Malware Analysis Report

2025-01-19 06:44

Sample ID 231223-nfjb2afbbq
Target 009d8701013880ceea7aa40f2d76f83bc9087d9ddf3b082f182189457c69d362
SHA256 009d8701013880ceea7aa40f2d76f83bc9087d9ddf3b082f182189457c69d362
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

009d8701013880ceea7aa40f2d76f83bc9087d9ddf3b082f182189457c69d362

Threat Level: Known bad

The file 009d8701013880ceea7aa40f2d76f83bc9087d9ddf3b082f182189457c69d362 was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Loads dropped Dex/Jar

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 11:20

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 11:20

Reported

2023-12-23 11:45

Platform

android-x86-arm-20231215-en

Max time kernel

2524866s

Max time network

133s

Command Line

ir.alghameh.noshidani

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.alghameh.noshidani

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.180.14:443 tcp
GB 142.250.179.238:443 android.apis.google.com tcp
BE 74.125.206.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
FR 216.58.201.100:443 tcp
GB 172.217.169.4:443 www.google.com tcp
GB 142.250.179.234:443 safebrowsing.googleapis.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 plronjjmkzpfi udp
US 1.1.1.1:53 ucftdawefheg udp
US 1.1.1.1:53 zxigieyk udp

Files

/data/data/ir.alghameh.noshidani/databases/db_default_job_manager-journal

MD5 57d8bded4ed26e69b0e3b24186f94513
SHA1 47fc2bbf17cbdaf6ae510e3499b6e68487ceb4c8
SHA256 1c0ee14fe94a84ac2b8844652ccfabbd8d8c02b4d0e0e4401ae8649136ef3237
SHA512 a32c8ac6f03657a379bf139ba151ce33db2ef9fe2b191bb6ed39b47228536b35c5c95900311dac7090a0fcafcafca07772db25ae9703bce0b2c4b6d34fdfc334

/data/data/ir.alghameh.noshidani/databases/db_default_job_manager

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.alghameh.noshidani/databases/db_default_job_manager-wal

MD5 9d5bfb23f9a94d4596ceee87528f15f2
SHA1 a2a2d1417abe3122c4c318aab2b73687f7053675
SHA256 fc1d5c7626c76a931bcce54caffa281dfa692daadebfd87e1c0f782e7566758d
SHA512 e3e3aa0a52d9e4b54e2036332f51593e5eaf9c688b145409262e019b79c2f78beb3bc54bdd7799fcaceb5dbde149261097a1acf8d0bb631b19abc69c6a80f859

/data/data/ir.alghameh.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/30e93c99-338a-40b8-b795-bf5618e036c4.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.alghameh.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/36036c6e-7cdc-45f4-9da9-6cbf1e07ceeb.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.alghameh.noshidani/databases/cheshdb-journal

MD5 53da7a487210e4c461a36847f27949e4
SHA1 111b78915faf6418f807f956a64cb3f54fe2006f
SHA256 6d87227c5fbe3c57e8ba8a954e78da60bc50115ae7b9d59543f15799a5502682
SHA512 56003e21a9bfeae2570493e5ad183b8815b76b5f8bfcdb348893009fd8dc7c6a282e55b4c656a2efa161dd8900a3d6f2b50db129342e692ce4676572b020857b

/data/data/ir.alghameh.noshidani/databases/cheshdb

MD5 1f347cea6a53594be878e35079bdabc4
SHA1 ae24631f83d3c875dd678040baafb5e64fc6ba6e
SHA256 46cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5
SHA512 6f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9

/data/data/ir.alghameh.noshidani/databases/cheshdb-wal

MD5 82122bba9c914d995cbb25aa12319fc2
SHA1 7510b4e1e2028f7d9478cd6d9495b13d5969e72f
SHA256 cd2baf6d907481b1cd29e6c608e8ee66dd783a4d2b896a2ad7247d0eeaf3f221
SHA512 91bcc14449820436b6a10594dc04d88e9533028aa3f1c9a02d133d6ea0edc2971064d6ca0db5b40c1b23311e9c3fb68505a81a68864db3d8b5de45d0dae427b7

/data/data/ir.alghameh.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/4a9b6c43-fdd7-46c0-80fa-bb1be4b26906.jobs

MD5 f28413d492c8ea30cab5e8c259a8078a
SHA1 3292585853d1ff6dd983c48b3ccd6638c4fd13fc
SHA256 3d0713d5ec0a9168bace3a9873ae6c7b8e83c9b473ca162f7c3b121a17af5479
SHA512 96dc6ec3072ac23d08d074c76873e9f5e785d2ba1465c9b826ed46de2f6143d2acd1925beca3937b9b1e509ccab1d07780b2d6bd2734d681d8e02df1a1f994c6

/data/data/ir.alghameh.noshidani/databases/__pushe_base_lib_db-journal

MD5 e533e898eed18441bfde53d98ec51867
SHA1 f02e8fa6fde9fe655412635b4eb65fa041d3c8a8
SHA256 6db210c5660b9c1fee8a3c5cac9007d5708e7128f56113c89d7f561e353149ed
SHA512 bd776406452021db9d4e6cb599cce2ce671ff2149a36688fb50b21a7603ebd87b29cfdd87602f8085f967bcbca7a0b8094fd3e77f671b9b736705d0f9c72ab1d

/data/data/ir.alghameh.noshidani/databases/__pushe_base_lib_db-wal

MD5 083f0ecb1ba2da29ca169c224a011db9
SHA1 ea120861dbd69e30ce7cfe7cf26554c2f382e0fe
SHA256 0070490a254eb977f854a8c5f4f1a48bfec57366a7a0b964166e7d5aeea709de
SHA512 abbf873c6b9562343e4b2c07c4727eb507479828f7a3301de0dd75aab904b0e36160f6b8ad5595d4c38506a109b1bb19bce0302288b9fc683df287d60f09f564

/data/data/ir.alghameh.noshidani/files/db.db

MD5 426179142a16f9ccf11b14af2c4b9814
SHA1 5ef5bcd7454f56017adc4d62e480de8540970301
SHA256 4b4d274ee8b5c46e4fb929fa1b1d272c388cd36256a69bb6beaaf6bfb698a0fc
SHA512 0c874897956081b92557259a8f99eeda8bd9db475aa909731f2da7b21e42ce7c14768115600646cc0984ecbd7f845c3d8092526f685cdffc35b876f257483b52

/data/data/ir.alghameh.noshidani/files/db.db-journal

MD5 2497a2c4578ec950279514de3c63882f
SHA1 09eb326b69969b05fd6ae249bebbbdb0097da8a5
SHA256 768c8c208e6a89ed6bad61cba6aa2c83a45c24f69dc1d7aa9496a989eda2a226
SHA512 356cc91e48bcde8a1747c86a9a08da83613b058d7ec4a9b933ded4fed7a5b30a6c37fc36ad94e53d92b64e95dc88722fa619123c85dd992a3045bb60454776dc

/data/data/ir.alghameh.noshidani/files/db.db

MD5 5bdb981b75700cecff7e6f86bc918d3a
SHA1 c1e27ef5fd91bb364297411173f853c50f9304b3
SHA256 0b9781155a34cf1746179c37bb03d125e51968fde116995c4c5a73f2376b8d4d
SHA512 466efa75415779bbc29987667b73f989947fc1fd2b2106ef8bb63e7ffe970d4281506071e39b600cf891c8e8f00c7479c5b2b692ec58773d57a8db28c5224b1f

/data/data/ir.alghameh.noshidani/databases/cheshdb-wal

MD5 ef90f89b091b9d816b1bfb0dd9c4817c
SHA1 1d2124ae9749f6a32e66fd7fc0ebd4652dd3b70b
SHA256 4cd53ec0e2611507c5c7bf264ef108e28432e9a47653e71b50ea242658611a19
SHA512 87086b64011b2c83f0d2937c58f6d96012504c8fa02a136611fa8d2b220c9b9b813fb282b6b979fea2b97f14a5f2181aed6f464a8b5e2d6d4d81ddc327a035dc

/data/data/ir.alghameh.noshidani/databases/cheshdb

MD5 2e5f986ecc25318e4bb7d4f24100206d
SHA1 63041272fb05f2e00b7d7f09e6690ae0fa1ff222
SHA256 dd9723a334481c4e91ed4ba8046d34acc9d090a4acc4d855ea9c21e8334b3973
SHA512 92f62ac7cc282e785a8306466ba598bd787430ebca20ede449bfd9ab90b3efe4ee0b0de66e4d600b35a3a7b3c16aa927ff6c1f742f6809f4104fa9b04b9d0e57

/data/data/ir.alghameh.noshidani/databases/cheshdb-wal

MD5 f3a8dc070f810c0fc39bdff0fc0e6209
SHA1 f75712849b54398d19b3a358117bc0d17ead2abb
SHA256 73547e0c3d87064759a336271da09b01bf05bb1025c70c90dbb4acd8c3c3c9b0
SHA512 06fa07a5d34aaa5fe713655331a047a869171904bf2ada170a3c708acf5257644b96390e9b34cf5603875c3019e21bbcce240365fad6a8cdd5a69c0290e36451

/data/data/ir.alghameh.noshidani/databases/cheshdb

MD5 1c547a8443e34ab4b32a7eeda39e5f0e
SHA1 102ebdc76332bf257e5a01fee047ae3a3ac4ed09
SHA256 22300472904b764ad7f111400e150ee115cb582489a7d461ecfc097c3d9f3598
SHA512 43582b0f6161402d80752ee134a5db1cb6bc2c55dccacf42cedc207e9af250a118d3b5457d9c60d9aa702cda6431bc0a513e0b02fb09009add167237e5653453

/data/data/ir.alghameh.noshidani/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/data/ir.alghameh.noshidani/databases/evernote_jobs.db-journal

MD5 b276cfc01fc1d89f698a7ab3c15d61fa
SHA1 86de1d7afbd3661e1394f66275e3f48fe86e544b
SHA256 093422abc2e8f3cc74b411734c6d0ceb1bd1c0bd541965689f16491071c2579a
SHA512 28d6c74649c80f313949a2174e8a0a6569325ca442c915c07886642143c960074570c8a4e01528396a62568951c1a70df49525371f3f7448009931c7f7a1d168

/data/data/ir.alghameh.noshidani/databases/evernote_jobs.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ir.alghameh.noshidani/databases/evernote_jobs.db-wal

MD5 c6ccbaeaa2019642e6725206a7b222e6
SHA1 bbcde36db9c6ec124e8e24d0e76780278ec54dbe
SHA256 fbb0b6a0ee2d66bd4ee40174a61efcc35d5f422ee5eff1425b298198272e6ed2
SHA512 f2bfd04c199a52edcb8bab57d27b002f746586f64f1d7a20acfd1cb04d6a05d54f4680f48cc71c796f0448678de5bbdb88b745cd72923919a8adf97a2a394d03

/data/data/ir.alghameh.noshidani/no_backup/com.google.InstanceId.properties

MD5 34d48c5def6880c71d5e4077a0ade6cd
SHA1 5a5e0520bafa34fe575746efde2b929bcf9c5e12
SHA256 00cdbf5c77276d07bc4d6afddebd640b15f3c205014b2c45a40ab6abd0a6dce7
SHA512 ff2add111c69381ec5b04655614b8356e87ba8ccb294445767609dc6c59d5c2c05f2594658e6cf24e5559967a05d4e402e0cf03473c7cfba23f030ce002cdb44

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 11:20

Reported

2023-12-23 11:39

Platform

android-x64-20231215-en

Max time kernel

2524470s

Max time network

153s

Command Line

ir.alghameh.noshidani

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.alghameh.noshidani/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.alghameh.noshidani

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
FR 216.58.201.98:443 googleads.g.doubleclick.net tcp
FR 216.58.201.98:443 googleads.g.doubleclick.net tcp
FR 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
FR 216.58.201.98:443 googleads.g.doubleclick.net tcp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 216.58.213.14:443 tcp
GB 172.217.16.226:443 tcp

Files

/data/data/ir.alghameh.noshidani/databases/db_default_job_manager-journal

MD5 a29bc323311a3265304c6e2d7de457bf
SHA1 20d33ce2048dde5d1e848ca5582e56399e919ba0
SHA256 704da64e4385f86fa69a714179d11787850c58301a06189f4d2cf8117ae76aeb
SHA512 eece25c8125fec7123391d68977def6ab025999cc7a16c320a9a38539a78919cd007a6a95c9e0295cc8c08ac1b32ef28f4cc2784d869432b7df5f17b24c0aba0

/data/data/ir.alghameh.noshidani/databases/db_default_job_manager

MD5 163b0e3f017becbc89b9d7f330b78f09
SHA1 1ef9cd8ac8655190468d0ccece0a4738634ab0f9
SHA256 cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36
SHA512 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

