Malware Analysis Report

2024-10-19 13:13

Sample ID 220824-ytbt8abch2
Target Live.apk
SHA256 200d2982befe9cf76a83082e423757e7ac8c80aa5c0adf19151171b586615d3c
Tags
brata
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

200d2982befe9cf76a83082e423757e7ac8c80aa5c0adf19151171b586615d3c

Threat Level: Shows suspicious behavior

The file Live.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

brata

Brata payload

Brata family

Requests dangerous framework permissions

Acquires the wake lock.

Reads information about phone network operator.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-08-24 20:04

Signatures

Brata family

brata

Brata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-08-24 20:04

Reported

2022-08-24 20:05

Platform

android-x64-20220823-en

Max time kernel

3514118s

Max time network

44s

Command Line

ir.shz.shzkisi

Signatures

Reads information about phone network operator.

Processes

ir.shz.shzkisi

ping -c 2 -W 10 -v google.com

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 216.58.214.4:443 udp
US 1.1.1.1:53 g.tenor.com udp
NL 216.58.214.4:443 udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 14.36.251.142.in-addr.arpa udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 216.58.208.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 14.36.251.142.in-addr.arpa udp
US 1.1.1.1:53 pubumlive.tk udp
US 1.1.1.1:53 pubumlive.tk udp
US 1.1.1.1:53 pubumlive.tk udp
US 1.1.1.1:53 pubumlive.tk udp
IE 20.238.64.240:443 pubumlive.tk tcp

Files

/data/user/0/ir.shz.shzkisi/no_backup/com.google.android.gms.appid-no-backup

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.appid.xml

MD5 0c6c03d983211b6c1942f7905c56f602
SHA1 d6a3909d4a243601766a196e18459d906091a9b0
SHA256 0a4435b5f21aaae2fd3e45df7478884867f29d3ebbe580369e18a1aed1a8d01c
SHA512 241cba3bb83e54c0d6b63d3236b8c56167bfe9c9ed5f1233d2c7620179b46695796af7c7353bfa5ed2eaa568bdcd4d514c143107b03308edb86d5b694b8dcb68

/data/user/0/ir.shz.shzkisi/files/generatefid.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/files/PersistedInstallation1448812532531028802tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/shared_prefs/FirebaseAppHeartBeat.xml

MD5 e702c30a2ad63ab06724a1ee9ccd9a0b
SHA1 8cf8c688e3c5b7cefe45dac78914111caaaecdd8
SHA256 35312d615774c73d7dbc231924357be7dbbcf861d098833f6ccf10f08715c2dd
SHA512 960781fba9df7bd2bf468a76676ab7684769703c78d5c203e9328e7ad041dc1a44e33520613c24926c602d44380a68fb70fc405b3fd98278fbe09914e1aecd7e

/data/user/0/ir.shz.shzkisi/shared_prefs/FirebaseAppHeartBeat.xml

MD5 d2dc05531042de890f4e2a471eecdfd9
SHA1 97f4f583af74002839e7971c7fa07f63fef40e5e
SHA256 41abe46b1370877b25c065a9aed535a13475729da0f945ae22202753c3e1f7d9
SHA512 7a44da1252b85410799b26a2bcda1f0908b440b84f6c8ddf728ec1b26dd782d98b9fe077fc78e4c1d90193aaed7cae1e41fa48a9427fc486231f9f3f83616f31

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 250b4caeba60ddf53228405750ba66ca
SHA1 422ab714feb34e9f3b4f1cbe669887bcd581ddb1
SHA256 2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e
SHA512 373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 7bd7e08b7c157fb7a04f9701b6965b65
SHA1 19ed78cffffd879509071b091ba60776c18e8d97
SHA256 c3aa0e8a52b6dcae0f988502bb3887f94c13148a8f36c3fcf5036c7c99afbdbc
SHA512 a668c141cd4d48396e9d67e79ec1036a8ad4498293e0f16d108e8c4d842f76714f561bbe440a3a5dbcfb6b7ade257ffed7fa07c56566c8ea938589c61943d4cb

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 f76f79871e01b98132e0303281b1ed33
SHA1 1ebd064585ca58c9f71ede076e8cb57164a33b28
SHA256 dcfd6945e89e9fb5e51d6310a4f7d979525a27ac54640d1a3e28e73a4a0556c1
SHA512 2d503b96ae4b7507f7c73402c4deed969749c0e2624ef9e6f1aff9ecc4e24df7a7a021448c8baeff0dd253514831c9ed2544039e3b2c526c3ccc0c169fbcf239

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 db403f278d87935e0c335273caf5cefb
SHA1 4981c99fe2a66e7b67c679557034a99812694d16
SHA256 36c26be64d106e6e8a1c18408f11300499e253de87e1338eb7f66f81324e59fe
SHA512 c11a3ec51480361cc9397e6c88de32d31b2f34776fb8c34dbb46c38af37d0f65bd772d592e511cfbbde5e85444ae08491d0e4fd0fbd53dfd041849979b6e8c4f

/data/user/0/ir.shz.shzkisi/files/PersistedInstallation4985170577843257597tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/shared_prefs/FirebaseAppHeartBeat.xml

MD5 0c5031ce4f8a5db1aa35f05f0215ba02
SHA1 cbbce89cdf8b4ae6809bdc1890d2020764826f29
SHA256 21549dc77a44e75964060e1de3e43336cb75f11f29f492551a9f0267d34ab456
SHA512 f018026dea9684406baf194f42c7a4a19d19f8511936cd7a5996ada53380cda1f787e888904906614b346094dbc6b590bd440a0d79ecee98057de9c44e6d40fe

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 2d5a2320c53fd37db12c595665a336fd
SHA1 ea33a71ea8b7d0952db3b03e2c732f87928e910d
SHA256 0fc84133c26be9f19d79176bbd6ef9f832e095757be8f6ebee42499a4267a244
SHA512 a269a19275c0154c2efca7cbc5baa2e8ea387ca94f8729b7e8bea7b80499ce580efeb4fe4aaf6427b1310d1817e61a9a3fb724b834221220f2d03a0f989e1f50

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 c3c1bb88208ca21a98c8dc4a6571686d
SHA1 20fedb7bfdef1786e0119a85e717e03da2f18923
SHA256 753c1aa69b0a0e9aaf0a869b461b3bdf6d6c674839f0ac9acd8bb62181835bc8
SHA512 84e2b23cc60e5e03fcc5c9873e4cab74839d255947667e541b9614490a76595f77299a1c465f1e7466c8275404635d8a7ca8f687b21953a14bbafb129db0ccce

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.appid.xml

MD5 de9fb69f7a0a298aa990f8e13ef6bc0d
SHA1 4d2867c977dd52d73765cc8fb657ee4c08e66a18
SHA256 a6b7b84c04d2167d9e0079b592898b9ad3b81036462bb32640c6da9397c10dcd
SHA512 e38e9fb803816c80ff96903c5f2022178ea22a2510727efd1c226ccfb99e2129992314cf0d29a1169186b106983c8fc4064a07dc798d493a6b3a9dd8b7cc4477

/data/user/0/ir.shz.shzkisi/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.appid.xml

MD5 aa4b4b54617848ab5ee0905d4e8170e2
SHA1 e8c3cbdb2147269a8fc3b7ee8f2de9d9a77cba13
SHA256 61785ec6c0af76a88c15e20768b89941292037424ce8ae0993b6a93e06cc8007
SHA512 a2207cdfea8eccdd729fb5911fa059c5cf3d0b71fc6ffd7d9bb3ed80bc183c73a853b90fb635aeb581c0a2c38fa249d440431b3a25e1ad01e23e59b667d0fc3a

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 3bbca56e7fd010a20f54c99ff440c9c9
SHA1 c9c51f6f90ca76c2a66907a8023ffa89f1136426
SHA256 790c7d22eb0d3d00a3703bfd961c784560bd1d3b93c7632272dab304753729f0
SHA512 082f896df7920fcf497a754e8b81ab65ce5c8fae940407bb0eaab1510f2566a8abcc51db804b7f5fc05e7a754a5e66a650722783777e1bcd6c4c25c83dc3b869

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.appid.xml

MD5 60781d5f2f92dbb330a230b55b931cc6
SHA1 9799a9cef4c932b2e2e4d78a0fc244988cc6d735
SHA256 ca2f26d2e29d6531c3018db8964d83d833a239a915467944bf906f551792bc4e
SHA512 ea916e43c99352df1cfdfaa2714099bf21e9885fec88ade2c87970e326f744b2ac566b2cfac57cff50c5b82515a6d6879c126789226a7885df50a6c89595536b

Analysis: behavioral3

Detonation Overview

Submitted

2022-08-24 20:04

Reported

2022-08-24 20:04

Platform

android-x64-arm64-20220823-en

Max time kernel

3514102s

Max time network

26s

Command Line

ir.shz.shzkisi

Signatures

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.shz.shzkisi

ping -c 2 -W 10 -v google.com

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.142:443 android.apis.google.com tcp
NL 142.250.179.142:443 android.apis.google.com tcp
NL 142.250.179.142:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 growth-pa.googleapis.com udp
NL 142.250.179.202:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
NL 142.250.179.193:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 206.168.217.172.in-addr.arpa udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.36.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 pubumlive.tk udp
US 1.1.1.1:53 pubumlive.tk udp

Files

/data/user/0/ir.shz.shzkisi/no_backup/com.google.android.gms.appid-no-backup

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.appid.xml

MD5 45d690adc6d3017b28a3ea7e27b5dd5e
SHA1 e8b76fd2fc39f2451f3100ff5bf6ee7eeef1882c
SHA256 e2e8db5b8729a6b97da854a1d92b66aa66a131601d9994353e06315f38e23b24
SHA512 28a61196d6a3bb0bd989860123bfe0fd3708e40a77a4a9393135073a4d09658f58b6d5aa87e94e6357e4bf81ccb9dce74bd30259fa167cbf94c53765a913c3e1

/data/user/0/ir.shz.shzkisi/files/generatefid.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/files/PersistedInstallation883663023316953844tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 250b4caeba60ddf53228405750ba66ca
SHA1 422ab714feb34e9f3b4f1cbe669887bcd581ddb1
SHA256 2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e
SHA512 373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb

/data/user/0/ir.shz.shzkisi/shared_prefs/FirebaseAppHeartBeat.xml

MD5 4b7d007dccd6987b47e40c4b06eebd3f
SHA1 29734b7313fbba88a741b6cca73d4f77d7cf6ee1
SHA256 f01bd2fc288b340827a0bab3cfd09ac9bc356d8d524da520a7b78168e11b1f64
SHA512 38d00e92fb0d8cb36a475ab6827e08402d06bacf3adbc3c95c65e58f312556f8362dbeac7ac3ad0ec866544c235902340e8f41b047a19c2c9e30e506e15a21ca

/data/user/0/ir.shz.shzkisi/shared_prefs/FirebaseAppHeartBeat.xml

MD5 4b0282dfd75f6fef9f2201a96b028963
SHA1 b7d9f2871f450c12f6ba05e278516acab51a8285
SHA256 06213c63f10b4659952fe88e1a44a99b0b3e1d98eb8adaedb48a0e51bce603a4
SHA512 32c1d62f0f51b857d45f6746efe09eb1ff13419607ef36d8274c111ae9ee864b20bd0a4898954ea36a30380cd76cc13a2386ace82c301a8b38f8ae1d1f1a23b6

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 399e55911618e72b36a150dfe48d0d2d
SHA1 d1fd10509477cec4808f4e37e59fa3d2cd75ee41
SHA256 0bde45c11200a73a271aafcf3da61c91ffbe89b40f0ecb85de1bb352f9bbdc3c
SHA512 eca250563f560f79e9b97379182419b52f9431d7fe5080293a62eddb514eef336b0b84e657a0e61d87ab31e362abb0b096f53a89043a03670d384b2872552ca9

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 8dfcfdcef5a9793fb83bda404ec3f42b
SHA1 dd02caf5757e9fdaf184ab299c45e4c92ab3ae4b
SHA256 a59674cc863d7e977b030c7047072dc4c6d5ada1257917574fe184d886042cd2
SHA512 e04d1892c052fc3766881d3f21e26961714e575766cb316bcada34cce49cf6e17eb26c3fbdee0038ed2c75da0a9cab99e0e3e78374be20ce2790cc0d0d9cd807

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 1a2e3338f5bc8072724f165fe8a1dd77
SHA1 890aafb6e56716d0b95d31abe317a6d316bc47c8
SHA256 340d43b9e69ca6adc14eeae368ab03d5bc99b74aed392374bb73cc5d25f0e568
SHA512 5ff7921a2c0aa12caf2f3a447db118acd3ac5c835aae9c0bb53c20b2895083d07da23de62acf6a2072b4708af38d6753ca26cb20fa19cfd4cc989a7eb905d59e

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 c2c8dde0f04c925ff8c8b605580e7815
SHA1 4585eb4df921ebf36993f8b6f00daca338c70f89
SHA256 ddbbde9a7fc599ede34b5e5173c1b4577790e35f450d78f45042b66c4dd03d60
SHA512 dcea8c835c6d2ec5ad84d2e333123cf359d065d81793af07ff6304e3062324d7ebadf9259f007ca3e95f5fdcacb4a859b00beb41f5e7712fa3a455be3c7029c2

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 1da842ca8016a6f456fc938d73224153
SHA1 f963728850fa2f57c435ab2ca032c762ba7899a9
SHA256 5df576e65c257894ce5de6765bc51e2ba31a716663346a4068b2173a5fc95075
SHA512 0dc7379ff58049c519023fa9079063fa660ce14103f46943cde3dd084968168177f560d7b27c1d1180f8e35d6c0f2a051de73e1727cf8fea09927d75b05c726d

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 da3e198044d7d321e5913b1044394f59
SHA1 7f93dcdc397761f51ef52c3269e82c83e1ef8e6d
SHA256 96c7a356030c14d9863cd42595aebe2788b405a19757123518119c4d24658160
SHA512 f703a31df76dc83ffbe195e0a5e1bcdb452989b9bcf08522e8a934e5701c899e5c2a4dc1cf4251ada4ad60682902f889a2fa3c5d9a035a44c603323e46d57092

/data/user/0/ir.shz.shzkisi/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.appid.xml

MD5 4b8cf1dfdb452dfe53cdcd0f7c658d64
SHA1 904db81e2511323afb4999759e5180b7b7b9e30b
SHA256 229bc8ba966cba4141fecc56da2bf4d4ca5b77457d725025628007274fb6e6fc
SHA512 cf44f1d4039ab02cf403984c7ed46398d9307a42323b420168cebfe1b193724812dfdd43504cf5a61de4b4f30c0cb78c8b9bfe69ac1496cbacf5f95c5d898a8b

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 0e46911e1f425ce3d6e000072e582fdb
SHA1 805491fbd139bf51f53f3feb39f80c6eb4b2500f
SHA256 242899a4301ca8bb0aec8888a43ee97e76553dbb1646b2ccf87484f46a0b69eb
SHA512 9c9499a06c81e0ff87d2a64fba614d603994dedc92cf2866f2c0fe7caf4fc02bb259506d76b96f9087c63a53c415dd184dd0ad087269fe86ded92975f8716a89

/data/user/0/ir.shz.shzkisi/shared_prefs/FirebaseAppHeartBeat.xml

MD5 88240f889b71e4902258a0697aac3530
SHA1 5533ca42f174c987948bce742d602b308bf20f32
SHA256 92f83fcf4a974376345f43925c102a51fcc379a95cc2db2d53abc0a196c33a41
SHA512 ec9d742d794837e04b20b9627740b26163369c5f53be595846112160618dacb92cfb727f77c8e4ef0026d4722daf4d80d6ed82a61a9e7242f92226cdb011957b

Analysis: behavioral1

Detonation Overview

Submitted

2022-08-24 20:04

Reported

2022-08-24 20:04

Platform

android-x86-arm-20220823-en

Max time kernel

3514105s

Max time network

28s

Command Line

ir.shz.shzkisi

Signatures

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.shz.shzkisi

ping -c 2 -W 10 -v google.com

Network

Country Destination Domain Proto
NL 142.250.179.202:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.142:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 174.179.250.142.in-addr.arpa udp
US 1.1.1.1:53 pubumlive.tk udp
US 1.1.1.1:53 pubumlive.tk udp
US 1.1.1.1:53 pubumlive.tk udp
US 1.1.1.1:53 pubumlive.tk udp
IE 20.238.64.240:443 pubumlive.tk tcp

Files

/data/user/0/ir.shz.shzkisi/no_backup/com.google.android.gms.appid-no-backup

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.appid.xml

MD5 44499e7b2f5f460a52f9f84fa7da0b58
SHA1 3a673f8945365676cd8cc152ac4545b6b37a4476
SHA256 55ce0008750bd9c78843972af1ab4f4e31f2a3e31d517dc2c1e7819520c5ac0b
SHA512 075afdf3cfd34a07c46c248540daa8b14e09a0da6f47138bbfe90d35abebe872ec30754d23f16f7fecc891ad00d294bc7cdfe9c3a84ce6ada8d38eadf0d0d7f6

/data/user/0/ir.shz.shzkisi/files/generatefid.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/files/PersistedInstallation1265386813874711966tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/shared_prefs/FirebaseAppHeartBeat.xml

MD5 692dc3156226c225d69a83d40a8579eb
SHA1 7ac5fbc39fc1c911a622c78002bb8afc269c81ab
SHA256 c49865bbf4c285ce055e7a8dee20f845f62e3546a45f451d1cccb442ce2dca32
SHA512 a089c78821620fb48d73b53240e785e496ec222a3771e68daa2286a61c17eea0d414a43db112e4dcbba3b8cd62676315cd9a80496ec6af298e73ad44da95a4f6

/data/user/0/ir.shz.shzkisi/shared_prefs/FirebaseAppHeartBeat.xml

MD5 f464d71e63fa46adfd4a3c9d236b4856
SHA1 7d61f3004e30f057e1eb021c838068ec7801e845
SHA256 386a0db47f345280bb008587f155f55482f168f267e6dc6a4e4edd3cf00eb74c
SHA512 f92799ebf2c39faaa4dfb34cfa6d189a776c31f7b164a1248009f973323e3eb340f10d5db9f8e2dbe239646b5ee9d417f8aa339dbd39ce01b0c4f1fddbd4b1e6

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 250b4caeba60ddf53228405750ba66ca
SHA1 422ab714feb34e9f3b4f1cbe669887bcd581ddb1
SHA256 2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e
SHA512 373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 89cd606d433241b0e400ec6e41988cef
SHA1 89b9c657f7f3fb4ccfb91cc80fc96e8856c48ed3
SHA256 fcba6384af560e501a3fae9ffa613d5f9d08484ae6c759bf54ae4178d4c2d253
SHA512 f79809217f10226f1a915adad15ff5d89aae50835c718a7ca3a9a25fa570f005c8b0ae0eaea767b68bb666d8128426be51b3fbad8e3b024a7f0f0302b14179a1

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 61e03718f83d8a1e9bb4c305d60b25ca
SHA1 d27293ff8c63ddcb1bf059f918440ab22e90dd50
SHA256 6f23fd9e9fc5ba8400a183c521b9786ba010630008b828889d825d5bd02c9922
SHA512 6692a1fc252f632a6b86f141d57f49c01da56fbbde6f6748db4dd28a92329f9bab60f117b552d345ccc7e9433523f49b0b36c90fd7d3706952b628ac5343ffce

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 8265889e0d28ef727ad83f6e0ad65221
SHA1 f6d12c281abcb6df5305273495ebc976314b68f1
SHA256 10eabbc9b92362af3d53fd644290e1850b6b9f81dbf910f59279d2957444b95c
SHA512 e3bd5de084415ab8e1f6a25b22f3ff133cd98e6e30040672cdb38feb60227028cc97cde5ff00243f5ae50c0a1a586afd4b333e86220181e094aae906dbbbd990

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 c884f4d3f262149a218415a86e5a41af
SHA1 91577dcb140bcc0710c2f0558b3b32d6d28228df
SHA256 26f961147c7f3738c96ab33cdbe8f4ef0f6cff9d35ea4d7caec3fd40cf1429cc
SHA512 d7030e0a21b37927039abf120169db7c48984a7781fb25ee123bcec7864d1acf15f9caccac23dbd958afa7954e614506ff9b4577e9bd1c29e8bfbf5e90473420

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 dbe57eeac033dcb88101bca7029cf835
SHA1 5015378d90a63339b7e336a31ef2a6b48d00e0e8
SHA256 9c7476cc2b904cfd90ce8ff1b5d068203c7cd21bddd2119eae36c73c43548442
SHA512 368a3bb848af3d5ef80c4ac7c4b6d89b44ecb1afd5b990c0df2d484987d0c832f9e8a19aa0281b203a649511cdc717be8942ea94115a7f43dc9b2101439fae89

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/files/PersistedInstallation1654204864277435584tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 0ddec9af2e462cb8b1ca87acac54a816
SHA1 1b463dfd045e58c92316ac84fb4de0e0f0e03855
SHA256 c59115f4b658ab49ba173e24b3e93a70a08f6a55b44b4aefb74a84bc87251f30
SHA512 8f43a82b58341b4fb8d030d2a4f0e0821d0dccdca78603f2ae2822c3ad7fe14f1b788a2a8a80e83cf48e9834d4e24c793442bf20180464d638213be7d90a02ca

/data/user/0/ir.shz.shzkisi/shared_prefs/FirebaseAppHeartBeat.xml

MD5 ce7c027d568358545eaee2028e0b8b32
SHA1 790dc8830c8b1d04d4e670258648805b8403b9bc
SHA256 a79297e0013462dcf94159e43e8acde334548d3115babe02dfa776dce302b9ee
SHA512 e69a76329a48a68e80ebf361133f44d1abb87a1a66a361dacf0226cf87971d27fc81ddf9da060a4cfb2ed6db4d94e542e41e95e2f4144dfddc46939dffae3785

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 7e48e22ec9593ecc658bd3a738ba63fd
SHA1 809731b86d4d6d38f3275d76cff34069c43db2b8
SHA256 eeaba4964a210028b9cf1a5dfd18cd134cc71db11ed42baf3c18f1058578f0e5
SHA512 7d820b5d03ff26d553138810cd6ea31134b480b85a1a513617ade7bcbccd03a8d8a0d04108bcdfe60fa1f43823a14079af8d041b086043e2534eefe0413df600

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 480cda78e766e28e262a091156575888
SHA1 4eb0167e619ae65706acdafc23d91461c726d850
SHA256 a3fa67ebf6b675618146d09e2ec599a9a08304d70b44348c210fc0adde3fb705
SHA512 c80aa809c6ff397e89d0231cca216bb6d29373cf7709765a2234137a0243fe091d562935d8da1d55db1be25a7e2ae0134476c730a224bd70c87dbbfbcb76536a

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 70b35a919b640aeae7d0c579fe56c0a7
SHA1 00cd55c57b0317ba5fc8201838a7944c01916972
SHA256 ad04b14dfdd6608e6c019865c5bc389b56045f5b74b79bcfa02390d2f93c18d2
SHA512 a63ae859ac5787d259e6a628ecdd9be8012b8798c6336dc361eeeab9dd75ac4cf8afbe83fc67cacb5e3aaa264afc5c363957c54b40340af1da8a088d18c90967

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 05fbfeece016f963fa4a055285075028
SHA1 4b1f4c68564ff6ffd2f0f02725a8c25679297e55
SHA256 5d34d24b24ea7d6cb538ff69685fe5ffc054311aabf7f78acd47f3071e431433
SHA512 d51555da07519bb2b19b7b2bdf653e8b4ab3e749afb92215066380e83efd3d866b812554ecf25a533acf62645e3483295466b2fbdf538aad4ce7e0f2b49b958a

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 27ea1e36feb43c9c66c1b51b2792aee8
SHA1 83406a0de8c6a26e99478fbc7d9aa900fd644bf0
SHA256 3881db46ebc35131964a9dcf9465a526c865daed9f86d23411712735e3ea4086
SHA512 eebebd6c1729899dfa303ea485cf069da3a442e89eda06d51c90d9b9ffde5722a7beb3e04bd40bd7689ed9a8b5ea3ecceb5b49f5966838684e934dbe30c288fa

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.appid.xml

MD5 2fa1d4e0e898c7d97d699ee355ccf6f0
SHA1 b8fa8302b1ca36cf86526ae9f5bc22a7abcf1b53
SHA256 87bbb2b169f499441cb5992234769bc42e7a37f0fd83c695be8b86937530244e
SHA512 1a6da31aef152083f9f0f8ded271e2ff6ff30b407b13c1370f347a34014f4da3f06ca01256bcfc6691c71aeb2e7301d1042a3541129bd2f8c5493eb563829a0c

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 50d8dbd5e112411350eb3347873d4215
SHA1 efee681c7016efe3042b02056716f33838d6dda9
SHA256 4e0a981c87974c69bb16d964a51ffa05af9e0d85ba7c2441b43c69a231a4ee22
SHA512 d0e91f0af006b3a5dd15fe50a95862501438c0deb36a9e4bab4715e801f5a7b5d0f8cd5598cef8adb470c0d91c195148ff67d96447337caf5f9949dc4da0884d

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.appid.xml

MD5 b3710839636e96d3992df68157c57428
SHA1 8d4784ddc9e4cb156412780c6058e54c2b45ffcf
SHA256 3f21a2301d102c03e78ff253c09d2b10ed77dc61973f517c56793012f41ccf5f
SHA512 048e61a18b1025beb8fd6383aa611b4ebd680220a53087d2465c27a982bccf79982726248be4647735a7defc9509b70a741c62d05c001dcf63b9b5c64c8da573

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 47fcb6a312eea4d07eaffb398178d4df
SHA1 2f322b2755d3e26a7ae3a3e3d576e34694b35b74
SHA256 4c51a0163af05860ff9b3fc9840c3ec6ad85b14a013ffff91f5e4a95df63d399
SHA512 63e036ad924bb7f7b924e721f7c7ebd955bcb6d9f70c172c67b0979ae190ea9cca744c9896d0bf92f6f3b751faf04214c19259a3b1d447ae1ae54ff7259df6d6

/data/user/0/ir.shz.shzkisi/shared_prefs/com.google.android.gms.appid.xml

MD5 042b1872677987c1276d717d03e97b6b
SHA1 548345b9f1709fd8168ba69a01e08fd2b1166038
SHA256 92be050ffcdc12c072953631316a3c97009ca35da8fb830a2f2eb5158d1511cc
SHA512 da6089ba0e7dd5da15a02f7da1701aaaaf24e623f33fc9aec58d0544e0f1ea37062812f5da0a4c15a908fba7f9974219dc605655d63c554e9e8262a61ac7c643

/data/user/0/ir.shz.shzkisi/cache/2

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e