Malware Analysis Report

2025-01-19 05:52

Sample ID 231223-ng89vahfc9
Target 01a54fa2b521fe3d11298a886f81f9c08aea3561bff2b88367e3cadfe4341dae
SHA256 01a54fa2b521fe3d11298a886f81f9c08aea3561bff2b88367e3cadfe4341dae
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

01a54fa2b521fe3d11298a886f81f9c08aea3561bff2b88367e3cadfe4341dae

Threat Level: Known bad

The file 01a54fa2b521fe3d11298a886f81f9c08aea3561bff2b88367e3cadfe4341dae was found to be: Known bad.

Malicious Activity Summary

irata

Irata payload

Irata family

Requests cell location

Requests cell location

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 11:23

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Reported

0001-01-01 00:00

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 11:23

Reported

2023-12-27 05:46

Platform

android-x64-20231215-en

Max time kernel

2848869s

Max time network

159s

Command Line

ir.gaza.ba.fele.va.sene.morgh.d0

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.gaza.ba.fele.va.sene.morgh.d0

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
GB 172.217.16.228:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/db_default_job_manager-journal

MD5 46e5021a0a6824509639069eb6cb15e2
SHA1 17b778e12304cae220cd45fa4a39be7c73e56a4c
SHA256 40de5f657e267b6c75d70b6bbed1489eae5ce08378eab1d6f6fd526b7b36dd8d
SHA512 44b0a13001f5bf1ef427f2dc1d3f4397cf1b476f168c6589e7a44abca077c1c0aafc23caa66aa757c112c6abcf9476807113d6b0d1bb85228d3bdaa9d4946321

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/db_default_job_manager

MD5 eda4e5f53129dca7344c7e3f3e6d9513
SHA1 ed01e856ac998b6c3de46ac8a2a155f09d6db185
SHA256 7c4bbb192102dd3dfc3d30cd5542d9a115cbc6c52369f1630eeb9e5ea81c8e5b
SHA512 cf733d69c95b4db67de951dbd2b4f3c9b31008dd0b7f8a1d42bb14820def6b34a5bfa178d1e8cee0dafdf64531751674e7f6398743e915ef469bb97662c063a1

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/db_default_job_manager-journal

MD5 80a8f3cd9a045d034c8a92c49c7b64b1
SHA1 4be8b876db758a974200fe476ce7691f3ad9594e
SHA256 5705200e20e892883c0cf6d36033ec33e0e89d1b7ad4897e0579bf48f47a55d7
SHA512 1da29d1869ed92bf39f60b098a6cb3e8c766946ad575823098a8a14cbdfbbd517531db9f435515e5ae863a3bd49594380824ffdeaae81b7ef5375003f52487dc

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/db_default_job_manager-journal

MD5 19e5d5ad86758a7343dec67b33968eab
SHA1 7cf2fbf164269efc092e9f6dffff9b8244954835
SHA256 d1ff0eaeb521827861f4e4401e7b7685d73d8bac9881be12b733b593379a0d79
SHA512 f8d13fe7baa50d37bb46cffc77b3d76a827bed786fd8149388cb3f6f6e7900879778e1dc1aad7b10f39e12945e65184c37645429ce30f7be6c2bc87988ca3bca

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/3c361558-aebb-4be4-a6a1-cedca4ca5cda.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/db_default_job_manager-journal

MD5 8adc6893e5b1539dcbf4c6971b5fff1e
SHA1 48761819e14c47fdf88cff81ae454cbf5b4a4df3
SHA256 1aed465c9311889c9ddc21a9a71e35b2d80b66f95af3dec990902ca822c3c6ce
SHA512 696a2e29a1e2e9d541499f3d71cf6442cb83c1bfe8ecfe5610d6748820fc19fec868bf949b6d51eaeab661b064fa896871b1040fb5159e8b947e8833bf971884

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/2b29ae4f-a0e3-4191-89d3-896ae444db3a.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/db_default_job_manager-journal

MD5 097cf345e14e85c245223f554518e8e7
SHA1 77c9ed275fda20b5f2830825deb2e0e980b1c64e
SHA256 9e72de48cd1fb313e6966814d5f7dcd5be14f67c0f0c5ecc59b5124d83464d84
SHA512 c016dabbc5d322db98348572cfe78b5da25fa44839b5d1e528852d150155f0271df8c24aedc5e8ce3b95f2c5669a68d4d0f11894726a0c663d237d2f7f980448

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb-journal

MD5 5b62b127fb063db764295e9b2db974a9
SHA1 5e30b434bc4686b4bafd770bdf01e55e103c155e
SHA256 da041e50e06dc368821782c1194461718569853382df1768cfe79bc5246e3a58
SHA512 27a4cc659c7b4307a21a1c05bd4758727d52f71ff9a9eb0968ce4b8251b9c3dde6dffcbd4f32b6064bfb2ca2e0415ef3c49eb53199bd3a79b9662535477e7c35

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb

MD5 259a1e4e7ebc4b0d0341ffcf0c3bc2ea
SHA1 9b8da5a0b24833a3e84567d9d8ee0d2f54d7b48c
SHA256 4f4987ac3d84abad3490459fa7a32b7bfadaae5f329e15dcff36e07d34faaeb1
SHA512 dc1296e2b0b18dd83a3782acb700e155ea9a60ef193bfa8c98999e7cc3c5b73a97c20a974cc956ab438aeeba812ec2d2f401fb2e714bb9bb5fb421fa4b7a2313

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb-journal

MD5 ff399f97cd01c3aa8d8636b403277c43
SHA1 eb0e4121a1d37d217ca6431f369e2adf619ecfae
SHA256 243ac129e34fb24891c4741ca1d0cd39d939ae1d9ccd1eecf68092637da8d1c9
SHA512 4978515895aff682b273513629eeb961e3a8a4d1bc865e4ff8dca6bbfded9b803a9367263b4c55c063053c4fe88654b67091a3ee537e29262d8dfa9a4b9f4e1b

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb-journal

MD5 a34bb96841c79dd23d6d721c7e5c49af
SHA1 7cecda69db73fa43e9fcec497e17a331f4877404
SHA256 2f790bfb06be8f963d9d73a2a8a0870fa00b28053959b810ffca208b385dda1c
SHA512 b7a5085a4e76eafd48bf27029b0b8463a8001b8ebf0a1129ebdb46e51605f9db6b6c29d9f7f021a90ba1d659af55d989f0bfa0417f4d719048a32479ae44bedd

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb-journal

MD5 d4518cb860eb5357f62f5f6c37d020b3
SHA1 12d1758266c3c8d3c41bda556559b69c018a7e2e
SHA256 abc3d6013526a2b18de386ed110a7d9f965370a1d994029a3f42ee0f495e31d7
SHA512 3731932d8c2a4c02840f2900fec76e2747c241fbc68094596ff64daaaf0f1d412461ee134ed8e63b1182285a10917539a73268a3665af1257de27977df833834

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/db_default_job_manager-journal

MD5 9ccb32ecc870bdb02f52a85fbca059e2
SHA1 876d0af9ee5756635ab92a4563ac24f376856311
SHA256 69c523bb10c6ac07a395a9a0dac66a150b84233e7d05ca20a6a5726963e98077
SHA512 7945c361d17ea748c9161ccedb0d905ecda52120dca2d0b12405fa31d094b365346c6094bdf37428fb17f289391a334c67afbf4acd2794e26a9defa26e1efe08

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/__pushe_base_lib_db-journal

MD5 43384db7b42ae0be2a7e8858eb657e3e
SHA1 b804b88b4c564476d8225796d31dab7446e0014b
SHA256 01b4da178a2f5abc5eba3ef040f6e10fea133f47972c5676998e3f8bf682c57f
SHA512 7d67b4b67b260003d0178648b9321b3dec6e058bec37c9f33dce975480384a9c5b612db11647630b0075c8237e49385fd0406324780a256be8aac34aafd22284

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/__pushe_base_lib_db

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/__pushe_base_lib_db-journal

MD5 37099bf2f432668d6f6f2d0cfb7a1376
SHA1 d25e5ec53b40cdf13d3d0e3606750aac97255a1a
SHA256 1b8d677f5ac399b424bfdd36220cdca3c3b9a5d87ca54a1cfcd24ba3f79fe13f
SHA512 273fa93b9502699d132f28ed72d0513d10e1501dd5968a3569010096a113f4edb551566bc3b1ed1f1dfa1100b3390b37e3278b11efa119d0129ce628a0fb1f41

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/__pushe_base_lib_db-journal

MD5 683776f3d66afb6489a51c288f35628a
SHA1 882c6e448cabce1a0339b9a8529792f941e147f4
SHA256 b00de047e8a81286ae0e875038be179319940272ab26e66fb41ea1d45152517d
SHA512 e7806c7749276a8d88a5c9c161238393203b3f9fe9d4c0c2c2a928cbf6278b04ef6cd4188b96c245eee2e6e4b7af7f4f4759ebb93f273d8b082af2745e91c8a8

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f0a0561b-c4cc-4051-b01d-cc4f82fa11fe.jobs

MD5 d87396fdc3d3216baf01af4a64b89383
SHA1 698b8b6594770cf65e9d73499cbb88500317086e
SHA256 b1e02669e23bc6702b1902e7df2baf90ebab41494b15fccd1bc0de1381245b9d
SHA512 81af9af75762159906ad466c524415e661a64af4a8289ce8ee5e2c4678b8b412970ce959d812b750c9ad2ab3ff6d1c10d2fb70d6af87acd4311a6833c3efdb11

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/__pushe_base_lib_db-journal

MD5 9c5bc0bb44d975ae9576a7f635240183
SHA1 d8e9fc39b455b35096de651a4a95b3a47e13d793
SHA256 fd23dac8ebb1fb797499477c788c38fc8db569191767b228cde66beffe421eb9
SHA512 abbfffa7455385f192beb2fd58774dcb3d446c4d59adaf74c3e5665527697e06ce8e8543eaba3bad247e2c06ff9091b36cc0c8772d681f07dd8d41e49269e78d

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/evernote_jobs.db-journal

MD5 c8318b8de7522dba48c62711259fa65e
SHA1 5e59f0f2b876b2395cc0dd7c6dca6ceac8b9ef95
SHA256 09f0e77246587cc9a60124c33c892f2029fffa70e5edf6e84bf8de6c5b55ea54
SHA512 cd3f63f321ce176cd5acfb2da0826614029e8e2c97c0c5baaac55369fa7c5623a59dc80d8c6985526c1565a2b111aee635b26fd552d8a1b40dab906e242b6a8a

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/evernote_jobs.db

MD5 163b0e3f017becbc89b9d7f330b78f09
SHA1 1ef9cd8ac8655190468d0ccece0a4738634ab0f9
SHA256 cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36
SHA512 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/evernote_jobs.db-journal

MD5 d7ff50c2715d602287e960765d7be13b
SHA1 841b32c1b8ae7de0a0473a3cf7a8c15542f3aefa
SHA256 a12ef5b372e31c6d29e7ad816826078a8de889505d32d47f0fd430a5f2c219e8
SHA512 29a9380dbe07ac4183106ac22f950936a41f9f67199f43b7c98626a7e4cffd7624b5cc6b53eb424b2d7a22e75787e4729845683abd6f65176b64a2c7dc5a3648

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/evernote_jobs.db-journal

MD5 7a864f06489f95a423f556e911e1b408
SHA1 e72b31bbab7c845ff467d7f4dfb818d8e41d8c2f
SHA256 38147987e277d56461dbaf770e1169bc55702b096d65b035b0d649d7dda0e849
SHA512 a05062f097343998e31a18c6952cf23fa99f6c348af4b7fce4e7fafa129af21a40785367d673fe8e0ecb409c99b7701b37e0e84b943bf5caa81e62082791b19c

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/evernote_jobs.db-journal

MD5 6b7cf693aaab22b928369a603eb5d80d
SHA1 e6977db74a3762281c0991c1dec74b89b9349aed
SHA256 c9692ad621d8bb4d1aeaaf2b64a046b6a6f7e804c955bf5c012c8ec2dc2585e7
SHA512 3357aac3d51d2c5cf7e0bef87ce9b36d0ef8e02d78dbdd50bf5b6b665dc24f18aea8555031f5a8f5aa081e77c66e75b8c20894d793d2794bbaad6b462752bb75

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/no_backup/com.google.InstanceId.properties

MD5 039c35efe2ba859ec6cd059fd322f770
SHA1 b3262431297fb350ac04af9c1a5b0eaf3a6efe7c
SHA256 d915bfea996e0e0e9f7fe0e25adc8e060dcd1fe78ded7361a4a6d23f56c6aed8
SHA512 8c7a67d779992413a7da10afe07c282d2d1e555b69ab104de5da079967f1908140786c4f387ec989acdd8e6f2d58be3a9711c628cb955f7a4370a0cbaffba3e9

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb-journal

MD5 91caea0a4097a31074c043f9292ce68f
SHA1 b76a93a7d2f6e88c359b3bb8fd1ec3e5e889fdb1
SHA256 f7f1afeebbe40c70b5e8a36c0c881f09df95da58ecc395f98990fed732617ec3
SHA512 47293d710bbad47407f8c6cde03bfa89e36636a1f4303d96b480c7f07438f1ebe4253f64d17f12c9a2a696d2f066dd5b1995534c4d5ebf293d1b57ed7563ddbb

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb

MD5 8e16b9ade645d9180aeb9fbf11902e63
SHA1 ef62818bd580a0baa005821d7ebbdacd6258861d
SHA256 9a60b29c8443f344550e7e39ae49ece08547985aefdb1196ca22118996d1c573
SHA512 a9a2f1f74f8c0b0aafd2f53fce31ff3dcc5d84df3009fc3389942edb52f03cb27c3f34f9b28b5f0895023003e1233c8bf67a6d5fa6290af09b96fa072e749aa4

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb-journal

MD5 604d75867b0593aa4fdea14c3477fe1e
SHA1 4680dd402e721a4e051506a3b487f39378adff9d
SHA256 658dea80f5e0f3b4d24ca426a8cd0f2e6e5d54e8cc7908e0576644acffeee7a8
SHA512 d4e0cef507e74d60454b81c6e44d9fe950aeb214f74784e54cbef8d5868d7097471cd96a2b7cfab2620f530901faa0863d0a934647b9cbf4d5891d82ca197d41

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb

MD5 445a7cd67b8e09ca00323810bf705a32
SHA1 bba3f941a66e0b29ce26aa1f52dbd40161fad385
SHA256 ded650924495fabcfef15b86a45615ef3604538da931ee84636552ead8295362
SHA512 e29d6d2854b9cb58eb7069da0ddbdd76fc6a8e9fd30fb51747eac4b3427c6d0745e3a5a1d747aa1c7aae120da15971bbefe5260e0e48f4d362b6ae1b91bcdfdc

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/__pushe_base_lib_db-journal

MD5 a5939c6d1c9d39be7807e06e58ef7ea6
SHA1 32f31351f4a10b2f184625b21cea5e2e03661526
SHA256 66fa7ed472f37dca27ba36a6df5e0f175ffd9f034cb7062b10a7038ad6faab94
SHA512 de523dda2d0254a97959dabe6ccd22606e6669b34f3f1979bd15298c3e79e8ac87ac2456f1dea6a0f1d4598bfd6aede1544d0c69bae84cd22bc554f632bff5e7

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/evernote_jobs.db-journal

MD5 4be2c15618c5b9fa1c3d6cef9784f1ec
SHA1 cbf1cc094a2aa4bdb4e0b7fa8f790fece1856797
SHA256 52ef76be941ab6a6e4328934f03781d54d1f4fd64933de8bbd2d14254c4ec389
SHA512 025f5a15535dd1a2b05bbf5b959824d63e95391372382cbe0ec2721089a1698e83d6bb8a151a64a32df71995456f307d5af77300c843c50c5ee6c64b791e0ac7

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/databases/__pushe_base_lib_db-journal

MD5 8c0307fbd1025c0c809efd5b7c9f366e
SHA1 7c0832a795d9d3392c9963db3443eb90c13e6a3b
SHA256 c88556d4276bdf454ef7d89bb164465531089e5f18b9122d5cde9f0197efa362
SHA512 7c7dc35a8d0aeb5907e83f79169e0b4154bdbc7f6581db4c11c01323f41e28551c479971e77e207a37f2d28197b1b279e819efd47380cb1688d9ba0c3f3690a2

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e6f7a346-c89a-4d3b-8930-ecfdce2fe3ca.jobs

MD5 3699be410be3de026b0165d269ab9d1d
SHA1 33c265ba4786da7ea34fb60cdfe2b7bb62e2fbc8
SHA256 1dc93186239dac0f6686c4c43792b7c4c80c0fa9609b3a4a24fe8102b492adb1
SHA512 3d26396cc0ab28a82680d0f353a56f007e2fb6b5844e6124d1aac2fd63edcbbc75e544706de0567d3b8202daab6169e4bc3b2cba585c54146cbb64c0714e1e25

/data/data/ir.gaza.ba.fele.va.sene.morgh.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e31c2931-fd1f-4c2f-a6b4-aeecbb8a3e63.jobs

MD5 320fa17774814c7558676d8fd16e8ba6
SHA1 e5afd7b3474d7d4567bcbe978f06a47c2f92435e
SHA256 e38f31f93be2e50c9fbc39e4bbe93cbe620195faa203bb3ef9e04159a5d14f43
SHA512 e473b9f886c1f53cfd59b35e7f06a16e5036f2283f6ecea4e6395ddaa637d78eb3d30e2f0f48637c865e4245ac8730ba6a75d3114eba82e233693fd02f9415c1

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 11:23

Reported

2023-12-27 05:47

Platform

android-x64-arm64-20231215-en

Max time kernel

2848892s

Max time network

132s

Command Line

ir.gaza.ba.fele.va.sene.morgh.d0

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.gaza.ba.fele.va.sene.morgh.d0

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 udp
GB 142.250.200.46:443 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
BE 173.194.76.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.200.36:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/db_default_job_manager-journal

MD5 0b34ced052db10cafeb61d56f4df39a8
SHA1 d9457d4c7a755884e7529e7c6247e4ec8ac6dbf7
SHA256 8ac40694fd2a9feab46e3cb61e48d7f394b801e4eebb6a4594d60f72ad25b5f4
SHA512 5c2fdc3ceb1c047151ebc9f0b265dbe34fd992559a9521e32ed30788afb412e99c2bc905e89b01c7d52a0c490c20b414a2a0c85573054f500534e02e06d379ef

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/db_default_job_manager

MD5 94f1a9d77e9bff1bf826e5a12f0b9cd6
SHA1 df2c63fa4b2dbedc7deb4904a218967e914f085c
SHA256 eb42e71e7e4ee88a1f8648eb17b8978f4fdf2685c0a67ec7d85b8df6815d1fca
SHA512 b62ed56ff1b7bff7a7f540e9b9ec1a429d13c716e31b29eafa4021985637eccfa5809526dc43c2932f956faf9e7bef48ec4260ad1bb378d00a948c1a1905d40e

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/db_default_job_manager-journal

MD5 c9eca72f485600837e0f6df9235783ce
SHA1 50d2db97b06827fb1e3f784d05c9ebc139e96b2f
SHA256 bc4ff81e1a2ea0cc8ad8316ff9a50848c8e8787c3347a640890e7ee401e7db0f
SHA512 f8fff83cf5be26fc097cfafcc60508ae341a2209cfac278252a3f8cf5c22673c29ee90df697216c6af66e721e7dbadd5ce81886f00839aed2b0735936f9aa094

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/db_default_job_manager-journal

MD5 748637058a8f9a510c290566f616fdc4
SHA1 433f146f48af1b391e8a29920fea6d04ca141e78
SHA256 310fd352578bed9f43661e32a0804346189bffbaca6249afd86d5d847f0dd943
SHA512 fe81c6989e4eefa5c08d6f739739b9a2ea310c776474c63cf78932013961b35b8f9a8c2a23d23af4be4c98059b1c791b014396c3f772dfabcefc15cf66e7c54d

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/d80b04f2-644f-4198-9d34-232d52650e83.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/db_default_job_manager-journal

MD5 798ca85a372b983dd76bf3b14cc3b1b0
SHA1 4688f393c8b2671d8bfb23544a588cd8042627a6
SHA256 75511f577176e9f2e02edf4f1848f678d1ab61610677273207fe534a4a933bc5
SHA512 cb3f2dc372d2b2411bfa53e0b03502f44fef34a6938a197ff73e48760b01570402e20727ac671176a958525228253f668b1f2072cb25f5723f91c99c96298089

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/be0b6581-318b-4cd5-957e-d4cbd0cde6b0.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/db_default_job_manager-journal

MD5 3782e5cb143aceaaab84593120c3556f
SHA1 380d622e15ecabb05fb584c9b114581ac3ca15f4
SHA256 c923a311bcb3bcb7149e4b72f4623bcd0a749014569fd2229f414c0dbbac3631
SHA512 c054beea9962fb141aac3a7dcb24aca366b5e47cfca053f591b8638995e7f1d8107f5e14657784712ed04085656e482c18d2b5cd8a6d6c35de18534deb5b230a

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb-journal

MD5 52a515111376eda42aeb34ef4a3c3c63
SHA1 67b4a68631774402b3b5d4f66304f60102517d14
SHA256 2575774c4727c49f869aa3c954e5b50b75fe021b961b42f0a22c53b695a7d1e3
SHA512 0e5be72f89e6a6925299f485cf819e6c190560be2af6345aa91425bbf83b15ad2007a5ab73eda40c9ae1568cc04b26cfec0058a7a7e10d280b4c3c32d7097201

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/db_default_job_manager-journal

MD5 4739f2799b3f86b4d1830ea2f650739c
SHA1 7db53285b9d0bc4f0493fb81e7366b67d847e9c5
SHA256 a580f0797fb89f7b637a3ac37732eedc75fe49121e7a1a384ce958cf7817010f
SHA512 52290ea9c745adc7b344f49fb6de14f56392fa0edb256c8e72073d860811ad8fcb807fd5fd32bc858f6c85375dc1cc3d99124d9ed9dc409f63da21ed6db77983

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb

MD5 0660d3ef5f0245096a9fa0f61d6a8666
SHA1 282222362a5a05e3153b7f6b49ef35c667b19542
SHA256 1091580378b83e0ab3222d05659ab9aef1d2c65d766d5e04735b628d7a760ba2
SHA512 18bbe88051278314b76611bd68156ce60a9c3af3818d39991fa58d28bd9bcb8476eb00ef52ad8ae7d16c1d7ffcd9f2e8a858e2fd806ae59b5d85a8c3a9ca12a7

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb-journal

MD5 5b9786512fc8a8be7adbbdc7bda41457
SHA1 52fe9bbbf6942d3548991f40268f34a87679dea0
SHA256 570f952f9ade875386ac40259db7924fac21c5fe9f75dfe4df837e845b7e7a7a
SHA512 59a9006e8387231c348ce686dd4c4a236bcd1f357f40ce31435412a2c34c4ca7fd149ddecd10ebd95550057bdadd758bb6e7cbfcd861fa7ce4f8332cb1bb1e6f

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb-journal

MD5 d6594f1986f07c3ee7db86ec1bad021e
SHA1 f745b9646672297183e2d62f2e7c022a2f617578
SHA256 5e82452873717c22c57ad750d5612c58caa71e614eec1e2dbb5f788c225cdd19
SHA512 41f78df4434d66935e07c2dacf11612141a21f00fa0e1fba7a199ca2d4381d4c674605d70e6ec50f536a63f00b59c50d507b55c8547ae9e48bc85ab40618b923

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb-journal

MD5 0fff1ba4fa7bb8c4d610b028ef77cd7c
SHA1 7fcd62da1f4b169302ddda15c5cce517b1a849ad
SHA256 57e71e734d25b589dd3eefb1cca0312de04003210e0684d7f5e4271a3644c954
SHA512 222794930c6c424e6942cbc7fde92e8614cde8fb1529767e227897f09bf03954a647cddd9c54bb1b04ddb5e5c24bb2efe3ef69d7ddc33000afd93dff6ab514c1

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/__pushe_base_lib_db-journal

MD5 d70aa9495d5c34da1110e3ab739d9c1b
SHA1 4b28022c3b699fae028b009ee50d4c51fb600331
SHA256 607fe8f33bc867f1686576ea05fe0be5b1fb8299e8e738b8913d37039b449736
SHA512 2178954b2e17bb7e1b389bc77762e539b5e8433462d0d0231af56947a88757502e1e37835e2a84ead1b049c5d923bf003d45fbb768d0d5229f9cceb987ae9e05

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/__pushe_base_lib_db

MD5 2cdf77d5c14dd3f313b60c691579a0b9
SHA1 6a74a7a3170cabead82152871c90749afdd6f310
SHA256 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0
SHA512 eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/__pushe_base_lib_db-journal

MD5 f50933608db0968a1aaae507c4470a5a
SHA1 d4df3bca9c49b19e42767788a24c30fafedf0155
SHA256 b1ca9777d518baa885e1daf1b751a7a7e35c9840b18306821797f0a16da8de27
SHA512 d34fcf034e45decc5bca1ac7420f3015c8f48a92b69de1fef152cc62afc999e0d1e9de893bfbea09f5d7f68cb1484f600aa6e74d110fb3d6c012621519a53451

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/__pushe_base_lib_db-journal

MD5 b199b301c62cab3df3a14fe4e202bb4e
SHA1 d022f4b2a508948dfe3130f6da59b550ba4c3098
SHA256 7ffcc8284e729cda5ddbc08bd3c299aa7357b0d4ffb0182086589aebeb71bc4e
SHA512 e8d2ca5dc923d1e36aa9a552a1428fdf5e4b388b49de21934829afc5e1f5dce316301b96219a4868c3cf0ed40fa708d28d25369c3ccd0264481fbc32297898be

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/87345aa1-3d4c-4991-9c3c-5b508b8fad5b.jobs

MD5 8cc7c60cae807d82bbb825d8309dc8e2
SHA1 81d8b55fd47f071281c7598f1cf08738e454a169
SHA256 0af738f86aa942f75cb35cc5257f925974f66daf12ad307fbb0d8a3c98b697fc
SHA512 f3c00ad46afd7717641e85d960178d8dbc8c0668060a7e3022117a5e69cd19af9e9eeb39947497b24902a1b3a17ff9c042309278fc477baa745dd1697f293d9c

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/__pushe_base_lib_db-journal

MD5 83489998c914eaa465aaba6308ac73bd
SHA1 7bfdf22566dd22d512120e8875a0989df2ea1549
SHA256 b54d5599968b7d6f61142cd7e876f9bdf912d2c40a2d9c407799e58631878c2e
SHA512 4548682a9cfe15f75dea4f63b2acba8a277f5ef487fe04068fca86215a8cea237664da2126fe7bf5a8bca42d48c1eeae44918de3d6718ac90eaf163365c1873c

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/evernote_jobs.db-journal

MD5 a0655151b8de1db8bf608d16518e49f7
SHA1 c6ed9072bd73b867923e61c24fc6393ac48abbee
SHA256 cc8b6f831f3fbf6e0886693fb3745dd8ffd9e1abffc24eb0abc12bb381419efb
SHA512 ffb14ce78ee1f8501036f28c664ccf0a54a97bdcac52ad759f4858d40aebc28be1b77eab14083d697cf4ce83361691d912f4effcf56cd9a1abbb2554c6134128

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/evernote_jobs.db

MD5 f41f531c07d4141546a531ff9caffdcd
SHA1 9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5
SHA256 bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646
SHA512 e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/evernote_jobs.db-journal

MD5 10e70ce6c32eb814a9093b6417fdbe67
SHA1 f1439d3bd1a9561161de5c619321bc08c44f5cc6
SHA256 5f0a730f029642f3c8efa9bf1989088a9c93abf24f92f584f128d399ae851c01
SHA512 857b9bf2976a3d9b385c6d29fd8d402a9a68c03b8b633d401a0997ec2504db87c1df3789398caaf4daa1b3ce712b042f4ff4a58acd158e0fb9b6b8de31607d9c

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/evernote_jobs.db-journal

MD5 a55467bc25fe862bc18cd47d1493c37a
SHA1 28bf9c85d6a28e4039002d10302ee16ccd82bd89
SHA256 f3a98caf80da7a8987cbacc39cbde9e0ccb71377f159f9757dc6c95c78d68ac3
SHA512 e8b593a803e5cd8d517696df477013ecbe0091583476ac58fe426a5a86b10bee3b8bc21ee6ce5b36553239ac69a4967e310dba01a936c2286281b0abdc0515cf

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/evernote_jobs.db-journal

MD5 98f7916581d6f0177b715bf20cf3cdc9
SHA1 aefaf2deb790a307f68aa6cdee206e42fd783fd8
SHA256 308464f8f44d8f44d09fd706b1fb62f57632084918bef6f16ac9a13a4b46a867
SHA512 494c401a0d01e184a274f3bf74ff361e9e7f73d0a7abfa1e3f05be337bbc43365b3366c4b6d4693b61f63ef2fa3bafe7aec87540f10d7eea1c65c631aa4c7bb9

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/evernote_jobs.db-journal

MD5 b0e24d3ef4a31619de065d85ca255adb
SHA1 f342b289d036a6686a92e3c9a31aa29372f6cc35
SHA256 6315dc908290bc8b0ec2eb4b81260daeee012301e409e8524918452fddeaeb40
SHA512 321a8e56bf599da371267682155c1b2d0b7735fa0426c95c27113d277a56fd360a5bf66b5461e1469fb75c4f31250256de5bbb018f2bf7b567ca4dfd7806c4e3

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/no_backup/com.google.InstanceId.properties

MD5 86ef51a65ab9df36e2f742865a4027aa
SHA1 417683aa0c89d1e34e239c9eb8a17a95c1a647fd
SHA256 cd0475cc12d89cdfba0fc130ee2c96ed2d69907ef826d14eeeb665dce23ed819
SHA512 d65fb5ba6dd04e72aebd1de11b27a2f834b3b2c5ad4c8e46643c60a2d0a6fa50255b48b132299755ab94aa7937af4c46b89dc61525888821accb38d48befa0ff

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb-journal

MD5 3a635e8b811ca2dab65a5bc7b0060b31
SHA1 af8479e0674ad10936f47635ad65ae2c6b18fe04
SHA256 bf33136c6e86c0259e939eac5e10def9e116a4090a90eb0ef8495a9dffac3036
SHA512 a1b74416ecef2b116f2b3be08a294fdcb9f09cffdbde4ba2d58b3abe62a2743e70c75a39bdfedef0b3f4098cc26609dd8920b72ba9c01e4360cc9acc0fd197ac

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb

MD5 9d8ee4d5e87848a532389d45078341bd
SHA1 85048bb8ad87dcdbf8af15d8757722e549ce88cd
SHA256 31353e79aa1a006c1ca8b735d6bbf1608ad9eedc8415de852c58162f6a8aef4c
SHA512 5cea8100b6ce630fbbeed177faf5ffb5fc72751bd818759d71ee064dc8655ad1cb01d6ee53bdd34361d0564c723316cc5862b21ad1856fe664112c844226ccb4

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb-journal

MD5 5edaf25a53f1bdb0cf508fbaa5cec691
SHA1 7ad14fb557b0491420a1f7203345329c596c6b75
SHA256 dfd0165efa2f8713752805ba6b10f66ec4df9d1944f616aad0b9795741995999
SHA512 53a8e32c4d4c086f44900813982aa3f9f2fbe992f29c4f59750a9b0bdca1c81e152effc8d22c462c621ee57367a126586d6d4d10a1db7ee0093b38ee9640e622

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/cheshdb

MD5 a248af7144ce64984121b11d7090be79
SHA1 9d6537b24987ba26ed5a88255e79f02372a8875e
SHA256 0de50b00c3a355a6153a66bde7f502ca4a5a2374ba04356b488e419e0eafedeb
SHA512 6c71ca31e94491d7c182879d1d37c914a5f75f16f0cabe7b6adb9905c32f790fdc6a067e3807c66e13c58ebe8a44effef7200aede16b401fda46bb1e59857fd0

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/__pushe_base_lib_db-journal

MD5 92f36ba7c9176342d630c5ce7d3aa266
SHA1 da95448193fcd44bc99bce0839b10e7e96845bd7
SHA256 7fd1750231f5bccce7b77bf39feaca1ee9c37f17eb19a932b36f791212a3463a
SHA512 850604ea29b89095aaecb0c74adc3760edb56de7a637b59aa9f92e680fa41de9eb4e164b06f55cb8ff8a7a96483e82f0ac30e8f3d93f7e7591e23bbb0b496e4f

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/evernote_jobs.db-journal

MD5 e885a8a7f6c621a901bfd5be70760556
SHA1 3fe072dfa7a800aafd96ae74d939587c37899076
SHA256 9d8d7aa6a37cfc69a3fdfbadc881cf60e6482f22ceec6704c5ea4afe9f78e2cf
SHA512 ad1b2208e47f3b182b3e1a24b592b5e326a0a1e1fea028c508f98088099cae70e73db8f9cf03862fa2792265a6c113ca04d196a4c44e83a0a2ecab954ed8f7bb

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/databases/__pushe_base_lib_db-journal

MD5 1acd01fe3b95b730d13b8d175c0dc225
SHA1 841a68952474db8c4dc792c1667d944c9f139ab6
SHA256 ab91c727dc3198f4261cc9615903ff2bec9e816236e36ceb9b3d3e311fe8922e
SHA512 985313a6e798e85ad5ece0e8b58dba5188af6b63d202a4e992500698fb46f6b4737b46d256ec6dd7e0635de6191120f29aa2e6bcf415bc24f76623e0b5a1306a

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/bccf1202-bd2c-476f-90e0-05af9a01f6d3.jobs

MD5 c67956af9f9584e1321607abee9ad0ed
SHA1 b2013eaa701636f62ec6e8991114d5c80aec5b58
SHA256 227c54073a73a4e02e66676489037e7719c95defd90b928baa202c553aba648e
SHA512 04e68bf18a44c4d6058ba5361e26e5bf56bb9b0aebdd64c2086056727e631fde5559eeac9ea12bb4691be92a593b222bbfeb97e51a4dde70c130f6356b373f11

/data/user/0/ir.gaza.ba.fele.va.sene.morgh.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/4181c922-1f9c-42a3-baa7-48d8bb928aee.jobs

MD5 ef56b405e4d9eec09a23d38081b4c1d9
SHA1 74d589ee0ae4b1e3ec469f7365fe2b18f62f8720
SHA256 eaf1b24f75dc9949f8f44ffef08f290336ab2f853b1049a8cf0b4c5e7bac7f05
SHA512 38d116156cbf841015786679c6cca160c922a68450053c6d65ad7bfd4bb367b1e2104c11f0594e7d7968440330c93f01253af4e37b0204bb72af50b9dffb83cd