MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f403f15de411e46b588b0454694a868adf692ac5e7294d07bd3216d500971d3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

IRATA

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	f403f15de411e46b588b0454694a868adf692ac5e7294d07bd3216d500971d3f
SHA3-384 hash:	c4769857a79844bc5e8d460c814f3056463d2c18cfdfa64fb5f56cb697b814264189a80b52aa7d16e8f258834ca408f9
SHA1 hash:	5f4dc16cf6b907aacebe0ee7189e1a465dccce1d
MD5 hash:	4f96080575bad35118f7639b75be224c
humanhash:	carolina-paris-texas-wolfram
File name:	نت_ملی .apk
Download:	download sample
Signature	IRATA Create hunting rule
File size:	12'643'981 bytes
First seen:	2023-09-09 15:35:45 UTC
Last seen:	Never
File type:	apk
MIME type:	application/zip
ssdeep	393216:2ZQE3n++WV+whgRhfQ+rVViVb1jJ8cXcP8:XvhYhf3rVVU8SI8
TLSH	T161D63383E352986FCAF383340AB6036A84564C569763D3678964B33C7DBF9C44E5AF84
TrID	52.8% (.APK) Android Package (32500/1/6) 21.9% (.JAR) Java Archive (13500/1/2) 17.0% (.SH3D) Sweet Home 3D design (generic) (10500/1/3) 6.5% (.ZIP) ZIP compressed archive (4000/1) 1.6% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	onecert_ir
Tags:	android apk IRATA signed

Code Signing Certificate

Organisation:	Android
Issuer:	Android
Algorithm:	sha1WithRSAEncryption
Valid from:	2008-02-29T01:33:46Z
Valid to:	2035-07-17T01:33:46Z
Serial number:	936eacbe07f201df
Intelligence:	1731 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

onecert_ir

IRATA

Intelligence

File Origin

# of uploads :

# of downloads :

166

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Android.SmsSpy.10966.18423.22870.UNOFFICIAL

Gathering data

Result

Link:

https://incinerator.cloud/#/public/report/4f96080575bad35118f7639b75be224c/detail

Application Permissions

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/f403f15de411e46b588b0454694a868adf692ac5e7294d07bd3216d500971d3f

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1306689

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f403f15de411e46b588b0454694a868adf692ac5e7294d07bd3216d500971d3f/

Threat name:

Android.Trojan.SmsThief

Status:

Malicious

First seen:

2023-09-09 15:36:09 UTC

File Type:

Binary (Archive)

Extracted files:

465

AV detection:

12 of 24 (50.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=6qb7cxpechsgwwelarkgssugrlpwskwf44uu2b55gilnkaexdu7q._file

Result

Malware family:

irata

Score:

10/10

Tags:

family:irata android

Link:

https://tria.ge/reports/230909-s1w6vacc77/

Malware Config

C2 Extraction:

https://gamerdet.tk/data/5770871504/payment/U2783V6b/netmelli/index.php
https://gamerdet.tk/data/5770871504/rat/7b5d2Ua9/index.php?phone=

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/f403f15de411e46b588b0454694a868adf692ac5e7294d07bd3216d500971d3f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

IRATA

apk f403f15de411e46b588b0454694a868adf692ac5e7294d07bd3216d500971d3f

(this sample)

Dropping

IRATA

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2710876/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample