Analysis

  • max time kernel
    2524416s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    23-12-2023 11:20

General

  • Target

    009d8701013880ceea7aa40f2d76f83bc9087d9ddf3b082f182189457c69d362.apk

  • Size

    9.6MB

  • MD5

    599962ade280d1a893282195937c9618

  • SHA1

    375af9052cd6af06d0cc76c4a21f895ded4e2db5

  • SHA256

    009d8701013880ceea7aa40f2d76f83bc9087d9ddf3b082f182189457c69d362

  • SHA512

    1df97ee24779f156d235eb11dbb01bcd7ac816c96f8459672b66c7323d019380e81f27bfbffc1f850ff521e6556586f5137e039a6faadc5db0bd2bafb865313b

  • SSDEEP

    196608:xkQmTyPTsFe1iffMellHT80iqQczCYzZvcsbh4J5US0wCvp:5ay7gjMellHT80p1c3bUfvp

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.alghameh.noshidani
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4479

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/ir.alghameh.noshidani/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/user/0/ir.alghameh.noshidani/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

  • /data/user/0/ir.alghameh.noshidani/databases/__pushe_base_lib_db

    Filesize

    24KB

    MD5

    c058a59352faed1f951e8f7d033f5eef

    SHA1

    17fc71b7d0702b9bd6ed2e7b56918bd80ab60f24

    SHA256

    f2eaeb62d3884bdd5843248a8da585dd89c93bb80fa8696aa1c60d68d6a8fe35

    SHA512

    6489f1d2626926bd03b85ca87e4181909f552c821e3f338d304b3a6160ad1bba5db67db61f404ced645c322f66408344db1dd72ee7711e619d6c031f52c62f7e

  • /data/user/0/ir.alghameh.noshidani/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    36e8a08329d502d215c126efd36fa1ec

    SHA1

    c121215dd2e19902ff181469dbe905f91db6d55f

    SHA256

    0035e8a9734b2cddf9c07e58fbcda75531bc228be1b60b56d80963fb6d6c88ea

    SHA512

    1f7484e5c9de154feaa4d5fac18a282e59f2613633333cd82e80ef294db01ec7364007e86cd2d4572dba1a00918a15c205ee94808e3b0ac6a384d4b03236175b

  • /data/user/0/ir.alghameh.noshidani/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    592f3ef6ab1621e959eed301c63f0408

    SHA1

    16767936519759d0c27e7864183f2be3a33337e7

    SHA256

    d5bbdaf0f1a1dc0f949d95b8489f47878455d4cfdbc5bb2c17b93043adda08fe

    SHA512

    7815609a98ea123361eaf1a8f3fcd911ee2211dba9c7c6086c9f7f8014e0a4597b426d3315dfd2eb99cf5477eb46d81e6494b2bccd2f33a217ce44a1d6d6f7dd

  • /data/user/0/ir.alghameh.noshidani/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    51670264e87feaf0a4b17cd2c202ab4d

    SHA1

    8b8dfe9473bd4710a9dbb2124e7e09b85f0b6869

    SHA256

    de854088c1772b52a1560e0fdc1e181d835cbdf7aa3ebb83e45a9586b7d99b82

    SHA512

    cf734222f5ad0a6cad0ebe1a4b986a8943ef60d76e9cfa8f32bed416a2b0e5d109453adac89400432bcb8453cd8a3c236332a69593f40abcac8473ea3467c235

  • /data/user/0/ir.alghameh.noshidani/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    106131a20b9a3f3fd1971f5af0839e9d

    SHA1

    11432972651b0fac6e3b9a4054f53f55caee11c8

    SHA256

    298e01f255e0e08fec89722bb508dde68aed04fdd23791ffe2dec09bb80d5185

    SHA512

    504b2ded020c51a41cdfef7f51aa6fcce324c4f4dacd4d551fb3bef02edaa0287f007bdb72408b17e0520374fc09ea389309f3b2cbc4e43c8a0db188fbb77634

  • /data/user/0/ir.alghameh.noshidani/databases/cheshdb

    Filesize

    20KB

    MD5

    a40c63238256d047ea3ce350f6bb018c

    SHA1

    e0f7d0f8b98b317b21a2fe4aa8afe1b1148a73ac

    SHA256

    ec098bba7e60cacc9a597f2802ccae9eaee49abd0509af187d21eb6fc95d3355

    SHA512

    2e8619ab16a8b368d90cac1489e3ab85968d12e8440649784c8f8749c8c2d3f00b2e4ed6ecbc9c011cfc3a577a683dd5e3d1b252fa5d2fe47140437680d8315a

  • /data/user/0/ir.alghameh.noshidani/databases/cheshdb

    Filesize

    20KB

    MD5

    856b6a43ef1d5796cfac383c0a461add

    SHA1

    90c2ec9068890440b8956d73a2375424af759dbf

    SHA256

    e457e3483a122740e50912daf75d0d3410d5bab0d7a2f58d98e30475afc0f9df

    SHA512

    64aeca50711f74392c023f4bc929dcd3dc48703bcd29f091bd2f8f0fc65d8acef9ba79dc6bb7a67a29dd09a0d185beac2569bc01f84c7b51613f97f218766a06

  • /data/user/0/ir.alghameh.noshidani/databases/cheshdb-journal

    Filesize

    12KB

    MD5

    5ed8573fce240ee816185045d55f0d0f

    SHA1

    9f446b0e0fb75dc1e48077d51000a3c557f67f1e

    SHA256

    abba1d5ad4b22139c86b9df59fdc8c0abc0faef28b5e75f5c698890411d2a151

    SHA512

    9dae6e7e6c408e4e7d233c58d03fc0c3b9915370ddd6cb7a3aba1c566dcc64dea621a2d4bd96fde591481a09265f130813ef537ea9c1c87f64f12824fac56995

  • /data/user/0/ir.alghameh.noshidani/databases/db_default_job_manager

    Filesize

    12KB

    MD5

    171aedf968e17a2744d2585715606cb9

    SHA1

    bbeddeb3b89fcf809619c35b4a318a80e7d5b029

    SHA256

    d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

    SHA512

    78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

  • /data/user/0/ir.alghameh.noshidani/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    13d450d7b52de52382675615d27b9a3b

    SHA1

    a67566381614e7c3c9f00a2369ad90ae5db2c7cd

    SHA256

    b3955ce980b12b4f24a40221a1fc399a4bfe7ef9177a7bd22c7a9728562622b4

    SHA512

    e9aa73c13932d0c6e4bc2a2dc2aa57ccd39383450da1dcfed393c7669b61ed32427e179e2b61fec5ea8bb6ae58455633c8f9e713292037e58504183002c5200b

  • /data/user/0/ir.alghameh.noshidani/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    1349e96451c8edaa19b42a1dc4c59ad8

    SHA1

    78cef6c5ef9398913f996084daa2493498459feb

    SHA256

    9f788487c1bb0988316ea51e700febb272b42c6d5fbcf27b8086a7d682819c1c

    SHA512

    915679b824834e8eccbd8d765569253de72cd6b913407eb6868eaad38217cf06383c6fa9e03f10c26748d045552797a964e94534d7cf9948e0924c64da2822f6

  • /data/user/0/ir.alghameh.noshidani/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    7bef429aa3de4a8edba4b43d4e200392

    SHA1

    821bfe95c3aa64372bc8c87c8a540f9eee9773a8

    SHA256

    9c1e4b652d0bbe87e85ec3755a1e02eb418e5596e830161cd9220599d247766b

    SHA512

    1c8cb1867dd5f811a517793457d97f10ab33a2facb6879c6ffbb8180ec5b6999b1686a4f14a2b244f18a63510042a01d552aa17147da3e5835b1d48b7f7c9981

  • /data/user/0/ir.alghameh.noshidani/databases/evernote_jobs.db

    Filesize

    12KB

    MD5

    f41f531c07d4141546a531ff9caffdcd

    SHA1

    9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5

    SHA256

    bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646

    SHA512

    e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

  • /data/user/0/ir.alghameh.noshidani/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    a36f694740a970efa9476adeb828d264

    SHA1

    aeacadb3c4bd198599f61d25595d51b9d96bb5e7

    SHA256

    f93f7709e7518f1e89d6e020a2c4c63d76ff1bd2279b62fd5d8eb19fa6535362

    SHA512

    c7f2f37e237d36be62202651da28778509cad5d139db48b615845af28c628ce6269eb30338d1a96d7a91ee72eea3e35695f316b711ef129383b81352ad9550fe

  • /data/user/0/ir.alghameh.noshidani/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    da35e6c47ddb239da771980984248569

    SHA1

    7c27c853959d773fd461e502af01dc44454681e1

    SHA256

    7877653433fe7a778fdb2e8e37f23a63c47167187290423b604797cf54d45845

    SHA512

    36956a395c906a69cfe5239e406bb2738c1d62a181234d99a8c83d90dacfd69972c6d7b283a673b25e6b6d53f065614155bea539fd098e5608d8ca4a7ff24367

  • /data/user/0/ir.alghameh.noshidani/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    a9bf2b8696bd0bdecda26aa71ca8b12d

    SHA1

    de8d7451fca2684f4eec0b511129e6dfff929220

    SHA256

    7c26bfa8c812b2a6f5910414ee6e654257b66f9b118025b93f75667b5649cf4a

    SHA512

    420067eae54e304d43acbd9a2cded0d7b618996b16fb5679d4e62be9d3ecacee8446d58260ccfd7f3837d5e19bc1f78e2f43306d24e0f47be9003190a7cfecc4

  • /data/user/0/ir.alghameh.noshidani/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    295e1b645191e1051b558007ce976c1a

    SHA1

    e192c33fe5acba0031ca4c359b77be3b11b2de1c

    SHA256

    a6fa81979bc79b1122d3e267eafec9e5ff79c7fb878aa0b99b512f8c447043be

    SHA512

    6702df6c1dd2abcaeb664250a4525c18852e99b5bd476c1e82db621d4c09ad4eae564de9397d7b2bd4add09ea5afebb3d873a54cb57f6aea3783e4ddc5192aad

  • /data/user/0/ir.alghameh.noshidani/files/db.db

    Filesize

    158KB

    MD5

    426179142a16f9ccf11b14af2c4b9814

    SHA1

    5ef5bcd7454f56017adc4d62e480de8540970301

    SHA256

    4b4d274ee8b5c46e4fb929fa1b1d272c388cd36256a69bb6beaaf6bfb698a0fc

    SHA512

    0c874897956081b92557259a8f99eeda8bd9db475aa909731f2da7b21e42ce7c14768115600646cc0984ecbd7f845c3d8092526f685cdffc35b876f257483b52