Malware Analysis Report

2024-10-19 13:14

Sample ID 220817-t1x9ksaafl
Target gen_signed.apk
SHA256 1430dc0cc26adfb7b7715624602767af26f453e3f34df66f1a6d41c38a35819c
Tags
brata
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1430dc0cc26adfb7b7715624602767af26f453e3f34df66f1a6d41c38a35819c

Threat Level: Shows suspicious behavior

The file gen_signed.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

brata

Brata family

Brata payload

Requests dangerous framework permissions

Acquires the wake lock.

Reads information about phone network operator.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-08-17 16:32

Signatures

Brata family

brata

Brata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-08-17 16:32

Reported

2022-08-17 16:32

Platform

android-x86-arm-20220621-en

Max time kernel

2896571s

Max time network

22s

Command Line

ir.shz.shzkisi

Signatures

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.shz.shzkisi

ping -c 2 -W 10 -v google.com

Network

Country Destination Domain Proto
NL 216.58.208.99:443 tcp
NL 142.250.179.142:443 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 142.251.39.98:443 tcp
NL 142.250.179.138:443 tcp
NL 142.250.179.138:443 tcp
NL 142.251.39.104:443 tcp
NL 142.250.179.142:443 udp
NL 142.250.179.170:443 tcp
NL 216.58.214.2:443 tcp
NL 142.250.179.170:443 tcp
NL 142.251.39.104:443 tcp

Files

/data/user/0/ir.shz.shzkisi/no_backup/com.google.android.gms.appid-no-backup

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.appid.xml

MD5 300ab458e5799c2a6145cac38ae6ccaf
SHA1 5e99094cfba60e999ec6b5517d4acbc79dbadac7
SHA256 bd27ad822fb474758efbf8f7b20bd50a2dc7f4f459e2bd7ac07be635f6b03f59
SHA512 98e3289bd5b19281feb9053aaa2215a9579807e8140d43e8b55744f7dc59350e8e5104f7ece8bd823fbe842d88904877032c5c47909d8b5e60d291695d3390dd

/data/user/0/ir.shz.shzkisi/files/generatefid.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/files/PersistedInstallation5971899611093629008tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/shared_prefs/FirebaseAppHeartBeat.xml

MD5 70ce98cba754d9cb462901b638b6221a
SHA1 9ceb7b0b4d5664e5d1e61fea4bf1bd89a462e5c1
SHA256 24662281b787ef6a323225c2d18d059bc7a5f77696cf0b9777aa74f393a5b0f7
SHA512 49d37fdeac0270670e23ac029601ef50fc4d9cf30565a86ceb33ebbecfb9828e1ab44b8154f0d6a1cbd2b2d5dc2ca04e7702ee53c008687ac5cf77deaf411d86

/data/user/0/ir.shz.shzkisi/shared_prefs/FirebaseAppHeartBeat.xml

MD5 1b7bae209824eba95032f1ecf7f4bce1
SHA1 2316b67cb20f5719ea28720b892f7008532275d1
SHA256 b377d31153c5e68dd8400088b49b1cf56494c3786e37ab036869d6e050e1d910
SHA512 68cfacf310267e7319eeacf0193be52842b5be7bc695c25fe80c8754f501922475b9c12f94d4b73cc964b66ccafaf2e4a6708f20b66f687ba832aded2325b82a

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 250b4caeba60ddf53228405750ba66ca
SHA1 422ab714feb34e9f3b4f1cbe669887bcd581ddb1
SHA256 2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e
SHA512 373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb

/data/user/0/ir.shz.shzkisi/files/PersistedInstallation725043565727862834tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/shared_prefs/FirebaseAppHeartBeat.xml

MD5 42f8200c8fb7831685b196c4aceee591
SHA1 262a97f7bc1fcc78a84a43aca9fe879d9326aa66
SHA256 1bfd0a7b7ff7341787b732f1f3c76ae4045453aa68878295c1ff1de83d78e274
SHA512 c74ad17db14b773cf7cebad59107e08cac324ea335573553c45ef6e5d176b11aaa3d9b81eb04826ebd5598b303c8de12dba70a294e77252d24f0fef22ce9bac9

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 2839b55f9fd103092b563d3ae8d4bb0b
SHA1 6f6fa50442bd7ae4bce5bdac3dcd0a00fecc3e21
SHA256 94fc0449b907131e37df2595979a8fe4a3059d6291a7a54a071dd254c270df3a
SHA512 4f85705659a012571fe971de5ef959aeb20d0b58ea757f6b690579237aa6e4d14f6130f623250609b9e144604d29cff968f9e43994b50c79998213f4d7cc6467

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 c6528633ab1bcb93b739f8569c797aa0
SHA1 cf450cc1f8bb0b7835d8b18d46f8639fda7f5b16
SHA256 3770c31a3717ee769ae08c1167e9e59d4796c58108b84823502b34ede34065ac
SHA512 d54d05994c35e80c6c1b8c5bc58f742759b00b9a53d9dc342c48841ce564bbaeaf7948ed32935b3c609a5fd7b3f6bf05bda13f885603478cf2d90600b80f43bd

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 89cd606d433241b0e400ec6e41988cef
SHA1 89b9c657f7f3fb4ccfb91cc80fc96e8856c48ed3
SHA256 fcba6384af560e501a3fae9ffa613d5f9d08484ae6c759bf54ae4178d4c2d253
SHA512 f79809217f10226f1a915adad15ff5d89aae50835c718a7ca3a9a25fa570f005c8b0ae0eaea767b68bb666d8128426be51b3fbad8e3b024a7f0f0302b14179a1

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 515fd859d9af09c551ce2aee49233072
SHA1 4a514e2b3c7aac7196af85938f3d4e9d632dd179
SHA256 7b8a5b6c1c58408ab0be404241e56c853b5cc8a6c4220610c7b072f9ef9299e7
SHA512 ebaf0f45a51ad17f6df94c26b7ef62492afacc981ef648fab071f2e668c81b689f095ddd903e714011727be77a082737021236527a499501fe778eec57ec33bf

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 0b067e890a7cd33a7d0e28f60ac5ce08
SHA1 326d2a15e9f01ccdd0ddccc7a0ac06c80bd3c65a
SHA256 98bbafcb045c69bb67ffeafe5cd496ebf3f704089c15a584c463f7fcc76f1a70
SHA512 940206d5ae3ed877dd59ec73189f24ac284605b1a9932106dca6e9d8e7b18a6384ae969ab3ffd3c1e9e1fcd00dc336d2a9ba00590d2618d68ffa096d6aeaf3f1

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 aef60a3c5cfd71c8e641425170b15e68
SHA1 c332b63cbba499da3b6eed0f931948f924bf6374
SHA256 f06018cba7a7a68d4d8a19953342fb4a4b8d20ab95de77f9d72c96da8b3b3d5c
SHA512 bf7a679edc02ba08f7b0c4c2cec662584457bedeae0d846a34e4465386e3c4ea49af8bac0c2a6103276d41c1cb9649fd427fa25d74f303e192470670fed75cbc

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 da4d4ab6e30491d98c642c6b8829810a
SHA1 a93c88ab0ea384cf6487bb0dbcf5fc7bf852ddd5
SHA256 b1b5393cf0aa1195d23bd25e616f73a33ba6420ff904ca78e57e4e9454a2e2d3
SHA512 75d48327e2daadc80b852bff00b6215e095d7f06fd2a57d1cda778177941a16539ee017f7c361b46a914eb02713759e7eaae8e49ef9d17767064da0e9aa10804

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 3108459174d6ad7c79990b71c20b1f2d
SHA1 7e37985dc0bcdcc991682c9c3b3a7430a6161f85
SHA256 75dc0a9df9ed0c4a3f9119b82013a324d92677b4bfff57bf8dd8daffdf6a9c36
SHA512 a9c30fa001922d0fe120163a585d3aa883efe4e79f457d72082026ae72b112406926645742c73b3a36deda9c09b0b3ef5dbebb8236dccc163939cfcc01ba1390

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 d3b7e43c3e481a36840ece55f290db6d
SHA1 7e4014462927f21e05eb76ce6670dc9b4350530e
SHA256 53ca1e4f0c554158e305112260e4571b476e1b85af19180c1227f2ac8c0fecde
SHA512 435356d731467e002aef9db0457aad89f45a7f9aa0ad661920de94a8141b624c5bbe9ffce0ea98561199f96851cde47435e3d2f8c507e8d3e2017b72ecb7daa4

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 62b8d38d45e7ea65cf32f9eb71171e99
SHA1 e403d72d62ea5ec3e30ffcee0e952e5bf813b23d
SHA256 055f85793f7dfb14fbba2f381d164b49eddf34192db3670bca6e17008ab810af
SHA512 59d2c3d518e2eeacdecb1864ec36ea40349e1fb1359e9504212bec0e2d3d4a5809499c6672fa29fb680623f391168d0ecc1b4ef11078e503ecdd4f66ec576ecb

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 2484b21da08d8b5539c95cc51f4c05b0
SHA1 f0cebfc859ab14084071b2af3a67cd96433b270e
SHA256 5e98e2c7899a5185ae4b6939007991163068d29918863eab669239f87c0784bf
SHA512 0f5bbb2298dec1294b52b89978605b6ffeb1ca91c478549f60d29d04630ceefd0bb58a094121f5ddba880df14b179a1f30d11a907e9284cfbfda376f452b5d53

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.appid.xml

MD5 6303be2b607e7547c196cc70adb760cf
SHA1 2e3585e76da8fc27cf81368aefceda930b3ec4c7
SHA256 dacbf2519c95446162c6c3c1a01ffdb3d42833d0878c689a2608bdea6aee4986
SHA512 0339b31348b2938d30878f66a17f9c89d4889dddffb365f26a2c9d23926f2d4031e2352ca595eed020d3ae2428c243ce224d155d373be4b19b4d9aedfbd68292

/data/user/0/ir.shz.shzkisi/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.appid.xml

MD5 aec196d65099ffd67131029bbce47638
SHA1 01cf025c83370890651dff539e2b73e1ce0716dc
SHA256 2de0025f194826f7f46822142308de003538c6c566cf31a3adc5cd8f2382e334
SHA512 37473837ff1cfe0619f4d1727bc6061379b9ce80512ae3bec5bf932ab4ff4a17958c2c26159845433fbebc73f66570ba1659cd3c7377320a91aab0dd595d9863

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 a62ca47c7a4f567d74abf776342790da
SHA1 44ede2bc860a4a84b53b85dbf93c79bcee6100f5
SHA256 e1080ec3e5b60a3daa64227745ce73982f2280702e329d31dbb85f1f8b544d89
SHA512 71a6f2e8dc9f0500e609cd2327a3b76d57fc8e912fdd14ae29c9e96d6400be4c0f634816531cff08911e5779b2c5e485069f75c3fbbe088dac7463addf03db75

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 93bd99d9c08e847c998d3d93475ba533
SHA1 59b5f460cf4793b64f93ae2b9b588e54cbf38927
SHA256 5e249851940648a79c0c045bd1685735d8e813703f3b66b6ee45bc8de15cd19c
SHA512 3916de9b680afc44a791b0ba81561400d6c06d365d8c2dff1cbee3cb6bb4304ad847e9622ea40ac008734efbb53369d28ad56786f0f40ae57829f3b8644b7c71

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 64774b00c492f3a9a8cde70d57561417
SHA1 231469f96a4b4fcd5c2a412abd64078a815bd293
SHA256 d4bd6c4e41699695b62f2c4758219d89ab2e9424d4cd4822f4f052b65af3e205
SHA512 05f73296050a7c4441a0330f77bb2f9c1379ea60514c49e4ad6532df4dd47cf2bea76ae18ddedf197a1a3c2765b48eb7c85ee9077a47b97acba8d21772f590b4