/data/data/ir.alghameh.noshidani/databases/db_default_job_manager-journal

MD5 54adf094426646c5c20a7664c248da99
SHA1 4b9d9388da1d9ea67e453b1b06de93b92afa0b30
SHA256 131e6513a86fd3000d04fb090da312358e49897b4279c998ef1b4ee7ed52a11d
SHA512 d7e39ed99bdfb8bfdf0e8cdc1bd297699ba4a3d73f694cfb1fc723f94e83bd5a0dcd523233075975fa04f60253bfdf6e7d64332bc4a63799f1e71a877fad0c32

/data/data/ir.alghameh.noshidani/databases/db_default_job_manager-journal

MD5 38c5ddad43733027e1a59128bd92b983
SHA1 e86452d68ea206e89cdf1dd0a25fa0f4da0898cd
SHA256 29b963c2b86ac9c3071f7063ead0fd78e6bfc8ff53078eae1717e0445f1d14db
SHA512 cd24bba2dc820813f5c30d279e3ddd2e022cfc66b4a3b3b51fc7e132e94e53bca3310311669c39c0ac51e91af7587f2c8201d8fd224be81ee57a77db87fdd329

/data/data/ir.alghameh.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e21e6716-53e0-4ffb-acf3-158de3d72a8d.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.alghameh.noshidani/databases/db_default_job_manager-journal

MD5 70216e5d7afb70f7facfec6c61f0503c
SHA1 491db540792eb70a68794836fd473c746c27d87d
SHA256 559e16051fac4114b4df6f9fe3401704802407e8ecc2082e2e77210ee1685eff
SHA512 3035dd8baba9a00a114a14a95d463fed69e792cda08dca5aa5c36a87a5049f4016c349f0952968fba2d4a80db08f52077e0ee223994ab60ebefc715f36802b9a

/data/data/ir.alghameh.noshidani/databases/cheshdb-journal

MD5 d9a75ad1cb9c197124475e910d29ceda
SHA1 fe6cefcf41bb01d6aff19fa574b587d5a481ca7b
SHA256 82814fd85814ea6363398ce83fe7ef9f1a37ad0a9fd850750418b68461cabc85
SHA512 47b13fc99f170a419f5c8d751635fb36d8eb30866b8a8175a9aa908dad4134641955216bfedc899f534f88125eb6795489730862c35bd86f0e23a494091755fa

/data/data/ir.alghameh.noshidani/databases/cheshdb

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/ir.alghameh.noshidani/databases/cheshdb-journal

MD5 a93ca15494b7f639ccb9368f266f1259
SHA1 3e0cb1143a58337e6ad25ff6b9c4e8791bb84a84
SHA256 16e3e5f04f3567b029822f1d2c23d4f90aef3df126d62d62d52e1785f913f222
SHA512 625b0153a0d5618e7b4ef55cbb827de1c9b8fa4c1d9d930f834b944a28738539c38e8e3fe2b16df07bd1abeea8f8899f26f53d1f32e70337a682d9b8585dec8d

/data/data/ir.alghameh.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e55e1c5e-b683-41b9-b5a5-cf5f3ac97de2.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.alghameh.noshidani/databases/db_default_job_manager-journal

MD5 918cb29520c233f99ab3732ab58fb592
SHA1 f38af70d02e850f067881d0815335bed3f69d417
SHA256 aa56cce543c4fe5fc2472ffea6aeb9e3138ab8f711f0d33e4f088b131f02b5db
SHA512 9d1fa165a29d875c7e64b5a8c9f48e5fb6cc20f6670845b8ea7038f74e473da29eb732e6e0b230b5b9d8035657ae58522c164240c4bca65539ea7b165c445836

/data/data/ir.alghameh.noshidani/databases/cheshdb-journal

MD5 a107b72d3fc5a4a23d40215ff0166a7b
SHA1 bcb591cc947f6460e96505b450cb361434370111
SHA256 343db737c113d5bdfe233e4e6ab8f2f6809233656e6c44b82935e9874d61a003
SHA512 33b425ca6697f50567983e78f870ee96e8ab75aea1e2c87aa13742b514b9ca9d70c25330cfcd5f5800f970e9dc54170baaa37c53239b903356a014779beda119

