Malware Analysis Report

2025-01-19 06:25

Sample ID 231220-byf86seehk
Target 78f8f0bf0641079e3dc8444588230292daf9852d3b452f8214e4ec222d40c3e0
SHA256 78f8f0bf0641079e3dc8444588230292daf9852d3b452f8214e4ec222d40c3e0
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

78f8f0bf0641079e3dc8444588230292daf9852d3b452f8214e4ec222d40c3e0

Threat Level: Known bad

The file 78f8f0bf0641079e3dc8444588230292daf9852d3b452f8214e4ec222d40c3e0 was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Acquires the wake lock

Requests cell location

Requests dangerous framework permissions

Reads information about phone network operator.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-20 01:33

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-20 01:32

Reported

2023-12-20 18:16

Platform

android-x64-arm64-20231215-en

Max time kernel

2289015s

Max time network

151s

Command Line

ashki.shirvakhavasan

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Processes

ashki.shirvakhavasan

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 udp
GB 142.250.200.46:443 udp
GB 142.250.178.10:443 tcp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 2699f3bfbaed48048fa00053fb350dae.s.adad.ir udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
BE 173.194.76.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
US 1.1.1.1:53 4.ifcfg.me udp
US 34.172.225.131:80 4.ifcfg.me tcp
US 34.172.225.131:80 4.ifcfg.me tcp
US 34.172.225.131:80 4.ifcfg.me tcp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ca.pushe.ir udp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
GB 172.217.169.36:443 www.google.com tcp

Files

/data/user/0/ashki.shirvakhavasan/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db-journal

MD5 6718ccdc030143273ddbb815e2271e03
SHA1 8dd658bc7bd18f789c49e5e221735f9dba144367
SHA256 36543cfce99eac4556e6b65824ab382218e01e440f78c3617451cff6bbe52607
SHA512 b3d602323f14460394cdeee33ce73dc164c0dbc213c5d6808a8b010b2cb510965022d9fa5fcd0d1f5593176f12d7e9c608ed8471b83590a4210ea8a894f0f015

/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 520b324339bc541aa166437776f8f844
SHA1 09bbf459c4102a341897b2d227f3b99fd5fd9f60
SHA256 fa1f4bfd86170104b8ead147da53735afa2182c930878f98740a4c1f0f20ebca
SHA512 4d91fe84a338671b1bcca164790faaffa8d2029478354f26bdf7a693da1f62f89926e0a34637d664f48afe2b1cf9647139065014f8b71db4a923d575bb571ff1

/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db-journal

MD5 9d69851b8ff14c288cb67f856f0cc75a
SHA1 0a4bc80ad73894f24ae2773a7524c028d6f8757d
SHA256 0ca5491feddf6619d0ec76cd31a86272b4f4091c84be6d89b5b6c1ed4edd7909
SHA512 7d434374b510745b4094f7e28d26545f6b396c9b87ef19553b78d1e309cc78184a939abe7c8fcb564d36f86b949d5a4b82ac0f4ea324f83db337e7aaf44bdd0f

/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db-journal

MD5 844142b8fa38b53267193e4b8a43e54a
SHA1 bbbac503fd2417b62ede346f46d6d65e816c65ab
SHA256 70229520ff681233d6f930b8645823b282fe1904427060d5c8357c582096f15d
SHA512 a8608d525f7b88101bcaf78d5204a482e8edfb3e677ca49974424b4dcb648388456049d29cb3949155069a96af389c657dd2583fe1aa4dc0dcb99ddc02f3ef5a

/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db-journal

MD5 f43accab365fb0a660bad245302000eb
SHA1 bb5feaf760a741025b2797c927fd816a78e0ebd7
SHA256 8ed11bba23c9f55e69432c7c851f7d2c6e266066d388ca722a494ba72cdce3b7
SHA512 9f58ed3b08b3491de6e5f4d7982bfd3fc86f44c9cf5ff45acca738ca042277b472441fd18268670c1aeabfdfb95f791b5be45d657476d81af2c75ff7168c3e99

/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 38b23345750885d8c992962e51b3ee97
SHA1 0ba73c2fcfd17ea76dcf2fd193b8e28fecf6968c
SHA256 13fa023c4825a416e9402a9a5562748a0ca35d398cbf8e25be6117804a6cdd94
SHA512 7653c4821c5de9ebae4c810d83cdd50ac455058f9144c3fe9b11d07963acd4cd9d2d3ca2088e408fe64356ba904b84a6ec72458c3ef2c664880e85750535c32c

/data/user/0/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal

MD5 c996140ae870030bd0bc87f3b38e370c
SHA1 7d75294927221117b6f420dff155b5e27de0630f
SHA256 c71e94b62eb194f81ce3f2859e5b3f778430a276f900772f90f2bafdb0169046
SHA512 37380df701fcbf0b86cd86392b0de19e3b6db34fe4b0e87d7b503200580ba87b6b5677a993ef42f421418b82e2f99574262c18f73f15154f839ddf141e5c62aa

/data/user/0/ashki.shirvakhavasan/databases/__pushe_base_lib_db

MD5 2cdf77d5c14dd3f313b60c691579a0b9
SHA1 6a74a7a3170cabead82152871c90749afdd6f310
SHA256 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0
SHA512 eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c

/data/user/0/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal

MD5 557976c6bba7db1deb514cabb65b4a8d
SHA1 6b5f9c61889c10b78a17e5b35487f8bb65d93c65
SHA256 acd9a7e3fe9e4761169b31d452f3bbc02c55be40448236db33a4b8c6fdc99a8a
SHA512 df765f7178f211ae3590f264d86451d46a0f1e401a015c27924e2622c06423800d2a7ff0c8a2bd2a2913af9cd3843c85398148ff0aed1e230f06239c652530b2

/data/user/0/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal

MD5 436deba12095ca91e301b8559871d727
SHA1 614bf4fa93a9626357d2959aa0fe458d0b1be382
SHA256 c3fab95af70fa2f4c227cff0c7bd0bfb64069711b14ce1e0564bab2585b02de8
SHA512 72698e402ebd29ac555a85360d2c12113069616f103619ce5a4449d2e7c16b6777a2a2242687a7b4f45c54e69a7e60fe2894fae54c98d0bd7dcb62b7292f28ab

/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db-journal

MD5 388141a1f322899c06ef023f61f50601
SHA1 a929972990617ff71181dd73673f155bb1e07327
SHA256 00665f3566497e9d90eb762becc078e283e99a277adadde9320387ef58338615
SHA512 ff59a0db8306c9b0c432d5f4edce905d4f473fbba1042e01c292677ebf23ee83daf8022b5e2a1050c7962f5bc14d4f25f32b89a88932f0ffa9961358e9093d79

/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 600e4f2775725a0e2c84f74d93a52e7d
SHA1 df412effa42e9fe04d3ccf165f503f9938c70c5c
SHA256 6b72e5054f70e03658b568ddda87d3dfcbe6aa55ba0fa3ca2083b4b6d444b44e
SHA512 8851214768638bf33260bc4a4dec06ace57a2250de6a4c2f228e804fdc1cef2aecd9ef56696f1447280b4619d35ee779d0cc6ee8467d4655509a20f57c408806

/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db-journal

MD5 efef0121f8d41efeddae61ed88d7f65d
SHA1 08604fe590bf23efc173654b7a8ead8f7abcb3b8
SHA256 bbafa644314ef3ba524e884e55ba2275b2136cadcb8cc4eb0d3b430a23368244
SHA512 cf5b53e5df7e69ff2fff2b51b133b114414b8a1ce483798efeb80a053f26cb08cb5e1e4bae95ca36e094fc6f5870f76875a27c23b4e60cb70af167b700a65570

/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 0634df3f2dbdd5bb9b1173a5629e6136
SHA1 e4a24f5a4de667e7badedf168d9753ea7857ef5f
SHA256 f6c581532a6fae6018531bd46baa7d70bcee03d72c2096700eafe6fce849bc51
SHA512 48725c38c963242a47da2cff3ff94b4537475d57c6835fb0d1045606b2493d0778c82dc3c7872d8b7fc738f75733e922815e7ff012212eb8a2c1f8d7fe5bdb6b

/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 1cdb59ad6dd29dc1ca1d5d7cfbf78448
SHA1 a37e39a8bb0d812c30e888d5d5a7027771deecc8
SHA256 4caaab96c0db02c3ecafea3f406533bc6900726b3d95d0ad08dd7a45b5094913
SHA512 521dac17cd47b68388e439c9c14efb316f99833de563c02abbe545b06dcdd96d5bc1e0bb8c2b52af6bc0f50aea81b7cf6b02891f26484ed0f9e1b96a85030773

/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 67520de689bd4d9be7346242282ac0f1
SHA1 050f51296356d8bd2cecb9036fed1b1d53e782f7
SHA256 4da94fc2136ef773f5aa543dad56ab8c168d23c878c3a2f46af60f9f8d8ca5a3
SHA512 f171b5fd117a461864a6e7ad0ddbaa6f1d56e2381a8f21567aa5bca236830459ed09d44267a33600d56af930ca165bb7097f54b893d4206ef321cb12eeda2859

/data/user/0/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal

MD5 54edd4becc2a08b044c57ac7d2021a13
SHA1 74dab806f214b337f1b014919879ed887ba84e16
SHA256 3699738720d30c7b557850de7b8823296b34156d00e06749acd7d73976896ce5
SHA512 9dbd6a5e9491b868b1d506ea8f1ffa644178e2693d34728a0f7767216b4e355dfc4e4ec5e58eed5a0a6573780f7c5594e06516e420631e915ceeb699cae6d15a

/data/user/0/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal

MD5 735b39f7ba4bd2c1bef1c6ad90b67636
SHA1 6d4f31cc20628a8e1ae163aa8b38d20266ab2fe1
SHA256 06b0a9233bde67de50c124b341c180c98162d82a0d4fa1c8c610774ef10bff64
SHA512 deab35c20791356ed16d145a53ac335b83e336510861fb91a6fe6133a4e25b1a9b20a9135d0438c8fe9459639c10a671b818b36dd80b4634318b700b26450696

/data/user/0/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal

MD5 6db7ed124b089f097be2ab53a599e0ae
SHA1 d1968a5bd2f5689da80cc4f22608f04dae15bd4a
SHA256 44c6abda409e73b6c8db166c5c8863fdd4e114497fcf61c8f63abbfd4b623bc1
SHA512 ace58e0ffc2254921e73117e3d55e8a284a6d359ba6bc5a97be738e7c532f290fcda0a7ac8de76535aea1a9280e0cabbcbd99b427cc019371093c60c55ba76c7

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-20 01:32

Reported

2023-12-21 02:07

Platform

android-x86-arm-20231215-en

Max time kernel

2317262s

Max time network

154s

Command Line

ashki.shirvakhavasan

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Processes

ashki.shirvakhavasan

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 2699f3bfbaed48048fa00053fb350dae.s.adad.ir udp
US 1.1.1.1:53 2699f3bfbaed48048fa00053fb350dae.s.adad.ir udp
US 1.1.1.1:53 2699f3bfbaed48048fa00053fb350dae.s.adad.ir udp
FR 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
FR 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 2699f3bfbaed48048fa00053fb350dae.s.adad.ir udp
BE 64.233.167.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.4:443 tcp
FR 216.58.204.68:443 www.google.com tcp
FR 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 4.ifcfg.me udp
US 34.172.225.131:80 4.ifcfg.me tcp
US 1.1.1.1:53 ca.pushe.ir udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.4:443 www.google.com tcp
US 1.1.1.1:53 abjoykosaeybse udp
US 1.1.1.1:53 ycjdongsxiyx udp
US 1.1.1.1:53 cwmukamb udp

Files

/data/data/ashki.shirvakhavasan/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-journal

MD5 cd3b65423cbffb43994603aed02a56da
SHA1 f803ed58604761bbc0e71168048166987689735c
SHA256 1027cedece0e2be9beb432ac504361f6215abc9f2ce73b38c1ad5eb26396591f
SHA512 b307e4d0ecc049e1d675e98b413ad53a79c93aa2324c6cf49b2d5b8ee8d96484cb1fb02c0ddaa1ac991dcdb78a2e55b54fee176cff7d54073f7764d81868f36d

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 978fdf85b8448e3a7c9015e51477eb49
SHA1 793bb88398dc9457935a4416638d5ed3974baf19
SHA256 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92
SHA512 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-wal

MD5 46bc0e404d209efc3bdb1c4b871c7372
SHA1 fbe228a31ae21245b9bbe43800aa57a589057df8
SHA256 fcc8e59c2385a30f32bdffff2ce9cd54f30d2820e244f575791d1446f7ebd3ca
SHA512 f3c39e5ed3f9eb3b30e039595b87f3841f50337447b983885d864dfe3039af25bdd28130c45d16ce0dedbc899b8657f4fef1e6af4e86997a7471c0d4db1f1f73

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-wal

MD5 708c55cd08218304d4d778df6925ee24
SHA1 c632c54600870ffda9f0f63c877c295e9597290c
SHA256 d342a835077c0cf1692f9b4c98fc6ad315c448a093eb72eaa0e753cf67a159e4
SHA512 e347d6c1dab993ee282437aaab0625b1c1466e67ef05a22c46917648bc9e2f1488c4fa1c0712c163653f7f697e218c96509b0e990f784399f19cdbf2dd33554e

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 765dcf5b258e6ffe1c81b9aa35f7f6f8
SHA1 414d26deeae891f9bdd6c9f277975c353d1c39f6
SHA256 11bce6e8cd5d705336f0ac99e7ac6b1d7b755ace0bd0425849696c00be96399e
SHA512 5971cf2d62f4eec4161db1cdf2ef54c5ad704bcaada02988e3faef275dec7725e820685db26d38a1f6bce47d4ba2e9a05207d4cc93c95f085069bfcf82bcc2cf

/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal

MD5 edead0a1084a8ba1d6e3a69ed45d6019
SHA1 c6b0e2c4b71114787dbdd589e4ce955496a03e8f
SHA256 a41baaed1d8de979e6cb82833ff83b05c44453733a220e6ea6c0c9e8c51e6513
SHA512 13de89c1926fc11fcf50b29088b935976bcf0eddbdf9b2797b9fe2bddd87f50844e9e1556990e733a662f0ace726854c1402896d022d46b648a384d97b20c478

/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db-wal

MD5 14410fc094182818dafe1fe0611000e8
SHA1 1c106147ba6dc2ad1a5393e6c34ab0ea93db9d7c
SHA256 a48cb45f7158b68212096387b092c60ac139a9d5d911d6189f75b2cbee7a5ca4
SHA512 9b53baa1cac1eafa6847625aeb5622ac051f6d945fb3935e772b949da5a0ee2d5a361448e1f961d3f43f9508cc260cdbdbd547436ce14b814d0df50c160cfa82

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-wal

MD5 356e49560302aca4dfb152e58dd539e3
SHA1 66904f1deedb86f0bb10aac6820692373e14b1fa
SHA256 85885a7504db7a761262fad7473514ad6fc9d641d76ad325a4f8faf0f6680177
SHA512 45cd08acdb95c368e629d39549327b1c8fa6eb035a57f56dbb83b2ca928e5759572c5e20ac9230a425a38116fd33d069d1eff3f7a93a3de410d1384c7f376c40

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-wal

MD5 0c93c82076e9d504e6194076c499c184
SHA1 832ae16617c78b9ab2e90b8f8f48cdfec2357454
SHA256 b2b023cf69b42672d78bd6d1ab011a632fbf746f72f0c2f7c79948859b8ed44a
SHA512 caecfd4fc6d9dfe11c9f4175e6b4c0450bafefc44fadde889bd0df151e9b711f6dd4b16e6a9571d657e366aba1680e7cda9801af25b77337c3343ee822e8143c

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 4c38de06309c2de906e75117506b5019
SHA1 4fb26d9fca6407ee629a493f29d85a2f91150fa2
SHA256 c8e91190aa1ab31f0ec7891b9cff4e97625bca987866a6a4db9dfefe4b5bb873
SHA512 ec63f418c7e1259a237ad38839b641856c5bfb8b800ed5d3a3a9d36bb9d7f5a594d090527e2431b1868a7089181e8250e4aace0e3991367f26e9afeb9cb47e30

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-wal

MD5 bde4f201d85a01dbb9d30de026385f1d
SHA1 fc15fae92bfecb311d91d3d6c9342404e48b5a43
SHA256 2c8d7672172dd5d942b764a180b5c812b53d23b050f67ed855f0af32fcc39c94
SHA512 248ba1af37f3fccf8229fe9a18816fa155287b6544feb27d2b67c6d0b3c46b5ca942397bb4fc6761737cc7ebbc673d527e55b1753e3ad870c1f41ad8d1188f71

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 72b244a4b17f10eb78c18c8787078aa9
SHA1 e05f17650d96fb8567d75742d1c0519156e277ac
SHA256 38ce86fcf16dcea967b4416de67e1e60696674def12a25acf51f723022326c52
SHA512 ee57c77af84eba76c1a46a5fc16dfe887894101c5805a9ed7310ce7662c17ebe839c3f7124e31ae785cb1a7145ec365465a3f19feb47ec3b66169160ecab043b

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 f5606e9735fd98a3fba167007a718dde
SHA1 6c0b02d44c79ebc80a6c30d860dff538f2acd812
SHA256 b99355e89a188aa2ee341646271916ccb3f50b0cadcbec185a3f352f38cf1e87
SHA512 b934e392a9d7feaa46dbd0dcacc5b59392443342ae8c31122feb518b7e5f384f77f705294f470cdaf8fcc6a0e3b8f044b9abc6cb86731297e7c7ca198b574ca8

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-20 01:32

Reported

2023-12-20 18:16

Platform

android-x64-20231215-en

Max time kernel

2289021s

Max time network

148s

Command Line

ashki.shirvakhavasan

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Processes

ashki.shirvakhavasan

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 2699f3bfbaed48048fa00053fb350dae.s.adad.ir udp
US 1.1.1.1:53 2699f3bfbaed48048fa00053fb350dae.s.adad.ir udp
US 1.1.1.1:53 2699f3bfbaed48048fa00053fb350dae.s.adad.ir udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 2699f3bfbaed48048fa00053fb350dae.s.adad.ir udp
BE 142.250.110.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
US 1.1.1.1:53 4.ifcfg.me udp
US 34.172.225.131:80 4.ifcfg.me tcp
US 1.1.1.1:53 ca.pushe.ir udp
GB 172.217.169.42:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 216.58.212.228:443 www.google.com tcp
GB 142.250.187.206:443 tcp
FR 216.58.201.98:443 tcp

Files

/data/data/ashki.shirvakhavasan/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-journal

MD5 d6094b9e2bb4805038e9c3f74b5a6142
SHA1 f13598d549aed722fa20d8b2f7e0550b34d681b5
SHA256 249f9110abfb79bfed3c94368c69312567e5a8cde95453b9e9e43c2af190b35d
SHA512 5e627ec5125a860cde77922e879c85985869aab9e883376caccb40a7a3ec878b32c7bd6dd34c4f885967bd5a14ded65e420312b51dfe4a6de31283710aa96cb9

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 ee2bdf49e44588e4361fd619eb0496b6
SHA1 8e8c2c04d4d425dee11e7d257a69515b90918b42
SHA256 051ed4dbf349e03f3b97cbd5062e84e21abfb14398bdfcdfaa50cc2718bdbdd1
SHA512 a7c90a19d94c3981a2ee4e02d37e2982d99feab423b0158c75f582018cb0d0910321bad71f30c009b163b80ee03f8055347e22c25ae5eb24aa2089de1d0723d3

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-journal

MD5 fe8874b3fc35026a20b6c0e4b70e6eb8
SHA1 20d324a7e4a7ed5c8e4a627203496bb19d6ab80c
SHA256 6456f67bcbee4bfc6eb3b03f7c16893bfd5dd0f75f3d2ae267f07190c1f2c358
SHA512 89567ab302672c0ce72a34578bf3df0c8de42c9b741eb61ace3938d23eadd4f244efbe8a23fbef53eb73b5b3986ede6fee36d4d84b5e2a071fd6ae27b7372ffd

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-journal

MD5 b5cb825b2e478de6b337145d491aaad7
SHA1 5ffe7880dbc0640ca2d2afafbbed9fa35d339059
SHA256 25e847081aa5e73ada5a2dcb4c6308c8ebb24f7d7919bddcb8d856c59a986fb2
SHA512 e47c8976ef236320e3e80ecb37f0a4236968cce951e5e3e5336fc98699f39de5eca788c067b5bcd7b8a7d09a86e0b9f709c7f114a3a8d1637b3b11ac6ba78fa4

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-journal

MD5 fd89a3fd8bc26ae84c7042d0fbdfd334
SHA1 83ab95850349aca7736fadc540535fb7c93a6007
SHA256 a884733b2a816fa5ebc923a81ca9c836907d6c0534a7cada0caa6aac486d83b7
SHA512 2d170324b19b52724dcd46bf787e64545beec68513742397e82cdb2eb35ff9809a205addbd6b703c48c64667549f97b911fbbfe8224f6e5174848c1cbce7e1e9

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 7e87b0bac62611141dc9cb2178622e6c
SHA1 bc8725d7a45cc468b8833d2eb182cd2cf136bf4a
SHA256 71dde5e07bda270bda084e5cd168864bf42830efe2d4d0e9666299731ce36af7
SHA512 9830f42bc35ad875891607469b07309171a267765eebfa18d263a4438e0754c719c5cebee984750eba9318a18d7effa7d938e97fa0103d154f841183b98d178f

/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal

MD5 af53537c5bdc5774f81fa40c5676cde7
SHA1 558b8cc5c5bfb272dec30cd1b9bfa8a598150b37
SHA256 1af761767b629043d783eb1423193bad82e8c4b482d406ecff72db59cdbe403a
SHA512 87d5eaf04a865a426c79181078a9d596e1dda0344800ff8b5f7a3d8ea660d3dd5f973a09d5a694aaae894c953044a9e63711e158d6db60e164070587835ae64a

/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db

MD5 abe9fa56c177c65db8c072e6d81fc41c
SHA1 abe9e9bb6f7294324f549af4435f58578ae69f2f
SHA256 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a
SHA512 bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a

/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal

MD5 7349fa01431e3d7dccdf35bff31c9a98
SHA1 4e086a85ddef448d95bb237519f26626c3f32439
SHA256 91eb311ad877767571f7daa644eaa503fef061482971888e9894e01e89931f4d
SHA512 f083783ef2f7dc1b5e8a4dfb4a82c7165fa3fd06b9fb9be38df3f6e4a3cb9fdf33983c1835a170407e6a31fcdd90790d34e6e484cf120c4cc6cca742b7e50141

/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal

MD5 c1e0b1cc964f9dacfb05b95300cf5351
SHA1 0521717cdb603b5e33b8ea5f3f897d67f38d6349
SHA256 68e27f037edf78c76c4c53ad83c8ab533379d7da88155baaa20031866afe5054
SHA512 bd51387f30e97b1205991befa71be4f9a69aaca8d091e6c7f129904d1bccaa304e384bdaef00e4331f03156b214c9def398fe1d4f73b2851769af9fa64dd1584

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-journal

MD5 8d622f1f99f3239f1d84998b2fc6bef3
SHA1 3ff86f382d2c8714e2668343b6f5f4db9b834339
SHA256 2e122dfd4030e829eb1b629b2adb576851e0ffd94f95720890008e4969dddcba
SHA512 53a98aa300a4e5d61863ea0db39f3e1e79024bd3095d0fbe5af4fe19b6af3afbf720ca2ea44fcce61cd2016fc6d279f97c8d566af7acab47a4951487eeeaeaa2