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.appid.xml

MD5 db41d9ce17d2008ed2a4e99f7646306c
SHA1 c5ba84a021d54ee0474847008760b596f0527142
SHA256 b04105708823e14d888d89e3027348c179248d50c072a9b4976abfb9205da7dd
SHA512 a30f1c8e2db7ec777246fec7450713c18118bcfb42218faf57ec4136f5cf420ddab2150f8915ae6885e6d8d9a58117881ccbabe8596fe81d4c5a0c67e58516a5

Analysis: behavioral2

Detonation Overview

Submitted

2022-08-17 16:32

Reported

2022-08-17 16:35

Platform

android-x64-20220621-en

Max time network

135s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 172.217.168.202:443 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 172.217.168.202:443 tcp
NL 142.250.179.206:443 tcp
NL 216.58.208.98:443 tcp
NL 142.250.179.170:443 tcp
NL 172.217.168.202:443 tcp
NL 142.250.179.195:443 tcp
NL 216.58.214.14:443 tcp
NL 172.217.168.202:443 tcp
US 1.1.1.1:853 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2022-08-17 16:32

Reported

2022-08-17 16:34

Platform

android-x64-arm64-20220621-en

Max time kernel

2896717s

Max time network

162s

Command Line

ir.shz.shzkisi

Signatures

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

ir.shz.shzkisi

Network

Country Destination Domain Proto
NL 142.250.179.195:443 tcp
NL 142.251.39.99:443 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
N/A 224.0.0.251:5353 udp
NL 216.58.208.99:443 tcp
NL 142.251.39.104:443 tcp
NL 142.250.179.142:443 tcp
US 1.1.1.1:853 tcp
NL 172.217.168.234:443 tcp
US 1.1.1.1:853 tcp
NL 142.250.179.196:443 udp
NL 142.250.179.170:443 tcp

Files

/data/user/0/ir.shz.shzkisi/no_backup/com.google.android.gms.appid-no-backup

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.appid.xml

MD5 cb7d75cc3d55a86c4e19f6a75802de6a
SHA1 7ef04d2929ff8bdfe68fd91ed2a207a35af8910a
SHA256 3c6f4d0d992145c1134191e057335fc06d9a57d1606d6e8a558355656008d4ce
SHA512 0dc8dbacca6dc04646c8d576a6557af4b9327e4e605c78174671ff5327306e7085b510b9c73e856acf5ba7093a082bf89ef39699f5307b22567c4b293f38984e

/data/user/0/ir.shz.shzkisi/files/generatefid.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/files/PersistedInstallation3208643008408890126tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/shared_prefs/FirebaseAppHeartBeat.xml

MD5 cf198d8fa16d3ec4be0f4add4c03c7d6
SHA1 870f696aa44f914494668c7f6f026b4c31952605
SHA256 cdee69a446c22f72e09ceb70f39daa149e2f92d67f3c5c6d6e2c407d543ec52a
SHA512 c33bdbec29f68b819ecd887e68b3d250c9f7377c78477768b39ef8fd4ca4d6545b2e37b50bcc019df9accfa7991f0b019f1feb6fdeda010cb637262eda702176

/data/user/0/ir.shz.shzkisi/shared_prefs/FirebaseAppHeartBeat.xml

MD5 51b3e5d5bc7893794dd45b332d0bc780
SHA1 ec79a68f7e6367c0890177fb60552b66ee11fb94
SHA256 4ce9a478345ea640442d4374ddb293bb3abd64b430156ef0cd7e5fec650b9bcd
SHA512 5c00d8a6c77b52c67262bbe40255bb9486c904c4f38317b620225ed52c14306bf4a2486719000883b7364e9a16e94707cd8073ade3f7c0952b7fe9cb3020dc99

/data/user/0/ir.shz.shzkisi/files/PersistedInstallation3510737775562140280tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/shared_prefs/FirebaseAppHeartBeat.xml

MD5 51ebe5192a22be3cecb649b2925ffd8e
SHA1 5d83402d6ed4069ec0006a2cdabaafeb5f6c478d
SHA256 7000028988c1d690ff588e39a7d87ec9b5dfcd3a871b85043ddeadba823f845d
SHA512 081e20f2fc8753f78fcab8a1c814b991b38c79404d46da62bc485d55c2cbdc9dd2e513ad5b4878dca8010757404b12917ee69d790d7561e4a58e395cab600dee

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 250b4caeba60ddf53228405750ba66ca
SHA1 422ab714feb34e9f3b4f1cbe669887bcd581ddb1
SHA256 2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e
SHA512 373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 7b00b87549415b1cbfc5c5d69bf4b790
SHA1 8f4df8cf4611e9908e344a0b3c52c0d98e69a19f
SHA256 6eb034844894afd9a73c06fbc58df577fe3fe4fe72b87a71eed22a190b2c6b00
SHA512 91f5341e1f412668186ec9d456d2333aa783bd3178092ad3aad5b2b2e9a010f10c0d820e48c4749408f0a82f47b056352c4f89a65830d486c519e5dc1e1dbdc9

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 8e1b2c914bb985857d2aa695f1211210
SHA1 02cede841e9ac63d9c3f5e3f7d4042e2354a0a17
SHA256 2740ca9e8b7563e7807be98e7b2bb60801b386d4a67982ef20bf8123321c2e24
SHA512 bee5ac1d57a522ea17e98357c7386582b8048747afbba38cc88f412c01e7e0d5f76c7613d091c842a72af395d22a27b2156f6bbacc7133377a5e0045a803b14e

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 8dfcfdcef5a9793fb83bda404ec3f42b
SHA1 dd02caf5757e9fdaf184ab299c45e4c92ab3ae4b
SHA256 a59674cc863d7e977b030c7047072dc4c6d5ada1257917574fe184d886042cd2
SHA512 e04d1892c052fc3766881d3f21e26961714e575766cb316bcada34cce49cf6e17eb26c3fbdee0038ed2c75da0a9cab99e0e3e78374be20ce2790cc0d0d9cd807

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 58974fa4de885561c35dcefe0f349a8a
SHA1 a3958a7b3198a39eed8d8cd3a9f045496242a9c2
SHA256 34e0cef2e8ad905d261b5064bfaff29a754f9bc6061ed6fb8ef3b852047efd54
SHA512 079142169bd5f13f2e882cb1388d5f7f1fb0af27e2cc377a5f6496d60aa254e66d0001f63e9c236210fd31fcc5fa0c3dc3c9f14919c8365022b28be6baa5db4b

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 7babb87e1c3879f210a1e1c92861feef
SHA1 c703ce09e44543854e341250fa472484a7413243
SHA256 a433e298b09c0c48dd516c989b74a32f129750250b185e64323b25a289e4eb7e
SHA512 156c9e6d82b1dd7b3409fb17c944796afbc91a69201bce3f9a7a1adceb7605ca11de4040b06f461ef6ce5959ab1ed5986c2bf6960e034cbb7d8b05b15f5c3b6c

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 1bf9343399d9514430224cf53a6d733b
SHA1 7a55998791ee27e179c55beb94ea974c3f1ba2a0
SHA256 3ba26cf49d97a0c663f78288152b0af42335321ba5b666caa9c47bd7c0919dce
SHA512 5080b9c63988944bfcf697d18cc7c5276104e7d6513e8850962bcf6750a5759aa5e6224a1281e510b58c6d3e4f884c2d5b687a13fcc6f1281db01311bcf4062c

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 ce09f35299d3d08321ddaf5aa9cabb85
SHA1 6d44c551c8c746b21cad6f3c5516f5e80031cb67
SHA256 9ba9a64d5cd0a822f6651b03af37bcb4b4f6b79d201432f166bc2a5aa7494cd0
SHA512 e63428ab469a1cde6b65d27da909817444d19777d4352798eedd8ef485a42d6a79f315e035a150544f1f67dea68abea507ee03cd0884918925a119ad6148f0fa