/data/data/ir.alghameh.noshidani/databases/__pushe_base_lib_db-journal

MD5 52e2a73f838bc6781ae8fe53967c97fa
SHA1 b07963c36c405444fb9d94a83d84aa5ee46f280b
SHA256 a905a7add73e3b504542c43c71d7b6b2d6d0fd95ab37ae2446026be9c23f25d1
SHA512 9b6bb92298455b29d6e3f49e516b86431a4a6ffbeca5b98d4c7efb7946802c96063aeaf35f353e469768695a17b356b5b1b223ce885116ed49281ded1fb84e5d

/data/data/ir.alghameh.noshidani/databases/__pushe_base_lib_db-journal

MD5 48a063dc0ad7bf7bfb0b938f104ea680
SHA1 5ea960ceea2d43ee2d1fff811dc8bcb10e84d4c4
SHA256 eb00bcdd39ba62b90baea5a6ba653b2815e984e0de2517e281d031babfcc9926
SHA512 c3882035f2209063cfd07bb7a3bbb84735b6da4528abc7ba749de820f4213c936bb34d450ca54abaead5baa87e6d2e1f689b97dd958c2c90f1d1cb17e65bd267

/data/data/ir.alghameh.noshidani/databases/__pushe_base_lib_db-journal

MD5 6e93c1720c09929eb13045e84d79dd03
SHA1 290e633bc470c43d12a18053623dcd359a2fe769
SHA256 40c87592c90588872982b9f99ed7eb47224a11b69a352311b3bc73453c4de6cd
SHA512 c719957617b1a0e81e0c8eebaeafc629ca47cb250ad2790eb43fec7547be36d1291b2a036ae0609016e2a3d0ab3c283229d077afbaf777189007a7aee6871858

/data/data/ir.alghameh.noshidani/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.alghameh.noshidani/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/ir.alghameh.noshidani/databases/evernote_jobs.db-journal

MD5 21f6f2596f12962a7c7c3cb5013b42f9
SHA1 9c168bd2b66f9aac1c07dc20703a331abe476427
SHA256 f2f37e8ce6c0d9fb7f9e4d4130bb2f58d2238afb60cd47705633ce6e60a895a0
SHA512 e88d806a966d0813f4b7ee266e8cbe93e09adcde95cad34ab5652851328e6083ae2c64fe70dac522aedbb5b95c2c3ce0d922f4f3f5ab645c2331eeedb53157c9

/data/data/ir.alghameh.noshidani/databases/evernote_jobs.db

MD5 12627a2ec645c4a4bc50dba5903afd59
SHA1 504005c938517e61bcf68b65a055c2faba635c2e
SHA256 f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903
SHA512 7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd

/data/data/ir.alghameh.noshidani/databases/evernote_jobs.db-journal

MD5 54402e119cc6090165412e0a8197131d
SHA1 bb8e97421cd62c768456fc6293113fbd3e332826
SHA256 65bbb88757d57f9fdc7c1c693ce906694531957048ecff14407cc35c68b56fd5
SHA512 563bfd7ee40dfb27ddfa40e61e19e25943be23bfb8fdcc1c49be08007560e68351d7e01c8bea61f033d3c9d39b762f10fbf952941b35269b090907a339d40a9b

/data/data/ir.alghameh.noshidani/databases/evernote_jobs.db-journal

MD5 b8f73c9ba49205410a96923cdf7f2ab1
SHA1 b4229115a64776ca5fddb86129076c65fffc2fb6
SHA256 43193d67f58d94d71c488938d1a46a754dc91ad9e173aa43223d3222285d1699
SHA512 b61ab0cab35de84fedf835d7cb8a99a816a12252ff0d865f3a9e0bc13f4bf7d7e732ac2af145d25f690bbfbcab2da5d9d5124ccf9b63ddbac3046b201aa4635c

/data/data/ir.alghameh.noshidani/databases/evernote_jobs.db-journal

MD5 5bf45e137812996aceba9c559ba2fbea
SHA1 30b1afb8256b00e91d5271f11af666c7f866deba
SHA256 ce355c204debd8bab424d5a4cfbe76906cc7234aa5f674a154614d419f4b5ca2
SHA512 6c7ea97073a289b7fa9a8c2c709f0e36c303a76867576e623cf59f2c7251d5cfd7a29de45ff3aa5a29890758c58561fff99acd31b9b38a1daee619b12df22b96

/data/data/ir.alghameh.noshidani/databases/evernote_jobs.db-journal

MD5 824c121491d91f375ab056401920f1a3
SHA1 e45ab0ab39cae8286716566bd90d8d494a9c7a0e
SHA256 1ae278541739c9b9ddb5f60a0c03eec8314e1892619357a429a0bc52b1e48b24
SHA512 bfdc5937d200ffe0687e8a5a48508e19fc26b8360205af563b641be5a12572a745c037d36cbdd01c3114c6dddb89d9dde77257142dbcaafc7236ba568a577e40

/data/data/ir.alghameh.noshidani/no_backup/com.google.InstanceId.properties

MD5 a0b3ac0eb05828acd21dd0cf2732718d
SHA1 62386839bfb952c35f7a0be4d038d3521e6f7223
SHA256 f6cc1b2f4903724a088694d217e27098f90a22adfa2befeb6d5fc57f114e26c5
SHA512 ddc333a561fa0435526a2793545a290e93acd4916e27485cbec3e600ca1dad4326d1cf4bfbef00a19fbede1ec1e8745956c5f600e80014098009312e3eb81984

/data/data/ir.alghameh.noshidani/databases/__pushe_base_lib_db-journal

MD5 89a5d916d64fd4826949808b8140bc74
SHA1 3e2c21cfc740091aaf87c98d53f13131eb3eee40
SHA256 5c2f52560eb6e2e6358a3b85d48bed7b9f7f96202519ef7c1aeb36e59d3e17ab
SHA512 372c01210f0a93cc469455ebb3a896fe54b0d44e2a80d32dee405487b3869062dfcc66fa02633a40949c8e4c20bad22ab27f43b0c84a4df5c4f2f1921346cf81

/data/data/ir.alghameh.noshidani/databases/evernote_jobs.db-journal

MD5 e528f8a1ffa7c61ccdcfdc4bd78bf265
SHA1 4c1bb7a922a6633bf9e86bb0fd19eb5c7fb89614
SHA256 80f8cd2cdf87010ee4cbe6d68b7be5040e4d77fe9b34aef4c5cc94cec3fbcf01
SHA512 7d53cabbbca280355db9541c2ef02acd65f10f7eda6297c1749b5303cc250c000d7cf76a634b51660802ee74b25d1d882162ad563725e0b31c60e9b5be5d7a1a

/data/data/ir.alghameh.noshidani/databases/__pushe_base_lib_db-journal

MD5 8057afea199dcb830423213b1bcb02ed
SHA1 46b6b3951a0c15e689c0c4422100881ea70e2b6b
SHA256 3e94a8fd7f30db74b0e874c8601fbd6143d11903cb4a046798e395bef67acd06
SHA512 f5a803a2c35793c915102eecf4022ddbb65832db4facdf6f85ed1b186639540fb0404dc77d087a41b968457ea0e25aec2a4debeaaba72230c2f4a724948cc6dc

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 11:20

Reported

2023-12-23 11:40

Platform

android-x64-arm64-20231215-en

Max time kernel

2524416s

Max time network

132s

Command Line

ir.alghameh.noshidani

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.alghameh.noshidani/cache/1582435991586.jar N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.alghameh.noshidani

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.10:443 udp
GB 142.250.178.14:443 udp
GB 172.217.169.14:443 tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/user/0/ir.alghameh.noshidani/databases/db_default_job_manager-journal

MD5 13d450d7b52de52382675615d27b9a3b
SHA1 a67566381614e7c3c9f00a2369ad90ae5db2c7cd
SHA256 b3955ce980b12b4f24a40221a1fc399a4bfe7ef9177a7bd22c7a9728562622b4
SHA512 e9aa73c13932d0c6e4bc2a2dc2aa57ccd39383450da1dcfed393c7669b61ed32427e179e2b61fec5ea8bb6ae58455633c8f9e713292037e58504183002c5200b

/data/user/0/ir.alghameh.noshidani/databases/db_default_job_manager

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/ir.alghameh.noshidani/databases/db_default_job_manager-journal

MD5 1349e96451c8edaa19b42a1dc4c59ad8
SHA1 78cef6c5ef9398913f996084daa2493498459feb
SHA256 9f788487c1bb0988316ea51e700febb272b42c6d5fbcf27b8086a7d682819c1c
SHA512 915679b824834e8eccbd8d765569253de72cd6b913407eb6868eaad38217cf06383c6fa9e03f10c26748d045552797a964e94534d7cf9948e0924c64da2822f6

/data/user/0/ir.alghameh.noshidani/databases/db_default_job_manager-journal

MD5 7bef429aa3de4a8edba4b43d4e200392
SHA1 821bfe95c3aa64372bc8c87c8a540f9eee9773a8
SHA256 9c1e4b652d0bbe87e85ec3755a1e02eb418e5596e830161cd9220599d247766b
SHA512 1c8cb1867dd5f811a517793457d97f10ab33a2facb6879c6ffbb8180ec5b6999b1686a4f14a2b244f18a63510042a01d552aa17147da3e5835b1d48b7f7c9981

/data/user/0/ir.alghameh.noshidani/databases/__pushe_base_lib_db-journal

MD5 36e8a08329d502d215c126efd36fa1ec
SHA1 c121215dd2e19902ff181469dbe905f91db6d55f
SHA256 0035e8a9734b2cddf9c07e58fbcda75531bc228be1b60b56d80963fb6d6c88ea
SHA512 1f7484e5c9de154feaa4d5fac18a282e59f2613633333cd82e80ef294db01ec7364007e86cd2d4572dba1a00918a15c205ee94808e3b0ac6a384d4b03236175b

/data/user/0/ir.alghameh.noshidani/databases/__pushe_base_lib_db

MD5 c058a59352faed1f951e8f7d033f5eef
SHA1 17fc71b7d0702b9bd6ed2e7b56918bd80ab60f24
SHA256 f2eaeb62d3884bdd5843248a8da585dd89c93bb80fa8696aa1c60d68d6a8fe35
SHA512 6489f1d2626926bd03b85ca87e4181909f552c821e3f338d304b3a6160ad1bba5db67db61f404ced645c322f66408344db1dd72ee7711e619d6c031f52c62f7e

/data/user/0/ir.alghameh.noshidani/databases/__pushe_base_lib_db-journal

MD5 592f3ef6ab1621e959eed301c63f0408
SHA1 16767936519759d0c27e7864183f2be3a33337e7
SHA256 d5bbdaf0f1a1dc0f949d95b8489f47878455d4cfdbc5bb2c17b93043adda08fe
SHA512 7815609a98ea123361eaf1a8f3fcd911ee2211dba9c7c6086c9f7f8014e0a4597b426d3315dfd2eb99cf5477eb46d81e6494b2bccd2f33a217ce44a1d6d6f7dd

/data/user/0/ir.alghameh.noshidani/databases/__pushe_base_lib_db-journal

MD5 51670264e87feaf0a4b17cd2c202ab4d
SHA1 8b8dfe9473bd4710a9dbb2124e7e09b85f0b6869
SHA256 de854088c1772b52a1560e0fdc1e181d835cbdf7aa3ebb83e45a9586b7d99b82
SHA512 cf734222f5ad0a6cad0ebe1a4b986a8943ef60d76e9cfa8f32bed416a2b0e5d109453adac89400432bcb8453cd8a3c236332a69593f40abcac8473ea3467c235

/data/user/0/ir.alghameh.noshidani/files/db.db

MD5 426179142a16f9ccf11b14af2c4b9814
SHA1 5ef5bcd7454f56017adc4d62e480de8540970301
SHA256 4b4d274ee8b5c46e4fb929fa1b1d272c388cd36256a69bb6beaaf6bfb698a0fc
SHA512 0c874897956081b92557259a8f99eeda8bd9db475aa909731f2da7b21e42ce7c14768115600646cc0984ecbd7f845c3d8092526f685cdffc35b876f257483b52

/data/user/0/ir.alghameh.noshidani/databases/__pushe_base_lib_db-journal

MD5 106131a20b9a3f3fd1971f5af0839e9d
SHA1 11432972651b0fac6e3b9a4054f53f55caee11c8
SHA256 298e01f255e0e08fec89722bb508dde68aed04fdd23791ffe2dec09bb80d5185
SHA512 504b2ded020c51a41cdfef7f51aa6fcce324c4f4dacd4d551fb3bef02edaa0287f007bdb72408b17e0520374fc09ea389309f3b2cbc4e43c8a0db188fbb77634

/data/user/0/ir.alghameh.noshidani/databases/cheshdb-journal

MD5 5ed8573fce240ee816185045d55f0d0f
SHA1 9f446b0e0fb75dc1e48077d51000a3c557f67f1e
SHA256 abba1d5ad4b22139c86b9df59fdc8c0abc0faef28b5e75f5c698890411d2a151
SHA512 9dae6e7e6c408e4e7d233c58d03fc0c3b9915370ddd6cb7a3aba1c566dcc64dea621a2d4bd96fde591481a09265f130813ef537ea9c1c87f64f12824fac56995

/data/user/0/ir.alghameh.noshidani/databases/cheshdb

MD5 a40c63238256d047ea3ce350f6bb018c
SHA1 e0f7d0f8b98b317b21a2fe4aa8afe1b1148a73ac
SHA256 ec098bba7e60cacc9a597f2802ccae9eaee49abd0509af187d21eb6fc95d3355
SHA512 2e8619ab16a8b368d90cac1489e3ab85968d12e8440649784c8f8749c8c2d3f00b2e4ed6ecbc9c011cfc3a577a683dd5e3d1b252fa5d2fe47140437680d8315a

/data/user/0/ir.alghameh.noshidani/databases/cheshdb

MD5 856b6a43ef1d5796cfac383c0a461add
SHA1 90c2ec9068890440b8956d73a2375424af759dbf
SHA256 e457e3483a122740e50912daf75d0d3410d5bab0d7a2f58d98e30475afc0f9df
SHA512 64aeca50711f74392c023f4bc929dcd3dc48703bcd29f091bd2f8f0fc65d8acef9ba79dc6bb7a67a29dd09a0d185beac2569bc01f84c7b51613f97f218766a06

/data/user/0/ir.alghameh.noshidani/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.alghameh.noshidani/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/ir.alghameh.noshidani/databases/evernote_jobs.db-journal

MD5 a36f694740a970efa9476adeb828d264
SHA1 aeacadb3c4bd198599f61d25595d51b9d96bb5e7
SHA256 f93f7709e7518f1e89d6e020a2c4c63d76ff1bd2279b62fd5d8eb19fa6535362
SHA512 c7f2f37e237d36be62202651da28778509cad5d139db48b615845af28c628ce6269eb30338d1a96d7a91ee72eea3e35695f316b711ef129383b81352ad9550fe

/data/user/0/ir.alghameh.noshidani/databases/evernote_jobs.db

MD5 f41f531c07d4141546a531ff9caffdcd
SHA1 9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5
SHA256 bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646
SHA512 e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

/data/user/0/ir.alghameh.noshidani/databases/evernote_jobs.db-journal

MD5 da35e6c47ddb239da771980984248569
SHA1 7c27c853959d773fd461e502af01dc44454681e1
SHA256 7877653433fe7a778fdb2e8e37f23a63c47167187290423b604797cf54d45845
SHA512 36956a395c906a69cfe5239e406bb2738c1d62a181234d99a8c83d90dacfd69972c6d7b283a673b25e6b6d53f065614155bea539fd098e5608d8ca4a7ff24367

/data/user/0/ir.alghameh.noshidani/databases/evernote_jobs.db-journal

MD5 a9bf2b8696bd0bdecda26aa71ca8b12d
SHA1 de8d7451fca2684f4eec0b511129e6dfff929220
SHA256 7c26bfa8c812b2a6f5910414ee6e654257b66f9b118025b93f75667b5649cf4a
SHA512 420067eae54e304d43acbd9a2cded0d7b618996b16fb5679d4e62be9d3ecacee8446d58260ccfd7f3837d5e19bc1f78e2f43306d24e0f47be9003190a7cfecc4

/data/user/0/ir.alghameh.noshidani/databases/evernote_jobs.db-journal

MD5 295e1b645191e1051b558007ce976c1a
SHA1 e192c33fe5acba0031ca4c359b77be3b11b2de1c
SHA256 a6fa81979bc79b1122d3e267eafec9e5ff79c7fb878aa0b99b512f8c447043be
SHA512 6702df6c1dd2abcaeb664250a4525c18852e99b5bd476c1e82db621d4c09ad4eae564de9397d7b2bd4add09ea5afebb3d873a54cb57f6aea3783e4ddc5192aad