Analysis Overview
SHA256
abece4841f503b30454f651906de6cbc5d35a464877fb95db4343d63a3b35888
Threat Level: Known bad
The file 8baea2e83cfc696a8ff9186f48d0da2f3192acb7c17267964117b5e947a05768.zip was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests dangerous framework permissions
Acquires the wake lock
Queries information about active data network
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-28 22:38
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-28 22:38
Reported
2024-11-28 22:41
Platform
android-x86-arm-20240624-en
Max time kernel
2s
Max time network
131s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation4121374272709353782tmp
| MD5 | ab09a0398c05470b9046068e48a2e0d5 |
| SHA1 | 8a80dd1a0b37842b3db238a9bf85fd3e65b1e0f1 |
| SHA256 | 60979fe9208643c5e7690d73ac1867603dce3f300838ea364ce297bea2c67246 |
| SHA512 | ace60943fc0ebfe5701db81dd1dca544781468d678ae6e05a87cfa1dcb31171e35d95b4533951e0c2dca4cca2679e05aa739a9f75cf985af1f50ca51c7a773dc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-28 22:38
Reported
2024-11-28 22:41
Platform
android-x64-20240624-en
Max time kernel
3s
Max time network
147s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 216.58.213.14:443 | tcp | |
| GB | 142.250.178.2:443 | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation3790877487638607406tmp
| MD5 | 079531368e5016efbf56e0be27261143 |
| SHA1 | 9a6123e883ed2ff85e50bcf489fa37c4463240ef |
| SHA256 | f2c914e1a78cdbfcbccfb624b377b97c6b41979b39bb93a3831dcbb83c4fe7ed |
| SHA512 | 6c37159ce405e9e1ffbbb7778b1ba9745b3057b346825b751f468ed10c608589cd57b215b2f47f24b4a938c307d44a484346a90d3ca6b447e21663e5c40b9a99 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 49a31dca12e370354baed8efb462bc4c |
| SHA1 | ee16a0fff86c361e6381be0366973ec2a68045e9 |
| SHA256 | 662ba64b5908b41c7818ba277d554abaf9a16e8d7df4faf8e0a9ad8f39ddcea5 |
| SHA512 | 0151bcd3b363ac6409edfe0ec296d41eeb874e79638697ed05071bc687b9075b8e307d7e1abdf10b60f3d80b85c75a82bb6aaa613bb66db94616141c7e5c0b88 |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | eb52a90bb70b76e946b62f50b6f7fb85 |
| SHA1 | 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0 |
| SHA256 | 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4 |
| SHA512 | b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 7d43c2ea05a57d15c2e69f5d4b901a21 |
| SHA1 | f1c5afb9347a57f20c93224cb917385c5938f2a0 |
| SHA256 | f115e2af4eeb2fe8060dda3d024a283fc16cb7c89919973ef4ff894f3f962a18 |
| SHA512 | 0b803046407c87b088a1e30df5b1c53b52ab9a7198cbcbe2433332505f10ebf987dde87c473ab656d781f0ef9fe06038b80cbc253acb0692a3c305165e8c6d18 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 131d8ea0edbdab216783450dc7c666ac |
| SHA1 | 7ae931190a4b557a771c2ad8fdb3cbde6081c89c |
| SHA256 | 62bd150395b603e0487ca4bc48c9b8e63ad30a39b8c3ca377b28061e8abfb34a |
| SHA512 | 4b184225dbce5c90c06558af7bc18ba1c43f107a5b703183019d4d6dd7d24665f9a7b2995412b9e72eb67ff988b87ebf8de3c4667efda96e32575dfeea5b8f9c |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | b612fbab39012ec69253a8f2a2bda7a1 |
| SHA1 | d7fe01fa41656a3af6ace712f0b0dd9395a33944 |
| SHA256 | 96716a6d3b4db4f5b00d9abfcde871cdcb12a08d28ba9a8e590a4b37e275c010 |
| SHA512 | 5ac10a670869103434d152ba757f31b7f423056e0ccd484dade6f5d22dc2026493b5fc69efa6c81cc9bb58d5829acf89f8d9a9763d49c06b2b56c00b074caa0e |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | d9f5896ccb7f106d1c45332853db9269 |
| SHA1 | 93919d92a088b25a147553e0d31a31e17cc33b62 |
| SHA256 | de062a0b0404ab3c2ff103beeb9857f2beb103525787ee483b78d3e46a0ab9be |
| SHA512 | a90d8bcbe5ae0b09a8c1bb7c1b7d1168eae9837ab11bde602682b4506edab9bead3afa7c0d8ca2d4ab2f759bb523a0f17365df90b5048cf413f1f8293272dd51 |
/data/data/org.bax.project/files/PersistedInstallation5720240905857022059tmp
| MD5 | deab8eca09805bd0af0eeac433705317 |
| SHA1 | 5f9dc9d1fe2a6a3894f7d39b8f61cecc2cca3c01 |
| SHA256 | 25cfc948df52d923ec9d034586cc25f318b65fa706922f9dd20c87ac95100a61 |
| SHA512 | f20c51da8f575d960d3f279cb71f28f032486203ccd0e7ec978c5ba19da04bfead9295d8457aa10dca3f700f4ef96da1088e2c17707016ff6bd01cc6f8ba1eeb |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-28 22:38
Reported
2024-11-28 22:41
Platform
android-x64-arm64-20240624-en
Max time kernel
3s
Max time network
132s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
org.bax.project
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.46:443 | android.apis.google.com | tcp |
| GB | 172.217.169.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |
Files
/data/data/org.bax.project/files/PersistedInstallation75869123242925975tmp
| MD5 | 20c7221010039be97d87acbfaa705494 |
| SHA1 | 9e16af1ca8f1932e56d072a9a6df6d50fad2b986 |
| SHA256 | fdce9a18e7e75b44a8eb832467fbfcd0dab6b8514ca313e00841a7dfc68064d3 |
| SHA512 | b6bc856246d89d832707ab95fb8f1b4aa83b41b6d383c30cdd0b0505584142dc1afec1042c78dd1d74554efd91383544ea4a1f70ae49df27470c58f5f9de4b33 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 9edc26e504c570f4af9b72c58e85b93b |
| SHA1 | 3916d04c093aab475342f9de18790a938e866034 |
| SHA256 | aa0f56d11b190e491aec873d7146cc559630d3ad6a850e1ada803f0c75a54dd7 |
| SHA512 | d4d79844a9745a822a73920e04aa9485d63b99dbfda5424a5b5b3941b3603d570f782adafa02841fc6ff1902b63a3b0a115a02c1add25ac43709b5e12fea3a8f |
/data/data/org.bax.project/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 23d6ab0cb326a74bd90590b36789cb95 |
| SHA1 | 4827c85d3d35c7696ae911ceffd06e66dfa091fd |
| SHA256 | 9c0fae7d2454a4180ca706c6a0f1c6ee0e60a02b12fafaaa01f9f05cbaeaf54b |
| SHA512 | 9ae347d57260fcaf98847cd4a94f4d628b99c7531b05c9e37aa4157c10a84ef76367b6b5565f306ab4f96a8492447132d135b9e8dff5e0f040b6fa7268ee2731 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 524a0399e791bdd7a8993cad813c022c |
| SHA1 | 7778145c2c8e59228097b88f8d947d7542b64787 |
| SHA256 | 4e83c4705b5cdfc716a9a611511066eb16af93c633046eb56f148ef39e8d9d9f |
| SHA512 | 6bb2748012ee642f53ec680e66d0653f82b206329d618f454998d7af297779125c948a258fb7584f05ba2be07d479eaf6dc106c967b4870a562227c1c0280191 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 25c4bd99511f08e03b4aefeb75f1aa8c |
| SHA1 | f599e3e149947dc6f8803e9a34971dad1da51503 |
| SHA256 | ebe4ee8938c1cb6542616a380860d2e9d5be064bf0880774fa05706aef7c621c |
| SHA512 | 5dec0e81e30825a248e606c3a81184b689182e2724d1f2ed908d99a7e5b0607da116ef0bbb359b37e11922b92f81d6692a1cf69e116a29b8dea3db472799941b |
/data/data/org.bax.project/files/PersistedInstallation6122883601066276095tmp
| MD5 | 4b655ea790f12d3bfd7264f471715344 |
| SHA1 | 5bbed7e075d986060d94e82cbf058ee7b9a76c24 |
| SHA256 | cb74dbe092f8cd88b1eb521d2fc38d402437581f010f2f989db92424ce579ec0 |
| SHA512 | ef44c4358e13b56c211b27940c1806c5d91ea7eb2dfc711390b370e8fb37526c78a58ad60e17ddf9d82eea463abc8284d6efe2692fa259726127d30732ee4e08 |
/data/data/org.bax.project/databases/google_app_measurement_local.db-journal
| MD5 | 855b1820b6ea6977ab5d96fb0fb58956 |
| SHA1 | 0875eacea3207be0813f8ce37a134adbd3668c93 |
| SHA256 | a6bcdadb1134aa234ff0e4a8e57d0486d515fe1644ae5320af9a3e28c8c1b994 |
| SHA512 | e343918b1d110b0d075a9aef9f7055ad61aabf4cd23649e3b6cc92e47a0e65edb1aa58dbc033ed68e999c277ae7f611bfb8d381fc8e36846e7368a481e294502 |