Analysis Overview
SHA256
78f8f0bf0641079e3dc8444588230292daf9852d3b452f8214e4ec222d40c3e0
Threat Level: Known bad
The file 78f8f0bf0641079e3dc8444588230292daf9852d3b452f8214e4ec222d40c3e0 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Acquires the wake lock
Requests cell location
Requests dangerous framework permissions
Reads information about phone network operator.
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-20 01:33
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-20 01:32
Reported
2023-12-20 18:16
Platform
android-x64-arm64-20231215-en
Max time kernel
2289015s
Max time network
151s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Processes
ashki.shirvakhavasan
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | udp | |
| GB | 142.250.200.46:443 | udp | |
| GB | 142.250.178.10:443 | tcp | |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | 2699f3bfbaed48048fa00053fb350dae.s.adad.ir | udp |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| BE | 173.194.76.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 34.172.225.131:80 | 4.ifcfg.me | tcp |
| US | 34.172.225.131:80 | 4.ifcfg.me | tcp |
| US | 34.172.225.131:80 | 4.ifcfg.me | tcp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ca.pushe.ir | udp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| GB | 172.217.169.36:443 | www.google.com | tcp |
Files
/data/user/0/ashki.shirvakhavasan/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db-journal
| MD5 | 6718ccdc030143273ddbb815e2271e03 |
| SHA1 | 8dd658bc7bd18f789c49e5e221735f9dba144367 |
| SHA256 | 36543cfce99eac4556e6b65824ab382218e01e440f78c3617451cff6bbe52607 |
| SHA512 | b3d602323f14460394cdeee33ce73dc164c0dbc213c5d6808a8b010b2cb510965022d9fa5fcd0d1f5593176f12d7e9c608ed8471b83590a4210ea8a894f0f015 |
/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | 520b324339bc541aa166437776f8f844 |
| SHA1 | 09bbf459c4102a341897b2d227f3b99fd5fd9f60 |
| SHA256 | fa1f4bfd86170104b8ead147da53735afa2182c930878f98740a4c1f0f20ebca |
| SHA512 | 4d91fe84a338671b1bcca164790faaffa8d2029478354f26bdf7a693da1f62f89926e0a34637d664f48afe2b1cf9647139065014f8b71db4a923d575bb571ff1 |
/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db-journal
| MD5 | 9d69851b8ff14c288cb67f856f0cc75a |
| SHA1 | 0a4bc80ad73894f24ae2773a7524c028d6f8757d |
| SHA256 | 0ca5491feddf6619d0ec76cd31a86272b4f4091c84be6d89b5b6c1ed4edd7909 |
| SHA512 | 7d434374b510745b4094f7e28d26545f6b396c9b87ef19553b78d1e309cc78184a939abe7c8fcb564d36f86b949d5a4b82ac0f4ea324f83db337e7aaf44bdd0f |
/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db-journal
| MD5 | 844142b8fa38b53267193e4b8a43e54a |
| SHA1 | bbbac503fd2417b62ede346f46d6d65e816c65ab |
| SHA256 | 70229520ff681233d6f930b8645823b282fe1904427060d5c8357c582096f15d |
| SHA512 | a8608d525f7b88101bcaf78d5204a482e8edfb3e677ca49974424b4dcb648388456049d29cb3949155069a96af389c657dd2583fe1aa4dc0dcb99ddc02f3ef5a |
/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db-journal
| MD5 | f43accab365fb0a660bad245302000eb |
| SHA1 | bb5feaf760a741025b2797c927fd816a78e0ebd7 |
| SHA256 | 8ed11bba23c9f55e69432c7c851f7d2c6e266066d388ca722a494ba72cdce3b7 |
| SHA512 | 9f58ed3b08b3491de6e5f4d7982bfd3fc86f44c9cf5ff45acca738ca042277b472441fd18268670c1aeabfdfb95f791b5be45d657476d81af2c75ff7168c3e99 |
/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | 38b23345750885d8c992962e51b3ee97 |
| SHA1 | 0ba73c2fcfd17ea76dcf2fd193b8e28fecf6968c |
| SHA256 | 13fa023c4825a416e9402a9a5562748a0ca35d398cbf8e25be6117804a6cdd94 |
| SHA512 | 7653c4821c5de9ebae4c810d83cdd50ac455058f9144c3fe9b11d07963acd4cd9d2d3ca2088e408fe64356ba904b84a6ec72458c3ef2c664880e85750535c32c |
/data/user/0/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal
| MD5 | c996140ae870030bd0bc87f3b38e370c |
| SHA1 | 7d75294927221117b6f420dff155b5e27de0630f |
| SHA256 | c71e94b62eb194f81ce3f2859e5b3f778430a276f900772f90f2bafdb0169046 |
| SHA512 | 37380df701fcbf0b86cd86392b0de19e3b6db34fe4b0e87d7b503200580ba87b6b5677a993ef42f421418b82e2f99574262c18f73f15154f839ddf141e5c62aa |
/data/user/0/ashki.shirvakhavasan/databases/__pushe_base_lib_db
| MD5 | 2cdf77d5c14dd3f313b60c691579a0b9 |
| SHA1 | 6a74a7a3170cabead82152871c90749afdd6f310 |
| SHA256 | 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0 |
| SHA512 | eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c |
/data/user/0/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal
| MD5 | 557976c6bba7db1deb514cabb65b4a8d |
| SHA1 | 6b5f9c61889c10b78a17e5b35487f8bb65d93c65 |
| SHA256 | acd9a7e3fe9e4761169b31d452f3bbc02c55be40448236db33a4b8c6fdc99a8a |
| SHA512 | df765f7178f211ae3590f264d86451d46a0f1e401a015c27924e2622c06423800d2a7ff0c8a2bd2a2913af9cd3843c85398148ff0aed1e230f06239c652530b2 |
/data/user/0/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal
| MD5 | 436deba12095ca91e301b8559871d727 |
| SHA1 | 614bf4fa93a9626357d2959aa0fe458d0b1be382 |
| SHA256 | c3fab95af70fa2f4c227cff0c7bd0bfb64069711b14ce1e0564bab2585b02de8 |
| SHA512 | 72698e402ebd29ac555a85360d2c12113069616f103619ce5a4449d2e7c16b6777a2a2242687a7b4f45c54e69a7e60fe2894fae54c98d0bd7dcb62b7292f28ab |
/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db-journal
| MD5 | 388141a1f322899c06ef023f61f50601 |
| SHA1 | a929972990617ff71181dd73673f155bb1e07327 |
| SHA256 | 00665f3566497e9d90eb762becc078e283e99a277adadde9320387ef58338615 |
| SHA512 | ff59a0db8306c9b0c432d5f4edce905d4f473fbba1042e01c292677ebf23ee83daf8022b5e2a1050c7962f5bc14d4f25f32b89a88932f0ffa9961358e9093d79 |
/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | 600e4f2775725a0e2c84f74d93a52e7d |
| SHA1 | df412effa42e9fe04d3ccf165f503f9938c70c5c |
| SHA256 | 6b72e5054f70e03658b568ddda87d3dfcbe6aa55ba0fa3ca2083b4b6d444b44e |
| SHA512 | 8851214768638bf33260bc4a4dec06ace57a2250de6a4c2f228e804fdc1cef2aecd9ef56696f1447280b4619d35ee779d0cc6ee8467d4655509a20f57c408806 |
/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db-journal
| MD5 | efef0121f8d41efeddae61ed88d7f65d |
| SHA1 | 08604fe590bf23efc173654b7a8ead8f7abcb3b8 |
| SHA256 | bbafa644314ef3ba524e884e55ba2275b2136cadcb8cc4eb0d3b430a23368244 |
| SHA512 | cf5b53e5df7e69ff2fff2b51b133b114414b8a1ce483798efeb80a053f26cb08cb5e1e4bae95ca36e094fc6f5870f76875a27c23b4e60cb70af167b700a65570 |
/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | 0634df3f2dbdd5bb9b1173a5629e6136 |
| SHA1 | e4a24f5a4de667e7badedf168d9753ea7857ef5f |
| SHA256 | f6c581532a6fae6018531bd46baa7d70bcee03d72c2096700eafe6fce849bc51 |
| SHA512 | 48725c38c963242a47da2cff3ff94b4537475d57c6835fb0d1045606b2493d0778c82dc3c7872d8b7fc738f75733e922815e7ff012212eb8a2c1f8d7fe5bdb6b |
/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | 1cdb59ad6dd29dc1ca1d5d7cfbf78448 |
| SHA1 | a37e39a8bb0d812c30e888d5d5a7027771deecc8 |
| SHA256 | 4caaab96c0db02c3ecafea3f406533bc6900726b3d95d0ad08dd7a45b5094913 |
| SHA512 | 521dac17cd47b68388e439c9c14efb316f99833de563c02abbe545b06dcdd96d5bc1e0bb8c2b52af6bc0f50aea81b7cf6b02891f26484ed0f9e1b96a85030773 |
/data/user/0/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | 67520de689bd4d9be7346242282ac0f1 |
| SHA1 | 050f51296356d8bd2cecb9036fed1b1d53e782f7 |
| SHA256 | 4da94fc2136ef773f5aa543dad56ab8c168d23c878c3a2f46af60f9f8d8ca5a3 |
| SHA512 | f171b5fd117a461864a6e7ad0ddbaa6f1d56e2381a8f21567aa5bca236830459ed09d44267a33600d56af930ca165bb7097f54b893d4206ef321cb12eeda2859 |
/data/user/0/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal
| MD5 | 54edd4becc2a08b044c57ac7d2021a13 |
| SHA1 | 74dab806f214b337f1b014919879ed887ba84e16 |
| SHA256 | 3699738720d30c7b557850de7b8823296b34156d00e06749acd7d73976896ce5 |
| SHA512 | 9dbd6a5e9491b868b1d506ea8f1ffa644178e2693d34728a0f7767216b4e355dfc4e4ec5e58eed5a0a6573780f7c5594e06516e420631e915ceeb699cae6d15a |
/data/user/0/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal
| MD5 | 735b39f7ba4bd2c1bef1c6ad90b67636 |
| SHA1 | 6d4f31cc20628a8e1ae163aa8b38d20266ab2fe1 |
| SHA256 | 06b0a9233bde67de50c124b341c180c98162d82a0d4fa1c8c610774ef10bff64 |
| SHA512 | deab35c20791356ed16d145a53ac335b83e336510861fb91a6fe6133a4e25b1a9b20a9135d0438c8fe9459639c10a671b818b36dd80b4634318b700b26450696 |
/data/user/0/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal
| MD5 | 6db7ed124b089f097be2ab53a599e0ae |
| SHA1 | d1968a5bd2f5689da80cc4f22608f04dae15bd4a |
| SHA256 | 44c6abda409e73b6c8db166c5c8863fdd4e114497fcf61c8f63abbfd4b623bc1 |
| SHA512 | ace58e0ffc2254921e73117e3d55e8a284a6d359ba6bc5a97be738e7c532f290fcda0a7ac8de76535aea1a9280e0cabbcbd99b427cc019371093c60c55ba76c7 |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-20 01:32
Reported
2023-12-21 02:07
Platform
android-x86-arm-20231215-en
Max time kernel
2317262s
Max time network
154s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Processes
ashki.shirvakhavasan
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | 2699f3bfbaed48048fa00053fb350dae.s.adad.ir | udp |
| US | 1.1.1.1:53 | 2699f3bfbaed48048fa00053fb350dae.s.adad.ir | udp |
| US | 1.1.1.1:53 | 2699f3bfbaed48048fa00053fb350dae.s.adad.ir | udp |
| FR | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| FR | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | 2699f3bfbaed48048fa00053fb350dae.s.adad.ir | udp |
| BE | 64.233.167.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.4:443 | tcp | |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| FR | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 34.172.225.131:80 | 4.ifcfg.me | tcp |
| US | 1.1.1.1:53 | ca.pushe.ir | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | abjoykosaeybse | udp |
| US | 1.1.1.1:53 | ycjdongsxiyx | udp |
| US | 1.1.1.1:53 | cwmukamb | udp |
Files
/data/data/ashki.shirvakhavasan/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-journal
| MD5 | cd3b65423cbffb43994603aed02a56da |
| SHA1 | f803ed58604761bbc0e71168048166987689735c |
| SHA256 | 1027cedece0e2be9beb432ac504361f6215abc9f2ce73b38c1ad5eb26396591f |
| SHA512 | b307e4d0ecc049e1d675e98b413ad53a79c93aa2324c6cf49b2d5b8ee8d96484cb1fb02c0ddaa1ac991dcdb78a2e55b54fee176cff7d54073f7764d81868f36d |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | 978fdf85b8448e3a7c9015e51477eb49 |
| SHA1 | 793bb88398dc9457935a4416638d5ed3974baf19 |
| SHA256 | 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92 |
| SHA512 | 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-wal
| MD5 | 46bc0e404d209efc3bdb1c4b871c7372 |
| SHA1 | fbe228a31ae21245b9bbe43800aa57a589057df8 |
| SHA256 | fcc8e59c2385a30f32bdffff2ce9cd54f30d2820e244f575791d1446f7ebd3ca |
| SHA512 | f3c39e5ed3f9eb3b30e039595b87f3841f50337447b983885d864dfe3039af25bdd28130c45d16ce0dedbc899b8657f4fef1e6af4e86997a7471c0d4db1f1f73 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-wal
| MD5 | 708c55cd08218304d4d778df6925ee24 |
| SHA1 | c632c54600870ffda9f0f63c877c295e9597290c |
| SHA256 | d342a835077c0cf1692f9b4c98fc6ad315c448a093eb72eaa0e753cf67a159e4 |
| SHA512 | e347d6c1dab993ee282437aaab0625b1c1466e67ef05a22c46917648bc9e2f1488c4fa1c0712c163653f7f697e218c96509b0e990f784399f19cdbf2dd33554e |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | 765dcf5b258e6ffe1c81b9aa35f7f6f8 |
| SHA1 | 414d26deeae891f9bdd6c9f277975c353d1c39f6 |
| SHA256 | 11bce6e8cd5d705336f0ac99e7ac6b1d7b755ace0bd0425849696c00be96399e |
| SHA512 | 5971cf2d62f4eec4161db1cdf2ef54c5ad704bcaada02988e3faef275dec7725e820685db26d38a1f6bce47d4ba2e9a05207d4cc93c95f085069bfcf82bcc2cf |
/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal
| MD5 | edead0a1084a8ba1d6e3a69ed45d6019 |
| SHA1 | c6b0e2c4b71114787dbdd589e4ce955496a03e8f |
| SHA256 | a41baaed1d8de979e6cb82833ff83b05c44453733a220e6ea6c0c9e8c51e6513 |
| SHA512 | 13de89c1926fc11fcf50b29088b935976bcf0eddbdf9b2797b9fe2bddd87f50844e9e1556990e733a662f0ace726854c1402896d022d46b648a384d97b20c478 |
/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db-wal
| MD5 | 14410fc094182818dafe1fe0611000e8 |
| SHA1 | 1c106147ba6dc2ad1a5393e6c34ab0ea93db9d7c |
| SHA256 | a48cb45f7158b68212096387b092c60ac139a9d5d911d6189f75b2cbee7a5ca4 |
| SHA512 | 9b53baa1cac1eafa6847625aeb5622ac051f6d945fb3935e772b949da5a0ee2d5a361448e1f961d3f43f9508cc260cdbdbd547436ce14b814d0df50c160cfa82 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-wal
| MD5 | 356e49560302aca4dfb152e58dd539e3 |
| SHA1 | 66904f1deedb86f0bb10aac6820692373e14b1fa |
| SHA256 | 85885a7504db7a761262fad7473514ad6fc9d641d76ad325a4f8faf0f6680177 |
| SHA512 | 45cd08acdb95c368e629d39549327b1c8fa6eb035a57f56dbb83b2ca928e5759572c5e20ac9230a425a38116fd33d069d1eff3f7a93a3de410d1384c7f376c40 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-wal
| MD5 | 0c93c82076e9d504e6194076c499c184 |
| SHA1 | 832ae16617c78b9ab2e90b8f8f48cdfec2357454 |
| SHA256 | b2b023cf69b42672d78bd6d1ab011a632fbf746f72f0c2f7c79948859b8ed44a |
| SHA512 | caecfd4fc6d9dfe11c9f4175e6b4c0450bafefc44fadde889bd0df151e9b711f6dd4b16e6a9571d657e366aba1680e7cda9801af25b77337c3343ee822e8143c |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | 4c38de06309c2de906e75117506b5019 |
| SHA1 | 4fb26d9fca6407ee629a493f29d85a2f91150fa2 |
| SHA256 | c8e91190aa1ab31f0ec7891b9cff4e97625bca987866a6a4db9dfefe4b5bb873 |
| SHA512 | ec63f418c7e1259a237ad38839b641856c5bfb8b800ed5d3a3a9d36bb9d7f5a594d090527e2431b1868a7089181e8250e4aace0e3991367f26e9afeb9cb47e30 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-wal
| MD5 | bde4f201d85a01dbb9d30de026385f1d |
| SHA1 | fc15fae92bfecb311d91d3d6c9342404e48b5a43 |
| SHA256 | 2c8d7672172dd5d942b764a180b5c812b53d23b050f67ed855f0af32fcc39c94 |
| SHA512 | 248ba1af37f3fccf8229fe9a18816fa155287b6544feb27d2b67c6d0b3c46b5ca942397bb4fc6761737cc7ebbc673d527e55b1753e3ad870c1f41ad8d1188f71 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | 72b244a4b17f10eb78c18c8787078aa9 |
| SHA1 | e05f17650d96fb8567d75742d1c0519156e277ac |
| SHA256 | 38ce86fcf16dcea967b4416de67e1e60696674def12a25acf51f723022326c52 |
| SHA512 | ee57c77af84eba76c1a46a5fc16dfe887894101c5805a9ed7310ce7662c17ebe839c3f7124e31ae785cb1a7145ec365465a3f19feb47ec3b66169160ecab043b |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | f5606e9735fd98a3fba167007a718dde |
| SHA1 | 6c0b02d44c79ebc80a6c30d860dff538f2acd812 |
| SHA256 | b99355e89a188aa2ee341646271916ccb3f50b0cadcbec185a3f352f38cf1e87 |
| SHA512 | b934e392a9d7feaa46dbd0dcacc5b59392443342ae8c31122feb518b7e5f384f77f705294f470cdaf8fcc6a0e3b8f044b9abc6cb86731297e7c7ca198b574ca8 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-20 01:32
Reported
2023-12-20 18:16
Platform
android-x64-20231215-en
Max time kernel
2289021s
Max time network
148s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Processes
ashki.shirvakhavasan
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | 2699f3bfbaed48048fa00053fb350dae.s.adad.ir | udp |
| US | 1.1.1.1:53 | 2699f3bfbaed48048fa00053fb350dae.s.adad.ir | udp |
| US | 1.1.1.1:53 | 2699f3bfbaed48048fa00053fb350dae.s.adad.ir | udp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | 2699f3bfbaed48048fa00053fb350dae.s.adad.ir | udp |
| BE | 142.250.110.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 34.172.225.131:80 | 4.ifcfg.me | tcp |
| US | 1.1.1.1:53 | ca.pushe.ir | udp |
| GB | 172.217.169.42:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| FR | 216.58.201.98:443 | tcp |
Files
/data/data/ashki.shirvakhavasan/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-journal
| MD5 | d6094b9e2bb4805038e9c3f74b5a6142 |
| SHA1 | f13598d549aed722fa20d8b2f7e0550b34d681b5 |
| SHA256 | 249f9110abfb79bfed3c94368c69312567e5a8cde95453b9e9e43c2af190b35d |
| SHA512 | 5e627ec5125a860cde77922e879c85985869aab9e883376caccb40a7a3ec878b32c7bd6dd34c4f885967bd5a14ded65e420312b51dfe4a6de31283710aa96cb9 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | ee2bdf49e44588e4361fd619eb0496b6 |
| SHA1 | 8e8c2c04d4d425dee11e7d257a69515b90918b42 |
| SHA256 | 051ed4dbf349e03f3b97cbd5062e84e21abfb14398bdfcdfaa50cc2718bdbdd1 |
| SHA512 | a7c90a19d94c3981a2ee4e02d37e2982d99feab423b0158c75f582018cb0d0910321bad71f30c009b163b80ee03f8055347e22c25ae5eb24aa2089de1d0723d3 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-journal
| MD5 | fe8874b3fc35026a20b6c0e4b70e6eb8 |
| SHA1 | 20d324a7e4a7ed5c8e4a627203496bb19d6ab80c |
| SHA256 | 6456f67bcbee4bfc6eb3b03f7c16893bfd5dd0f75f3d2ae267f07190c1f2c358 |
| SHA512 | 89567ab302672c0ce72a34578bf3df0c8de42c9b741eb61ace3938d23eadd4f244efbe8a23fbef53eb73b5b3986ede6fee36d4d84b5e2a071fd6ae27b7372ffd |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-journal
| MD5 | b5cb825b2e478de6b337145d491aaad7 |
| SHA1 | 5ffe7880dbc0640ca2d2afafbbed9fa35d339059 |
| SHA256 | 25e847081aa5e73ada5a2dcb4c6308c8ebb24f7d7919bddcb8d856c59a986fb2 |
| SHA512 | e47c8976ef236320e3e80ecb37f0a4236968cce951e5e3e5336fc98699f39de5eca788c067b5bcd7b8a7d09a86e0b9f709c7f114a3a8d1637b3b11ac6ba78fa4 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-journal
| MD5 | fd89a3fd8bc26ae84c7042d0fbdfd334 |
| SHA1 | 83ab95850349aca7736fadc540535fb7c93a6007 |
| SHA256 | a884733b2a816fa5ebc923a81ca9c836907d6c0534a7cada0caa6aac486d83b7 |
| SHA512 | 2d170324b19b52724dcd46bf787e64545beec68513742397e82cdb2eb35ff9809a205addbd6b703c48c64667549f97b911fbbfe8224f6e5174848c1cbce7e1e9 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | 7e87b0bac62611141dc9cb2178622e6c |
| SHA1 | bc8725d7a45cc468b8833d2eb182cd2cf136bf4a |
| SHA256 | 71dde5e07bda270bda084e5cd168864bf42830efe2d4d0e9666299731ce36af7 |
| SHA512 | 9830f42bc35ad875891607469b07309171a267765eebfa18d263a4438e0754c719c5cebee984750eba9318a18d7effa7d938e97fa0103d154f841183b98d178f |
/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal
| MD5 | af53537c5bdc5774f81fa40c5676cde7 |
| SHA1 | 558b8cc5c5bfb272dec30cd1b9bfa8a598150b37 |
| SHA256 | 1af761767b629043d783eb1423193bad82e8c4b482d406ecff72db59cdbe403a |
| SHA512 | 87d5eaf04a865a426c79181078a9d596e1dda0344800ff8b5f7a3d8ea660d3dd5f973a09d5a694aaae894c953044a9e63711e158d6db60e164070587835ae64a |
/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db
| MD5 | abe9fa56c177c65db8c072e6d81fc41c |
| SHA1 | abe9e9bb6f7294324f549af4435f58578ae69f2f |
| SHA256 | 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a |
| SHA512 | bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a |
/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal
| MD5 | 7349fa01431e3d7dccdf35bff31c9a98 |
| SHA1 | 4e086a85ddef448d95bb237519f26626c3f32439 |
| SHA256 | 91eb311ad877767571f7daa644eaa503fef061482971888e9894e01e89931f4d |
| SHA512 | f083783ef2f7dc1b5e8a4dfb4a82c7165fa3fd06b9fb9be38df3f6e4a3cb9fdf33983c1835a170407e6a31fcdd90790d34e6e484cf120c4cc6cca742b7e50141 |
/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal
| MD5 | c1e0b1cc964f9dacfb05b95300cf5351 |
| SHA1 | 0521717cdb603b5e33b8ea5f3f897d67f38d6349 |
| SHA256 | 68e27f037edf78c76c4c53ad83c8ab533379d7da88155baaa20031866afe5054 |
| SHA512 | bd51387f30e97b1205991befa71be4f9a69aaca8d091e6c7f129904d1bccaa304e384bdaef00e4331f03156b214c9def398fe1d4f73b2851769af9fa64dd1584 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-journal
| MD5 | 8d622f1f99f3239f1d84998b2fc6bef3 |
| SHA1 | 3ff86f382d2c8714e2668343b6f5f4db9b834339 |
| SHA256 | 2e122dfd4030e829eb1b629b2adb576851e0ffd94f95720890008e4969dddcba |
| SHA512 | 53a98aa300a4e5d61863ea0db39f3e1e79024bd3095d0fbe5af4fe19b6af3afbf720ca2ea44fcce61cd2016fc6d279f97c8d566af7acab47a4951487eeeaeaa2 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | 7c72e6dcefa0e5ac9c835974fd0ee448 |
| SHA1 | b105808478ebff02c512012917ca6d55f89bb42e |
| SHA256 | 60715b7dc6388a8fe7b2da59d6570be61750932f4015886d01eddf2a1044652a |
| SHA512 | 7d0ecad170c0efd2a8dc090d4fe0e91efb9ef90a9aa54687d554af78286bae8d8f224817372befeeae9ad8d75feca0e0e058bbed4ea31bfce1b50502d06a0a53 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db-journal
| MD5 | 707317e2edb023f03ab9496e13e19b27 |
| SHA1 | 2e08bfaf00073365ca4d088f0ca3ff703e8c3c00 |
| SHA256 | 86fd275477c1022145f06fe2a63aa7d02af0c2081b695744289bc8a09a8ea902 |
| SHA512 | 3a6e120996519db11b07c1870a9b9ad75849c348e3b22ad8bd0c5a13456166b0a7784df4f3ff121c30ebf42ef9c6d59432cc230d48f7ad7a6851e78913ac79f7 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | c444feab16109c2bd967e3a2451fe7ec |
| SHA1 | b093c5fe3a1b2f912171b6c50770a1105ff05f54 |
| SHA256 | 33d2d5f03ba6ce75a81ebd806c255f8cf73134442a512834dd9d4d8b803e02a2 |
| SHA512 | 6b5400e4389ded9a0459c3222a7f93d385ddf8fd915f524fe30e698208f6b08f9cd771abb6a0b9077810ae809a29c28ac92541ed8ba950491960742466d26174 |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | 1b912e983bf3f5f296a6df492274b77d |
| SHA1 | 556a512486501888f878da1d7842a194b428dd2d |
| SHA256 | d8746d680bb462cef725014a03d74cae05f2cc007a66e4e0f9d8eb55b7688c47 |
| SHA512 | dd85611731d738b8c455006bd7f3768240ca1e0674b835ea392a1ae32b81e15400eae7ffc1673bfcd0026ad6aa66f3e5124ea5c63403da7e17943aee53c3bcdf |
/data/data/ashki.shirvakhavasan/databases/evernote_jobs.db
| MD5 | fac4194be3984914ab509ba20259f832 |
| SHA1 | 06e9ccec0b03bcc95dcb5233691c4909eb7a94ed |
| SHA256 | 079f3cfbdb1f0bc592589e8d4caa9e7d8435bd8fea7161be33b35723eb090478 |
| SHA512 | 9c104c9713ccec5fee765764b2a8d5930b6ace0421cb914d788369e368e74ee56a0ae9dcca525c7ca24052baa91ee6d99e1ead09b6b3526002c7ddb4470f1510 |
/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal
| MD5 | 2335ff382eebd54a0ce4267acbd2834f |
| SHA1 | a4e93637079767a689c0da06539f33db7e568fc9 |
| SHA256 | d151bbaa3854ebba1b5a510bb9dece04fa7c69e22b24e51fb20afde1a7c64cfb |
| SHA512 | 4f91337d01dff845fdb4fa36a9a623828108660e3cff5515284f17135b23c12d8041542400edd31fb8d696407e2e54ed435e08561076a26ef6a166131b649a62 |
/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal
| MD5 | 8c987daa07021189f1e7b926597b0170 |
| SHA1 | 37cbcf25280af16c49de58787e44955536938cd1 |
| SHA256 | 404f553b19c10631096e8c0eb693a70fdebb181d92266fd623806d3969a300a0 |
| SHA512 | 74c45be8220fd5128b1b16f0d9d3db8b28ea57a151fd3587b9593fd5695bc6783c5798f7ce5584ca4c41590a7b7d872fccbc08fca7f54d019f69bf3ed864fec6 |
/data/data/ashki.shirvakhavasan/databases/__pushe_base_lib_db-journal
| MD5 | 40cf19d8d60ee4efeeab1952c5f4c51d |
| SHA1 | bf3bd3d295ceb708c3a2c272fccd20d366ac9eb0 |
| SHA256 | da7d3cbfb2007b2ac03acdd02da46d8e1f0b21e8da1c7082d7221530452e027e |
| SHA512 | a2fe4c06a47aca332d67d1b8941074ff4c47c84f49bc904364e6998ecb8ba232420e47384d540bc35c72457984ddd53c2281350fb48730e9225334714712d317 |