Malware Analysis Report

2024-10-19 13:13

Sample ID 220823-cjzyeabab2
Target Live Chat.apk
SHA256 d4d8e4c7acc8c55c78737944fa235054f2f2efffeded83f107be43a0c1a58ffb
Tags
brata
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d4d8e4c7acc8c55c78737944fa235054f2f2efffeded83f107be43a0c1a58ffb

Threat Level: Shows suspicious behavior

The file Live Chat.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

brata

Brata payload

Brata family

Requests dangerous framework permissions

Acquires the wake lock.

Reads information about phone network operator.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-08-23 02:07

Signatures

Brata family

brata

Brata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-08-23 02:07

Reported

2022-08-23 02:07

Platform

android-x86-arm-20220621-en

Max time kernel

3363064s

Max time network

14s

Command Line

com.rez.ir

Signatures

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

com.rez.ir

ping -c 2 -W 10 -v google.com

Network

Country Destination Domain Proto
NL 142.250.179.138:443 tcp
NL 142.250.179.138:443 tcp
NL 216.58.214.14:443 tcp
NL 216.58.214.14:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 14.36.251.142.in-addr.arpa udp
US 1.1.1.1:53 93044live.ml udp
US 1.1.1.1:53 93044live.ml udp
US 1.1.1.1:53 93044live.ml udp
US 1.1.1.1:53 93044live.ml udp
US 1.1.1.1:53 93044live.ml udp
US 1.1.1.1:53 93044live.ml udp
US 1.1.1.1:53 93044live.ml udp
US 1.1.1.1:53 93044live.ml udp

Files

/data/user/0/com.rez.ir/no_backup/com.google.android.gms.appid-no-backup

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.appid.xml

MD5 9251aa27979836344f576c10eff8e93c
SHA1 806612b0ab422982c643128417d92d94a3f16223
SHA256 b1d9f2d09e6557f43ca64c4060ba1acdc726f9abde84183d690263850441e6c6
SHA512 0ec1b10bd9d4eb59bdf1b207515203a0b4301266862c193c1a232b1f01f4784d149879f0be740da0f037730106616bc65f42e84b674a0c3618b27274bcb7b2a9

/data/user/0/com.rez.ir/files/generatefid.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rez.ir/files/PersistedInstallation5948326534380736202tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rez.ir/shared_prefs/FirebaseAppHeartBeat.xml

MD5 986ff71c50c25910b55b0ac039670a7a
SHA1 d24d159a2a69f77d3df06828ba5f473299fc73f8
SHA256 40980fc4097f12405cc8f398caa61b88e1f767b3524b564a3814d4cb066cde3e
SHA512 6c8929e665a604e8a9e2b5b73e11d369e9bf86e14de23e7eae2f11cc88c2acb9081d3193fd5161620f596a7ee521c90f3905d62dc132777d0c28dae4f9d4bc1e

/data/user/0/com.rez.ir/shared_prefs/FirebaseAppHeartBeat.xml

MD5 e3c3cbb588ae5cc7f73ba29d698a384b
SHA1 98e8ab64c545ddb7806b576c7c6593c6cbab408d
SHA256 8f4a878fdceb7fbdd445886904af0ed49b0839e61be2906faacc04e15fa7ee3a
SHA512 f4d7f0c0097aa41f3bf9a8f0d2ee03990158ebc754a9ba453e60788f203d19035387dc047351d4dd44d883f507a93740b210314fb9a22a81cc6d9375b17d29ef

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 250b4caeba60ddf53228405750ba66ca
SHA1 422ab714feb34e9f3b4f1cbe669887bcd581ddb1
SHA256 2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e
SHA512 373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb

/data/user/0/com.rez.ir/files/PersistedInstallation3749892234439870748tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 3f2e0d322d9dd58b965912d400061aa5
SHA1 389effe0f7a0aae4e3911438a13c0c1cc82f811c
SHA256 7454401d66ffdcee0663c7ff5a8a6da074dee4bf0f5087c532cb2ee7118c0941
SHA512 15253799f1d23275f56f4037cc44c80b385bf9ded3cef204e0209b4d3a74ac91afe0bd7de8d6f38772cf23ad7392f0150ceef7f737f8bf1a5b14eb69f63d49a5

/data/user/0/com.rez.ir/shared_prefs/FirebaseAppHeartBeat.xml

MD5 d763c09a64299a1cfbd31c97bc29b8a8
SHA1 70d6ac8cbf133c34decd64e5f1e37d066144f59d
SHA256 d82124f951cbb034ba1c52e43052ce0d780a23ae0b104ec98b296d796856a857
SHA512 25492f304c5bdbb2281d54ff01de9acfc8b0fc1ed74714c930a7dca6819d008f60c94f4fd3d21fdee8b79eaa65268971ac439bad9506829b3d6070df0b41cf31

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 0a8bc970c47226752e526116d97bdbb2
SHA1 138ecf33f35cfe7a6ba5ca8a4b7d4adc1ad0665b
SHA256 015b82eeda82b9cab799c2098a4c9abf75819cf22739b08e635225d8a19a0e7a
SHA512 63e2c42fe5c00f100d6d998f3eecc88fc89673031facc348be7b6b96168677f715929d6c370e328e8dbe030d636386b07aa7b12326b2811f0f2954619d4bb693

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db

MD5 89cd606d433241b0e400ec6e41988cef
SHA1 89b9c657f7f3fb4ccfb91cc80fc96e8856c48ed3
SHA256 fcba6384af560e501a3fae9ffa613d5f9d08484ae6c759bf54ae4178d4c2d253
SHA512 f79809217f10226f1a915adad15ff5d89aae50835c718a7ca3a9a25fa570f005c8b0ae0eaea767b68bb666d8128426be51b3fbad8e3b024a7f0f0302b14179a1

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-journal

MD5 70be7209d02623f5eafe092b391d596a
SHA1 e42c77800a27cc4b862f67e42dee584f0c1bbc81
SHA256 c0dd6143e8de074faa47088ba27e5784b174ea9597cc712bf5ca5525ba4fd7cd
SHA512 487547f500da81e9a446532ffd346a293878f363c96574921143994eeb760977f7f0950464854ad875f0a8e6661c82fa46efa8ac505acbdc36ad622cc5442e7e

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-wal

MD5 95122aa629e9b1f42fe131c1ed032b12
SHA1 236f4d83b3b590ff0c6f17c66a88e6fb852d9f4e
SHA256 0161fe0fcaab16314710fdb41ad549c7fe11556d0970bd98eecf0e10a26719bb
SHA512 1bb29d5cefe6b2b5f84e7570606a32d9767fe9227a08ccb633d3d89dd7b42da0737fd7034592ae3110ea10d1bf1e93d005e4361c8b15a5f51e0c84aee8cd9f56

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 293247b0b1e46292788878f8ef8dcc15
SHA1 4e91d42629269fa085346e214dd1ef61a9388d38
SHA256 3b98231c3c684dff8f6fd29c94a7fb3482bf3504caf65fb3f8ba97f5b3e4d176
SHA512 069710227e757da7ea7dda31f485f052664f6b9ebaf1251e41032c96136a78508dbf1edefcf23347e961261a414cbe53d1721bd455b0fcf25d69a613d5018334

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 2e33e80a25333f8424af5f5d403333aa
SHA1 e339bf265c20d49b5a0da57315f6a510ab9c4ad9
SHA256 f9f8a19f60a019fa42a29bb1401e4fd842c6790ef91fc7b3822b6dd637fe2836
SHA512 9171c10eabd220e9de26f68dba250a505db4ff3a1aaf8304f1c84b853e3a0b442419bb156e0af782c274f22aed64275c9abb4de9fdd2b9b582201f2715452386

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-wal

MD5 8aa66bb633248d1c6e26c3729ac3188c
SHA1 0f30a0165c41bb2fe7d6e7d1071773cd6adaa1e8
SHA256 afc1e8d9905d698104e9513c3333d30e1861f0e6f04a1799277176ee0b8e214e
SHA512 1eb3ce202cd1e3c89c0613eee8e3abfc68ac6b4da05c7673415da9949f46466d38167121900c489a037f169afe26dd135359f6c4d22935fe8e73bdee681f7147

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-wal

MD5 b4daa4a2d08b14eb81c081d6dfe42d69
SHA1 f7a8b06aac9ef6dc8f25dec1bd83abff51058b9a
SHA256 ccff092e451fce4797486cb662c0e2c7e47c0487fc33a3a5adfe0181f4a67a88
SHA512 0b7dc515c63f0f461dfe91712e79059d76b5946e3eb1ef0d2fe4ba3e51d7d2ef345ae380be9029edeef3e8462478eb04e95117614674a2af1bf9c832c551a98e

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 433296bacffc98260d377037b1085e64
SHA1 673466b4c2fbb8e9c9a7a65ebf251f9a3cc8a452
SHA256 dc6ef07b995bf2d6b907c83c39153b80b12ebb1135e9190f60ec77116cb8d146
SHA512 05d349c6855804582faa646ad5fd9648d75a24061f20822cf41ec53461625f6930e1e89f04a321101a91d4494d21e4829886e7f08cb0d2f0de6fa53045b43809

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-wal

MD5 7caea01b231dd17ce201b7b475fbf5b4
SHA1 5bc1597b96fa24500765259d502eb0116823dba2
SHA256 cd6b5e8c6fdaf719dd5090c4dd3cb5c5f94ffe1804833cada1ced12d60a67351
SHA512 c1b054856f315f15ec0ca12a9f6b185832756a4c239c6fc65827247d17097aca4731949819cd9d8850230bf25d2bb5f02c66ea0bf6b91ed87e27b3767ca38983

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 9c8d55700d3928a36f6796853fb8d820
SHA1 3e1844273a6529e20b8a2cfd9b2488f75d3efd15
SHA256 d8b227e952f1b86971910745e2f4462b5f02d60efc2aa48b9402bba76799d539
SHA512 d94cbb97b1e942edaee408d22b1eb15c646a24cef3387b6e1b42792978fcd555afddafd53fa225a6538f1a4eaa9bcb444e0730ba1742b607b50ecf1767654f21

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.appid.xml

MD5 973113cc0ae858dcfe034db8018f03c1
SHA1 aeed5c6e775ce8185c4887fa9c6d606e3da6c1ea
SHA256 948d2743278bf90649b9e52d6fe7b5c8a5c2d5c06fe6a05c255527237a962a7a
SHA512 fe9df71cd9bd654bb07e0729c7008e9091b24e420aff613eda2c06f077192aa59a26d876d700e80b202d834be51b59a91fbfd33d19ed4ffae72c5585c8d498cb

/data/user/0/com.rez.ir/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.appid.xml

MD5 4adf9604f664ecdaeca14b2af205752d
SHA1 bde123841413ca0fb1363516906ce2418d8e99cd
SHA256 dd155762d48c852853c85321a1c3db6c660e6551ac0f5151fc78640264d92222
SHA512 d3052661e67636f185a3c8a2b8104b4e487aaf57fd645c8c92a74b0477cf1947f56d5bfbb74502ba7e9a1c84f03ab7c5662a5edcb588318d3bd384496a4406b6

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-wal

MD5 6525457440b12d190384909d7e6f9b51
SHA1 1eb5d6d4fc13eb42cb0aed96c8ff82fa7854cdbd
SHA256 c733e04eddfa4f4158fa27ca9baf9b2ef785bf36af9e56551168be2c3601914f
SHA512 a5e29f81309faf3986856f51b610ae7657375ba470a493770f912c5948024cd51b00fbf80f9d82fedbbfa6bd2736ae619cf8653e0d6c4241177e17f8ef1552ee

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-wal

MD5 2cc33b9e73fb48efae9b8524a2d426a3
SHA1 51c4477d33b641bd7c203f7d9844f70e13e1c76d
SHA256 1e09ec1620cf1f6d4c9cfc6742683301b94d727ed3656a7b5b16bb5631e22f87
SHA512 6ee3b520ddd823d8498e5a652085cf8e4a2cc70f35785f2844893dabf6e70a7911b3db733238c10b2c8ddb8cba9e45df02b88ec670eb8b31134e11ddc851e871

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-wal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-wal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-wal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 f63a7516c12fd1d9765883b27e8a3409
SHA1 8e2584fa7caaa8500162b47ed633baf54c2d1e69
SHA256 1136a6591222aec24ec8b2ab966fcdaec3102d5de255c0a8beb0fdf01dbb2016
SHA512 ab5adbc098d4737fd11fc3e4a07fab6be56fdd5721d51a93a2cea7fd43e95b1b57f4bef4aedf5d7bb6daa35bb9082bb1a96b7a741a4f4c64e00ba3d4e0f1d7e5

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.appid.xml

MD5 27a005ca48db8d25612c41b86bb89ac1
SHA1 67c5159c9da851fa1da4ef20f23bc107a430c9da
SHA256 04974d286ef3168fd0883bb48f61fcb24d6a5715ca6766679885c784f5aed113
SHA512 6fb4d87ef2a6a438145d7015363fc8afbdf2daa91d5b07f1fe4401510571cfcc32093caa63970355447b89d14d48cc6b1bfffbca19b729d08a03d7ddfc9c6f09

Analysis: behavioral2

Detonation Overview

Submitted

2022-08-23 02:07

Reported

2022-08-23 02:07

Platform

android-x64-20220621-en

Max time kernel

3363063s

Max time network

16s

Command Line

com.rez.ir

Signatures

Reads information about phone network operator.

Processes

com.rez.ir

ping -c 2 -W 10 -v google.com

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 216.58.214.14:443 tcp
NL 142.251.39.106:443 tcp
NL 142.250.179.130:443 tcp
NL 142.250.179.200:443 tcp

Files

/data/user/0/com.rez.ir/no_backup/com.google.android.gms.appid-no-backup

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.appid.xml

MD5 ceff9e5b3e5f11465eae07eedcd3e316
SHA1 8e970070d0de322fc6c8e64407f327ee866d8a4c
SHA256 52030b9c6b948eb9e9e48904f1edf0b911797ee13289c82c49c2121f54ee1390
SHA512 26a001b34975bf2c5a06b0399947706aea23926e335508505735baac4bf93174b9daf961ba351accd4182c29276bb3089a9fb4171e4985031abb3179d77a26a7

/data/user/0/com.rez.ir/files/generatefid.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rez.ir/files/PersistedInstallation8555946197064558282tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rez.ir/shared_prefs/FirebaseAppHeartBeat.xml

MD5 216cbd1cee4dc18b05c3d8108a74fc9f
SHA1 9be755a789fd60d4a5d76e248f8e83aebe8a7941
SHA256 3ffe384e01275cf2b0a0fb4c10a10d35f6f60bb088f69e223216cd43c2643440
SHA512 55fd9036aa9b39196183ad9ea8d4c118a4b5e5ea86d11c12111853086cfec587a7c70696ac17820a80344ca9fe14a9c02cedb3eb93800da5c076c0c2155d6345

/data/user/0/com.rez.ir/shared_prefs/FirebaseAppHeartBeat.xml

MD5 45403c57ddf06b805f289719bfd5161e
SHA1 e30c41aa4e33fddaf9edf8d2330eabbf92c9b607
SHA256 c8b49c9473c4de397b90821e53cf63ad5e53117cc8f6cc3543e4a8179bf1799d
SHA512 b5022e0372c6437dcd7faec9c1e7cb049337f02e2d262a75a47bc3a192ca8e0f35dfa3444e5451a0fb086d9fd16069b33232a5295237bdd40a96fc6e556dd39d

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 250b4caeba60ddf53228405750ba66ca
SHA1 422ab714feb34e9f3b4f1cbe669887bcd581ddb1
SHA256 2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e
SHA512 373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb

/data/user/0/com.rez.ir/files/PersistedInstallation6230853781887295330tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rez.ir/shared_prefs/FirebaseAppHeartBeat.xml

MD5 d40bd24d3a09a8718adc1828ae0fa4ae
SHA1 a8b4c32480a0f432fba198b4e4adc265ee925f32
SHA256 15f83e44ba9a93d26a73793b4d8c38131f7e056ef3378759f6ab0c92b4d6eef8
SHA512 d3c6762c51decc10731f6726ec6edf801a9b0983656be5d374ff2642f888d8ac203865d813a88239d1b635e4c6c6d018d3f2ecafcf9f3ec4c217e889af2c63af

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 2c0b903c1e30cae08ba59d5d976da02d
SHA1 29c3143b8592453a736e4ddcde4639bc6d495438
SHA256 5bf6247d25feaefc2fd03be9332a2bde7b9f4efb22396df666958a8ea606869a
SHA512 a8ef8284711997ae7a1882c6d0b947872f63d7361a61e21bc299115b95acbeb2114ea2f8ee65a4ccc0f6a98fb9fd0e41d370e37af4c7a0cde1c879960c2fec98

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db

MD5 7bd7e08b7c157fb7a04f9701b6965b65
SHA1 19ed78cffffd879509071b091ba60776c18e8d97
SHA256 c3aa0e8a52b6dcae0f988502bb3887f94c13148a8f36c3fcf5036c7c99afbdbc
SHA512 a668c141cd4d48396e9d67e79ec1036a8ad4498293e0f16d108e8c4d842f76714f561bbe440a3a5dbcfb6b7ade257ffed7fa07c56566c8ea938589c61943d4cb

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-journal

MD5 158ffe713a6cd4dbde64168bfec3eff5
SHA1 9bbfcbfa840856426280a796df2e5c73b57b35fd
SHA256 cae061bdcf715628b18eb022c25be22ce6da9f2c5fc0b3c9331a9f9aa034958c
SHA512 14ddad58b2984a7cdb13b4c978d52e7e461e970d0376060da65727d5413f762e1521555e983e5d1f90b4ccafd0d8d3ccc0e6e266d499d3b6864b0fba2792edf6

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 d50a496ec65351fc8788c333b71cddde
SHA1 795902a6bdea4687f02488fdcee408b8a387879b
SHA256 d5abb2792655a6e86acce70dcbe38718500d524811eec00dc1ca5a1d5980b149
SHA512 de9c44fe645939326b22eac0586a4cd22c529d4dc83405c98a4bb06091668de4b2d4ba453e4bf7cdbbf4f4c64c7aee3d23b52c22a542f7fa70fc87d6db912aae

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 2b9a2e7a76a96064073453e53d0d2e71
SHA1 f095c77c619e5d5126e7586075d04b8174b5b5b7
SHA256 6bbb740e3d64061e9ffef1d0d5db797a4303442ad00b58ead0d4df87f35ec361
SHA512 183947cc8affe79c0499d27ddc7f864f3bb2997505312342b375b94277f88fd88862c58fd849a5338196f9ca8f09a4ecaba075625207439805f8101b34988c61

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 e9076a474368a8e29b3582fc0a706315
SHA1 20469cdfa3b99c32b7dd6d55d34f8a4d41afe443
SHA256 252e3da0e95eb8834b712d82ddf87aa5c6d331e5789f632f4783f189aad4bbbb
SHA512 4b0c0a766e68502bf59f0e093dbca4a34b58fe71559c98383d6eb18f2a0d2dd3c4399b9c38d944e397359bdca4c91e06b5d71f161a6a109fbe637d5cf915950f

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.appid.xml

MD5 089897f7b2ea426970e14a8233692a3b
SHA1 da88aa5c3655fe5184b70465317fa1ee46e208e7
SHA256 09a5a47078275ca0faae1d98bb8eddae769940952363ea6c54e27785b93fd34c
SHA512 8c0ac346ee3671ad33176f5aca99f6ffa03f5e6a2b02375e8a81bbd5652c1b7053b425831a56fa6a58fe8766e994a6fb8e558e70014f6a76030fc383d42e1862

/data/user/0/com.rez.ir/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.appid.xml

MD5 468c7c87985213310c8078bc86aebca5
SHA1 eba9f3ccbdd80de3018f2563b7a3748c4958f04e
SHA256 19e6cb9283089d45f31ebaec72c7d6f95aab71eb4bab013b29663c59b8b0dfa3
SHA512 a497bf6e59146e5955450558d3ca00cb0bf6d1c793c9d0e09a610beecc12de6003492ce08aeb7a57e11b4f8bc10a0e4b4f61155f44ba8f524fcca980544f2a0c

Analysis: behavioral3

Detonation Overview

Submitted

2022-08-23 02:07

Reported

2022-08-23 02:09

Platform

android-x64-arm64-20220621-en

Max time kernel

3363190s

Max time network

152s

Command Line

com.rez.ir

Signatures

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

com.rez.ir

Network

Country Destination Domain Proto
NL 142.250.179.195:443 tcp
NL 142.251.39.99:443 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
N/A 224.0.0.251:5353 udp
NL 216.58.208.99:443 tcp
NL 142.250.179.200:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
US 1.1.1.1:853 tcp
NL 142.250.179.164:443 udp
NL 172.217.168.234:443 tcp
NL 142.250.179.170:443 tcp

Files

/data/user/0/com.rez.ir/no_backup/com.google.android.gms.appid-no-backup

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.appid.xml

MD5 e4b9f5e2c7a94e29791cd1c6f85fbb46
SHA1 7e89cb5ee4bb611022e623869af93e63269393da
SHA256 4a2a1654c27b9dd048538000185ac47e25de7e76a0840340caff5fde25d7b166
SHA512 c5d30c21e716cf59c14bca1f63ab41cbdd7f97ea45efda6388f86dc2b4332580d9ec42dd0087aaa24dff10faca60744f46f6237ddb73395c3e4443cb3a44a985

/data/user/0/com.rez.ir/files/generatefid.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rez.ir/files/PersistedInstallation9114064604239694025tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rez.ir/shared_prefs/FirebaseAppHeartBeat.xml

MD5 aa110a14d430cad7100b0be682106757
SHA1 34a36c865d90f4bbd095f26e6b7a9ab277ce4b5e
SHA256 e16d8abdf198e34c3ae8f11d36b4627793e7a88ac9cb4b7e25e9f936fbb1ba5e
SHA512 28aa1925d075295be33bffd91d5282051f94ba9b5ca5da64b63812101d51f7766040069fa67edcab6d197a0412e28cb265f035d8eba703f6cb93c957330dd19b

/data/user/0/com.rez.ir/shared_prefs/FirebaseAppHeartBeat.xml

MD5 ef01b68a10360ea2dbe0523deb828125
SHA1 037acbf7a1f9e029da2dd30b34d6b1d5b2e832cb
SHA256 a61f2f9e2755a5a3a05f7c9d564aed7798f139115adb3a3cda40c56a24dcfc4a
SHA512 d254f1975175f3a4641c2cc03085223b2c5d130db0d304d5adf19a3bbc75e427d1f793d5321ae5da4a0c98e28fbe33360a373ebd1bf27172cdb7889492afd8e6

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 250b4caeba60ddf53228405750ba66ca
SHA1 422ab714feb34e9f3b4f1cbe669887bcd581ddb1
SHA256 2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e
SHA512 373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb

/data/user/0/com.rez.ir/files/PersistedInstallation7370320334623567808tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rez.ir/shared_prefs/FirebaseAppHeartBeat.xml

MD5 e0f5b599711aacda2b19d51d339908a4
SHA1 59715171bea9bf5fc81f872902a1b23e479be8da
SHA256 0db8b02c0f9f237f81a06f066c0382e6561ddd7293ca34847108cc035b743b6b
SHA512 dd1c8006768e807346d2edab64b25d5e15a14891d9a113356257e4fa3488a594d30e078a0913a19de6ddbd6836dab620271e2f1ce29a5e6493ec1b34cfea6671

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 8c3ce0ea446482f78d26c9354c3cf865
SHA1 3e124bc49e72f7e683d207a3c8ae8306de9306c5
SHA256 65bc02a11ac5cfb356d266c60471feaae4de8e2eabf8bc7d8e5d62544a278b99
SHA512 aada32b2d6f195be21d13bdb6df7c2cb01de935db957f02faf96a5b63c875ed9d6eb9f6e08a926daaddf7f65127ca6fdddeba204617b24007cb112135bb8a6c4

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 be520c43bb1abcadfc35d112e04d3da1
SHA1 a8f771b6e4e4c58ab1b3487ab2a86cd58d8d97fa
SHA256 be05113e092d5acbe462f11ec1ddec41ba9a0527ece4c04b6a4f9ae63cda6179
SHA512 b574b55493120ad3043fb9e201787a3e686bb58d4d8a06788416871db206ff7460ff8bb5c0b1c7928bb435eafb1b95d23a9ee440d643d50070ac001e0fda2a92

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 94784ff3cfe8ed44ea68e8c4c55bd855
SHA1 b058f5c9797549aa5ebc596eb59821545afee369
SHA256 128d7d3f08d2c1f2428997397cb75c100d94bd93c3bdf2fd97db552a96bac340
SHA512 8eaabb002cd4e7f25b850632f1ec136e97266eb9da49f7b9b8780b08f32bfa2177fdc01be3f280fbffa2f357747bc0fda460646ee480d25b9e094fb7e92ecf6b

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db

MD5 8dfcfdcef5a9793fb83bda404ec3f42b
SHA1 dd02caf5757e9fdaf184ab299c45e4c92ab3ae4b
SHA256 a59674cc863d7e977b030c7047072dc4c6d5ada1257917574fe184d886042cd2
SHA512 e04d1892c052fc3766881d3f21e26961714e575766cb316bcada34cce49cf6e17eb26c3fbdee0038ed2c75da0a9cab99e0e3e78374be20ce2790cc0d0d9cd807

/data/user/0/com.rez.ir/databases/google_app_measurement_local.db-journal

MD5 c1a46f92c8d5a8f157fc11ff5e9f225b
SHA1 ba536bd0069eb55fde2920c1af02753bca9952f4
SHA256 bb16c1f4508ce4ff46cf0305f7a9f533bfa8c4354f0dd42efe3d32a2a1822b06
SHA512 57afe9df48f3e05f67f86ca6244ededd1c97793eaa6328988481285707113d24f76d9a6f1084e1e68bc7be61ec33a0471b19529d6932d4e8fc73abdf01255894

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 24f84c78ac87665be4ea8c2e6670e18c
SHA1 0a3eefe87506cddecb2f8b829df9b28c4f28ae38
SHA256 41c029812038612136217d306170cef9cf8fc75db39ce70fc1cdbbb43b6d3563
SHA512 8b5313cb08ccca5a11eb006678e597c68e7b564f5b35efee557ee94bdc31972ccfa7b1a45007c952c93f28c442f8f2361708ed6a798e3d1c7c65b407508f804c

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 a9b8011b6a65c960b7757b0aadcebc64
SHA1 dcc9e4786167fcc94d840c8bb0c13fd3955568e7
SHA256 154596a78ac4fc6620ab6436980c6c45de5ce864599b1b945c2abe81986e0367
SHA512 b2d1a09ba3b41a0e69bae688815812c38995a7e45bdc948b9da6beae17457c1e70c55b0e5cd90079a89a606fb07ef985fa106db729d3a4774da8acc1501e47e4

/data/user/0/com.rez.ir/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 93664adf8b7bdc0c8856ab0e2e62fb34
SHA1 68590d75d662385991ef0da93777eed4c594ce74
SHA256 0abbc43b2acc29f7edff93f472303706d676558076171d65971d40c4a870a948
SHA512 f979238d81ab3061e954d6dce7b4709c8b173dfebe270324a9df92c144f5a7f8367f98239b7e613b175430e81b2ffd0ef3ce005b5d1e002c8c935385567f58c5