Analysis Overview
SHA256
9281bdd9a5fdb3dbc2c00d5a55395abb2ec426193d690b8c09017b82d0a173fe
Threat Level: Known bad
The file 9281bdd9a5fdb3dbc2c00d5a55395abb2ec426193d690b8c09017b82d0a173fe was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests dangerous framework permissions
Reads information about phone network operator.
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-23 21:31
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 21:31
Reported
2023-12-26 10:36
Platform
android-x86-arm-20231215-en
Max time kernel
2779809s
Max time network
130s
Command Line
Signatures
Reads information about phone network operator.
Processes
ir.iut.pishgaza
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.14:443 | android.apis.google.com | tcp |
| BE | 74.125.71.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.228:443 | tcp | |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | bqizyydx | udp |
| US | 1.1.1.1:53 | chnworyf | udp |
| US | 1.1.1.1:53 | uixxltzcjojtizi | udp |
| GB | 142.250.179.234:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/data/ir.iut.pishgaza/databases/__pushe_base_lib_db-journal
| MD5 | 702310721c3bec5d7617987678f25265 |
| SHA1 | cf18c4e76b2077f9ffcf8db563a58c085ed30bc4 |
| SHA256 | 691184fdc93d9a604d713fe2be0e7092fcb66ae07de492d70b1b6d34b50985cf |
| SHA512 | ca590d262d2c3f4b24cfb037e3d8be60c79c2045ea61ac6dd110a10b0f6efdc6e513aa29c7b773dc2eb70426cf756fa88db869b1325362a3cb660ac494971cdb |
/data/data/ir.iut.pishgaza/databases/__pushe_base_lib_db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.iut.pishgaza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/48ae35c0-21d9-41ad-a2ca-55d578f388b0.jobs
| MD5 | bb50e0cbeab3bafb0d0dc003103570e9 |
| SHA1 | fdc21cf6d042d8ed194114ad564326036b93f1fc |
| SHA256 | 70e7efb637156e2ceadea8fb3a09a408b68620475ae297e54b07335c2faf2520 |
| SHA512 | cae58c53059b917896269ea1e2a7134c726a40695b66614a0bcd5f45985630c4dd8fcb620b05567b6286d293a00530b28b84bdb3f0fb8657940550ecde210fac |
/data/data/ir.iut.pishgaza/databases/cheshdb-wal
| MD5 | 1fa0cf6231878286f21fd703b0a27e51 |
| SHA1 | cbdc4f4113d8eeea628e9d8698a7cee937a2a6d5 |
| SHA256 | 908564b94655f52a1e8c4f0c2b10b6112d96360f3cf221de9f7c0eeacece50f4 |
| SHA512 | a231a0fdff2cc69b869f12b05f6b968725842051cda31c0b52c4b59af455e86565157b5bdd97a7eabb8bc1dda276d58f11545cce294bacbff6b3dbba43d8219a |
/data/data/ir.iut.pishgaza/databases/evernote_jobs.db-journal
| MD5 | 0255f0b633d016a7a4c3ce4e779cfc04 |
| SHA1 | 7fc1004479739e96365cb1ae2ce96ba729d7b5a3 |
| SHA256 | e21733d26391591540c38829e82088c911ddc46eaf5299e86f56beb5753d689f |
| SHA512 | 7f4f50e7baa578a2da85e23d4ff5f237d27d2b127c911747a843b09107b27e7dbf21a29b250b53f227da3c2bd8ccf1c6126e1376af56f11df93a90f4156a575e |
/data/data/ir.iut.pishgaza/databases/cheshdb
| MD5 | 46f70af1e699770366af5955df2f5028 |
| SHA1 | 03124b1e120bdd5b2ec428ca78ee6e12d3a7a845 |
| SHA256 | 183510a5fd74f70ee9262624170423311461d173e968fd6ec44ce18d36b375c1 |
| SHA512 | 5bdd7c355f123931bf396d85faa83382337e1ece2d8a419b544f916e4e42cbd9c797604a1fa359bc0eef3223ccd2b4852431a7f5034237f8a440ab9be336ca8b |
/data/data/ir.iut.pishgaza/databases/evernote_jobs.db-wal
| MD5 | aed1bfb056ab65d5427a40a6aa6e7d9c |
| SHA1 | a0518d1bb1624e95d063c75cb25288ac65c62f85 |
| SHA256 | 380cfd45f39a7597b1792451cab691f7c1d64d2c3cbbf9a5c8ee7ea5b187bf84 |
| SHA512 | c60496029d544cf4119826c438e22ec787bd67d33367fb6f0e255e7f1129170bacacf44357a516435d61ebdd224ce49a792cd9ab9ffcc38eeba7e46efda04a4a |
/data/data/ir.iut.pishgaza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/eedb2cb0-7f5a-4770-b69d-c72bdeeb17be.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/ir.iut.pishgaza/databases/cheshdb-wal
| MD5 | c81c5a2f790dbdcc85571bcb8544fac1 |
| SHA1 | 05f0931a277496bd785f1830a0b745348e9a6848 |
| SHA256 | 0023afcdc3b1f3e10c1c29fff43d13683b7a3a4c327ad4f72c8f77b12bcc4fe6 |
| SHA512 | aa44a6bbec4c508363eb96bb612f05753dd823daf7eddee4c290c64493bb4eb5122a3bfda28895e69c5f6a7fc753136d1a8013c9641bae4e89b01d3f21aac896 |
/data/data/ir.iut.pishgaza/databases/cheshdb-wal
| MD5 | d5b66e942ce27306c26f1b128996c021 |
| SHA1 | 2f977c80352bf0324f5f03adaff9bf0382484a43 |
| SHA256 | 6b2ba56ce26cad053940f4642aa4ea5d4937bbf58c6f4d58951e294134fafe02 |
| SHA512 | 24b5f961ab17c8a255e17818e778a0f185c550e191ea7d70c96e07ed696cacd9f5fbcaabc838283c9638dc8aa8e01f1e316a4933b6eaa5552928866989c5c33f |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 21:31
Reported
2023-12-25 00:40
Platform
android-x64-20231215-en
Max time kernel
2657618s
Max time network
130s
Command Line
Signatures
Reads information about phone network operator.
Processes
ir.iut.pishgaza
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp |
Files
/data/data/ir.iut.pishgaza/databases/__pushe_base_lib_db
| MD5 | abe9fa56c177c65db8c072e6d81fc41c |
| SHA1 | abe9e9bb6f7294324f549af4435f58578ae69f2f |
| SHA256 | 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a |
| SHA512 | bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a |
/data/data/ir.iut.pishgaza/databases/__pushe_base_lib_db-journal
| MD5 | 2023833594662f681e3afb29418078f0 |
| SHA1 | 1d6377f74dce5f204f911393c9fa59728e7d63ca |
| SHA256 | 76a21b4441423268a0472694693f2efe8e790884e9b2709c0685ac1d08aeb2a8 |
| SHA512 | 9cdf3eaa302d4fac2b07594d87401c8cc40d98fbe09e5f1a34400a342ad3735b77ea6a30f0dce0bf166eafe088a08d901fdb8a3df02ac6b577dd2cb87131dad7 |
/data/data/ir.iut.pishgaza/databases/__pushe_base_lib_db-journal
| MD5 | 41e1f9d506fef3ea57f27e9eb6df0ccd |
| SHA1 | 136c89c2912f23e5f688b15a4f5df4bdcbf23811 |
| SHA256 | 4f15692c2e2cbfc45eee5857dd72ef6cb083ca83b99532dac4a0de955ff29de8 |
| SHA512 | d974ae19f0aa7aa82b2889b7169c6b61e30c3f429ac0f517e28361446498669e74eaba1b557e89c5b9180e6676915a5e25b05009dc95bfb7024d7cbbec829da9 |
/data/data/ir.iut.pishgaza/files/db.db
| MD5 | ee30dd2caf32f0e61d7dc8d0cf25cc58 |
| SHA1 | 37b43fdb121be0f68eeee455be64cefce033594b |
| SHA256 | 60092fefcee208082d86b456676384aac7589e0b575917d445fe6369b036496a |
| SHA512 | 45d6847efefcfd623a9812c87a1e80bf82f6e825236535e7c29449cb7d445cbaf553f8c1513591765bd2fa36558bcf7b11ae9f82120e9fc94de56c26e69ee3b2 |
/data/data/ir.iut.pishgaza/databases/db_default_job_manager-journal
| MD5 | 833fb6123dd3df3db5d0a58d05d48456 |
| SHA1 | 937435e75ae051509bea995e7982057de3ba3c1b |
| SHA256 | d8d677b05475ac7b0c22994e37af814c13f7847ece9ee9b99c726f2ec54eb70a |
| SHA512 | e6048112f5a84a54c4842ea2c0dca764d4252065a8904b961105781c02154c59e796fe12ed0a3cb9c06d85dbf2710d1ab7ece1f1810b15d31eb7dd91cbd576e4 |
/data/data/ir.iut.pishgaza/databases/db_default_job_manager
| MD5 | bd9575ff99d58a42d0675be672af9931 |
| SHA1 | 06f8bf09530d245244f6b606ed4ef726bef2210c |
| SHA256 | 6f46335dc383b944e9a4525729b1315ae8ba295c17ed8ad95a42a6f26df386e5 |
| SHA512 | 3dbe5a9d77c7fe0f0a2933716453d859417374d7609112ac4a30aee549d9f8ec535fb30ad2610e1673a97a8704d67573c7b2e3845f498a4229a6df3c89a21282 |
/data/data/ir.iut.pishgaza/databases/db_default_job_manager-journal
| MD5 | 21598b1b5ea9b09ed4b28f50cfbeb9f3 |
| SHA1 | cd7107008f53ebc2e3a0d48d7542e456aeba8922 |
| SHA256 | b7b413b071a425833d46e6b6f53f4dd4a636be6e9fca8800aa319d80ebbae7d2 |
| SHA512 | 8e140077f1a3324a7fda1b7dedb2fc8285311205d634be9d97d888540aa989370a50ff9446f4256305765df33dd953100e2c21c3a0fb9856977913da0d81c3bf |
/data/data/ir.iut.pishgaza/databases/db_default_job_manager-journal
| MD5 | 1c505b3eadbc71410e3f9f8ba6a45d47 |
| SHA1 | a8c3bbc0d8fe92a28f7c8466899e01ae110e02a5 |
| SHA256 | 96638e1e9da9697a4906356f8974d13824cf005abfb3cbb277e889c34c2a9554 |
| SHA512 | 04eabac8c2b63e113a6e7d052e466f2d7cad5220cf39f85abe6b0c843cf1e1881f49383ac91ca7f7fa6e83ce5a998a4e95f0a1098ded967842861cf385220416 |
/data/data/ir.iut.pishgaza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/d9d7338a-0594-4696-84ea-bd745d31826e.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/ir.iut.pishgaza/databases/db_default_job_manager-journal
| MD5 | 2741e8493265d2cd29edb9ad2dd88365 |
| SHA1 | ae84ee4a997f257725d4751f70701e95d102d692 |
| SHA256 | d4d33739fcdf82f6b90dd0efab4e2c080f55e3899f9e8543de6d87a1744e1058 |
| SHA512 | faf0a7b013ab0339dc4a7d3e214a2a809aac3debb690d0e0ee41aec7d84c7082efe22ae459509ce96efb94ab19dcb569e77528b58fa0ddb8425ce68d237db933 |
/data/data/ir.iut.pishgaza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/eafc161d-8b2f-423c-99a1-326ac823ffe3.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/ir.iut.pishgaza/databases/db_default_job_manager-journal
| MD5 | 68a06356136494e0030c11a5b190bf5a |
| SHA1 | 6e80d8574029c0fb06de676af82be897a2b0975f |
| SHA256 | fbb07803261988e3418cd549a9100843400daad91c284f5bd9bc842f150cabde |
| SHA512 | 5cc5fa2acc055ea6047a7c1bc9eeb4845894388be4d7178a4a68d808507433ddd4dc6f1486eb1f07f505d80d3ee6c681e5b1583fc142d064703cd9de12e47324 |
/data/data/ir.iut.pishgaza/databases/cheshdb-journal
| MD5 | 5c9735737da53a0a665fe136fadbb65d |
| SHA1 | f60bf02bcf60f3560b586057000e941333d48c3f |
| SHA256 | 70b7b7c37c83aa86d58697e944b6f91c336c0cdfeb52b595134afbc9323c4d44 |
| SHA512 | 2d83481937613b674b796d221960e37f0b71bfc9a940b6cc1f876164c4b7663ed62ccb05d95d4d8b493b5dd5e35c57e24c16ea71c380c9dbae76886ff653caac |
/data/data/ir.iut.pishgaza/databases/cheshdb
| MD5 | 259a1e4e7ebc4b0d0341ffcf0c3bc2ea |
| SHA1 | 9b8da5a0b24833a3e84567d9d8ee0d2f54d7b48c |
| SHA256 | 4f4987ac3d84abad3490459fa7a32b7bfadaae5f329e15dcff36e07d34faaeb1 |
| SHA512 | dc1296e2b0b18dd83a3782acb700e155ea9a60ef193bfa8c98999e7cc3c5b73a97c20a974cc956ab438aeeba812ec2d2f401fb2e714bb9bb5fb421fa4b7a2313 |
/data/data/ir.iut.pishgaza/databases/cheshdb-journal
| MD5 | aa383261b4c73e0f0a483bb3c4a6b204 |
| SHA1 | 29dbd0f8dc2237130e2cc6f64492fec14c0400cd |
| SHA256 | 4cc7087aafa97fbfc927ea66eccfa3a22af5b4143c89a5f180e621bbd0411156 |
| SHA512 | 4592a926353df3174b59d39930ce512c496f6c205b46c9e5322f295d866dd54f707f2a9f19e66b4ae714ca4d4894e077d1275633ef8582c82552cab5aff47f6d |
/data/data/ir.iut.pishgaza/databases/cheshdb-journal
| MD5 | 67a0237f803865e4475e86b968149c30 |
| SHA1 | f2886389e623da2e39bb5fe943bdd33494673e3b |
| SHA256 | ff04e8a75325c62f25e16c2997d44ef85936474414c22865e6ac6c6ac28b3a86 |
| SHA512 | 6dad25cd992abc3cb3dd6adc85de39b1d9011d641e490197d2a72ed8f99d6dd04c85f513612591a376c185b2525302bc23a15de785e55bbd4950b4abb16feec0 |
/data/data/ir.iut.pishgaza/databases/cheshdb-journal
| MD5 | c68a4a02d8e6b10b07ee0a04e64136ac |
| SHA1 | 519d3b8b02899215ace2ec75c34e551763c615f7 |
| SHA256 | 5dd59e0ce51acc1d3d0362527f6fbd3b308c8c9c3dbc4b529f77cf402f208b85 |
| SHA512 | fcd99f915566e339b1a8e6abdf396c8ff8c9c921ec9fe5cfa50af94923370275b9b1dbbf0b13e8da6439935737c4731576a668917d747d9625f677295136b528 |
/data/data/ir.iut.pishgaza/databases/db_default_job_manager-journal
| MD5 | 437ef6c9d8bb73af29f1bdd532ace56d |
| SHA1 | 0af88b1282b35bacc76b6da57c557feb1f8b05e5 |
| SHA256 | 55e1d23a769e49d2a0e242de130d8b4489b37f8d053f00732800358b16d53125 |
| SHA512 | 9fabcbd11767140030639d086d65dd339cad6b08db4766c7f71902fa978776aeb0d3a7d096f280ea79a57873c4327a59902f9da68553527f066b8c2d7505ec99 |
/data/data/ir.iut.pishgaza/databases/__pushe_base_lib_db-journal
| MD5 | a6df8af06365b1668b57d2b0d6db74d8 |
| SHA1 | a8d119782b37c061106b48ea5cce164cb550025f |
| SHA256 | 632a57acdd941a4af098898217dceded0d0586f9e05aef67768e423cca12d508 |
| SHA512 | aa5dcde4ab4a9688982ba6fbbf05444c8860b00332f55f8591710e3fea5fd614eb3bb6157bdee7477ce6eee05cb6d3b82ced8ddc93adc3ae638ee8347d869675 |
/data/data/ir.iut.pishgaza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/92f1c8ea-b7b8-4800-bd3d-9c6662838bc2.jobs
| MD5 | fea1f08b623da7499f806e8888ea867a |
| SHA1 | bf39560cf518b34b5b006078f1d91398e2dae236 |
| SHA256 | 0b115d014ea7ae8e1d71f5f575e8bda7598c17c8798c4202552054f2958a43e9 |
| SHA512 | 8d6c8065d81ddd55c65ff0e67e727b1d5bd87039f7df2be33fe9a75140d42fa98c9a5f44a8849323ca5e7def18e55fdb6cdcc56409a236a47e9bc67c6fb89f5b |
/data/data/ir.iut.pishgaza/databases/cheshdb-journal
| MD5 | 2d08c6b382f795e12ea28d0c28160385 |
| SHA1 | e44c5b2f92d2b6ba47053802e3aae63f01534990 |
| SHA256 | 1f7c4ab4680ed9f05c891fc76667243555e2ba6a2a34f1f3ed4dc2f6785f60f3 |
| SHA512 | dc585d07e36c10f8ee33062be211ef58314396b236dd5cdf5022307334a5e1e38a7b625a161d49a7f8b557639af88df4d468b21a0625861b2d21f67fba728db9 |
/data/data/ir.iut.pishgaza/databases/cheshdb
| MD5 | 838530d6f7e8951289ff2a2a375c281f |
| SHA1 | 884ec7b7a47dbc694b0f639652ce0dc468ea9972 |
| SHA256 | f04605688a086f1d769180f031fd0abfef05147df8f68f495c228f88afb124a3 |
| SHA512 | 4b5872d421cb1f35f332297c494e881426d5f818c3fe067249d0fda6f824d472656a11fa380cc630cd0fb6d2b45c28e908d4d6dd2acb68d78fb380b57af1894a |
/data/data/ir.iut.pishgaza/databases/cheshdb-journal
| MD5 | 4b165afc65ab2b2539bf5b9f91a2ae9e |
| SHA1 | e8dc23c29f6708434a08ff8bdf81b38739d7df9d |
| SHA256 | c79ba7049d2ab4c569071aff500b2b0a5f98ee7f5ae592b2127e6ae0b92dcb54 |
| SHA512 | bf1b728b67f91e8fc72f0540d6dd00bffdccb0608fe84663d4bcbc17260120c366f10f2adbb4c92e47b1ded06af9046267c9575d157c0e5461cb8c9981aec01e |
/data/data/ir.iut.pishgaza/databases/cheshdb
| MD5 | b17398fa2ef96c0a83eed2aa573bf462 |
| SHA1 | 372d8fcf1c02b0457d935f6e1de1e1d9cd211077 |
| SHA256 | c7879f329825f19195d5ffaa85dd43845d3b3d936a913067af363981509d6935 |
| SHA512 | df76b559c5f6b1ad8a35e20db278ebb605417e3950d2eabdd5c303cc7d8cde4734f4aff48e5d3ebbd61de420b36968177894375db9c9ccef5d33306333020b25 |
/data/data/ir.iut.pishgaza/databases/cheshdb
| MD5 | 800ac1aa693143b4ddaf5e4dc0b871f1 |
| SHA1 | a0798fe18ed262e098e00a839c12aac3483fc8a1 |
| SHA256 | 4474ec389e10c663029c0b888174514b8b66371c87e86a41de1c437a4267a815 |
| SHA512 | f9a667fef7e391fbf20f3b29cc93f49f65ced818f27131b0b70efaa9de147519c7bdd325762b11f75cf7c8ee0658e9e1db3b726f2b86b20c56b14c3f5868547e |
/data/data/ir.iut.pishgaza/databases/evernote_jobs.db-journal
| MD5 | df60ffacb52de2dcdb814030cba6b618 |
| SHA1 | a26cdac24798d511d73c64280c58ee2fae0404fa |
| SHA256 | eeac87c0d0feb547203a2aa5c749181a8163e89c7f136efde81dc36f127a3268 |
| SHA512 | 04b700d69be49c4363536939eef03121acb8b4c7457fb692df680b8d6bb3f7245275e0fea4e1d821939d2090dd29ac238d578373e628a8f8a230b8e3fe12a0f0 |
/data/data/ir.iut.pishgaza/databases/evernote_jobs.db
| MD5 | 163b0e3f017becbc89b9d7f330b78f09 |
| SHA1 | 1ef9cd8ac8655190468d0ccece0a4738634ab0f9 |
| SHA256 | cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36 |
| SHA512 | 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 21:31
Reported
2023-12-25 00:40
Platform
android-x64-arm64-20231215-en
Max time kernel
2657644s
Max time network
169s
Command Line
Signatures
Reads information about phone network operator.
Processes
ir.iut.pishgaza
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 216.58.204.74:443 | udp | |
| GB | 142.250.200.14:443 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| BE | 66.102.1.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |
Files
/data/user/0/ir.iut.pishgaza/databases/__pushe_base_lib_db
| MD5 | 2cdf77d5c14dd3f313b60c691579a0b9 |
| SHA1 | 6a74a7a3170cabead82152871c90749afdd6f310 |
| SHA256 | 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0 |
| SHA512 | eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c |
/data/user/0/ir.iut.pishgaza/databases/__pushe_base_lib_db-journal
| MD5 | a2340d4c8ee9a52fb84aadb4a08f05cd |
| SHA1 | 03396a6d9553b4a9a3702727c9ea555ddb600733 |
| SHA256 | 191bb02c92a37cfd8909cf6c36ae6fb654e6468300f5d8c812bca74de8071f47 |
| SHA512 | b6dacd1aa439c03a1cd64b8e6bf8227a16aa374d2bdd251954b6f8f87c0eeeb9526628de130c784f20f056b5b0fdc31b4cbf0e9751358330cacb429e87f89b6e |
/data/user/0/ir.iut.pishgaza/databases/__pushe_base_lib_db-journal
| MD5 | 663dbf433f12abe3f2ad61e1aef94ec1 |
| SHA1 | 1fe85c4d96900c2f625a0c788335908a30b2343b |
| SHA256 | 5f761ce30a36bd4ef9193e6e8e42929a0f9a052eb3c01edbbc8ceb70cc384245 |
| SHA512 | a4294366c9cd56b8d5a3378034cafa26aea51898d0e743df3f928a153d28377bd22d1c45b9e5e24b656ab51e70f5ec504b7e8a0df835f63ca0e102b84a639720 |
/data/user/0/ir.iut.pishgaza/files/db.db
| MD5 | ee30dd2caf32f0e61d7dc8d0cf25cc58 |
| SHA1 | 37b43fdb121be0f68eeee455be64cefce033594b |
| SHA256 | 60092fefcee208082d86b456676384aac7589e0b575917d445fe6369b036496a |
| SHA512 | 45d6847efefcfd623a9812c87a1e80bf82f6e825236535e7c29449cb7d445cbaf553f8c1513591765bd2fa36558bcf7b11ae9f82120e9fc94de56c26e69ee3b2 |
/data/user/0/ir.iut.pishgaza/databases/db_default_job_manager-journal
| MD5 | d3b6aaf3e8417b64691aa50af51c7222 |
| SHA1 | 1fbb911c19e98a7a880f269b10974fd78d897f75 |
| SHA256 | 60d9c583065a39a0dcd59cdc3473d448ded0e4352dceb5c38164ffe88ec2dea8 |
| SHA512 | 61014bdb7d06bf1b8cedb81c7e5d4c16e7d2914872410703b2bedeb928c89fd6cb6bf01bbab8846948284fac2ca341d69ab3227716b8531299cf66990b29f326 |
/data/user/0/ir.iut.pishgaza/databases/db_default_job_manager
| MD5 | 0d4fdfcc9eb6739770b1c3900c0150bc |
| SHA1 | 343dd5174c88c8459cfa7739f6f1847a11a12580 |
| SHA256 | df263f325324584b29e164dbbd4d6fac303d4c87d7540649906f300d2d5d4046 |
| SHA512 | e0bb5e51673bd98c0cd799c9a6ba9b570ef5ad672c68f34bb823da913dc20a9d7d35cf459923fce43ed7ce87b52b10321ff8b13745962c792b1d4838b107072f |
/data/user/0/ir.iut.pishgaza/databases/db_default_job_manager-journal
| MD5 | 151019c1c4bafa496dede9c6450e664d |
| SHA1 | f2cbc32564b69b8c75c3df8470906d9826592270 |
| SHA256 | de87818fd5c25ed8eea186556a669c18a83e640d41f1247dea8784f5312d4b9b |
| SHA512 | a948eb199e03d3f77ee73db12987aa2143c4dd9326fbca19241d6d96f52621c4c240628a369db611589af8478c30b6d5cab734f658751ee6097631ed2c414886 |
/data/user/0/ir.iut.pishgaza/databases/db_default_job_manager-journal
| MD5 | 2dd9b84fe061dcd49a5ac757757de5d8 |
| SHA1 | b63e090e6087826088426a8f00bf264f6701f1e6 |
| SHA256 | 8fcd8317b0227f2398a537dcb0f6e433a615d0dc46aa275b8dccc17be74e1781 |
| SHA512 | 81001db621e1d6cb9c0b48b45ad85bdd3153f02152141402b1a69427561b898fe595b240bea6dee550a077995f79602eefa12c970d10c4bb1b61bd253f49b38f |
/data/user/0/ir.iut.pishgaza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f3a74a81-0765-4fa4-946e-64cd09c6c7a9.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/user/0/ir.iut.pishgaza/databases/db_default_job_manager-journal
| MD5 | 64a99d557ea4ff5404c07c4da4a7c8e6 |
| SHA1 | a7c18b00314f6e24707497dcad557bd76dcb55d3 |
| SHA256 | 4c5d6c6d134b9b907052e182050485669e40e3c32430cca72b99da6a92ab70af |
| SHA512 | 45626b023f52fedcb2bd4d142e1140a47d5eadd0676cc4d28c954be37d74fbecc4e5a4945f139da14b548bc52613e2e6be4a21978c5b008593a92b439b8fb985 |
/data/user/0/ir.iut.pishgaza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6ba89160-2135-4be0-b0e2-487dacc47b27.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/user/0/ir.iut.pishgaza/databases/db_default_job_manager-journal
| MD5 | 4f955439fd6fcfb94cff8efe7294ef4e |
| SHA1 | 3895f616e745b224a471dd4e5a874eca6afa63d7 |
| SHA256 | 947634cf90c0a1a487e7830a7c2da9d8b058ffece72700a79a4689a08b6cfdff |
| SHA512 | f3b9347dd014aaf17d79aaf06ca4507ff38daa03a509d84931242fe7baebcc76049ab2099ba9bbcb910fc4e7ddfd49611073bc94c2a2600ffe00524d0a29e334 |
/data/user/0/ir.iut.pishgaza/databases/cheshdb-journal
| MD5 | b46543ada1a8c3a6cf96e4fbd5e82093 |
| SHA1 | 6d1f3e82a008a515e31da787c7208d3b914e88be |
| SHA256 | 936bdcaf70a288bd44110dd01cf4c9ef389c59eb605a56c713c8376835570691 |
| SHA512 | 4924e250798e6acd95652147482d8804330dcfecb1858c7bbbbf75330025380245acc1597197237bb31a1cdd9b2611fd830f715b2cffab3f4aefe6e18c5bcaf4 |
/data/user/0/ir.iut.pishgaza/databases/cheshdb
| MD5 | 0660d3ef5f0245096a9fa0f61d6a8666 |
| SHA1 | 282222362a5a05e3153b7f6b49ef35c667b19542 |
| SHA256 | 1091580378b83e0ab3222d05659ab9aef1d2c65d766d5e04735b628d7a760ba2 |
| SHA512 | 18bbe88051278314b76611bd68156ce60a9c3af3818d39991fa58d28bd9bcb8476eb00ef52ad8ae7d16c1d7ffcd9f2e8a858e2fd806ae59b5d85a8c3a9ca12a7 |
/data/user/0/ir.iut.pishgaza/databases/cheshdb-journal
| MD5 | e7be18c9e1c9f5e2cd3283d9490c8f00 |
| SHA1 | 5c01a14e70809663cfe8d3bf561f5e33f71187b5 |
| SHA256 | c054ee9aabaf174f4fd9a428b6603a43a357024fe10f28cfc17859b4ca02c01d |
| SHA512 | 41db1c3bef5812846a596b153decc7b4f5789dd48e49e1b4226cef63d68a2dee5cd4566fc07a9bb2cbfeb374609cabd5ebf75cd3e931a163db4f91c7a3635c63 |
/data/user/0/ir.iut.pishgaza/databases/db_default_job_manager-journal
| MD5 | e56decc0c08cd8fc4a8e17be793c2293 |
| SHA1 | 71c0c7bea70c0ff630469f7e356c09ed5d4ac412 |
| SHA256 | 100096489b7ee32361937de2ed9b3bd026902f2528d30083f15a968d220cb2ac |
| SHA512 | 3120d71ebbf2ed8fbc3e513b2b2d6c800f4b8fe2048c3cce23f056c3969d101c415ff73bb24cb24728e66830787f9961364f71cf0cecf88d9e5f8280252a6b48 |
/data/user/0/ir.iut.pishgaza/databases/cheshdb-journal
| MD5 | 648b8eebbd65cfd5c336cfdce1cbf2f5 |
| SHA1 | 3738e4f330c824a1c100006af64c140010ddad83 |
| SHA256 | 6b4e80bce2817135a306b13a7f7ee8f42f5deec7b42800d50ed043bce731e361 |
| SHA512 | a4238b16c45f811caaa742c8c70cbbdd4e7faf1fec79c4aebc2c2e5baac63e464075ca9a032e918c99ef4c26e0cdf66b83da15babf059ef0fc18d7c469189bcc |
/data/user/0/ir.iut.pishgaza/databases/cheshdb-journal
| MD5 | 445229ff8d9068a592517fd9c715cf61 |
| SHA1 | bd20eef149e905759393a4b84b58c3088409cbf6 |
| SHA256 | 8ee858f78fe1422b150c28b89a9d4749d50bc9fc3f77d99fe163b360a1776d77 |
| SHA512 | 4082bc3307dd9335949ece79e96d395bb72565e4c83198655a4d2dc8636e4b750efa7897ba1fda6540999961a0df6c9cdfea201eb8393d7f2c79ea0ca61256b0 |
/data/user/0/ir.iut.pishgaza/databases/__pushe_base_lib_db-journal
| MD5 | 11d0e8180e5e4e769376b7f865d23dc6 |
| SHA1 | 1dd2316c4d9c18ef766ef2a182a12a57e55234a5 |
| SHA256 | 9634722a408c2ead8821bae4fda4f565d721898ba46f13aa9fcff5e922bb4013 |
| SHA512 | f340185c84569ff1c9d6face47eacea840267ed3ab146d4d2e9d9b99a78662d1eacbe3584a173a07cd935c22284f998e13bc54b2086a43041926f603201cee40 |
/data/user/0/ir.iut.pishgaza/databases/cheshdb-journal
| MD5 | 0652f6820fac3e7b9181d855d763f7dc |
| SHA1 | 4f8c76858e7287eb790cc69cc8e157af71b6a83f |
| SHA256 | a4b5c311279139974990ea304405f65edd76da26def0c31706364b107c39bf42 |
| SHA512 | b04d343b59ec78623b0acd7c8422db3dbf6ecc3190cd69770950959d35a9f940aca363dfda4a72b373cfc999e13350208c4ce3a8e497c7a857b098d33f519fdd |
/data/user/0/ir.iut.pishgaza/databases/cheshdb
| MD5 | 2931f73c53dfef28a276f74d25189b8d |
| SHA1 | dcd63c7750434210d08855a7f0d3266760dcd79a |
| SHA256 | 46cc4f7e831e6c9231c6fa00dde9e8e0dfde1dbeefe7ebb4a6f9190733e5c728 |
| SHA512 | b11e4a43207d1bf29d8cf8ac9603651f9b391628ff2b77e04aa3205846b5dfb9255a79e6aed9aca540a36dcb0fd540a934ab41f7bae7885bfc5d787960eea3cc |
/data/user/0/ir.iut.pishgaza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/585a8b37-8126-4ab4-9831-2b24c72e8cad.jobs
| MD5 | 75d5b142377d89a3f02e7cb5b204c662 |
| SHA1 | ce8cb5cad518c4fcd667cf7c5b598059436c9912 |
| SHA256 | 8f6e9a85735d1daf383ddcb609fe79092375e21e2a3be1f3fc7b117e00449b24 |
| SHA512 | 23fac9a744218f52a9e06c843488b7ba5bd6fe4411c107cd90151250906cba82b16af0c4bad7360be48004a958249e6ce4e2286160475c6407188eb918605ff7 |
/data/user/0/ir.iut.pishgaza/databases/cheshdb-journal
| MD5 | 800e95eff14fdac8e35c139c882ba703 |
| SHA1 | fc387976cb76ab96936681cda9fa714a2692e580 |
| SHA256 | 60add88e5fc168a481f8c54c36baaf0a33808b5716b247027532d90cc0a78690 |
| SHA512 | 2bb168f34d38b29f85079e6c1065b69b25db34dfb71456b5b42e4b6184ab28da9270f48a8e98431e35a1d5c72de3a7d7dbc99942e38014f56bb87bd23a169f04 |
/data/user/0/ir.iut.pishgaza/databases/cheshdb
| MD5 | 43dc71e751ff48a97f7ae7abcef42d6a |
| SHA1 | f0e49716bb10b7fbf0c17ac7d31de928095e1312 |
| SHA256 | ea3fe61319389db7c226abf9d9706df2704471f071315c1e57965fc6017289c3 |
| SHA512 | 26e64bcfc7d186780fd244934cfe99d41adc7a588ddbdf31f977cd4e727c7c20cb67c8c490fd718163bad548328eb13e53c7c72f7d3beadd0e0c674471aec901 |
/data/user/0/ir.iut.pishgaza/databases/evernote_jobs.db-journal
| MD5 | 2e301b272616a0a0cac6274950ca8d7a |
| SHA1 | 9a024aff8de9ad3c727bbe56fcfe129ba1245c51 |
| SHA256 | c48bc558950a87f53d07683c8effc86aca5db01079b93d8d26238b9f96f5edff |
| SHA512 | 3482292c289973beaebd1a60c3873de20f8b7483db5d448020f1ba61c279edce43d2a593f9902b0bc545dda51eef5719e0e0be906aef23b669a24c44b679f187 |
/data/user/0/ir.iut.pishgaza/databases/evernote_jobs.db
| MD5 | 520b324339bc541aa166437776f8f844 |
| SHA1 | 09bbf459c4102a341897b2d227f3b99fd5fd9f60 |
| SHA256 | fa1f4bfd86170104b8ead147da53735afa2182c930878f98740a4c1f0f20ebca |
| SHA512 | 4d91fe84a338671b1bcca164790faaffa8d2029478354f26bdf7a693da1f62f89926e0a34637d664f48afe2b1cf9647139065014f8b71db4a923d575bb571ff1 |
/data/user/0/ir.iut.pishgaza/databases/evernote_jobs.db-journal
| MD5 | d1014d9180230fa3b7f6cb3796c766d4 |
| SHA1 | da13dc435bbf62edd2117166008996e12651d9b4 |
| SHA256 | b0ea1e18ca62be50d3458f134d306f0f3450f93a77b272522f212d848947d945 |
| SHA512 | c1918ac9f6d2c6799df6ac120d4d46bfb7c36989088fd3056199cf7cda4c7375da5da522fd635dda0d5a42c049ce68da663f769616c0d1f4712a0120bd09ddab |
/data/user/0/ir.iut.pishgaza/databases/evernote_jobs.db-journal
| MD5 | 915f0f02f5c80845ca84116e8acbef0c |
| SHA1 | 7398ad97d68149bc16c777e43494d2ec00e013d4 |
| SHA256 | 27d1adae9fef59331b7cba08c5d81a4bb0fe6116ee14b91925086b86ac6055ff |
| SHA512 | e43796d911be482e70cf56dd119e331cd437a8c1cb102225540597c05d83c3fb0535abe3521ab6774a39cfa171e41d2b5720e5030c3de08cc7606218b6a0f2b2 |
/data/user/0/ir.iut.pishgaza/databases/evernote_jobs.db-journal
| MD5 | 636d956a84e3835cc36f0970f75041f1 |
| SHA1 | 024bd2688d9335bc696e2d84899f7b0a12c986c8 |
| SHA256 | 841e5071a5deda5d2a5385eaf70e61e9922605dc9370e4e2d47fedd86420f0e2 |
| SHA512 | 4e3052e56960f418d87d1a5f4eac6de4ceb679e14bc8d1d5902298fde57527d861c5564f4f638130b9cedefd4901dd2d12ef38d443fbfa5a639eacd451c0ea1b |
/data/user/0/ir.iut.pishgaza/databases/cheshdb
| MD5 | f5a47eb776fa2c812635e82880f0e282 |
| SHA1 | 5c44fbce1e1ca3bbdcd1cef1bbe248cdebabf320 |
| SHA256 | 0264d26e28020f262d6eb912e1f0d0ab94d84d57bbf576000ba048593fb9bf55 |
| SHA512 | ae23b8bdebd9bfe3fe3734f03e1166983aa27987e47b08411985ce129e122d3126456bf9bfb0c70d1c3f095c64bf9382e35e9db992b3611fb6e37b02336dcba2 |