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 7c72e6dcefa0e5ac9c835974fd0ee448
SHA1 b105808478ebff02c512012917ca6d55f89bb42e
SHA256 60715b7dc6388a8fe7b2da59d6570be61750932f4015886d01eddf2a1044652a
SHA512 7d0ecad170c0efd2a8dc090d4fe0e91efb9ef90a9aa54687d554af78286bae8d8f224817372befeeae9ad8d75feca0e0e058bbed4ea31bfce1b50502d06a0a53

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-journal

MD5 707317e2edb023f03ab9496e13e19b27
SHA1 2e08bfaf00073365ca4d088f0ca3ff703e8c3c00
SHA256 86fd275477c1022145f06fe2a63aa7d02af0c2081b695744289bc8a09a8ea902
SHA512 3a6e120996519db11b07c1870a9b9ad75849c348e3b22ad8bd0c5a13456166b0a7784df4f3ff121c30ebf42ef9c6d59432cc230d48f7ad7a6851e78913ac79f7

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 c444feab16109c2bd967e3a2451fe7ec
SHA1 b093c5fe3a1b2f912171b6c50770a1105ff05f54
SHA256 33d2d5f03ba6ce75a81ebd806c255f8cf73134442a512834dd9d4d8b803e02a2
SHA512 6b5400e4389ded9a0459c3222a7f93d385ddf8fd915f524fe30e698208f6b08f9cd771abb6a0b9077810ae809a29c28ac92541ed8ba950491960742466d26174

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 1b912e983bf3f5f296a6df492274b77d
SHA1 556a512486501888f878da1d7842a194b428dd2d
SHA256 d8746d680bb462cef725014a03d74cae05f2cc007a66e4e0f9d8eb55b7688c47
SHA512 dd85611731d738b8c455006bd7f3768240ca1e0674b835ea392a1ae32b81e15400eae7ffc1673bfcd0026ad6aa66f3e5124ea5c63403da7e17943aee53c3bcdf

/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db

MD5 fac4194be3984914ab509ba20259f832
SHA1 06e9ccec0b03bcc95dcb5233691c4909eb7a94ed
SHA256 079f3cfbdb1f0bc592589e8d4caa9e7d8435bd8fea7161be33b35723eb090478
SHA512 9c104c9713ccec5fee765764b2a8d5930b6ace0421cb914d788369e368e74ee56a0ae9dcca525c7ca24052baa91ee6d99e1ead09b6b3526002c7ddb4470f1510

/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal

MD5 2335ff382eebd54a0ce4267acbd2834f
SHA1 a4e93637079767a689c0da06539f33db7e568fc9
SHA256 d151bbaa3854ebba1b5a510bb9dece04fa7c69e22b24e51fb20afde1a7c64cfb
SHA512 4f91337d01dff845fdb4fa36a9a623828108660e3cff5515284f17135b23c12d8041542400edd31fb8d696407e2e54ed435e08561076a26ef6a166131b649a62

/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal

MD5 8c987daa07021189f1e7b926597b0170
SHA1 37cbcf25280af16c49de58787e44955536938cd1
SHA256 404f553b19c10631096e8c0eb693a70fdebb181d92266fd623806d3969a300a0
SHA512 74c45be8220fd5128b1b16f0d9d3db8b28ea57a151fd3587b9593fd5695bc6783c5798f7ce5584ca4c41590a7b7d872fccbc08fca7f54d019f69bf3ed864fec6

/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal

MD5 40cf19d8d60ee4efeeab1952c5f4c51d
SHA1 bf3bd3d295ceb708c3a2c272fccd20d366ac9eb0
SHA256 da7d3cbfb2007b2ac03acdd02da46d8e1f0b21e8da1c7082d7221530452e027e
SHA512 a2fe4c06a47aca332d67d1b8941074ff4c47c84f49bc904364e6998ecb8ba232420e47384d540bc35c72457984ddd53c2281350fb48730e9225334714712d317