irata | dda5cd8d5c1cf43f0197552c140d7bc396a0be913a3556590d2fe45ffdd3c096

Analysis

max time kernel
123s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
09-12-2024 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

بازی-سکسی.apk
Size

6.8MB
MD5

345638ed395c65e7d9e85269bcdc6593
SHA1

9edc329cfa4e5e539cfff1bee41d37938ce20da4
SHA256

dda5cd8d5c1cf43f0197552c140d7bc396a0be913a3556590d2fe45ffdd3c096
SHA512

3c02cffd9b70d18da2d60f03a224b87b30004c5d4783b5b47a84e29213987a1c9589f318108e594d76c9be1d41278c5bf47815e169765c928255e2dc3900c0cd
SSDEEP

196608:F/IxDRwIs+K0U1qmHv7hFOTpLKzc2crncT+8:FAxdw4HmqmHNFc5KeW

Score

10^/10

irata collection credential_access discovery impact infostealer persistence rat trojan

Malware Config

Signatures

Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
trojan infostealer rat irata
Irata family
irata

Irata payload 1 IoCs

resource	yara_rule
behavioral2/files/fstream-1.dat	family_irata3

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	matinlurd.com

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	matinlurd.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	matinlurd.com

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	matinlurd.com

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	matinlurd.com

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	matinlurd.com

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	matinlurd.com

matinlurd.com
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4962

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/matinlurd.com/cache/1

Filesize
1KB

MD5
1a934340c9c8fd00ea032e6c4ed3efe9

SHA1
9b00df3d8a1447040bc9370591438cd47d458ce8

SHA256
8111b28d17c0ad5e54ae5f30aa2e650a462158049b29bf1c2ee1483db61d8c33

SHA512
9b5604fda383bb89a1130b5e3e96371150b1c9129587472a22732f500bdd191254d845be7d915c45de4c9a9ec4419d8eef7b3bbefe7bbd2508faf60fb5527d2d

Download Submit
/data/data/matinlurd.com/cache/2

Filesize
10B

MD5
1d5920f4b44b27a802bd77c4f0536f5a

SHA1
baea954b95731c68ae6e45bd1e252eb4560cdc45

SHA256
d4c9d9027326271a89ce51fcaf328ed673f17be33469ff979e8ab8dd501e664f

SHA512
a5b5955a4db31736f9dfd45c89c12331e0370074fc7fec0ac4d189a62391bf7060287f957ce67cf3adcac7a4353a7a8241e33084a9b543cbb3f39770970a41b2

Download Submit
/data/data/matinlurd.com/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
64fd25463930957981c132e917af78f1

SHA1
2a3c7528f005a7fab216142358ad7b8c22630f09

SHA256
3d286eeec0f848505055eab3c695a24c69efea9292a1ddddfd244a046035dad2

SHA512
cdb7746e034a0194c845b36f4d9172541b3147003508c9dabd27bcec38bc0d18abde2897dc1e675347ec737cca87945f8ef214d66b38231ad6fd6c2af5845fe7

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7fa53c29ea4f5205c06ecbefbe09ce76

SHA1
c3bbeb5e80ead170dbbc2a8740a6ed80ca45d117

SHA256
fdead75265f204da6653ae90fed10c4b0a0e44959ce4ae920472089f5782938d

SHA512
d657c140c5cb8114d1d389f1e7bbaf7f9f091d321f7851809a3ccb7ab8bc23243fe87c7645f13f489da0c4f9b7bd8d6055703a9ebd6b984e53e78430f58e3823

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b0ef374dae04af27d9695058d552d433

SHA1
260994d419d974566fa6f5e8801030fd253d86ef

SHA256
65ca78bf9041e5c4b2644f036a79ec3e715c9d8384c47f5e121cb077d76f39b1

SHA512
7ae197ca87cc471c688fb6b120015d7227fa2d63507bd454c1a0fff5d0eef7e5de44ecb4ac69c4282c76b68a97ed7bcfbea4d552832332532273506534ca7958

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f4d91a55f1592520ba4a3544945c057f

SHA1
64196b38f9dac6cc8d52cb1443b9a80ad6f2af9e

SHA256
f9f62661d7720a9e5c860b460ef16538344cebc4d5742252c766e37e88ddecf3

SHA512
df0874c3d3ec218a335ed4203049d9927f49a9cfa30e36340582fc42f745e2828830ffc698ca4273182683470c797272700957541ea7fcc61a167364d6ae1bc4

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a41f98ea328323d95b972943e80a42d9

SHA1
e9a6d22f6bfc1f4538a7045d3fbda425ce761fd7

SHA256
85f02b010a414cd554e9b64b2f6bf34f1064d8a77c1cfad395c095f453c35dfe

SHA512
fce0c24296b379df40fee2adea1c6548d964eadbac1e77e62302b3da6b5c75462ff3bd5d58e212a7e40e315b82738c62b33bafaa4a55834ecf3198e0a109e8a4

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
91bc82d55fc7b1390c2352632675b73e

SHA1
552e23c5536e952e7ccde02266801dcda5f156b3

SHA256
524378c1b7b4c8d5d475ee38f16879094cafa8065bb648c9683665e08bf2b3fb

SHA512
a09187c9d32db51d323b712db92b3b67c37764b2bf400982c259428ee0e76674aa2fac554a6166bcbdecb5b1998007ae8b03b27492405e35a94e3b3286d60e14

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5f9272841c3b06d26e554b4de6f74cce

SHA1
1cf0d6785aa3c6118c07811eda4dd03a9445e736

SHA256
89d8c82751f2990a5652c6c2a6bb5f0d1496b94f4a9cb4777156e4fa6ed29197

SHA512
14f84d3fdeee45e3692a65259f952bf8532932e4911f4c67d36ef2642ba9e20240cb6e7d59bb50764e0f9bb95007dde6afbbc8908fb76193400172e7041ac985

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
71040e54823302637a922f5f2c7f90f6

SHA1
1e453afb179b3b26bccbdfef4ab1f5d52c9565b6

SHA256
c64f7885849cc3195d55c6b83da0d572e4f024a5f061cf02dbe3c5f1b9a98980

SHA512
492c5ca2e31e9b25c3d253b0e926127471be4a77933cc744015d826eb2761d311076faa1249ba868da61db7f6ce87a78f08c7a7196993ea32e6e5ea0081bd537

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5825d7cd4f1738df2a3dec08c711ffb7

SHA1
67d790c45a6bab4a59d53f4e0b52de5b1adf0ac7

SHA256
f388e1a6445f8a92ced4f403c66930c09bb7a228d1269487a598b65f5dc7d677

SHA512
0e89606bcf99e4589aa33e51e6bc93019deb2ff9a7f8f884ce38bc9123f17161125d0b4f3491aeb5b4f93b37e375ae89c100ce2d955f190fd0f002ab995c474c

Download Submit
/data/data/matinlurd.com/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
0d92824ea6693f4c54cc7a2b1cbc8abd

SHA1
276955b5d8cb19b77b72530f331a3b96d65338de

SHA256
34a45f2c8bd27f68cd5da4b1a08e6e18b7efc3e0287eee53f5810e9a36e1d65a

SHA512
f1e7a7b9b754e3b59b155f91f32f98fe279f6e2374eb50bf345fc740e81f3e363862442c8805f6fa4473501d347a9627a12dd2b2ce4fccf5dfc4f8a6e9cb7ff2

Download Submit
/data/data/matinlurd.com/files/PersistedInstallation4732258033142183987tmp

Filesize
567B

MD5
7cb79fd628731c301312297175167672

SHA1
6b9ab283404ceba96f43e8e5c5da3f622c3766a9

SHA256
99142ccd3aae8abcd6c269e9d659fc8bafd3538336450697799e3d6b8eb72284

SHA512
0c9c44dd42f6cece5ed9d0b03868e4eaa27b0d1faf3d82616214aa6677dd5ca93b4bb87279d4f0dc238f6a92facd7c59e10f183288b8b115dd9cd3967074a710

Download Submit
/data/data/matinlurd.com/files/PersistedInstallation7762226377322004308tmp

Filesize
90B

MD5
36412fec32ecf41a576cc6b2ba08e678

SHA1
65ed33cdc237fb4382330e1aa41b6cb824b1196a

SHA256
042ac85b30be96fd85468e0dbcc9cab4cd337c3d5c162ccb3dea6b378c7a8fdb

SHA512
db1c9a2244f47e480fdc34f333bacdf3715db1040f540b82a34601064f311e84c6f01e70c070b4d04c3bf3adc4a578c62f8fff53e09fb7fa60354761a79e12f6

Download Submit
/data/data/matinlurd.com/origin.apk

Filesize
3.5MB

MD5
60a50546ee79e6756c8571dbce141010

SHA1
59ae8063374f16100e93b49dbb3e29187d0703ab

SHA256
6a34ecd487969eb57e9558916da2af5761d6e010ef9c941aed22e4b4679e0b2c

SHA512
2de954c16d2d57aea1cbfdba73ff1d68414a3b03423d657abe8da42a52069d6acd09cb2bf2681394aa1fd8b0f0fe5b9bf015e06671bf49eff82322d820255f06

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads