Analysis Overview
SHA256
6f7b9b9139ffef3d0982ebe953c071c6b84c8815678ca59954cea2fea6421da4
Threat Level: Known bad
The file 6f7b9b9139ffef3d0982ebe953c071c6b84c8815678ca59954cea2fea6421da4 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Declares services with permission to bind to the system
Requests dangerous framework permissions
Acquires the wake lock
Reads information about phone network operator.
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-19 23:53
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. | android.permission.BIND_WALLPAPER | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-19 23:52
Reported
2023-12-20 11:34
Platform
android-x86-arm-20231215-en
Max time kernel
2265008s
Max time network
130s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
rang.varang
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | shamimsoft.ir | udp |
| FI | 65.21.120.241:80 | shamimsoft.ir | tcp |
| US | 1.1.1.1:53 | api.tapsell.ir | udp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | images.1iphone4wallpaper.com | udp |
| US | 1.1.1.1:53 | androidwalls.net | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 1.1.1.1:53 | androidwalls.net | udp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 1.1.1.1:53 | iphonewalls.net | udp |
| US | 3.141.96.53:80 | iphonewalls.net | tcp |
| US | 3.141.96.53:80 | iphonewalls.net | tcp |
| US | 3.141.96.53:80 | iphonewalls.net | tcp |
| US | 3.141.96.53:443 | iphonewalls.net | tcp |
| US | 3.141.96.53:443 | iphonewalls.net | tcp |
| US | 3.141.96.53:443 | iphonewalls.net | tcp |
| US | 3.141.96.53:80 | iphonewalls.net | tcp |
| US | 3.141.96.53:443 | iphonewalls.net | tcp |
| US | 3.141.96.53:80 | iphonewalls.net | tcp |
| US | 3.141.96.53:80 | iphonewalls.net | tcp |
| US | 3.141.96.53:443 | iphonewalls.net | tcp |
| US | 3.141.96.53:443 | iphonewalls.net | tcp |
| BE | 173.194.76.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 216.58.212.194:443 | tcp | |
| GB | 142.250.200.46:443 | tcp |
Files
/storage/emulated/0/Android/data/com.Photokade/demo.png
| MD5 | d8a1f30362d43cca887f6cb7c883860f |
| SHA1 | 7a3756927f9f80798f4d47101c92c5cd72f7cd34 |
| SHA256 | 558a9f92a85c457c9260865ba82414e6c9da9e2a7d13e6caf8d0158351fd957f |
| SHA512 | a0d93b6446950f557cef1ce653b14046fb31c9aca581a9ef86afdf2db65d07e8ef289019369b15d538772cc8b9f58e449caeb3b41116eca464de44f8e96e03e2 |
/data/data/rang.varang/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/rang.varang/databases/evernote_jobs.db-journal
| MD5 | e68f0039013c723564d306eb52724a79 |
| SHA1 | d735bc06ae777fe56fba733e52a4c4990a513b76 |
| SHA256 | 3310bab856b27b47c0494d9f6b98383d69ad25650b7e3dc7831b7ef7c879f1f1 |
| SHA512 | f25255b495b41d7c9fd55ea8d566e421ee6474e117345a2df369e0f0a6e93a5827b19cf9e59aaa8b80932e431987f4919ad346b6590b00ecaf0339b489300e23 |
/data/data/rang.varang/databases/evernote_jobs.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/rang.varang/databases/evernote_jobs.db-wal
| MD5 | ff58352b2807acedebff7ae348722149 |
| SHA1 | d0cf121ff28db79bb31769b303241d47aeb921d6 |
| SHA256 | 6dc1b75d81af03aac0a7a4229bb546f88025abf30b97149a3f64c5555dd68bd8 |
| SHA512 | a03df4d70d129ca7d3d1279b14a13e1e026a73c472bafb057ea0a41454db14b71e26feaac2669feef924d546b61f837080fde2c00129ce5260aa6f6a420e32ca |
/data/data/rang.varang/databases/evernote_jobs.db-wal
| MD5 | 0590f09b6aadd5ad0e000b28aa923dbd |
| SHA1 | 1698cc756ba26fbedf14d3d4a700aaa24a432b61 |
| SHA256 | 6bf6545f22274917910eb6a59b8b66fbf9697c113d588a787f0408fbbd8bccab |
| SHA512 | 317cac949aca1a66927538b19be0c5f241efd77dcd7795a2a48d38fba9cba93aad1d0e385efcc72603f0e6eecaa702bcb46b9e6a58c422ebcf5246f68e3d4c04 |
/data/data/rang.varang/databases/evernote_jobs.db
| MD5 | c4a8a1ea6078821cdffc5e310b7c486f |
| SHA1 | 196a579db729e8b73e1a5e2beea08f6c1e2b01ef |
| SHA256 | 173f2af6a7fae5f8aa71471137124af04bf4d86043ac75e014731ee09be7ab20 |
| SHA512 | 5dee706a95223fc3e29610417caf339072c53cc2023a6805de91940b721d8bc76e4d2144485abc5b4d9320b8c996d973351a191e973882f57a74310c188e8fe8 |
/data/data/rang.varang/databases/__pushe_base_lib_db-journal
| MD5 | 6f346c5d67983edcf8e041396db2bc12 |
| SHA1 | 54d6a274b03d898de537dcb3b35091f4e14e1e5b |
| SHA256 | e1371001b51789382e3dca6c0769e942101ce356924d1cb2342c002fe5d26fd9 |
| SHA512 | e7fd8f91c8e627acb6e1cb99f5fd13cd8dd86bbe18123c1f03a256af6401c9e6e0abd6565cae21e38cb7b140ff9d0c5928fd5c85adb624a5c5b64297cab3c9cc |
/data/data/rang.varang/databases/__pushe_base_lib_db-wal
| MD5 | b2d4e40a911ac10b03f0423c27d44ec0 |
| SHA1 | 7288189c8423a47a652621e9df99ca3334ab0821 |
| SHA256 | f9269e1986b373d51551b845a4bf40f93ffddb7a7091958956985dc189369e65 |
| SHA512 | 8c0c331afbd7a41af8548d58cf4ec7bb1fb1bcc3d2210ab1ec064229b5989d8946fb4b89ea0e0159d4754e2eeaeaecf6b8ce3db29e3aa3f4041e77472a6d7ef4 |
/data/data/rang.varang/databases/evernote_jobs.db-wal
| MD5 | df0729891b97d9860a1a4f09ec85a363 |
| SHA1 | 9e57091ff733d4d2645f42f3a98d61fa1f714b5a |
| SHA256 | dc152c76122206a36e0d97f9681410673be72418cac29c4051eba858c30caae8 |
| SHA512 | 45f5e9ced964dc1ca8c3598d5b685b97216591d4d6c42cc8912026bef056a2d98328624ee0ec140339a654fccfcdb5c18543f078018f8d5d286c22d25341429a |
/data/data/rang.varang/databases/evernote_jobs.db
| MD5 | 2a893c6e238d567508dc8ce11b8ddb99 |
| SHA1 | 82b0ca57dfa8d401bb35b9c1a49d8217dd992f39 |
| SHA256 | b399c62114a70ad95054bae6ea19f8cff9775c55a292cb7b91f3a117fef17b6f |
| SHA512 | 1933147a0c33759749efafd897c0bccd0af10aa7a93ec623b978b3277965a9e9e0689b93d80d37a1703185688550b3314c53d969e611b65a0d9c364bb696f7fd |
/storage/emulated/0/Android/data/com.Photokade/demo.png-journal
| MD5 | 521078bcde8c585067b5f03dd064143e |
| SHA1 | d1bdb39dde0ec3167255ad2bb64262fbc9d87fa2 |
| SHA256 | f26aa72b8d27d24f61d9027d8cef635de59e509618171ed277ecc790baafa269 |
| SHA512 | 5a43f55b713f9959018b258ee8e43c4fc31435eecb60bf48876026fc6a9a4585abc1503601a9359c690861e299e9d82c34882478a68c0b2a41ada7141c101c54 |
/storage/emulated/0/Android/data/com.Photokade/demo.png
| MD5 | 8138889c3b12c9b52c890070ac537d65 |
| SHA1 | bdf9c249c71142ba16ca1d367845eba323995e01 |
| SHA256 | f7ad67862dde84b3379ada375620edcab7188c512d6dfe5433fedae636ce0584 |
| SHA512 | 974cf0721fd324ec7d725ac3ca2f67f1be54c8303793cba303aaf431cc9c98379462874478cc0f7db678a60681f73176d693129c73c540657726eb74477b71c4 |
/storage/emulated/0/Android/data/com.Photokade/demo.png-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/rang.varang/files/fonts/bkoodb.ttf
| MD5 | 2be5d53bd9404008e505c403b2af6d9c |
| SHA1 | ee393eeb3e8cc8338126367a6dca01fe1a2569d3 |
| SHA256 | 5fd93a626bda3e75f0ee6ce429f15acbd32cc5278b1d1d6fcf25a64ec693efc4 |
| SHA512 | df7da6e9bb2d10e421930ef70b7d943d2f983134cf9436723d203e79d4141ae283e032df2e6b4cb808d62f3ceaa3885b53a3e8e1e4bbe7f49833fff6ab493e73 |
/data/data/rang.varang/cache/image_manager_disk_cache/journal.tmp
| MD5 | 8c92de9ce46d41a22f3b20f77404cc1d |
| SHA1 | 8671a6dca00edb72be47363a7071be65cf270373 |
| SHA256 | 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274 |
| SHA512 | 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56 |
/data/data/rang.varang/databases/evernote_jobs.db-wal
| MD5 | 2ddc5fff5b462d6fd752e463a574f82d |
| SHA1 | fee84d64f2a710efcd86cff091af42e6eb059036 |
| SHA256 | a73149657b5454e13a51e69a888424b9f242d10993aa1869be3b4c90748f261c |
| SHA512 | 8b88eb224f9a5787b86bb1bd559c883c7932e01d60ca497d1bd3bb17ccc3423145c18a16286d7df1fe707b6c40d4ee942672c38b4d2746af644c14a78cbc827b |
/data/data/rang.varang/databases/evernote_jobs.db
| MD5 | 191b0ce2194a1ba0814193af7602eb92 |
| SHA1 | 5519af8cd8cdb185cc20274e0f7e0b3eec71c525 |
| SHA256 | faf437a9d17a07a08e5a21578a26b4fd271cec62d92534f72461e3f73bef0904 |
| SHA512 | 7d14e74c79e595232e3020b4fbe6e7abee47a34cbfd51458c3e60615a2c8ae1105a7b70547f4953495d0380a108663a1579d9eb2a6ec70bcac86c890877df83a |
/data/data/rang.varang/databases/evernote_jobs.db-wal
| MD5 | 7cd525d2ddf3fd5268764c86aa7ac904 |
| SHA1 | 149950b6ef9f72ba7253b29eb5e960eb162b432e |
| SHA256 | 6bf2fa150d7ffbc14d4dc50a3691d3084097e5f2ec5f2d5f377f70523612b766 |
| SHA512 | b88eda55d70e52e4d248d0e7c4958217e1036379a4fdac9dcf086e3ec0b487f3d56c5d1d970a3a28322dc6850fa2f8bbdd0f31fcf0471c8a15cbe87ea2a7c9af |
/data/data/rang.varang/databases/evernote_jobs.db
| MD5 | f6bd5431140efc9968c4ce63af36fb34 |
| SHA1 | fc9aa6622f1e863f2f370b1a1725a73f8cc62e3e |
| SHA256 | 295564fdb200d70c0a1e0a947c61aaaf62468fe5df766feea421c3c7b0b58ba0 |
| SHA512 | ff4e6849a1cdce6c7788fd00b60ed106bbd72b5c8c509592086d7029873bdab8344a0f5212a2e6f0163c8a8be1c9d5bcfd232965a5e038a6bddac3d844da825b |
/data/data/rang.varang/databases/evernote_jobs.db-wal
| MD5 | 663a2d535a2bec6ad397befebc296877 |
| SHA1 | 53d1132169ca64d1f4a46fe40c9886242db14ac0 |
| SHA256 | 0b45b707639caa32fa9830c12cbcbcbf1723cc189ac4f6bfaa2a394674359f84 |
| SHA512 | b6e0ddfdfa183b41feebbf9179ca11ffd9faf69061aa27ae4c9be00a525836a584247e7ec86e8babf904856a43bfa1f139a0a3b62734c7ea6924039431950010 |
/data/data/rang.varang/databases/evernote_jobs.db
| MD5 | 9c8804090d5ff7ba821ada2ade230f6a |
| SHA1 | fecd991b3f1f6e0ee4157f3de56351a78a22bf22 |
| SHA256 | 6c214cac78df23adbbf95a84ce659fa0d2eb76915562e65f97ed1d0584532090 |
| SHA512 | 684f7fe4ff0f1a9cd3192a2f9a2043e51c8b7f0f772550f5a4f9ae33fe5bf719dfb4a5d70180a09490f8eca228ebe8a7e67290303b79e467bc8e83646594888b |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-19 23:52
Reported
2023-12-20 09:58
Platform
android-x64-20231215-en
Max time kernel
2259101s
Max time network
146s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
rang.varang
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | shamimsoft.ir | udp |
| FI | 65.21.120.241:80 | shamimsoft.ir | tcp |
| US | 1.1.1.1:53 | api.tapsell.ir | udp |
| IR | 45.94.254.25:443 | api.tapsell.ir | tcp |
| IR | 45.94.254.25:443 | api.tapsell.ir | tcp |
| GB | 216.58.212.228:443 | tcp | |
| GB | 216.58.212.228:443 | tcp | |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.66:443 | tcp |
Files
/storage/emulated/0/Android/data/com.Photokade/demo.png
| MD5 | d8a1f30362d43cca887f6cb7c883860f |
| SHA1 | 7a3756927f9f80798f4d47101c92c5cd72f7cd34 |
| SHA256 | 558a9f92a85c457c9260865ba82414e6c9da9e2a7d13e6caf8d0158351fd957f |
| SHA512 | a0d93b6446950f557cef1ce653b14046fb31c9aca581a9ef86afdf2db65d07e8ef289019369b15d538772cc8b9f58e449caeb3b41116eca464de44f8e96e03e2 |
/data/data/rang.varang/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/rang.varang/databases/evernote_jobs.db-journal
| MD5 | 4ab1f451fe959eda9b9180577cb869c6 |
| SHA1 | 0c17938b90acc17876e2d36922944d1ef47c6350 |
| SHA256 | 161487da45723524495d86f48b4ec113d1769c1b844c9471f54fbead30c35557 |
| SHA512 | d701b7c9181e0dfa3c3c1838d495e7a41b07f1280177bc633d5abf82e3bfe0fe834761700af673163cfa91bffad23928b5c2463a257da3826b7987f1ee707685 |
/data/data/rang.varang/databases/evernote_jobs.db
| MD5 | 00e829076f54c72b50b63fd6de296a03 |
| SHA1 | fbeb1b8be863931f98a7c29224a03b89f9616ab2 |
| SHA256 | c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df |
| SHA512 | 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc |
/data/data/rang.varang/databases/evernote_jobs.db-journal
| MD5 | c59aeefe23df0897e397f44ac782177e |
| SHA1 | 26221b72e70ac74fe7c470a9bbf21c0ca38971c3 |
| SHA256 | eaf0b419fd83ec9374abee6670307df2ba2f92df17fd0db35c549269f146e67a |
| SHA512 | ccad97dac62944096cf6bb072b7e2ea8348319bc04337daa93d9f8d3ba12b875cf638dbac97ab58a56cb9738c87e7a67e3e4a3acc2fa1e49cfa5c513f07df53c |
/data/data/rang.varang/databases/evernote_jobs.db-journal
| MD5 | cbe85c492e76ff5e5023925ef2906c7d |
| SHA1 | 0db451dfe8bb96f33bd383e17e520e428c7d1690 |
| SHA256 | 2e6a8f23b608bda92cc5c5b624182fdd700a57607694aede6a40224243698ba0 |
| SHA512 | 81505ac114d39d3821d22d9093b678b123f69b9d462f9cc833c8916bd478dee9ffb69c9d028ba6ddf4d936f2cfef2dd5c0c214b23262e352aa81209f863eba1f |
/data/data/rang.varang/databases/evernote_jobs.db-journal
| MD5 | 2fc8fab639a218ed7400b403abd25dad |
| SHA1 | 3d86ac72f6cb1e7c999a9e7d97470dfb70cf3e62 |
| SHA256 | fe6d2e9a417da299cfc87e38a9e7b58d3e07002ff4f064ed0f8b67d05692d8f9 |
| SHA512 | a94a90c8af2cedb332844008aba58f061fd454a9f642e1ba30aafb2c00dc7510deae65c6920d1f7b3b43d5c5e88b299f7eb34ea593f0e2aae3cf4fd612896ce7 |
/data/data/rang.varang/databases/evernote_jobs.db
| MD5 | 8489198258c795c9f05fa23acce69399 |
| SHA1 | c4fe3131da86f3e5c8fc99e90fc471baf72d8f5b |
| SHA256 | 64b66f7fb5d281fbf7ea6dfdb5d955dc33a1a36878fa7708296e1bc648b41b09 |
| SHA512 | 7fd744d322b89d4aab576f76f1acd83d4ccdbbd73a7aac39f3183b08c899c4fb31c374b69a8a15f67135b3b8143b8583f41e7df442d1105a75285666e3da97ec |
/data/data/rang.varang/databases/__pushe_base_lib_db-journal
| MD5 | f420a0dbd060b7b5e4aae2e55f071b62 |
| SHA1 | 46c17bf9ba72e93253bb7c05c354a56c692bc203 |
| SHA256 | 524b59103e9120c1c4fd6c3dbb24f1a079618a18e6ff4285f6245759adce6cd6 |
| SHA512 | 9c2b3b5fc6e5d86a8df53b3d6497e888128f7b54f5347b3d54c3782b3e60f19eff965238cea983dfe1da7eaa3456b8596a5db297f43764bcc42693e575b27938 |
/data/data/rang.varang/databases/__pushe_base_lib_db
| MD5 | ea628e04765adaf4238a5dcdff4bbd51 |
| SHA1 | a801947619ea8c368efe9c006a324dc6339ac60b |
| SHA256 | 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4 |
| SHA512 | c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe |
/data/data/rang.varang/databases/__pushe_base_lib_db-journal
| MD5 | 3ffa906e030ec0e4197330d0983e1a44 |
| SHA1 | 47b2d9f51139bfedf8ab75cc193c08facb8c148f |
| SHA256 | 6d3776bb79c1c7351ef99cfeea7c573d472bf02b82ddda9e27232cd9f6dd1861 |
| SHA512 | cf1688ec9e0e9db83ff3a761014071a01230cb559a1ca6f5bd2c4958d4014cd954884dad6e5d0010f133f396e6d6c8fa2577c47597d93b96369b1b56d1c9b65f |
/data/data/rang.varang/files/fonts/bkoodb.ttf
| MD5 | 2be5d53bd9404008e505c403b2af6d9c |
| SHA1 | ee393eeb3e8cc8338126367a6dca01fe1a2569d3 |
| SHA256 | 5fd93a626bda3e75f0ee6ce429f15acbd32cc5278b1d1d6fcf25a64ec693efc4 |
| SHA512 | df7da6e9bb2d10e421930ef70b7d943d2f983134cf9436723d203e79d4141ae283e032df2e6b4cb808d62f3ceaa3885b53a3e8e1e4bbe7f49833fff6ab493e73 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-19 23:52
Reported
2023-12-20 09:58
Platform
android-x64-arm64-20231215-en
Max time kernel
2259104s
Max time network
140s
Command Line
Signatures
Processes
rang.varang
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.78:443 | udp | |
| FR | 216.58.201.106:443 | tcp | |
| FR | 216.58.201.106:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |