MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67530f6cc30ac3dc55717a8ff276b588acbd8849fbd79e821bca9727c20c249a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

IRATA

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	67530f6cc30ac3dc55717a8ff276b588acbd8849fbd79e821bca9727c20c249a
SHA3-384 hash:	f4c507ee40241e363b2242ee3fe7354a30c7bbc7263ba66d2b668a9589fb9a9363704cde4a02b8e4e771965cd5f1516a
SHA1 hash:	a57d8f915bed09fcf56b7f431117a4642b56fdb5
MD5 hash:	2191424ce72d4b1bbe55fa317b44eee2
humanhash:	maine-item-timing-bakerloo
File name:	app.apk
Download:	download sample
Signature	IRATA Create hunting rule
File size:	2'038'633 bytes
First seen:	2024-07-29 18:42:47 UTC
Last seen:	Never
File type:	apk
MIME type:	application/zip
ssdeep	49152:MXF3Ow1l/vjd3bwCCEUwYIhyt/8hxKNR8xYAk/ISYVvj/45M47jjU:MXFewPvjdrw7EULIi/6K8uv6juM4Xw
TLSH	T1C1953342C62BE04BDC67A8774A050A92A1333E4DAC537F5397CB732D6A73795AF87204
TrID	65.0% (.APK) Android Package (32500/1/6) 27.0% (.JAR) Java Archive (13500/1/2) 8.0% (.ZIP) ZIP compressed archive (4000/1)
Reporter	NDA0E
Tags:	apk IRATA signed

Code Signing Certificate

Organisation:	Anywhere Software
Issuer:	Anywhere Software
Algorithm:	dsaWithSHA1
Valid from:	2016-08-24T08:23:07Z
Valid to:	2054-12-23T08:23:07Z
Serial number:	58118218
Intelligence:	139 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	32752470a35a7bb0a2991180f02baff49a41b9d6b2b5e44e8aa7cb736752e003
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

269

Origin country :

Vendor Threat Intelligence

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

lolbin remote

Link:

https://www.filescan.io/uploads/66a7e2bf78d5c73fb1c8b767/reports/abff529d-dbf8-400f-a4ed-f222bfc32bf8/overview

Result

Link:

https://incinerator.cloud/#/public/report/2191424ce72d4b1bbe55fa317b44eee2/detail

Application Permissions

read SMS or MMS (READ_SMS)

receive SMS (RECEIVE_SMS)

send SMS messages (SEND_SMS)

full Internet access (INTERNET)

control vibrator (VIBRATE)

prevent phone from sleeping (WAKE_LOCK)

automatically start at boot (RECEIVE_BOOT_COMPLETED)

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/67530f6cc30ac3dc55717a8ff276b588acbd8849fbd79e821bca9727c20c249a

Score:

Verdict:

Benign

File Type:

Result

Malware family:

irata

Score:

10/10

Tags:

family:irata android collection credential_access discovery impact persistence

Link:

https://tria.ge/reports/240729-xcw86ayclg/

Behaviour

Checks CPU information

Checks memory information

Registers a broadcast receiver at runtime (usually for listening for system events)

Acquires the wake lock

Queries the mobile country code (MCC)

Reads information about phone network operator.

Obtains sensitive information copied to the device clipboard

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/67530f6cc30ac3dc55717a8ff276b588acbd8849fbd79e821bca9727c20c249a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

IRATA

apk 67530f6cc30ac3dc55717a8ff276b588acbd8849fbd79e821bca9727c20c249a

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3077868/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample