irata | dda5cd8d5c1cf43f0197552c140d7bc396a0be913a3556590d2fe45ffdd3c096

Analysis

max time kernel
122s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
09-12-2024 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

بازی-سکسی.apk
Size

6.8MB
MD5

345638ed395c65e7d9e85269bcdc6593
SHA1

9edc329cfa4e5e539cfff1bee41d37938ce20da4
SHA256

dda5cd8d5c1cf43f0197552c140d7bc396a0be913a3556590d2fe45ffdd3c096
SHA512

3c02cffd9b70d18da2d60f03a224b87b30004c5d4783b5b47a84e29213987a1c9589f318108e594d76c9be1d41278c5bf47815e169765c928255e2dc3900c0cd
SSDEEP

196608:F/IxDRwIs+K0U1qmHv7hFOTpLKzc2crncT+8:FAxdw4HmqmHNFc5KeW

Score

10^/10

irata discovery infostealer persistence rat trojan

Malware Config

Signatures

Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
trojan infostealer rat irata
Irata family
irata

Irata payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-1.dat	family_irata3

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	matinlurd.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	matinlurd.com

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	matinlurd.com

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	matinlurd.com

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	matinlurd.com

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	matinlurd.com

matinlurd.com
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4247

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/matinlurd.com/cache/1

Filesize
1KB

MD5
0e2bec2bfd2fcc404075ca7d67253697

SHA1
689895f0d9a131c0246822c68652a07b1a8ab2ee

SHA256
07f5e48c9fac4eab7f8b8d497fd3ab8cff7af0c09aff97c24857a26a8fd7ef51

SHA512
709ff360dbf180a56c9810d4891cd75c1d66ff8c447e0ba7d537362599fe25c7b027b84d26e35b903f8f4927eae1c7c68821d4aac4d7ba5342231f98f257ab14

Download Submit
/data/data/matinlurd.com/cache/2

Filesize
10B

MD5
1d5920f4b44b27a802bd77c4f0536f5a

SHA1
baea954b95731c68ae6e45bd1e252eb4560cdc45

SHA256
d4c9d9027326271a89ce51fcaf328ed673f17be33469ff979e8ab8dd501e664f

SHA512
a5b5955a4db31736f9dfd45c89c12331e0370074fc7fec0ac4d189a62391bf7060287f957ce67cf3adcac7a4353a7a8241e33084a9b543cbb3f39770970a41b2

Download Submit
/data/data/matinlurd.com/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0e9c55e6c50361147a1183cbcef38469

SHA1
deb24e67422b11413f701cdf9b5d51fa12ade483

SHA256
3bc529c25a868d1469ff2838cdb0ab569c9d761b2c0797970c5c4a458e415c34

SHA512
215845282b3d73c9cd832982ef70d5c498e37ceda38aee676a85c76d6593ea92d45e38e762a492452ad70bc11a084a8727ecd59d8d89091e0f3ce65acb4f6cc4

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
50f0fd87f12131182a3e931db5724e85

SHA1
7e3b13d6a2c5456c3bad5a446121021bdc11a83d

SHA256
969a78a382e5885d34367ea78c36d2154395fe49ad6023bf1ac7205cb508f978

SHA512
f835aefcf038f206c426dcb140deaee812a199869b288b5864a948d0ec130905764fec78acf733c5e4d5d338c8a79d84150bc91e756f20c9ca0685c394be857b

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4f18a90597ac157d92d8ce61452355cf

SHA1
278a313d2551e69a6b813b04219bdd46330bc92c

SHA256
cbf9a5a751e1950403fd5854a382dd343d7249f5a304018f56de2ddc5ee74b79

SHA512
2093155e794c4efa7ca6e35a34fab205ed6bdce016df0865f91a6cf3528e6642614fa50b1c2ca57fdce7c331d3cf1cedb3ad715e8467005bc808b2b2386ca9c0

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b33f1ffeceec1e4027116d5beea5bc3e

SHA1
f40df28f0e06005130a002d4bd9fdcc7f0954409

SHA256
9af5f3d7c8b58c162b97d345b13b8db542af75f43a26dd054a040e8de009b8ef

SHA512
f0eba1b483f3b60a802e7dce6cca9d17482609283667c6627f0a269339aae6c187cc2eddbf4ea4f5e3585119ad1fad9de5a1227958dcfd1787e30ebf8a6e3738

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
d2e39d9b14afd53a9743312592aef6ac

SHA1
217575887d48d5f30d38706a99948dca503e256f

SHA256
4aa2d8282fbdfad8882c8cb031450ce38727a4854a3f041c4ad730e6a2901b6b

SHA512
20450c589be8f51717590584d0fd3e79a03a87c94e77389032c303204abe64e5b41ad88ac6176ec05623f6a7da2c95f5dedbee704106d1eb9aaa923fe170024b

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
ad283e8b79f0da1758c7097fd7fae390

SHA1
0f155eab7725f240a7f656498804528b34c8b879

SHA256
3ac433050d74b252a0bbf710567f8669e6d9d30d6350a5587c331e6a8c604e68

SHA512
e2dba6c689e474c8cbcc57c9f809ede009035d0e883cb63f2e4fa80c89b42fa107dee502150bceb3577c993841bb08b530f0ef122eba7a2ab547a783aba4bc4e

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3ae28bdea6f57d215b704ee777d0a434

SHA1
060d48df5befbd95599f73e8741f64be4bcaf4d1

SHA256
c48346f7a2fbbe883a9a2901041c46d143730fa2f3d310aefbc160080f9207df

SHA512
43ac089ed3b42fa467eea81d72883f03fd712c2bfb3c8bd1101dd8436594b826e63523a2231674f3ffbef44f6e7f864f0d587a80b68789492507d2676052b01a

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
707cb8e978273608455271526f5954f3

SHA1
032c81b34a026bb89ebd93fe20596cdbf6f31321

SHA256
6337d3e854a9c37bf80e8b4e72e5ed46006c7e8098ef6aaf6a4a44c0ba900fba

SHA512
2ef387e34675d19c637deaf5b96410e92ea900b98339f239c17800712cd9022d8c66f212dab471b5b155e7e4f2a8d6ba6d97aed260edeb17411242652336ed75

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4915f8cce62e963b11d26ee5283f216f

SHA1
4590b3ba633e36afda42c6c828347a4454029483

SHA256
03ce500eee9317a5958302c21bb624b280f847d2900186e6b77c6049de4fe8e6

SHA512
519540cfbbde6e0ed239ebb18d2b034fcc92a23b92addf5065d011de602d6a15f5e3bf6fba476b198035df82aa30634ab8023b192775f8e594c74921f417a50d

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
005189d5ff359510ee00903bcac8d26c

SHA1
9e5ef1476b17a9071e62422e71be162b161b4384

SHA256
aa763b8613d261c81181e07f7a7c0ab41818c3f1cacc497195b36e5b89e8b781

SHA512
34a9eb7e6a03ee8ba43a0698aa8bd6e78ce1ce255add041b0c52baf6ed3a42081f7e6517ef0c5ce31205bcc98b71602af3e56e4f6b6e4d12df26d7498fc889a7

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
078706a3dd7945b771793064712bee52

SHA1
f69260a69ce77bd65f95069f95373004054a3b0e

SHA256
e8cc02604f44bc617c134b26382882ae0588dd69e311230953729bea93542b59

SHA512
9d0b78d0b82c654da61fcbf8fecc36463d94b1fa519d36fc1bcc4f391224ce9a76447262698381b4e1cb8c66289983ace5972413efbbc92df521a55c3889c220

Download Submit
/data/data/matinlurd.com/files/PersistedInstallation7311122028505393400tmp

Filesize
566B

MD5
b20c3a37a8f736e1b97f809886004a87

SHA1
8bc5f167bdf09174dcd7ffc9beccdf4d21db6532

SHA256
742e5bd2a4d2eda541ce5f8b72a78277646eca61f61d3cd5e591a9d4b3e81f6e

SHA512
e48cf150808a000873b397106dc352ab433b30279f3658ad86920958ac5bf6b5c4690a8233480ce004679101283c6fcf52e2382a0d8e799a9063abdffa402669

Download Submit
/data/data/matinlurd.com/files/PersistedInstallation8160475008636538302tmp

Filesize
90B

MD5
da079eb88cb2622942bf06ec07583963

SHA1
9f6315465c5c9d8256f5725aafec82fc6cd6b582

SHA256
fc921eb2622973c5b59478707eb3fbff7297820db6207e8a84ae7212ed50e10e

SHA512
0b825318744fad983518c4e80e3be2db7f670863942e910a3eb18ea3b2ccc2698906644eb82421c1076e0fecf5f3a9552a06be2038997e4817a044b8f82df74f

Download Submit
/data/data/matinlurd.com/origin.apk

Filesize
3.5MB

MD5
60a50546ee79e6756c8571dbce141010

SHA1
59ae8063374f16100e93b49dbb3e29187d0703ab

SHA256
6a34ecd487969eb57e9558916da2af5761d6e010ef9c941aed22e4b4679e0b2c

SHA512
2de954c16d2d57aea1cbfdba73ff1d68414a3b03423d657abe8da42a52069d6acd09cb2bf2681394aa1fd8b0f0fe5b9bf015e06671bf49eff82322d820255f06

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads