Analysis

  • max time kernel
    2524866s
  • max time network
    133s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23-12-2023 11:20

General

  • Target

    009d8701013880ceea7aa40f2d76f83bc9087d9ddf3b082f182189457c69d362.apk

  • Size

    9.6MB

  • MD5

    599962ade280d1a893282195937c9618

  • SHA1

    375af9052cd6af06d0cc76c4a21f895ded4e2db5

  • SHA256

    009d8701013880ceea7aa40f2d76f83bc9087d9ddf3b082f182189457c69d362

  • SHA512

    1df97ee24779f156d235eb11dbb01bcd7ac816c96f8459672b66c7323d019380e81f27bfbffc1f850ff521e6556586f5137e039a6faadc5db0bd2bafb865313b

  • SSDEEP

    196608:xkQmTyPTsFe1iffMellHT80iqQczCYzZvcsbh4J5US0wCvp:5ay7gjMellHT80p1c3bUfvp

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.alghameh.noshidani
    1⤵
    • Requests cell location
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4263

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.alghameh.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/30e93c99-338a-40b8-b795-bf5618e036c4.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/ir.alghameh.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/36036c6e-7cdc-45f4-9da9-6cbf1e07ceeb.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/ir.alghameh.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/4a9b6c43-fdd7-46c0-80fa-bb1be4b26906.jobs

    Filesize

    278B

    MD5

    f28413d492c8ea30cab5e8c259a8078a

    SHA1

    3292585853d1ff6dd983c48b3ccd6638c4fd13fc

    SHA256

    3d0713d5ec0a9168bace3a9873ae6c7b8e83c9b473ca162f7c3b121a17af5479

    SHA512

    96dc6ec3072ac23d08d074c76873e9f5e785d2ba1465c9b826ed46de2f6143d2acd1925beca3937b9b1e509ccab1d07780b2d6bd2734d681d8e02df1a1f994c6

  • /data/data/ir.alghameh.noshidani/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/ir.alghameh.noshidani/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    e533e898eed18441bfde53d98ec51867

    SHA1

    f02e8fa6fde9fe655412635b4eb65fa041d3c8a8

    SHA256

    6db210c5660b9c1fee8a3c5cac9007d5708e7128f56113c89d7f561e353149ed

    SHA512

    bd776406452021db9d4e6cb599cce2ce671ff2149a36688fb50b21a7603ebd87b29cfdd87602f8085f967bcbca7a0b8094fd3e77f671b9b736705d0f9c72ab1d

  • /data/data/ir.alghameh.noshidani/databases/__pushe_base_lib_db-wal

    Filesize

    36KB

    MD5

    083f0ecb1ba2da29ca169c224a011db9

    SHA1

    ea120861dbd69e30ce7cfe7cf26554c2f382e0fe

    SHA256

    0070490a254eb977f854a8c5f4f1a48bfec57366a7a0b964166e7d5aeea709de

    SHA512

    abbf873c6b9562343e4b2c07c4727eb507479828f7a3301de0dd75aab904b0e36160f6b8ad5595d4c38506a109b1bb19bce0302288b9fc683df287d60f09f564

  • /data/data/ir.alghameh.noshidani/databases/cheshdb

    Filesize

    20KB

    MD5

    2e5f986ecc25318e4bb7d4f24100206d

    SHA1

    63041272fb05f2e00b7d7f09e6690ae0fa1ff222

    SHA256

    dd9723a334481c4e91ed4ba8046d34acc9d090a4acc4d855ea9c21e8334b3973

    SHA512

    92f62ac7cc282e785a8306466ba598bd787430ebca20ede449bfd9ab90b3efe4ee0b0de66e4d600b35a3a7b3c16aa927ff6c1f742f6809f4104fa9b04b9d0e57

  • /data/data/ir.alghameh.noshidani/databases/cheshdb

    Filesize

    20KB

    MD5

    1c547a8443e34ab4b32a7eeda39e5f0e

    SHA1

    102ebdc76332bf257e5a01fee047ae3a3ac4ed09

    SHA256

    22300472904b764ad7f111400e150ee115cb582489a7d461ecfc097c3d9f3598

    SHA512

    43582b0f6161402d80752ee134a5db1cb6bc2c55dccacf42cedc207e9af250a118d3b5457d9c60d9aa702cda6431bc0a513e0b02fb09009add167237e5653453

  • /data/data/ir.alghameh.noshidani/databases/cheshdb

    Filesize

    24KB

    MD5

    1f347cea6a53594be878e35079bdabc4

    SHA1

    ae24631f83d3c875dd678040baafb5e64fc6ba6e

    SHA256

    46cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5

    SHA512

    6f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9

  • /data/data/ir.alghameh.noshidani/databases/cheshdb-journal

    Filesize

    512B

    MD5

    53da7a487210e4c461a36847f27949e4

    SHA1

    111b78915faf6418f807f956a64cb3f54fe2006f

    SHA256

    6d87227c5fbe3c57e8ba8a954e78da60bc50115ae7b9d59543f15799a5502682

    SHA512

    56003e21a9bfeae2570493e5ad183b8815b76b5f8bfcdb348893009fd8dc7c6a282e55b4c656a2efa161dd8900a3d6f2b50db129342e692ce4676572b020857b

  • /data/data/ir.alghameh.noshidani/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    ef90f89b091b9d816b1bfb0dd9c4817c

    SHA1

    1d2124ae9749f6a32e66fd7fc0ebd4652dd3b70b

    SHA256

    4cd53ec0e2611507c5c7bf264ef108e28432e9a47653e71b50ea242658611a19

    SHA512

    87086b64011b2c83f0d2937c58f6d96012504c8fa02a136611fa8d2b220c9b9b813fb282b6b979fea2b97f14a5f2181aed6f464a8b5e2d6d4d81ddc327a035dc

  • /data/data/ir.alghameh.noshidani/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    f3a8dc070f810c0fc39bdff0fc0e6209

    SHA1

    f75712849b54398d19b3a358117bc0d17ead2abb

    SHA256

    73547e0c3d87064759a336271da09b01bf05bb1025c70c90dbb4acd8c3c3c9b0

    SHA512

    06fa07a5d34aaa5fe713655331a047a869171904bf2ada170a3c708acf5257644b96390e9b34cf5603875c3019e21bbcce240365fad6a8cdd5a69c0290e36451

  • /data/data/ir.alghameh.noshidani/databases/cheshdb-wal

    Filesize

    40KB

    MD5

    82122bba9c914d995cbb25aa12319fc2

    SHA1

    7510b4e1e2028f7d9478cd6d9495b13d5969e72f

    SHA256

    cd2baf6d907481b1cd29e6c608e8ee66dd783a4d2b896a2ad7247d0eeaf3f221

    SHA512

    91bcc14449820436b6a10594dc04d88e9533028aa3f1c9a02d133d6ea0edc2971064d6ca0db5b40c1b23311e9c3fb68505a81a68864db3d8b5de45d0dae427b7

  • /data/data/ir.alghameh.noshidani/databases/db_default_job_manager

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/ir.alghameh.noshidani/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    57d8bded4ed26e69b0e3b24186f94513

    SHA1

    47fc2bbf17cbdaf6ae510e3499b6e68487ceb4c8

    SHA256

    1c0ee14fe94a84ac2b8844652ccfabbd8d8c02b4d0e0e4401ae8649136ef3237

    SHA512

    a32c8ac6f03657a379bf139ba151ce33db2ef9fe2b191bb6ed39b47228536b35c5c95900311dac7090a0fcafcafca07772db25ae9703bce0b2c4b6d34fdfc334

  • /data/data/ir.alghameh.noshidani/databases/db_default_job_manager-wal

    Filesize

    104KB

    MD5

    9d5bfb23f9a94d4596ceee87528f15f2

    SHA1

    a2a2d1417abe3122c4c318aab2b73687f7053675

    SHA256

    fc1d5c7626c76a931bcce54caffa281dfa692daadebfd87e1c0f782e7566758d

    SHA512

    e3e3aa0a52d9e4b54e2036332f51593e5eaf9c688b145409262e019b79c2f78beb3bc54bdd7799fcaceb5dbde149261097a1acf8d0bb631b19abc69c6a80f859

  • /data/data/ir.alghameh.noshidani/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    b276cfc01fc1d89f698a7ab3c15d61fa

    SHA1

    86de1d7afbd3661e1394f66275e3f48fe86e544b

    SHA256

    093422abc2e8f3cc74b411734c6d0ceb1bd1c0bd541965689f16491071c2579a

    SHA512

    28d6c74649c80f313949a2174e8a0a6569325ca442c915c07886642143c960074570c8a4e01528396a62568951c1a70df49525371f3f7448009931c7f7a1d168

  • /data/data/ir.alghameh.noshidani/databases/evernote_jobs.db-shm

    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/ir.alghameh.noshidani/databases/evernote_jobs.db-wal

    Filesize

    32KB

    MD5

    c6ccbaeaa2019642e6725206a7b222e6

    SHA1

    bbcde36db9c6ec124e8e24d0e76780278ec54dbe

    SHA256

    fbb0b6a0ee2d66bd4ee40174a61efcc35d5f422ee5eff1425b298198272e6ed2

    SHA512

    f2bfd04c199a52edcb8bab57d27b002f746586f64f1d7a20acfd1cb04d6a05d54f4680f48cc71c796f0448678de5bbdb88b745cd72923919a8adf97a2a394d03

  • /data/data/ir.alghameh.noshidani/files/db.db

    Filesize

    158KB

    MD5

    426179142a16f9ccf11b14af2c4b9814

    SHA1

    5ef5bcd7454f56017adc4d62e480de8540970301

    SHA256

    4b4d274ee8b5c46e4fb929fa1b1d272c388cd36256a69bb6beaaf6bfb698a0fc

    SHA512

    0c874897956081b92557259a8f99eeda8bd9db475aa909731f2da7b21e42ce7c14768115600646cc0984ecbd7f845c3d8092526f685cdffc35b876f257483b52

  • /data/data/ir.alghameh.noshidani/files/db.db

    Filesize

    1024B

    MD5

    5bdb981b75700cecff7e6f86bc918d3a

    SHA1

    c1e27ef5fd91bb364297411173f853c50f9304b3

    SHA256

    0b9781155a34cf1746179c37bb03d125e51968fde116995c4c5a73f2376b8d4d

    SHA512

    466efa75415779bbc29987667b73f989947fc1fd2b2106ef8bb63e7ffe970d4281506071e39b600cf891c8e8f00c7479c5b2b692ec58773d57a8db28c5224b1f

  • /data/data/ir.alghameh.noshidani/files/db.db-journal

    Filesize

    1KB

    MD5

    2497a2c4578ec950279514de3c63882f

    SHA1

    09eb326b69969b05fd6ae249bebbbdb0097da8a5

    SHA256

    768c8c208e6a89ed6bad61cba6aa2c83a45c24f69dc1d7aa9496a989eda2a226

    SHA512

    356cc91e48bcde8a1747c86a9a08da83613b058d7ec4a9b933ded4fed7a5b30a6c37fc36ad94e53d92b64e95dc88722fa619123c85dd992a3045bb60454776dc

  • /data/data/ir.alghameh.noshidani/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    34d48c5def6880c71d5e4077a0ade6cd

    SHA1

    5a5e0520bafa34fe575746efde2b929bcf9c5e12

    SHA256

    00cdbf5c77276d07bc4d6afddebd640b15f3c205014b2c45a40ab6abd0a6dce7

    SHA512

    ff2add111c69381ec5b04655614b8356e87ba8ccb294445767609dc6c59d5c2c05f2594658e6cf24e5559967a05d4e402e0cf03473c7cfba23f030ce002cdb44