Malware Analysis Report

2025-01-19 05:58

Sample ID 231219-3w7f5ahhdl
Target 6f7b9b9139ffef3d0982ebe953c071c6b84c8815678ca59954cea2fea6421da4
SHA256 6f7b9b9139ffef3d0982ebe953c071c6b84c8815678ca59954cea2fea6421da4
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6f7b9b9139ffef3d0982ebe953c071c6b84c8815678ca59954cea2fea6421da4

Threat Level: Known bad

The file 6f7b9b9139ffef3d0982ebe953c071c6b84c8815678ca59954cea2fea6421da4 was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Declares services with permission to bind to the system

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-19 23:53

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. android.permission.BIND_WALLPAPER N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-19 23:52

Reported

2023-12-20 11:34

Platform

android-x86-arm-20231215-en

Max time kernel

2265008s

Max time network

130s

Command Line

rang.varang

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

rang.varang

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 shamimsoft.ir udp
FI 65.21.120.241:80 shamimsoft.ir tcp
US 1.1.1.1:53 api.tapsell.ir udp
IR 45.94.255.23:443 api.tapsell.ir tcp
US 1.1.1.1:53 srv.magnetadservices.com udp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 45.94.255.23:443 api.tapsell.ir tcp
IR 45.94.255.23:443 api.tapsell.ir tcp
IR 45.94.255.23:443 api.tapsell.ir tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 images.1iphone4wallpaper.com udp
US 1.1.1.1:53 androidwalls.net udp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
US 1.1.1.1:53 server.magnet.ir udp
IR 178.216.250.25:80 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:80 server.magnet.ir tcp
IR 178.216.250.25:80 server.magnet.ir tcp
IR 178.216.250.25:80 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
US 1.1.1.1:53 androidwalls.net udp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
US 1.1.1.1:53 iphonewalls.net udp
US 3.141.96.53:80 iphonewalls.net tcp
US 3.141.96.53:80 iphonewalls.net tcp
US 3.141.96.53:80 iphonewalls.net tcp
US 3.141.96.53:443 iphonewalls.net tcp
US 3.141.96.53:443 iphonewalls.net tcp
US 3.141.96.53:443 iphonewalls.net tcp
US 3.141.96.53:80 iphonewalls.net tcp
US 3.141.96.53:443 iphonewalls.net tcp
US 3.141.96.53:80 iphonewalls.net tcp
US 3.141.96.53:80 iphonewalls.net tcp
US 3.141.96.53:443 iphonewalls.net tcp
US 3.141.96.53:443 iphonewalls.net tcp
BE 173.194.76.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 tcp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 216.58.212.194:443 tcp
GB 142.250.200.46:443 tcp

Files

/storage/emulated/0/Android/data/com.Photokade/demo.png

MD5 d8a1f30362d43cca887f6cb7c883860f
SHA1 7a3756927f9f80798f4d47101c92c5cd72f7cd34
SHA256 558a9f92a85c457c9260865ba82414e6c9da9e2a7d13e6caf8d0158351fd957f
SHA512 a0d93b6446950f557cef1ce653b14046fb31c9aca581a9ef86afdf2db65d07e8ef289019369b15d538772cc8b9f58e449caeb3b41116eca464de44f8e96e03e2

/data/data/rang.varang/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/rang.varang/databases/evernote_jobs.db-journal

MD5 e68f0039013c723564d306eb52724a79
SHA1 d735bc06ae777fe56fba733e52a4c4990a513b76
SHA256 3310bab856b27b47c0494d9f6b98383d69ad25650b7e3dc7831b7ef7c879f1f1
SHA512 f25255b495b41d7c9fd55ea8d566e421ee6474e117345a2df369e0f0a6e93a5827b19cf9e59aaa8b80932e431987f4919ad346b6590b00ecaf0339b489300e23

/data/data/rang.varang/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/rang.varang/databases/evernote_jobs.db-wal

MD5 ff58352b2807acedebff7ae348722149
SHA1 d0cf121ff28db79bb31769b303241d47aeb921d6
SHA256 6dc1b75d81af03aac0a7a4229bb546f88025abf30b97149a3f64c5555dd68bd8
SHA512 a03df4d70d129ca7d3d1279b14a13e1e026a73c472bafb057ea0a41454db14b71e26feaac2669feef924d546b61f837080fde2c00129ce5260aa6f6a420e32ca

/data/data/rang.varang/databases/evernote_jobs.db-wal

MD5 0590f09b6aadd5ad0e000b28aa923dbd
SHA1 1698cc756ba26fbedf14d3d4a700aaa24a432b61
SHA256 6bf6545f22274917910eb6a59b8b66fbf9697c113d588a787f0408fbbd8bccab
SHA512 317cac949aca1a66927538b19be0c5f241efd77dcd7795a2a48d38fba9cba93aad1d0e385efcc72603f0e6eecaa702bcb46b9e6a58c422ebcf5246f68e3d4c04

