb720010520cbac9b5e99484f46
Threat Level: Known bad
The file 9a18e212ffdd94dd262de2eeab7758657dee156ee2ddebeec6b97df7227ab8be.zip was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests dangerous framework permissions
Acquires the wake lock
Queries information about active data network
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-28 22:28
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-28 22:28
Reported
2024-11-28 22:31
Platform
android-x86-arm-20240624-en
Max time kernel
2s
Max time network
130s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.78:443 | android.apis.google.com | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation36583220604094901tmp
| MD5 | a1201020ccab478d7cb60a35fa6c98ce |
| SHA1 | c61b9888585a9088649fd1cc2f462e31fee896d8 |
| SHA256 | 80b3a8053b673625552658060fd6c6224c054841344cfd18b216c99af7788061 |
| SHA512 | c63d5748c50d158ed242cf546af9488adfd9fee439d5005882e8390989a2b8aeae96ec427cde15548ad38837bece7a87fe849ce0e7d443e35535bada55532b8d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-28 22:28
Reported
2024-11-28 22:31
Platform
android-x64-20240624-en
Max time kernel
3s
Max time network
135s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation224966388910464121tmp
| MD5 | 3968c655a776339014180824a5a73af7 |
| SHA1 | 83d51c85c4dc927aed6ff4ffbe2878427b4c15c9 |
| SHA256 | aeaf9e942686c027f2e1d0538fdd2de31c3423618a7293d25ac77530ac92f230 |
| SHA512 | c6d962554ceed7ca8ae39de30bc90b03a48f2c6cf35d8873a7cafc9f395d0563efb5d449b55001eec901129d05c9a2d9a2762db4adf6f9a34858aa53108d0a53 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | f923c86ba79e772ba70fae5db89df4e7 |
| SHA1 | 987a32f4d15611aae1c2c075a55a70ceaadaf768 |
| SHA256 | 6b51bf1b51b8e50501c4fc4fe54e53e391e257e9eb35d2568c2cdf40d75645db |
| SHA512 | 7e210bc609c58d258b75ad2ba1f0430d22a382aff841d1407c3a099d2cf0cb1ff9c3e7cc9602ac012c29c53d6ac7c50c4231ffac63496251732b86e455768b22 |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | eb52a90bb70b76e946b62f50b6f7fb85 |
| SHA1 | 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0 |
| SHA256 | 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4 |
| SHA512 | b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 87c86321751c9e3c6da0580f2d8f8d9c |
| SHA1 | 4e323ecd6a6bc4cc50566f774cc658ae296d4112 |
| SHA256 | 8a5c5741e1549fd94ce06260450b95c25557648c2fee5ee5cd418ee8a92f4298 |
| SHA512 | 3d8beecbcca33efad182806b7804603b097649b9fc27685d92898c2c9d654c1ef2b3cc1810583f50861c8f02ea4807d7a9c62c0cf5ee7123a7810467a87c8b9e |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 8112fabbbcbbeab65ad700ebfbeeebfd |
| SHA1 | c1c9f6089eb74cf3a973f4125ecc30b41907a394 |
| SHA256 | 4ced23b802670abfc803ced2f672907f166a584fe66b18767170e31bd59d6654 |
| SHA512 | ca1ef8d817c671fa0ae8e54957f155306949d097778021f54b5cb49e11e2d9e5c79cbf15ad19b0fd922160a467caf1268553607006932bcbd30d1b26e54970bb |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 21fb4c38983ec7623f1bacabfacacda9 |
| SHA1 | a76b8375f12591809a5c22fcce4553397bdc36d2 |
| SHA256 | 08215253a9065f7aeee70bb0233c13d30cb784d5235cd5f17bf68f8d1a5f3291 |
| SHA512 | ac6debe6cf93707764eadf3345c0451e3dd1ff37852dc1eb5531bb0a559dbdc29bf86df219adbc9a0711768791fd741ae2d36ea5265e73896afe00a53c25e449 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | b9489d2cba933a28458c2525b86bd84c |
| SHA1 | c2f8ab85baa1a25434e8d98e7ed0b3b8b096d3bd |
| SHA256 | 1231ae902c7e8adbcfcea825d1d3320f962ea3cc23f348fee19046fa8dcb6fc8 |
| SHA512 | e7764ff00b095e7e9fc4fc6fec1eac72375095a6c516af92da735b90b576ae532c68686784706ef7f556d503f19a5c6ed36d9fde7eae30d8daca7a08d8f75623 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-28 22:28
Reported
2024-11-28 22:31
Platform
android-x64-arm64-20240624-en
Max time network
155s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.46:443 | android.apis.google.com | tcp |
| GB | 172.217.169.46:443 | android.apis.google.com | tcp |
| GB | 173.194.76.188:5228 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 216.58.204.66:443 | tcp | |
| GB | 216.58.212.206:443 | tcp | |
| GB | 216.58.204.67:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| GB | 216.58.213.14:443 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |