Analysis Overview
SHA256
26d31f8346361f1113e3a8c8c080d6c90ef7ad670668a0bc4fd7fe7f0c4c5eb4
Threat Level: Known bad
The file 26d31f8346361f1113e3a8c8c080d6c90ef7ad670668a0bc4fd7fe7f0c4c5eb4 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Requests cell location
Requests dangerous framework permissions
Acquires the wake lock
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-23 13:53
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 13:53
Reported
2023-12-26 21:37
Platform
android-x86-arm-20231215-en
Max time kernel
2819619s
Max time network
157s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.iut.sand
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| IR | 178.216.250.25:443 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:443 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| FR | 216.58.201.110:443 | android.apis.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| BE | 74.125.206.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| FR | 216.58.201.100:443 | tcp | |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
Files
/data/data/ir.iut.sand/databases/__pushe_base_lib_db-journal
| MD5 | ce7b791714bc961aaae03cce8a0ed1ef |
| SHA1 | f74490cc286c66c6e61bb400c331b20c20fee46f |
| SHA256 | e0da9af1d5d54ed78ffd5a7c064d9d99f5bc2343a1de122d69ecc67eb9c6b2db |
| SHA512 | 8e306ec263f92b836b7527413bca856ded1ba5b8fe523d37dd1f66a9c9d0eb86ecbc53dc21323d115c67f12d157e6e6c981936d15ad88375db69d00a20286660 |
/data/data/ir.iut.sand/databases/__pushe_base_lib_db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.iut.sand/databases/__pushe_base_lib_db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/ir.iut.sand/databases/__pushe_base_lib_db-wal
| MD5 | a43e4d866f17e29d75c60ba6868f61d2 |
| SHA1 | c2c17f23abce8069c9ab873fffab677032b253c0 |
| SHA256 | 6fd0af2c620c43aeb25619fe802e89a52e3640a927fea32574b1e1c475c69ad2 |
| SHA512 | a8930ff7246b8ccbb5020f355df529e9c26790f6478ea4162e1b9ece358cffbca1b54098a8efd5b066776580c4f2ee04e45b2a0c6d9dc44fa12510ed7fe20d7b |
/data/data/ir.iut.sand/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/fd067a4a-d854-49a5-a55e-024b95d46bd6.jobs
| MD5 | de4faea7d2ec8b51c6d298a5b752fcff |
| SHA1 | d145d920e19571c0f209886e1deafd2884ab0b0d |
| SHA256 | 21321f56731b3480f75e0c7f0baf1bf64a7c5fe570181079cefc7fe84d160ca7 |
| SHA512 | f11c185f37602c1ca53421c523cc93bff2677a3898172a812e7cf65ff175ed66e423659de29300a7de4f9b7440460f989148f0b0f9f65d8e45acb26c90a9ee01 |
/data/data/ir.iut.sand/databases/evernote_jobs.db-journal
| MD5 | 19ea78d0f1f616ba5dc2c96d77ee5def |
| SHA1 | f42773a2eefd317ebe92047d2720365eecb5692c |
| SHA256 | 35198be3bb0c8a2639285fa2fb5fa3a69a0025faffe9976ab8ec00089d2132f9 |
| SHA512 | 67ba7f5506813df5070405d478d87bce287ec5a87feaf954936e478bb84309f634f2d87c4610ed8d87dfb3327c092cedd9d5ffb66fa7d9590d42b87fb0caa1aa |
/data/data/ir.iut.sand/databases/evernote_jobs.db-wal
| MD5 | 809e470f691a9537011d5c18af6c7c45 |
| SHA1 | b9301419a8bfbec2abece8bf6afdef9908b8c355 |
| SHA256 | c2215d3683a99b47d77fc79f7f8b81da9d3a28bbc39d4b7c3fd9997dabdd3c93 |
| SHA512 | 1d2489a6d7614a255942c917e622e154f7684b53034099354fab824ced72284969823a52294a671f453cdd84d057661cc6a3090641c8cf3afbaf9050a2fd4462 |
/data/data/ir.iut.sand/databases/cheshdb-wal
| MD5 | 4e268dcee9eb4ee84dfe9c41d42cc967 |
| SHA1 | 9d9dfd4519de19b89430f60704d1580bc53b7fa5 |
| SHA256 | 0e4c287c374c8ef067d7ac2ac2ec5134e6f33c87ead0b126836131596d385a97 |
| SHA512 | 4ffa579a0a2ff35427121f50f6e513dba8a431cf89cf0d87e1dc434915ea57a638194f40d654cadf2745876e29a8d8f1d6275d36c2b694cc9a4add43974782e8 |
/data/data/ir.iut.sand/databases/cheshdb
| MD5 | dfaf93eb37de0cd7e928e085b43e23d7 |
| SHA1 | bcd72af3c567e5211af07900326c32fead6fdbb7 |
| SHA256 | e17872ea8fda9fdb05e85e03f9596f10f766ed6d7e44d7db85a638a85eff0c46 |
| SHA512 | e6bff0ccee23ad4c028e8cfbcd7987f314241694025248aff5e08384a269408a54a18c193b8bb8b5e40f58b4d5dce46cdaeb7060490d937af576fbb83f311f4c |
/data/data/ir.iut.sand/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/a2850930-323a-4662-8bd6-c4b3ec23d644.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/ir.iut.sand/databases/cheshdb-wal
| MD5 | 84cc1dd3f92e2f477334b5133294ea9e |
| SHA1 | e86c64e8e594e093c7afaa836dfaacff3b91b1d9 |
| SHA256 | 5cb6ee7ec32285f79a6b1f7130e2fe110d5cbd863a68d748655dda29a8e1b590 |
| SHA512 | 1ea61c4a2083e6b736965517669446c8bd3fee539382c667445434045ebc38836938cfdf69696d609c40111acbe58f823244d7831efa697177d58f8132709c65 |
/data/data/ir.iut.sand/databases/cheshdb
| MD5 | 318c6d10cbda58baf624534f94ea559f |
| SHA1 | c6cbb5df68f261834da017dcfe27f2f230775d30 |
| SHA256 | b6e61300d683dadf0ac025ee4994adaf1d8c99d959499d972673dad1aa53c70a |
| SHA512 | 52475f21e6612c383544bb4f519ac691256adfbcdeec28cf491f64c397accad414be1adf4cc04df6c268c30b4bf3c2cee8a009b0bef82fe596ddf7478e9b59cd |
/data/data/ir.iut.sand/no_backup/com.google.InstanceId.properties
| MD5 | 3c6659a2c428c7266e7f460842aedcd0 |
| SHA1 | 7b5cfacd2a80d68d3fbb4b052533d1fb68edeaf4 |
| SHA256 | 133e02522e3809708a815f84217f0a2f2feb07b6675c337fb5bcf00ad4541dd2 |
| SHA512 | 1d37484087d42738f0974206ddd399f74167e37ceae57132102af20a89c4d7a36e4799ea402f9f5a77a0c4b75ffd348d7bf4b06b3305807b58720376a661d803 |
/data/data/ir.iut.sand/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/b8d2f018-9cfb-483d-8096-efd1db64f060.jobs
| MD5 | f49e3b26ec24b26731b0f92c99a2909b |
| SHA1 | 68b15a81567c758251d986faedfe04beb5ca248c |
| SHA256 | 8e9f87a51163a7924b8901c18ca8109ae3f4d8207bf793851b07383d004af2d7 |
| SHA512 | 1b486346c3aee5f262687153ca9d023832c9bf8b2e2571bf8c6106fe24531d653054f48e205ced3e8fb2b8ba409736ac7270cdf2c05603d6d08320ff4a93f516 |
/data/data/ir.iut.sand/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/742d214c-6b06-40c9-9260-58f9ad950114.jobs
| MD5 | 7cc4162a91670dc00095a8c089485596 |
| SHA1 | 8eebb8e6d17328ed6d7e315aac72595eff3fc861 |
| SHA256 | 466f6a6e53f76af89d5e449a176c97e7e10e0472f239596fc1c56c2f994e9019 |
| SHA512 | 4a6ed1215fe5a36d635dea0beea71224f7bec6e7ac30b3a82e55b8c001f1118eb25f7c3928b62de65df38b2b0759ffa27403e03e08103b58d56a74bede313694 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 13:53
Reported
2023-12-25 05:38
Platform
android-x64-20231215-en
Max time kernel
2675603s
Max time network
164s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.iut.sand
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| IR | 178.216.250.25:443 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:443 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| BE | 64.233.166.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 216.58.213.4:443 | tcp | |
| GB | 216.58.213.4:443 | tcp | |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| FR | 216.58.204.78:443 | tcp | |
| FR | 216.58.201.98:443 | tcp |
Files
/data/data/ir.iut.sand/databases/__pushe_base_lib_db-journal
| MD5 | 5d7b1cd6863c5231ed83c009ae443d24 |
| SHA1 | de779d1e6f2750bab34a6ddc083682fe91c8d748 |
| SHA256 | fbe820610b27cf48d172383646eae74d2233a7ce1f441dee23939b69ceb8983b |
| SHA512 | 67558a8baa66b6539bf2bca75d0eae5bf2e8fe90b884a3a304c405a2597ad01fa296be2f2f38b71255d346189eb5030c8ad7c4234ecac910949db6a014bd6ecd |
/data/data/ir.iut.sand/databases/__pushe_base_lib_db
| MD5 | ea628e04765adaf4238a5dcdff4bbd51 |
| SHA1 | a801947619ea8c368efe9c006a324dc6339ac60b |
| SHA256 | 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4 |
| SHA512 | c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe |
/data/data/ir.iut.sand/databases/__pushe_base_lib_db-journal
| MD5 | b4ae769697d9b0be73970df2485ce302 |
| SHA1 | 63409f32feceb956f8d56bfb61e05efb18c5b1b2 |
| SHA256 | 11c54b4c6d1bf3e84bf2068abf6429669deaa656bc2f9ba5a9064bbff25394ca |
| SHA512 | ea953d89af49b7f6d5806929e5af7d9eed07d9c6ed7277eafe3815002a81d399c485782a2a6aada16859bc5e4774dffe5459067884df13d1efa737da3c949dab |
/data/data/ir.iut.sand/databases/__pushe_base_lib_db-journal
| MD5 | ba63dceefec8556b7906d96cfa9e78a3 |
| SHA1 | 1335889a2bc32130ebbfb263051be68a7af130ae |
| SHA256 | 825f76838da4169d36a7e80a4beb53e09df339081f2a48b9abdc4355cf4c3e6b |
| SHA512 | e8804d67935e6de4f7e96d831c1e9bc8d4fe0ba0f0aba8e196887d0cadb58e36c793ff300d6041800d2efa8a614a2feef90efa4ef9b182a72a643657ac29b692 |
/data/data/ir.iut.sand/databases/cheshdb-journal
| MD5 | 0ddf9000299d7801b31d29f371c10322 |
| SHA1 | 0d0f4567aacf6b3607881c82e5720f30adeeb333 |
| SHA256 | 90cd1354f81b1130f74fd3cf9d598ac9b4ffdf71c2ede0c9fee1af3342714059 |
| SHA512 | 4c0bc30048d0e4622294db010f0c17b3336f189d90caad7f51c762b501287b1a726bbfb2d376b3da49318bfeff04cf88ea7fd0008c0e439822bdc53b5fce312b |
/data/data/ir.iut.sand/databases/cheshdb
| MD5 | 9f9e1b2df18f41200cec8ec5f6907ac3 |
| SHA1 | dc9625be0a1a50b9e3b028fa1953ad6aa5b4ec62 |
| SHA256 | 92f679067dfc3be6979662b4738ed7701edd103a9a6925c7438ee51be3c1d39b |
| SHA512 | 3dbe3a529e71b0afef58924f69055c85d36edcca40240f9e9f3c75668fbe8efd8ebfd400d152986d677811bd0a2e0e7b56bfb273d2610c2f31f652ad6f85436d |
/data/data/ir.iut.sand/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/96cf7b5c-b500-40de-94d6-66c49a59504d.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/ir.iut.sand/databases/cheshdb-journal
| MD5 | d0778a20978eb48e639e9adbdf71d7d4 |
| SHA1 | f54383cf4de99ad2e8b414ae79931d87ff69ed29 |
| SHA256 | 8705ff4a8ba1e67437979c1b260dc6fb3fac3a1aade964a4e2ee89a20c6df16c |
| SHA512 | a3d357475e44907a2fe694acaa69235c247759b9ab1b8c320081fb25c1370582548c18fbe3b228e1bd4e87078639794ac917c2b21d069404d412705ad2b4f331 |
/data/data/ir.iut.sand/databases/cheshdb
| MD5 | f702f300f641659244aa8cb8b8881fbe |
| SHA1 | f06c84529967ee3ec08dcf19be3d4cfe0f462b76 |
| SHA256 | 949384c243bad5597882a82d238e5c8dd8687d67e921fc5085e7522892fb3f6a |
| SHA512 | f7373bdc62605f7d782bf564c61a538b402ce651b7bc97cb675e04e37da638ee352d028fce81809090e1f52f2628e7109207790bc7343ddcd8451f639f9c9c24 |
/data/data/ir.iut.sand/databases/evernote_jobs.db-journal
| MD5 | c541e99786544473f4467304c30d1542 |
| SHA1 | 8cab76bb38cc0d330389e4e93cd1eadf019a41c9 |
| SHA256 | 3d339bf74cd30435107745486f6d356d1875bc1eeaa3297a652f8a0efc5081c1 |
| SHA512 | a3449fb78bbf2155fbe26100136959a12e9347651eddf807d4b047488a6955004d453dfa9c00314eb931174d7d6110c3f39e197758f9c015dcf2c550978ebbf7 |
/data/data/ir.iut.sand/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/48f4cf83-a250-4339-b89d-e2877c385536.jobs
| MD5 | d06d28f36dbe37a38b85075860615ae7 |
| SHA1 | 1973e4bbce45635e5354baeb2ccbfe12b82073af |
| SHA256 | 2330555bdc014b7635f6c182850553af34bb8bdb95953e3f12cdd70d066ee655 |
| SHA512 | b8ba57016047da5475c61e25cada8616d11d551879a65c6967d9b658ff057d5cb13b6e99f7a5c65a49fef1e59f54bf90aa3706a1ce70092fb4b55e8b809bce01 |
/data/data/ir.iut.sand/databases/evernote_jobs.db
| MD5 | 12627a2ec645c4a4bc50dba5903afd59 |
| SHA1 | 504005c938517e61bcf68b65a055c2faba635c2e |
| SHA256 | f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903 |
| SHA512 | 7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd |
/data/data/ir.iut.sand/databases/evernote_jobs.db-journal
| MD5 | d4e1c9a97fde44cb88f353d441544257 |
| SHA1 | b24d8edd92b16d006e4773eec84a8ec7489b0402 |
| SHA256 | 0eab4cd1978f1a8e02b83dc937e6f419eced77d260b1b8e4ddcde38338eb0b81 |
| SHA512 | e64fabd99b3ca88014fbae2fdb224558a2dd0bda2d10cb0d1641e159a06e1fa58f8b6e7cd03e10b7a614726fa3d210759fde19a1ef7bc857a7d9f145d33734c6 |
/data/data/ir.iut.sand/databases/evernote_jobs.db-journal
| MD5 | 96ddd1a75816ff2d9a1b8f9e538b816b |
| SHA1 | 2ce58cf6d0705e49c35261fa8c622cb832ed7747 |
| SHA256 | 3c341fc26022b984c54d190431595a618a33c23e48ef270ad54993d4b9713059 |
| SHA512 | f57ef31a2c15a8c84e48848b6c36420b6abda0b8c560f09c5a9dbfd2834411779f6e23469ed196f035d7a005650706cda41508111c72f1d573155dc524fc5af5 |
/data/data/ir.iut.sand/databases/evernote_jobs.db-journal
| MD5 | db3074e2fc188a357e76e888b084f0be |
| SHA1 | a161a0c48e3fa0d6ba0801292eebbf2729282c4d |
| SHA256 | bddf13d941441996709717eaf5703197f7289dabe2050ba5c7b671f0a5ae173c |
| SHA512 | e4fa6a687a83e612d996900156be89bbb1dd66be0729a1734441c932161c7d7a4cf5d9d23e4119179694f3548f3f8c38991a8abd39fe8574c7cedc359c8e44dc |
/data/data/ir.iut.sand/databases/evernote_jobs.db-journal
| MD5 | 95324cf95e9f1f0d4dbb3037e436a073 |
| SHA1 | ce062558ae8ad3decbcba831c1e4006ff1097aec |
| SHA256 | 6c7db47d3af01a63dffc16be49afcde858eb4edc242c77c13081f029e3bff13c |
| SHA512 | cb7aff783fba1ccd2f200fd44b2ae2aefaaa0c9961cf2f306f901ea094deb945ea816bcc13469d4ab0e47ff63baaae8522b7a7d59c4f6ae3c9e6ff7f8ab1e3b6 |
/data/data/ir.iut.sand/no_backup/com.google.InstanceId.properties
| MD5 | 076a18742063352c67afe7da97c8a949 |
| SHA1 | 0738d02a9de8d174e67966751b709efacbd2f46b |
| SHA256 | cc82ec88551b15804c593c4cef414d17cb68e4495fcfc541689efbb2759c4db0 |
| SHA512 | 403ea6845ff3e1062c62b2bbce6994d09413d087cec4df8bd8a8e22e2b8bb37f8bfec64f5939fb688fe2d3af502947f13b95ea5b0c28e80b545710dcf79d40e9 |
/data/data/ir.iut.sand/databases/__pushe_base_lib_db-journal
| MD5 | c408fac873bfc528b574b6bfb999e4fe |
| SHA1 | 33476e6ff68e4c97b116ce57b8fa54f130552df2 |
| SHA256 | 51e6dc708097238a4119c3835905d96d094df2096e635762a850189cc901aca1 |
| SHA512 | 02eebed4706d43ce085a5ea09d856f60d23f256482e4148323411abc9eb8f75c241c1cc6b7f49729bd63a8ef03582ef1b9dee4f97dba87769d67c24ee10fda50 |
/data/data/ir.iut.sand/databases/evernote_jobs.db-journal
| MD5 | dabe73dbe3d1d52ec51eefd81bf22b5c |
| SHA1 | 9e19ec17d5d15f06e9f811895c14f1a5d6627ddf |
| SHA256 | 4accfcabb59fafa76b167e83ec801f7062d5a4cefc1f08dda5620a175ed0b8a6 |
| SHA512 | 3c1953e86e228d1d72690eefd0f9c2053a30bf48584fb84b626a5a9d24fe7f421c5b6f5a0cba63649bd88fe002f28c9d7a663a73b16ee526e4b0a22be360fe95 |
/data/data/ir.iut.sand/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/a8b558e5-d973-42d9-acb1-7b3a03079763.jobs
| MD5 | ba5612777fdd0104316bdf950299e7da |
| SHA1 | 8133ac33e832d9c2ede9e59a712908069932d756 |
| SHA256 | 15681ca9b25827c7e6602ad4e85b75e7260500d00d9cb6f8bdaf8e651c7bdd4f |
| SHA512 | a49caa1e86c7e1307712f1e4cd9c04a28d675e7724872a6a9318e081913f3d8916af8da547e3c1d067fdecbeb1ecee30eaff288a9798f2ab3d01d74b1dcb1807 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 13:53
Reported
2023-12-25 05:38
Platform
android-x64-arm64-20231215-en
Max time kernel
2675557s
Max time network
151s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.iut.sand
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.10:443 | udp | |
| GB | 142.250.178.14:443 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| IR | 178.216.250.25:443 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:443 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| BE | 108.177.15.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
Files
/data/user/0/ir.iut.sand/databases/__pushe_base_lib_db-journal
| MD5 | ddc3d0345f2c394816b507f39fced8af |
| SHA1 | 747e4e3bdcafcba2320aa2f5f0335f33d6f00d6b |
| SHA256 | 3c6cf29664d4851cc4e8f6cc22e0921c86b8aac9b21e3e637ffa46db6eb59dfd |
| SHA512 | 108c2721c418d012e7d00cb03701475014be6b09f0081f22acd8a9837a6103e0468b1a9ceb5239bbac6faf23e7360618d9bc50ef5287c7d8774db652afa07f28 |
/data/user/0/ir.iut.sand/databases/__pushe_base_lib_db
| MD5 | 2cdf77d5c14dd3f313b60c691579a0b9 |
| SHA1 | 6a74a7a3170cabead82152871c90749afdd6f310 |
| SHA256 | 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0 |
| SHA512 | eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c |
/data/user/0/ir.iut.sand/databases/__pushe_base_lib_db-journal
| MD5 | 3b5568464684567050e069a94ea571ed |
| SHA1 | 398a2df808a5b25b6210ef4248c1f15571da2eb0 |
| SHA256 | ba717ea45e34806c9bbc903276721655a33a2af266398868ab2ccbe5ce1effef |
| SHA512 | 09dee2182555f186f93b871fa5a548b7f03ca3fc5e07479d4d6b87c66245706e964e497d4afdf8a39049448f7e90aefb8339b73f91b53538cefadfaa65163eee |
/data/user/0/ir.iut.sand/databases/__pushe_base_lib_db-journal
| MD5 | 6cb896bd5b1abb0d15914dad3d731390 |
| SHA1 | ae4be7a4807891c8535257bee1d0e41b7c575c7d |
| SHA256 | aa72423cb1c82c2976842ca62168ae2b3a1dd8815f750482db602b1a1eddea6a |
| SHA512 | 1dbdce490015086b7473292f894f490544f2db12b6f003b37e97d11ffee0167dc488e035094bc20ed5045ccf3bd10941461fbeb37407623a28ece95850dc5e70 |
/data/user/0/ir.iut.sand/files/db.db
| MD5 | 43f310a5f515b3fcf2904590ec54edb6 |
| SHA1 | 1d0f2fbafcf061cb38778d7bd60d4a2a83b8cf7d |
| SHA256 | 41a75a74737ad518b7c81c7630e9a4fd98447d3da295c6ab85edd3d28bbfffbb |
| SHA512 | 5179818624dcae7fe084d651a03d42479514dc78741a9e54161f460b29d003623a4095a9b29781cd50e19e15a34d90b104d861ca18a550e7adbff3d643aa2b3c |
/data/user/0/ir.iut.sand/databases/evernote_jobs.db-journal
| MD5 | 3b1f78978c5f508a3dfdbf046b40d529 |
| SHA1 | bdaf84ee798e206ebcf7cd34f65c6e822e8b43fc |
| SHA256 | 2ca89777e47dc2593567b43963fc94c2775da5f9ed562e76585eb678818bb3c4 |
| SHA512 | f38090283a03c62ad0d3de0f33dca794c1bf503294bfe3512e830ba2e414325c297f750c5196f9ef608c2f832e37a25b94276846ac5175978a950ea0e7f8a5f2 |
/data/user/0/ir.iut.sand/databases/evernote_jobs.db-journal
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ir.iut.sand/no_backup/com.google.InstanceId.properties
| MD5 | 9a0981099b463f8a12b921b287041b64 |
| SHA1 | e0a991fd9ae3baee79151380a2f8884aee0cc9ed |
| SHA256 | 8f4aa19309e0e9bfa65b6039d0ad1833fd5da4b3a183877ccfc67e98a84d9d15 |
| SHA512 | d92a84adc6bac936b19c5c27a8e9ff97dcfbfb09a61deafc92dc06afc2b5726de2868d8c28d1033c286b63992efdfde4e56078e4f2fe3c5feab586004c781bfd |
/data/user/0/ir.iut.sand/databases/evernote_jobs.db-journal
| MD5 | 5aaaa984dfe7e3da376ee449d069287e |
| SHA1 | 30155009e7108625e646c75b3580cb8fbee9ad22 |
| SHA256 | 40660d77f3d369a38f5d058a528104b05aafaf564482e00689e1f18ddbec6a89 |
| SHA512 | 95f7183adb1c3b264f612df62a1e31a5026827d24a6776cf802351126953f6a9f8e9c8c6e45ef555aa38a9faba52444582807810ab74e4e7c8e3adb6635c1704 |
/data/user/0/ir.iut.sand/databases/__pushe_base_lib_db-journal
| MD5 | c71f2286b98e8430d3655cfe1dd75040 |
| SHA1 | 63e9aa929633a2510a7b3fb09f5dbf73eeb851b1 |
| SHA256 | 1e556026530ff9c36e8ae9be1734664c929ed37fe62435594ea278358c11a84a |
| SHA512 | a391ee0417ebd82921160de35dc51118a775e779963fc2f23661038716d3799ca0574aeebf5bfd1c658faeba4652611a5ca45f31be50398c9f82d2ac1b9f72de |
/data/user/0/ir.iut.sand/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/7c8f31c7-02ca-4336-b206-fb1a11942d8c.jobs
| MD5 | ef9659989b3672e778919c970a6961e0 |
| SHA1 | 7cfc7871b96cc983ff20f501e0ae76006a478c45 |
| SHA256 | 198ff8475459b499a8f845ecbab3547382b4c79e7070cc7480fb92fa32c4a662 |
| SHA512 | 98b679066669e33b073bd989bf94bbba4f32b705463291447476f88b17c0abc26fe7de5caeee5a0c1eae5144cf972a387f9436d50344bdbbc6703f7cda6c3da7 |
/data/user/0/ir.iut.sand/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/a857d1a8-3910-4cbc-8556-7096b971460d.jobs
| MD5 | ba345cc4b3c22c014f07cb67916f3fd6 |
| SHA1 | 2f418e9d5553478ca0757371f91b9705d96174b3 |
| SHA256 | 4a8da7bfd28c440b3d13e6abcd9c496055f8ef1987649b7586c7d250db7615db |
| SHA512 | 6a49c0d065b6badcc188267ee58b1568f3e113dbd5d796ec6d5eabbe36295706b8a66e6c005c80185413115b1a86de0959ee7905499a299c710ee6267c8e7f10 |