Analysis Overview
SHA256
7f15de43d3d5f54c59efde740fe02b72bc7e9cb720010520cbac9b5e99484f46
Threat Level: Known bad
The file 9a18e212ffdd94dd262de2eeab7758657dee156ee2ddebeec6b97df7227ab8be.zip was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata family
Requests dangerous framework permissions
Acquires the wake lock
Queries information about active data network
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-28 22:33
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-28 22:33
Reported
2024-11-28 22:36
Platform
android-x86-arm-20240624-en
Max time kernel
2s
Max time network
95s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation7607193959981899615tmp
| MD5 | 69756c81952294050b378dbf345af151 |
| SHA1 | 19f844801d813874d4c8ae2f10b7d1339609cfb6 |
| SHA256 | 4105ddbcaad4e56334e0689bef145653cb2ec1793c7f361cafc57426189e04f3 |
| SHA512 | b18d098d4621296fb28e7ec326df89a11d026b14dad9d049cff1aa31e3f6d3eab1d03f5db655403d31ff75cd0ca11f073000ea5e388c33a16847f96bfe7e1b45 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-28 22:33
Reported
2024-11-28 22:36
Platform
android-x64-20240624-en
Max time kernel
4s
Max time network
133s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation7167633226775425941tmp
| MD5 | c14638ded1365e3061a9f28159e66e2c |
| SHA1 | 2227d90d902b9edf31de473ff28b20834b46a968 |
| SHA256 | 76085a366d29b0f2ab62d11cea8d911e5bba6559ba2ff57f5885a4c868f07120 |
| SHA512 | f101fe340a7c27c34d8a1ec09dc3b9c1b355eb6e8382dbf216afdf68714834fa0fd0d47d1629a90fbfeda47d808a516dc245c3bb96ff68aca616328cda2d67e2 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 67036a3f45965f6d86dbe8b0d7363469 |
| SHA1 | e2c5d90e0c1748660af22d052cc758e100554bfc |
| SHA256 | 8ddf17ea983c8ee6841fc8955f7fa21d3ab05e905112919aaa916f8b8d152849 |
| SHA512 | 541b416dfda7b40ca8fef3bc91a7c7002ed652a981dff0dd6edb6e398b748ce1a0833f560530c6598f3ef00768b2e4ca03bbcaffd834771d01b379dc2ecd1e44 |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | eb52a90bb70b76e946b62f50b6f7fb85 |
| SHA1 | 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0 |
| SHA256 | 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4 |
| SHA512 | b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | c7cdffa2b41d5c491662e5f269f54f9d |
| SHA1 | af65f2ff8b71d289d3d631914d008af3d28a9a8c |
| SHA256 | 58b5df16920b2d79fc8b4af17d41c53ac558b8b593499ea5ffa46a9373526177 |
| SHA512 | 54ce718a3da378759988ae66e235bda793dc281c8bc0b89267dc4d05ca7a150e83c1816845db5e6438e77214ec8ac8f36de69d97a5fa85e760dd7380ed17d70a |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | d48d1aa5ce72ee9dd83ba42321a34b67 |
| SHA1 | 84fe52f6e55c7fb3fbebd698b6322c05fb232d8b |
| SHA256 | 17e762e36286d572bc810a1c91491689ed0486a5f28a7978d8dbf44c39e47fa4 |
| SHA512 | 9f25078797f5e3f2f728e2698e234429eed09ce4f45a0420c7e761a80113953ebeaaecfb27817dc98412fbc6f559efaffa5d68cc5be536e0ce66611c86d932d9 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 1464cd335fee005b3a41cc3d05dfcfc2 |
| SHA1 | 9fd854ffbd8c77b837c226d6b8ba6e4dbd8abf2d |
| SHA256 | 50651d1bcd87bc2293ed3cd0ec991cb84c5f131b962667837642992f540bb4e8 |
| SHA512 | 088f9d54492136ba3f4ab2f137dddb58eed0757ea54bcf70881309a59147032b511692b11369ef71b19c896f1fbee274b6210e664c28b849017e51b09b402943 |
/data/data/org.bax.project/files/PersistedInstallation442903757198345310tmp
| MD5 | a93e2dfe62a7657fc16c95307716b002 |
| SHA1 | c99ceef74264a3da0f5b38866304d58b0dda25a0 |
| SHA256 | f803cc7582791212a989ca131d500f77c2ee0dc2a634fd63bf47cef264406125 |
| SHA512 | 95cc8aa804d87b57a5298825d33c29ce8016d48d7e0dbf8ae105b506e34960e2c3a7b97b085d4844f141b624d115adcbec06375b42125b07e90e423099974cb8 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | fb34155e902bcb924f2f8f2afb17e54d |
| SHA1 | 907eb7bf39caaf1c764f95c81f33930dbfb03f9b |
| SHA256 | fe3cf0e31d9f0a684549a4f5644c0100c0101dad88530d38eed0f0e11a29ea86 |
| SHA512 | ba97dfa2eef47eb82c5473b1ed8a7928dd0d7f12f15e7057a07204afdec94fa69ff911f099a8c8e92bffbb395ae5f5ab860aee63cad7698b3ecb4da707c44c83 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-28 22:33
Reported
2024-11-28 22:36
Platform
android-x64-arm64-20240624-en
Max time kernel
4s
Max time network
130s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation6300079160059136671tmp
| MD5 | 03cc8a67b8d66e0e59dfe554caa9a90b |
| SHA1 | 843adb73042a498e6f3f18cf716be3aa68f6ec22 |
| SHA256 | f1e582fc5a896452c4787e534c74ad8879cb06bc9fc92d7b0deb70bf79605299 |
| SHA512 | 1370925b30462bddb4cb75f9d9a47f92f5eb4677e9b35e5d8bb5d3df0fd1bb16eb8ddd656e301178b7121b5115a0a895270134d4b29b83fd2d112028a0b61a41 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 451ccab404e1b161cc012b38af39fc77 |
| SHA1 | c3b221cf2d32350f8f765b83400df4d6bf5601a6 |
| SHA256 | 275997456c4b08af52558222fa89167bef3b9d6a2cc57aefcb783fba0c4a233a |
| SHA512 | b7b7901a9cdcb51915b292ec3fa3f356bea959ad0d6dd861bc0d065f626e29c2c768ef34deb9ad0e4faf69697e2ff1dd6e91f20016a4ff0d26bf0cdf642b756e |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 27204072aa5cd92e91e8346c30dc1499 |
| SHA1 | 8916558b308af98c9c4b8d686051e534c80e6970 |
| SHA256 | 35347b5e4031f59d4feefdade98f4cc7e89efb641ef53d6236f97e7083876881 |
| SHA512 | 444a3ae7f74318322529b3e93fb730ced6707444e8c1367cc0cbcaf580cdbda39984efcad23fc9d1e7eae21d09faf53764ca0750755e1e15082f132ade7e9c0b |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 10076f0f39e0c92d42c015d48221c2df |
| SHA1 | 145f66349969525533d0e278c4b13f5f45262b1a |
| SHA256 | 9d5f70e38e4d296927e8c0353388dad1649a31cccdd91ee4db88cdd0376282fe |
| SHA512 | d0cb4949f9176a3e9f1973c1fa37999a0f1b8483fc8d28893a4066d0cd0dafc6d8869635da38b48f6f0ad23d26056f5a021084a3e8d793046c115266f67c9d93 |
/data/data/org.bax.project/files/PersistedInstallation642277013425151583tmp
| MD5 | a29f54ab9630a6209061f0a8d554295a |
| SHA1 | acb83970453688c4a725f9e34d55c5ab37a0cdfe |
| SHA256 | aacd3e5b047f0057a909e72cb304ba1bef5263b3709caaa10f267d6576386f81 |
| SHA512 | c5cddf1856fea190c3979f4329038bffa05ef967d6d5f269e4c3b44dcb09e5fffe406d2fff833c079625b5f2cb8b7e39450a9f9da5ee6edfbc591498d411f812 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | b11cd46be1ebedbb29de61cfaf28bf6d |
| SHA1 | a631afafa0c8e623d8edfcb45e4a67a101b5d3dc |
| SHA256 | 8d7039a6792da99a5dcc7c90070fce7c11a7d4e246aa40c0ab7aa57673204b5d |
| SHA512 | d901de3a0bdf18d2e699add779b72404c9cea319ae6b84b9c7243981c8497c5e762c7b068e5f9d333b2de8c805b5c2241929a847aad326ac6b2c47e3f70c04bf |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 8fa7f7e9d9f377b38605cb76b735ad3b |
| SHA1 | 4d06481ad771d44c89910bb8043de64bd0ec80e7 |
| SHA256 | 788c0275e8b45c9d82937971c207ac60fc2f641d4e281827a01dcd6d5a34ed33 |
| SHA512 | fceb0590e9ae588b9fe33dc0ff6fa6a4c549107f81b02e80fc9d6c5129c7275f3863090c01cd85b0355199eb56e0ef215f5af50a1d1340c29530401e15bb4cec |