/data/data/rang.varang/databases/evernote_jobs.db

MD5 c4a8a1ea6078821cdffc5e310b7c486f
SHA1 196a579db729e8b73e1a5e2beea08f6c1e2b01ef
SHA256 173f2af6a7fae5f8aa71471137124af04bf4d86043ac75e014731ee09be7ab20
SHA512 5dee706a95223fc3e29610417caf339072c53cc2023a6805de91940b721d8bc76e4d2144485abc5b4d9320b8c996d973351a191e973882f57a74310c188e8fe8

/data/data/rang.varang/databases/__pushe_base_lib_db-journal

MD5 6f346c5d67983edcf8e041396db2bc12
SHA1 54d6a274b03d898de537dcb3b35091f4e14e1e5b
SHA256 e1371001b51789382e3dca6c0769e942101ce356924d1cb2342c002fe5d26fd9
SHA512 e7fd8f91c8e627acb6e1cb99f5fd13cd8dd86bbe18123c1f03a256af6401c9e6e0abd6565cae21e38cb7b140ff9d0c5928fd5c85adb624a5c5b64297cab3c9cc

/data/data/rang.varang/databases/__pushe_base_lib_db-wal

MD5 b2d4e40a911ac10b03f0423c27d44ec0
SHA1 7288189c8423a47a652621e9df99ca3334ab0821
SHA256 f9269e1986b373d51551b845a4bf40f93ffddb7a7091958956985dc189369e65
SHA512 8c0c331afbd7a41af8548d58cf4ec7bb1fb1bcc3d2210ab1ec064229b5989d8946fb4b89ea0e0159d4754e2eeaeaecf6b8ce3db29e3aa3f4041e77472a6d7ef4

/data/data/rang.varang/databases/evernote_jobs.db-wal

MD5 df0729891b97d9860a1a4f09ec85a363
SHA1 9e57091ff733d4d2645f42f3a98d61fa1f714b5a
SHA256 dc152c76122206a36e0d97f9681410673be72418cac29c4051eba858c30caae8
SHA512 45f5e9ced964dc1ca8c3598d5b685b97216591d4d6c42cc8912026bef056a2d98328624ee0ec140339a654fccfcdb5c18543f078018f8d5d286c22d25341429a

/data/data/rang.varang/databases/evernote_jobs.db

MD5 2a893c6e238d567508dc8ce11b8ddb99
SHA1 82b0ca57dfa8d401bb35b9c1a49d8217dd992f39
SHA256 b399c62114a70ad95054bae6ea19f8cff9775c55a292cb7b91f3a117fef17b6f
SHA512 1933147a0c33759749efafd897c0bccd0af10aa7a93ec623b978b3277965a9e9e0689b93d80d37a1703185688550b3314c53d969e611b65a0d9c364bb696f7fd

/storage/emulated/0/Android/data/com.Photokade/demo.png-journal

MD5 521078bcde8c585067b5f03dd064143e
SHA1 d1bdb39dde0ec3167255ad2bb64262fbc9d87fa2
SHA256 f26aa72b8d27d24f61d9027d8cef635de59e509618171ed277ecc790baafa269
SHA512 5a43f55b713f9959018b258ee8e43c4fc31435eecb60bf48876026fc6a9a4585abc1503601a9359c690861e299e9d82c34882478a68c0b2a41ada7141c101c54

/storage/emulated/0/Android/data/com.Photokade/demo.png

MD5 8138889c3b12c9b52c890070ac537d65
SHA1 bdf9c249c71142ba16ca1d367845eba323995e01
SHA256 f7ad67862dde84b3379ada375620edcab7188c512d6dfe5433fedae636ce0584
SHA512 974cf0721fd324ec7d725ac3ca2f67f1be54c8303793cba303aaf431cc9c98379462874478cc0f7db678a60681f73176d693129c73c540657726eb74477b71c4

/storage/emulated/0/Android/data/com.Photokade/demo.png-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/rang.varang/files/fonts/bkoodb.ttf

MD5 2be5d53bd9404008e505c403b2af6d9c
SHA1 ee393eeb3e8cc8338126367a6dca01fe1a2569d3
SHA256 5fd93a626bda3e75f0ee6ce429f15acbd32cc5278b1d1d6fcf25a64ec693efc4
SHA512 df7da6e9bb2d10e421930ef70b7d943d2f983134cf9436723d203e79d4141ae283e032df2e6b4cb808d62f3ceaa3885b53a3e8e1e4bbe7f49833fff6ab493e73

/data/data/rang.varang/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/rang.varang/databases/evernote_jobs.db-wal

MD5 2ddc5fff5b462d6fd752e463a574f82d
SHA1 fee84d64f2a710efcd86cff091af42e6eb059036
SHA256 a73149657b5454e13a51e69a888424b9f242d10993aa1869be3b4c90748f261c
SHA512 8b88eb224f9a5787b86bb1bd559c883c7932e01d60ca497d1bd3bb17ccc3423145c18a16286d7df1fe707b6c40d4ee942672c38b4d2746af644c14a78cbc827b

/data/data/rang.varang/databases/evernote_jobs.db

MD5 191b0ce2194a1ba0814193af7602eb92
SHA1 5519af8cd8cdb185cc20274e0f7e0b3eec71c525
SHA256 faf437a9d17a07a08e5a21578a26b4fd271cec62d92534f72461e3f73bef0904
SHA512 7d14e74c79e595232e3020b4fbe6e7abee47a34cbfd51458c3e60615a2c8ae1105a7b70547f4953495d0380a108663a1579d9eb2a6ec70bcac86c890877df83a

/data/data/rang.varang/databases/evernote_jobs.db-wal

MD5 7cd525d2ddf3fd5268764c86aa7ac904
SHA1 149950b6ef9f72ba7253b29eb5e960eb162b432e
SHA256 6bf2fa150d7ffbc14d4dc50a3691d3084097e5f2ec5f2d5f377f70523612b766
SHA512 b88eda55d70e52e4d248d0e7c4958217e1036379a4fdac9dcf086e3ec0b487f3d56c5d1d970a3a28322dc6850fa2f8bbdd0f31fcf0471c8a15cbe87ea2a7c9af

/data/data/rang.varang/databases/evernote_jobs.db

MD5 f6bd5431140efc9968c4ce63af36fb34
SHA1 fc9aa6622f1e863f2f370b1a1725a73f8cc62e3e
SHA256 295564fdb200d70c0a1e0a947c61aaaf62468fe5df766feea421c3c7b0b58ba0
SHA512 ff4e6849a1cdce6c7788fd00b60ed106bbd72b5c8c509592086d7029873bdab8344a0f5212a2e6f0163c8a8be1c9d5bcfd232965a5e038a6bddac3d844da825b

/data/data/rang.varang/databases/evernote_jobs.db-wal

MD5 663a2d535a2bec6ad397befebc296877
SHA1 53d1132169ca64d1f4a46fe40c9886242db14ac0
SHA256 0b45b707639caa32fa9830c12cbcbcbf1723cc189ac4f6bfaa2a394674359f84
SHA512 b6e0ddfdfa183b41feebbf9179ca11ffd9faf69061aa27ae4c9be00a525836a584247e7ec86e8babf904856a43bfa1f139a0a3b62734c7ea6924039431950010

/data/data/rang.varang/databases/evernote_jobs.db

MD5 9c8804090d5ff7ba821ada2ade230f6a
SHA1 fecd991b3f1f6e0ee4157f3de56351a78a22bf22
SHA256 6c214cac78df23adbbf95a84ce659fa0d2eb76915562e65f97ed1d0584532090
SHA512 684f7fe4ff0f1a9cd3192a2f9a2043e51c8b7f0f772550f5a4f9ae33fe5bf719dfb4a5d70180a09490f8eca228ebe8a7e67290303b79e467bc8e83646594888b

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-19 23:52

Reported

2023-12-20 09:58

Platform

android-x64-20231215-en

Max time kernel

2259101s

Max time network

146s

Command Line

rang.varang

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

rang.varang

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 shamimsoft.ir udp
FI 65.21.120.241:80 shamimsoft.ir tcp
US 1.1.1.1:53 api.tapsell.ir udp
IR 45.94.254.25:443 api.tapsell.ir tcp
IR 45.94.254.25:443 api.tapsell.ir tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.169.66:443 tcp

Files

/storage/emulated/0/Android/data/com.Photokade/demo.png

MD5 d8a1f30362d43cca887f6cb7c883860f
SHA1 7a3756927f9f80798f4d47101c92c5cd72f7cd34
SHA256 558a9f92a85c457c9260865ba82414e6c9da9e2a7d13e6caf8d0158351fd957f
SHA512 a0d93b6446950f557cef1ce653b14046fb31c9aca581a9ef86afdf2db65d07e8ef289019369b15d538772cc8b9f58e449caeb3b41116eca464de44f8e96e03e2

/data/data/rang.varang/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/rang.varang/databases/evernote_jobs.db-journal

MD5 4ab1f451fe959eda9b9180577cb869c6
SHA1 0c17938b90acc17876e2d36922944d1ef47c6350
SHA256 161487da45723524495d86f48b4ec113d1769c1b844c9471f54fbead30c35557
SHA512 d701b7c9181e0dfa3c3c1838d495e7a41b07f1280177bc633d5abf82e3bfe0fe834761700af673163cfa91bffad23928b5c2463a257da3826b7987f1ee707685

/data/data/rang.varang/databases/evernote_jobs.db

MD5 00e829076f54c72b50b63fd6de296a03
SHA1 fbeb1b8be863931f98a7c29224a03b89f9616ab2
SHA256 c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df
SHA512 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc

/data/data/rang.varang/databases/evernote_jobs.db-journal

MD5 c59aeefe23df0897e397f44ac782177e
SHA1 26221b72e70ac74fe7c470a9bbf21c0ca38971c3
SHA256 eaf0b419fd83ec9374abee6670307df2ba2f92df17fd0db35c549269f146e67a
SHA512 ccad97dac62944096cf6bb072b7e2ea8348319bc04337daa93d9f8d3ba12b875cf638dbac97ab58a56cb9738c87e7a67e3e4a3acc2fa1e49cfa5c513f07df53c

/data/data/rang.varang/databases/evernote_jobs.db-journal

MD5 cbe85c492e76ff5e5023925ef2906c7d
SHA1 0db451dfe8bb96f33bd383e17e520e428c7d1690
SHA256 2e6a8f23b608bda92cc5c5b624182fdd700a57607694aede6a40224243698ba0
SHA512 81505ac114d39d3821d22d9093b678b123f69b9d462f9cc833c8916bd478dee9ffb69c9d028ba6ddf4d936f2cfef2dd5c0c214b23262e352aa81209f863eba1f

/data/data/rang.varang/databases/evernote_jobs.db-journal

MD5 2fc8fab639a218ed7400b403abd25dad
SHA1 3d86ac72f6cb1e7c999a9e7d97470dfb70cf3e62
SHA256 fe6d2e9a417da299cfc87e38a9e7b58d3e07002ff4f064ed0f8b67d05692d8f9
SHA512 a94a90c8af2cedb332844008aba58f061fd454a9f642e1ba30aafb2c00dc7510deae65c6920d1f7b3b43d5c5e88b299f7eb34ea593f0e2aae3cf4fd612896ce7

/data/data/rang.varang/databases/evernote_jobs.db

MD5 8489198258c795c9f05fa23acce69399
SHA1 c4fe3131da86f3e5c8fc99e90fc471baf72d8f5b
SHA256 64b66f7fb5d281fbf7ea6dfdb5d955dc33a1a36878fa7708296e1bc648b41b09
SHA512 7fd744d322b89d4aab576f76f1acd83d4ccdbbd73a7aac39f3183b08c899c4fb31c374b69a8a15f67135b3b8143b8583f41e7df442d1105a75285666e3da97ec

/data/data/rang.varang/databases/__pushe_base_lib_db-journal

MD5 f420a0dbd060b7b5e4aae2e55f071b62
SHA1 46c17bf9ba72e93253bb7c05c354a56c692bc203
SHA256 524b59103e9120c1c4fd6c3dbb24f1a079618a18e6ff4285f6245759adce6cd6
SHA512 9c2b3b5fc6e5d86a8df53b3d6497e888128f7b54f5347b3d54c3782b3e60f19eff965238cea983dfe1da7eaa3456b8596a5db297f43764bcc42693e575b27938

/data/data/rang.varang/databases/__pushe_base_lib_db

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/rang.varang/databases/__pushe_base_lib_db-journal

MD5 3ffa906e030ec0e4197330d0983e1a44
SHA1 47b2d9f51139bfedf8ab75cc193c08facb8c148f
SHA256 6d3776bb79c1c7351ef99cfeea7c573d472bf02b82ddda9e27232cd9f6dd1861
SHA512 cf1688ec9e0e9db83ff3a761014071a01230cb559a1ca6f5bd2c4958d4014cd954884dad6e5d0010f133f396e6d6c8fa2577c47597d93b96369b1b56d1c9b65f

/data/data/rang.varang/files/fonts/bkoodb.ttf

MD5 2be5d53bd9404008e505c403b2af6d9c
SHA1 ee393eeb3e8cc8338126367a6dca01fe1a2569d3
SHA256 5fd93a626bda3e75f0ee6ce429f15acbd32cc5278b1d1d6fcf25a64ec693efc4
SHA512 df7da6e9bb2d10e421930ef70b7d943d2f983134cf9436723d203e79d4141ae283e032df2e6b4cb808d62f3ceaa3885b53a3e8e1e4bbe7f49833fff6ab493e73

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-19 23:52

Reported

2023-12-20 09:58

Platform

android-x64-arm64-20231215-en

Max time kernel

2259104s

Max time network

140s

Command Line

rang.varang

Signatures

N/A

Processes

rang.varang

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.78:443 udp
FR 216.58.201.106:443 tcp
FR 216.58.201.106:443 tcp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

N/A