Malware Analysis Report

2025-01-19 06:44

Sample ID 231223-1ddd8ahbhk
Target 9281bdd9a5fdb3dbc2c00d5a55395abb2ec426193d690b8c09017b82d0a173fe
SHA256 9281bdd9a5fdb3dbc2c00d5a55395abb2ec426193d690b8c09017b82d0a173fe
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9281bdd9a5fdb3dbc2c00d5a55395abb2ec426193d690b8c09017b82d0a173fe

Threat Level: Known bad

The file 9281bdd9a5fdb3dbc2c00d5a55395abb2ec426193d690b8c09017b82d0a173fe was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests dangerous framework permissions

Reads information about phone network operator.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 21:31

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 21:31

Reported

2023-12-26 10:36

Platform

android-x86-arm-20231215-en

Max time kernel

2779809s

Max time network

130s

Command Line

ir.iut.pishgaza

Signatures

Reads information about phone network operator.

Processes

ir.iut.pishgaza

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 tcp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 www.google.com udp
FR 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 bqizyydx udp
US 1.1.1.1:53 chnworyf udp
US 1.1.1.1:53 uixxltzcjojtizi udp
GB 142.250.179.234:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/ir.iut.pishgaza/databases/__pushe_base_lib_db-journal

MD5 702310721c3bec5d7617987678f25265
SHA1 cf18c4e76b2077f9ffcf8db563a58c085ed30bc4
SHA256 691184fdc93d9a604d713fe2be0e7092fcb66ae07de492d70b1b6d34b50985cf
SHA512 ca590d262d2c3f4b24cfb037e3d8be60c79c2045ea61ac6dd110a10b0f6efdc6e513aa29c7b773dc2eb70426cf756fa88db869b1325362a3cb660ac494971cdb

/data/data/ir.iut.pishgaza/databases/__pushe_base_lib_db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.iut.pishgaza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/48ae35c0-21d9-41ad-a2ca-55d578f388b0.jobs

MD5 bb50e0cbeab3bafb0d0dc003103570e9
SHA1 fdc21cf6d042d8ed194114ad564326036b93f1fc
SHA256 70e7efb637156e2ceadea8fb3a09a408b68620475ae297e54b07335c2faf2520
SHA512 cae58c53059b917896269ea1e2a7134c726a40695b66614a0bcd5f45985630c4dd8fcb620b05567b6286d293a00530b28b84bdb3f0fb8657940550ecde210fac

/data/data/ir.iut.pishgaza/databases/cheshdb-wal

MD5 1fa0cf6231878286f21fd703b0a27e51
SHA1 cbdc4f4113d8eeea628e9d8698a7cee937a2a6d5
SHA256 908564b94655f52a1e8c4f0c2b10b6112d96360f3cf221de9f7c0eeacece50f4
SHA512 a231a0fdff2cc69b869f12b05f6b968725842051cda31c0b52c4b59af455e86565157b5bdd97a7eabb8bc1dda276d58f11545cce294bacbff6b3dbba43d8219a

/data/data/ir.iut.pishgaza/databases/evernote_jobs.db-journal

MD5 0255f0b633d016a7a4c3ce4e779cfc04
SHA1 7fc1004479739e96365cb1ae2ce96ba729d7b5a3
SHA256 e21733d26391591540c38829e82088c911ddc46eaf5299e86f56beb5753d689f
SHA512 7f4f50e7baa578a2da85e23d4ff5f237d27d2b127c911747a843b09107b27e7dbf21a29b250b53f227da3c2bd8ccf1c6126e1376af56f11df93a90f4156a575e

/data/data/ir.iut.pishgaza/databases/cheshdb

MD5 46f70af1e699770366af5955df2f5028
SHA1 03124b1e120bdd5b2ec428ca78ee6e12d3a7a845
SHA256 183510a5fd74f70ee9262624170423311461d173e968fd6ec44ce18d36b375c1
SHA512 5bdd7c355f123931bf396d85faa83382337e1ece2d8a419b544f916e4e42cbd9c797604a1fa359bc0eef3223ccd2b4852431a7f5034237f8a440ab9be336ca8b

/data/data/ir.iut.pishgaza/databases/evernote_jobs.db-wal

MD5 aed1bfb056ab65d5427a40a6aa6e7d9c
SHA1 a0518d1bb1624e95d063c75cb25288ac65c62f85
SHA256 380cfd45f39a7597b1792451cab691f7c1d64d2c3cbbf9a5c8ee7ea5b187bf84
SHA512 c60496029d544cf4119826c438e22ec787bd67d33367fb6f0e255e7f1129170bacacf44357a516435d61ebdd224ce49a792cd9ab9ffcc38eeba7e46efda04a4a

/data/data/ir.iut.pishgaza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/eedb2cb0-7f5a-4770-b69d-c72bdeeb17be.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.iut.pishgaza/databases/cheshdb-wal

MD5 c81c5a2f790dbdcc85571bcb8544fac1
SHA1 05f0931a277496bd785f1830a0b745348e9a6848
SHA256 0023afcdc3b1f3e10c1c29fff43d13683b7a3a4c327ad4f72c8f77b12bcc4fe6
SHA512 aa44a6bbec4c508363eb96bb612f05753dd823daf7eddee4c290c64493bb4eb5122a3bfda28895e69c5f6a7fc753136d1a8013c9641bae4e89b01d3f21aac896

/data/data/ir.iut.pishgaza/databases/cheshdb-wal

MD5 d5b66e942ce27306c26f1b128996c021
SHA1 2f977c80352bf0324f5f03adaff9bf0382484a43
SHA256 6b2ba56ce26cad053940f4642aa4ea5d4937bbf58c6f4d58951e294134fafe02
SHA512 24b5f961ab17c8a255e17818e778a0f185c550e191ea7d70c96e07ed696cacd9f5fbcaabc838283c9638dc8aa8e01f1e316a4933b6eaa5552928866989c5c33f

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 21:31

Reported

2023-12-25 00:40

Platform

android-x64-20231215-en

Max time kernel

2657618s

Max time network

130s

Command Line

ir.iut.pishgaza

Signatures

Reads information about phone network operator.

Processes

ir.iut.pishgaza

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/data/ir.iut.pishgaza/databases/__pushe_base_lib_db

MD5 abe9fa56c177c65db8c072e6d81fc41c
SHA1 abe9e9bb6f7294324f549af4435f58578ae69f2f
SHA256 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a
SHA512 bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a

/data/data/ir.iut.pishgaza/databases/__pushe_base_lib_db-journal

MD5 2023833594662f681e3afb29418078f0
SHA1 1d6377f74dce5f204f911393c9fa59728e7d63ca
SHA256 76a21b4441423268a0472694693f2efe8e790884e9b2709c0685ac1d08aeb2a8
SHA512 9cdf3eaa302d4fac2b07594d87401c8cc40d98fbe09e5f1a34400a342ad3735b77ea6a30f0dce0bf166eafe088a08d901fdb8a3df02ac6b577dd2cb87131dad7

/data/data/ir.iut.pishgaza/databases/__pushe_base_lib_db-journal

MD5 41e1f9d506fef3ea57f27e9eb6df0ccd
SHA1 136c89c2912f23e5f688b15a4f5df4bdcbf23811
SHA256 4f15692c2e2cbfc45eee5857dd72ef6cb083ca83b99532dac4a0de955ff29de8
SHA512 d974ae19f0aa7aa82b2889b7169c6b61e30c3f429ac0f517e28361446498669e74eaba1b557e89c5b9180e6676915a5e25b05009dc95bfb7024d7cbbec829da9

/data/data/ir.iut.pishgaza/files/db.db

MD5 ee30dd2caf32f0e61d7dc8d0cf25cc58
SHA1 37b43fdb121be0f68eeee455be64cefce033594b
SHA256 60092fefcee208082d86b456676384aac7589e0b575917d445fe6369b036496a
SHA512 45d6847efefcfd623a9812c87a1e80bf82f6e825236535e7c29449cb7d445cbaf553f8c1513591765bd2fa36558bcf7b11ae9f82120e9fc94de56c26e69ee3b2

/data/data/ir.iut.pishgaza/databases/db_default_job_manager-journal

MD5 833fb6123dd3df3db5d0a58d05d48456
SHA1 937435e75ae051509bea995e7982057de3ba3c1b
SHA256 d8d677b05475ac7b0c22994e37af814c13f7847ece9ee9b99c726f2ec54eb70a
SHA512 e6048112f5a84a54c4842ea2c0dca764d4252065a8904b961105781c02154c59e796fe12ed0a3cb9c06d85dbf2710d1ab7ece1f1810b15d31eb7dd91cbd576e4

/data/data/ir.iut.pishgaza/databases/db_default_job_manager

MD5 bd9575ff99d58a42d0675be672af9931
SHA1 06f8bf09530d245244f6b606ed4ef726bef2210c
SHA256 6f46335dc383b944e9a4525729b1315ae8ba295c17ed8ad95a42a6f26df386e5
SHA512 3dbe5a9d77c7fe0f0a2933716453d859417374d7609112ac4a30aee549d9f8ec535fb30ad2610e1673a97a8704d67573c7b2e3845f498a4229a6df3c89a21282

/data/data/ir.iut.pishgaza/databases/db_default_job_manager-journal

MD5 21598b1b5ea9b09ed4b28f50cfbeb9f3
SHA1 cd7107008f53ebc2e3a0d48d7542e456aeba8922
SHA256 b7b413b071a425833d46e6b6f53f4dd4a636be6e9fca8800aa319d80ebbae7d2
SHA512 8e140077f1a3324a7fda1b7dedb2fc8285311205d634be9d97d888540aa989370a50ff9446f4256305765df33dd953100e2c21c3a0fb9856977913da0d81c3bf

/data/data/ir.iut.pishgaza/databases/db_default_job_manager-journal

MD5 1c505b3eadbc71410e3f9f8ba6a45d47
SHA1 a8c3bbc0d8fe92a28f7c8466899e01ae110e02a5
SHA256 96638e1e9da9697a4906356f8974d13824cf005abfb3cbb277e889c34c2a9554
SHA512 04eabac8c2b63e113a6e7d052e466f2d7cad5220cf39f85abe6b0c843cf1e1881f49383ac91ca7f7fa6e83ce5a998a4e95f0a1098ded967842861cf385220416

/data/data/ir.iut.pishgaza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/d9d7338a-0594-4696-84ea-bd745d31826e.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.iut.pishgaza/databases/db_default_job_manager-journal

MD5 2741e8493265d2cd29edb9ad2dd88365
SHA1 ae84ee4a997f257725d4751f70701e95d102d692
SHA256 d4d33739fcdf82f6b90dd0efab4e2c080f55e3899f9e8543de6d87a1744e1058
SHA512 faf0a7b013ab0339dc4a7d3e214a2a809aac3debb690d0e0ee41aec7d84c7082efe22ae459509ce96efb94ab19dcb569e77528b58fa0ddb8425ce68d237db933

/data/data/ir.iut.pishgaza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/eafc161d-8b2f-423c-99a1-326ac823ffe3.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.iut.pishgaza/databases/db_default_job_manager-journal

MD5 68a06356136494e0030c11a5b190bf5a
SHA1 6e80d8574029c0fb06de676af82be897a2b0975f
SHA256 fbb07803261988e3418cd549a9100843400daad91c284f5bd9bc842f150cabde
SHA512 5cc5fa2acc055ea6047a7c1bc9eeb4845894388be4d7178a4a68d808507433ddd4dc6f1486eb1f07f505d80d3ee6c681e5b1583fc142d064703cd9de12e47324

/data/data/ir.iut.pishgaza/databases/cheshdb-journal

MD5 5c9735737da53a0a665fe136fadbb65d
SHA1 f60bf02bcf60f3560b586057000e941333d48c3f
SHA256 70b7b7c37c83aa86d58697e944b6f91c336c0cdfeb52b595134afbc9323c4d44
SHA512 2d83481937613b674b796d221960e37f0b71bfc9a940b6cc1f876164c4b7663ed62ccb05d95d4d8b493b5dd5e35c57e24c16ea71c380c9dbae76886ff653caac

/data/data/ir.iut.pishgaza/databases/cheshdb

MD5 259a1e4e7ebc4b0d0341ffcf0c3bc2ea
SHA1 9b8da5a0b24833a3e84567d9d8ee0d2f54d7b48c
SHA256 4f4987ac3d84abad3490459fa7a32b7bfadaae5f329e15dcff36e07d34faaeb1
SHA512 dc1296e2b0b18dd83a3782acb700e155ea9a60ef193bfa8c98999e7cc3c5b73a97c20a974cc956ab438aeeba812ec2d2f401fb2e714bb9bb5fb421fa4b7a2313

/data/data/ir.iut.pishgaza/databases/cheshdb-journal

MD5 aa383261b4c73e0f0a483bb3c4a6b204
SHA1 29dbd0f8dc2237130e2cc6f64492fec14c0400cd
SHA256 4cc7087aafa97fbfc927ea66eccfa3a22af5b4143c89a5f180e621bbd0411156
SHA512 4592a926353df3174b59d39930ce512c496f6c205b46c9e5322f295d866dd54f707f2a9f19e66b4ae714ca4d4894e077d1275633ef8582c82552cab5aff47f6d

/data/data/ir.iut.pishgaza/databases/cheshdb-journal

MD5 67a0237f803865e4475e86b968149c30
SHA1 f2886389e623da2e39bb5fe943bdd33494673e3b
SHA256 ff04e8a75325c62f25e16c2997d44ef85936474414c22865e6ac6c6ac28b3a86
SHA512 6dad25cd992abc3cb3dd6adc85de39b1d9011d641e490197d2a72ed8f99d6dd04c85f513612591a376c185b2525302bc23a15de785e55bbd4950b4abb16feec0

/data/data/ir.iut.pishgaza/databases/cheshdb-journal

MD5 c68a4a02d8e6b10b07ee0a04e64136ac
SHA1 519d3b8b02899215ace2ec75c34e551763c615f7
SHA256 5dd59e0ce51acc1d3d0362527f6fbd3b308c8c9c3dbc4b529f77cf402f208b85
SHA512 fcd99f915566e339b1a8e6abdf396c8ff8c9c921ec9fe5cfa50af94923370275b9b1dbbf0b13e8da6439935737c4731576a668917d747d9625f677295136b528

/data/data/ir.iut.pishgaza/databases/db_default_job_manager-journal

MD5 437ef6c9d8bb73af29f1bdd532ace56d
SHA1 0af88b1282b35bacc76b6da57c557feb1f8b05e5
SHA256 55e1d23a769e49d2a0e242de130d8b4489b37f8d053f00732800358b16d53125
SHA512 9fabcbd11767140030639d086d65dd339cad6b08db4766c7f71902fa978776aeb0d3a7d096f280ea79a57873c4327a59902f9da68553527f066b8c2d7505ec99

/data/data/ir.iut.pishgaza/databases/__pushe_base_lib_db-journal

MD5 a6df8af06365b1668b57d2b0d6db74d8
SHA1 a8d119782b37c061106b48ea5cce164cb550025f
SHA256 632a57acdd941a4af098898217dceded0d0586f9e05aef67768e423cca12d508
SHA512 aa5dcde4ab4a9688982ba6fbbf05444c8860b00332f55f8591710e3fea5fd614eb3bb6157bdee7477ce6eee05cb6d3b82ced8ddc93adc3ae638ee8347d869675

/data/data/ir.iut.pishgaza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/92f1c8ea-b7b8-4800-bd3d-9c6662838bc2.jobs

MD5 fea1f08b623da7499f806e8888ea867a
SHA1 bf39560cf518b34b5b006078f1d91398e2dae236
SHA256 0b115d014ea7ae8e1d71f5f575e8bda7598c17c8798c4202552054f2958a43e9
SHA512 8d6c8065d81ddd55c65ff0e67e727b1d5bd87039f7df2be33fe9a75140d42fa98c9a5f44a8849323ca5e7def18e55fdb6cdcc56409a236a47e9bc67c6fb89f5b

/data/data/ir.iut.pishgaza/databases/cheshdb-journal

MD5 2d08c6b382f795e12ea28d0c28160385
SHA1 e44c5b2f92d2b6ba47053802e3aae63f01534990
SHA256 1f7c4ab4680ed9f05c891fc76667243555e2ba6a2a34f1f3ed4dc2f6785f60f3
SHA512 dc585d07e36c10f8ee33062be211ef58314396b236dd5cdf5022307334a5e1e38a7b625a161d49a7f8b557639af88df4d468b21a0625861b2d21f67fba728db9

/data/data/ir.iut.pishgaza/databases/cheshdb

MD5 838530d6f7e8951289ff2a2a375c281f
SHA1 884ec7b7a47dbc694b0f639652ce0dc468ea9972
SHA256 f04605688a086f1d769180f031fd0abfef05147df8f68f495c228f88afb124a3
SHA512 4b5872d421cb1f35f332297c494e881426d5f818c3fe067249d0fda6f824d472656a11fa380cc630cd0fb6d2b45c28e908d4d6dd2acb68d78fb380b57af1894a

/data/data/ir.iut.pishgaza/databases/cheshdb-journal

MD5 4b165afc65ab2b2539bf5b9f91a2ae9e
SHA1 e8dc23c29f6708434a08ff8bdf81b38739d7df9d
SHA256 c79ba7049d2ab4c569071aff500b2b0a5f98ee7f5ae592b2127e6ae0b92dcb54
SHA512 bf1b728b67f91e8fc72f0540d6dd00bffdccb0608fe84663d4bcbc17260120c366f10f2adbb4c92e47b1ded06af9046267c9575d157c0e5461cb8c9981aec01e

/data/data/ir.iut.pishgaza/databases/cheshdb

MD5 b17398fa2ef96c0a83eed2aa573bf462
SHA1 372d8fcf1c02b0457d935f6e1de1e1d9cd211077
SHA256 c7879f329825f19195d5ffaa85dd43845d3b3d936a913067af363981509d6935
SHA512 df76b559c5f6b1ad8a35e20db278ebb605417e3950d2eabdd5c303cc7d8cde4734f4aff48e5d3ebbd61de420b36968177894375db9c9ccef5d33306333020b25

/data/data/ir.iut.pishgaza/databases/cheshdb

MD5 800ac1aa693143b4ddaf5e4dc0b871f1
SHA1 a0798fe18ed262e098e00a839c12aac3483fc8a1
SHA256 4474ec389e10c663029c0b888174514b8b66371c87e86a41de1c437a4267a815
SHA512 f9a667fef7e391fbf20f3b29cc93f49f65ced818f27131b0b70efaa9de147519c7bdd325762b11f75cf7c8ee0658e9e1db3b726f2b86b20c56b14c3f5868547e

/data/data/ir.iut.pishgaza/databases/evernote_jobs.db-journal

MD5 df60ffacb52de2dcdb814030cba6b618
SHA1 a26cdac24798d511d73c64280c58ee2fae0404fa
SHA256 eeac87c0d0feb547203a2aa5c749181a8163e89c7f136efde81dc36f127a3268
SHA512 04b700d69be49c4363536939eef03121acb8b4c7457fb692df680b8d6bb3f7245275e0fea4e1d821939d2090dd29ac238d578373e628a8f8a230b8e3fe12a0f0

/data/data/ir.iut.pishgaza/databases/evernote_jobs.db

MD5 163b0e3f017becbc89b9d7f330b78f09
SHA1 1ef9cd8ac8655190468d0ccece0a4738634ab0f9
SHA256 cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36
SHA512 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 21:31

Reported

2023-12-25 00:40

Platform

android-x64-arm64-20231215-en

Max time kernel

2657644s

Max time network

169s

Command Line

ir.iut.pishgaza

Signatures

Reads information about phone network operator.

Processes

ir.iut.pishgaza

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
FR 216.58.204.74:443 udp
GB 142.250.200.14:443 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
BE 66.102.1.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
FR 216.58.201.100:443 www.google.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/data/user/0/ir.iut.pishgaza/databases/__pushe_base_lib_db

MD5 2cdf77d5c14dd3f313b60c691579a0b9
SHA1 6a74a7a3170cabead82152871c90749afdd6f310
SHA256 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0
SHA512 eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c

/data/user/0/ir.iut.pishgaza/databases/__pushe_base_lib_db-journal

MD5 a2340d4c8ee9a52fb84aadb4a08f05cd
SHA1 03396a6d9553b4a9a3702727c9ea555ddb600733
SHA256 191bb02c92a37cfd8909cf6c36ae6fb654e6468300f5d8c812bca74de8071f47
SHA512 b6dacd1aa439c03a1cd64b8e6bf8227a16aa374d2bdd251954b6f8f87c0eeeb9526628de130c784f20f056b5b0fdc31b4cbf0e9751358330cacb429e87f89b6e

/data/user/0/ir.iut.pishgaza/databases/__pushe_base_lib_db-journal

MD5 663dbf433f12abe3f2ad61e1aef94ec1
SHA1 1fe85c4d96900c2f625a0c788335908a30b2343b
SHA256 5f761ce30a36bd4ef9193e6e8e42929a0f9a052eb3c01edbbc8ceb70cc384245
SHA512 a4294366c9cd56b8d5a3378034cafa26aea51898d0e743df3f928a153d28377bd22d1c45b9e5e24b656ab51e70f5ec504b7e8a0df835f63ca0e102b84a639720

/data/user/0/ir.iut.pishgaza/files/db.db

MD5 ee30dd2caf32f0e61d7dc8d0cf25cc58
SHA1 37b43fdb121be0f68eeee455be64cefce033594b
SHA256 60092fefcee208082d86b456676384aac7589e0b575917d445fe6369b036496a
SHA512 45d6847efefcfd623a9812c87a1e80bf82f6e825236535e7c29449cb7d445cbaf553f8c1513591765bd2fa36558bcf7b11ae9f82120e9fc94de56c26e69ee3b2

/data/user/0/ir.iut.pishgaza/databases/db_default_job_manager-journal

MD5 d3b6aaf3e8417b64691aa50af51c7222
SHA1 1fbb911c19e98a7a880f269b10974fd78d897f75
SHA256 60d9c583065a39a0dcd59cdc3473d448ded0e4352dceb5c38164ffe88ec2dea8
SHA512 61014bdb7d06bf1b8cedb81c7e5d4c16e7d2914872410703b2bedeb928c89fd6cb6bf01bbab8846948284fac2ca341d69ab3227716b8531299cf66990b29f326

/data/user/0/ir.iut.pishgaza/databases/db_default_job_manager

MD5 0d4fdfcc9eb6739770b1c3900c0150bc
SHA1 343dd5174c88c8459cfa7739f6f1847a11a12580
SHA256 df263f325324584b29e164dbbd4d6fac303d4c87d7540649906f300d2d5d4046
SHA512 e0bb5e51673bd98c0cd799c9a6ba9b570ef5ad672c68f34bb823da913dc20a9d7d35cf459923fce43ed7ce87b52b10321ff8b13745962c792b1d4838b107072f

/data/user/0/ir.iut.pishgaza/databases/db_default_job_manager-journal

MD5 151019c1c4bafa496dede9c6450e664d
SHA1 f2cbc32564b69b8c75c3df8470906d9826592270
SHA256 de87818fd5c25ed8eea186556a669c18a83e640d41f1247dea8784f5312d4b9b
SHA512 a948eb199e03d3f77ee73db12987aa2143c4dd9326fbca19241d6d96f52621c4c240628a369db611589af8478c30b6d5cab734f658751ee6097631ed2c414886

/data/user/0/ir.iut.pishgaza/databases/db_default_job_manager-journal

MD5 2dd9b84fe061dcd49a5ac757757de5d8
SHA1 b63e090e6087826088426a8f00bf264f6701f1e6
SHA256 8fcd8317b0227f2398a537dcb0f6e433a615d0dc46aa275b8dccc17be74e1781
SHA512 81001db621e1d6cb9c0b48b45ad85bdd3153f02152141402b1a69427561b898fe595b240bea6dee550a077995f79602eefa12c970d10c4bb1b61bd253f49b38f

/data/user/0/ir.iut.pishgaza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f3a74a81-0765-4fa4-946e-64cd09c6c7a9.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/user/0/ir.iut.pishgaza/databases/db_default_job_manager-journal

MD5 64a99d557ea4ff5404c07c4da4a7c8e6
SHA1 a7c18b00314f6e24707497dcad557bd76dcb55d3
SHA256 4c5d6c6d134b9b907052e182050485669e40e3c32430cca72b99da6a92ab70af
SHA512 45626b023f52fedcb2bd4d142e1140a47d5eadd0676cc4d28c954be37d74fbecc4e5a4945f139da14b548bc52613e2e6be4a21978c5b008593a92b439b8fb985

/data/user/0/ir.iut.pishgaza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6ba89160-2135-4be0-b0e2-487dacc47b27.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/user/0/ir.iut.pishgaza/databases/db_default_job_manager-journal

MD5 4f955439fd6fcfb94cff8efe7294ef4e
SHA1 3895f616e745b224a471dd4e5a874eca6afa63d7
SHA256 947634cf90c0a1a487e7830a7c2da9d8b058ffece72700a79a4689a08b6cfdff
SHA512 f3b9347dd014aaf17d79aaf06ca4507ff38daa03a509d84931242fe7baebcc76049ab2099ba9bbcb910fc4e7ddfd49611073bc94c2a2600ffe00524d0a29e334

/data/user/0/ir.iut.pishgaza/databases/cheshdb-journal

MD5 b46543ada1a8c3a6cf96e4fbd5e82093
SHA1 6d1f3e82a008a515e31da787c7208d3b914e88be
SHA256 936bdcaf70a288bd44110dd01cf4c9ef389c59eb605a56c713c8376835570691
SHA512 4924e250798e6acd95652147482d8804330dcfecb1858c7bbbbf75330025380245acc1597197237bb31a1cdd9b2611fd830f715b2cffab3f4aefe6e18c5bcaf4

/data/user/0/ir.iut.pishgaza/databases/cheshdb

MD5 0660d3ef5f0245096a9fa0f61d6a8666
SHA1 282222362a5a05e3153b7f6b49ef35c667b19542
SHA256 1091580378b83e0ab3222d05659ab9aef1d2c65d766d5e04735b628d7a760ba2
SHA512 18bbe88051278314b76611bd68156ce60a9c3af3818d39991fa58d28bd9bcb8476eb00ef52ad8ae7d16c1d7ffcd9f2e8a858e2fd806ae59b5d85a8c3a9ca12a7

/data/user/0/ir.iut.pishgaza/databases/cheshdb-journal

MD5 e7be18c9e1c9f5e2cd3283d9490c8f00
SHA1 5c01a14e70809663cfe8d3bf561f5e33f71187b5
SHA256 c054ee9aabaf174f4fd9a428b6603a43a357024fe10f28cfc17859b4ca02c01d
SHA512 41db1c3bef5812846a596b153decc7b4f5789dd48e49e1b4226cef63d68a2dee5cd4566fc07a9bb2cbfeb374609cabd5ebf75cd3e931a163db4f91c7a3635c63

/data/user/0/ir.iut.pishgaza/databases/db_default_job_manager-journal

MD5 e56decc0c08cd8fc4a8e17be793c2293
SHA1 71c0c7bea70c0ff630469f7e356c09ed5d4ac412
SHA256 100096489b7ee32361937de2ed9b3bd026902f2528d30083f15a968d220cb2ac
SHA512 3120d71ebbf2ed8fbc3e513b2b2d6c800f4b8fe2048c3cce23f056c3969d101c415ff73bb24cb24728e66830787f9961364f71cf0cecf88d9e5f8280252a6b48

/data/user/0/ir.iut.pishgaza/databases/cheshdb-journal

MD5 648b8eebbd65cfd5c336cfdce1cbf2f5
SHA1 3738e4f330c824a1c100006af64c140010ddad83
SHA256 6b4e80bce2817135a306b13a7f7ee8f42f5deec7b42800d50ed043bce731e361
SHA512 a4238b16c45f811caaa742c8c70cbbdd4e7faf1fec79c4aebc2c2e5baac63e464075ca9a032e918c99ef4c26e0cdf66b83da15babf059ef0fc18d7c469189bcc

/data/user/0/ir.iut.pishgaza/databases/cheshdb-journal

MD5 445229ff8d9068a592517fd9c715cf61
SHA1 bd20eef149e905759393a4b84b58c3088409cbf6
SHA256 8ee858f78fe1422b150c28b89a9d4749d50bc9fc3f77d99fe163b360a1776d77
SHA512 4082bc3307dd9335949ece79e96d395bb72565e4c83198655a4d2dc8636e4b750efa7897ba1fda6540999961a0df6c9cdfea201eb8393d7f2c79ea0ca61256b0

/data/user/0/ir.iut.pishgaza/databases/__pushe_base_lib_db-journal

MD5 11d0e8180e5e4e769376b7f865d23dc6
SHA1 1dd2316c4d9c18ef766ef2a182a12a57e55234a5
SHA256 9634722a408c2ead8821bae4fda4f565d721898ba46f13aa9fcff5e922bb4013
SHA512 f340185c84569ff1c9d6face47eacea840267ed3ab146d4d2e9d9b99a78662d1eacbe3584a173a07cd935c22284f998e13bc54b2086a43041926f603201cee40

/data/user/0/ir.iut.pishgaza/databases/cheshdb-journal

MD5 0652f6820fac3e7b9181d855d763f7dc
SHA1 4f8c76858e7287eb790cc69cc8e157af71b6a83f
SHA256 a4b5c311279139974990ea304405f65edd76da26def0c31706364b107c39bf42
SHA512 b04d343b59ec78623b0acd7c8422db3dbf6ecc3190cd69770950959d35a9f940aca363dfda4a72b373cfc999e13350208c4ce3a8e497c7a857b098d33f519fdd

/data/user/0/ir.iut.pishgaza/databases/cheshdb

MD5 2931f73c53dfef28a276f74d25189b8d
SHA1 dcd63c7750434210d08855a7f0d3266760dcd79a
SHA256 46cc4f7e831e6c9231c6fa00dde9e8e0dfde1dbeefe7ebb4a6f9190733e5c728
SHA512 b11e4a43207d1bf29d8cf8ac9603651f9b391628ff2b77e04aa3205846b5dfb9255a79e6aed9aca540a36dcb0fd540a934ab41f7bae7885bfc5d787960eea3cc

/data/user/0/ir.iut.pishgaza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/585a8b37-8126-4ab4-9831-2b24c72e8cad.jobs

MD5 75d5b142377d89a3f02e7cb5b204c662
SHA1 ce8cb5cad518c4fcd667cf7c5b598059436c9912
SHA256 8f6e9a85735d1daf383ddcb609fe79092375e21e2a3be1f3fc7b117e00449b24
SHA512 23fac9a744218f52a9e06c843488b7ba5bd6fe4411c107cd90151250906cba82b16af0c4bad7360be48004a958249e6ce4e2286160475c6407188eb918605ff7

/data/user/0/ir.iut.pishgaza/databases/cheshdb-journal

MD5 800e95eff14fdac8e35c139c882ba703
SHA1 fc387976cb76ab96936681cda9fa714a2692e580
SHA256 60add88e5fc168a481f8c54c36baaf0a33808b5716b247027532d90cc0a78690
SHA512 2bb168f34d38b29f85079e6c1065b69b25db34dfb71456b5b42e4b6184ab28da9270f48a8e98431e35a1d5c72de3a7d7dbc99942e38014f56bb87bd23a169f04

/data/user/0/ir.iut.pishgaza/databases/cheshdb

MD5 43dc71e751ff48a97f7ae7abcef42d6a
SHA1 f0e49716bb10b7fbf0c17ac7d31de928095e1312
SHA256 ea3fe61319389db7c226abf9d9706df2704471f071315c1e57965fc6017289c3
SHA512 26e64bcfc7d186780fd244934cfe99d41adc7a588ddbdf31f977cd4e727c7c20cb67c8c490fd718163bad548328eb13e53c7c72f7d3beadd0e0c674471aec901

/data/user/0/ir.iut.pishgaza/databases/evernote_jobs.db-journal

MD5 2e301b272616a0a0cac6274950ca8d7a
SHA1 9a024aff8de9ad3c727bbe56fcfe129ba1245c51
SHA256 c48bc558950a87f53d07683c8effc86aca5db01079b93d8d26238b9f96f5edff
SHA512 3482292c289973beaebd1a60c3873de20f8b7483db5d448020f1ba61c279edce43d2a593f9902b0bc545dda51eef5719e0e0be906aef23b669a24c44b679f187

/data/user/0/ir.iut.pishgaza/databases/evernote_jobs.db

MD5 520b324339bc541aa166437776f8f844
SHA1 09bbf459c4102a341897b2d227f3b99fd5fd9f60
SHA256 fa1f4bfd86170104b8ead147da53735afa2182c930878f98740a4c1f0f20ebca
SHA512 4d91fe84a338671b1bcca164790faaffa8d2029478354f26bdf7a693da1f62f89926e0a34637d664f48afe2b1cf9647139065014f8b71db4a923d575bb571ff1

/data/user/0/ir.iut.pishgaza/databases/evernote_jobs.db-journal

MD5 d1014d9180230fa3b7f6cb3796c766d4
SHA1 da13dc435bbf62edd2117166008996e12651d9b4
SHA256 b0ea1e18ca62be50d3458f134d306f0f3450f93a77b272522f212d848947d945
SHA512 c1918ac9f6d2c6799df6ac120d4d46bfb7c36989088fd3056199cf7cda4c7375da5da522fd635dda0d5a42c049ce68da663f769616c0d1f4712a0120bd09ddab

/data/user/0/ir.iut.pishgaza/databases/evernote_jobs.db-journal

MD5 915f0f02f5c80845ca84116e8acbef0c
SHA1 7398ad97d68149bc16c777e43494d2ec00e013d4
SHA256 27d1adae9fef59331b7cba08c5d81a4bb0fe6116ee14b91925086b86ac6055ff
SHA512 e43796d911be482e70cf56dd119e331cd437a8c1cb102225540597c05d83c3fb0535abe3521ab6774a39cfa171e41d2b5720e5030c3de08cc7606218b6a0f2b2

/data/user/0/ir.iut.pishgaza/databases/evernote_jobs.db-journal

MD5 636d956a84e3835cc36f0970f75041f1
SHA1 024bd2688d9335bc696e2d84899f7b0a12c986c8
SHA256 841e5071a5deda5d2a5385eaf70e61e9922605dc9370e4e2d47fedd86420f0e2
SHA512 4e3052e56960f418d87d1a5f4eac6de4ceb679e14bc8d1d5902298fde57527d861c5564f4f638130b9cedefd4901dd2d12ef38d443fbfa5a639eacd451c0ea1b

/data/user/0/ir.iut.pishgaza/databases/cheshdb

MD5 f5a47eb776fa2c812635e82880f0e282
SHA1 5c44fbce1e1ca3bbdcd1cef1bbe248cdebabf320
SHA256 0264d26e28020f262d6eb912e1f0d0ab94d84d57bbf576000ba048593fb9bf55
SHA512 ae23b8bdebd9bfe3fe3734f03e1166983aa27987e47b08411985ce129e122d3126456bf9bfb0c70d1c3f095c64bf9382e35e9db992b3611fb6e37b02336dcba2