Analysis

  • max time kernel
    2531769s
  • max time network
    140s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    23-12-2023 13:19

General

  • Target

    1e675599324ddf215a9b5da77a89c3502d7608af6b834a6f9516e3e801c6920b.apk

  • Size

    7.5MB

  • MD5

    2bdda17b2b584b91ae8bf51f5adfb0c4

  • SHA1

    8c3b7c848cf354be59ae11ef184e998ce523fb0c

  • SHA256

    1e675599324ddf215a9b5da77a89c3502d7608af6b834a6f9516e3e801c6920b

  • SHA512

    192d1e46e1aad5a5eefd0eddc5fef204100ae582e73809b60b7f358123b4a87d831113ffa210f2d89ab48b82e9b5270fa9406ef58efa327ed0b56e079481749b

  • SSDEEP

    196608:IJ9/P65zFU3pAeLnjW52tFxfwX+7ivdhiU1rrsOMgXj3:IJ9X2FU3pAeLSQfVwmOdhtrsXA

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.teliyam.pitza
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4630

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/ir.teliyam.pitza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/48b4db0c-83dc-47a5-b4d3-033577913ce2.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/user/0/ir.teliyam.pitza/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/8edc0cdb-6cb1-4ef7-afdc-4f63f028e7f2.jobs

    Filesize

    278B

    MD5

    49a2d3d78fecc929b4357c6f20e0921f

    SHA1

    f589aa29d1424ef6b8a9d685fd9916fb7e5ccfbe

    SHA256

    c34d6e3313480e28ad3fb9dddd05ba5e0f01285a77cf593d603cd6d7b9ac050a

    SHA512

    2934723222ce98c2a1b318baf57316fce077bf4c2f66e03e253dd39483616789299ee565d67fe5c16bdec487fa3d45a67e3c1b08d528d38625c250427f53180d

  • /data/user/0/ir.teliyam.pitza/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/user/0/ir.teliyam.pitza/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

  • /data/user/0/ir.teliyam.pitza/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/user/0/ir.teliyam.pitza/databases/__pushe_base_lib_db

    Filesize

    12KB

    MD5

    f41f531c07d4141546a531ff9caffdcd

    SHA1

    9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5

    SHA256

    bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646

    SHA512

    e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

  • /data/user/0/ir.teliyam.pitza/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    73e0f2c54725b6364542bc5d5db5a94a

    SHA1

    7462b14fdc09c67e6843731fc8d4fcbdb71369f4

    SHA256

    b53692b64b93cb8a8c74ea7e22160bdfc78b2846accaa47cfd2b3796fb60f679

    SHA512

    b699ae146773688a81a59568cafff536b8910240b67b4685029761b43c011cd3f95353a93a50fbd4ba8ebf3bf7340bf99daf4c5053cabc3c423990120ff93e1e

  • /data/user/0/ir.teliyam.pitza/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    d4ff52df7e387fffa5be5b8f36347529

    SHA1

    6c4bfb4f6309a7076ea28ce6c0b4f151b062908e

    SHA256

    f00725dc48318fc8a1c52fe6e97b5e5ffa280874536dd357ae0b546b674deb18

    SHA512

    67c626943b363e7a7337c053d600b0c0881af252357124be5052b5f6d2162f345ad4bc7f0e962810aee8ececeb59235e418a7d56f2091f51aa6047a908f85e01

  • /data/user/0/ir.teliyam.pitza/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    b6d813d63c2df2b416ee7ed20163a8bd

    SHA1

    0dab5ee12e0871c605a8380329246b434421eef1

    SHA256

    db948193fbb7def6553ce6b7655ce7c72bb1068236fbd7524174f554c87b1606

    SHA512

    284673ebe965d5476607ad5cc54426b2a66fc93b2bb839cf5d299d426f706d8f616320b48307d5b629dab38960fba9789ec1131425fb42b93e99b78bfc1824bd

  • /data/user/0/ir.teliyam.pitza/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    1d1edd07de3e8207d44a265a68964ec7

    SHA1

    318170ca024235cd0fd40b39971446dc45ce7053

    SHA256

    9a7e6213d9aecfe921b3400634e69944ba9f7540f600ab7934fe2e55c59cf11a

    SHA512

    88931ea643aa8c34898e5d252b9c144507aa44e36993f5104b68f4ca05c0429648fc2446b86086c1e4e2697bed922ea0d7440144f2cfacfeb0e32a2b8e157d95

  • /data/user/0/ir.teliyam.pitza/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    e4c6d711b31f08c31293c88fd35407d6

    SHA1

    3921da72f76b24d9c4ef01fe6027b3c566cd7b08

    SHA256

    fa19c360d76e32ff070b4d0efa930a2d059de14b31ead8c564c12b5125e1380c

    SHA512

    a2c617279dae761b85eb0cb176b72d277cd35ff283308d3daf94ae92db76cbc961192998d9f0d02df1549697774908833da6e130bfdf26891df655bb90411583

  • /data/user/0/ir.teliyam.pitza/databases/cheshdb

    Filesize

    20KB

    MD5

    336852e98dbb11d0124c9be6a7ee4670

    SHA1

    eed4dd2b4de5b3d72ada1c2e152e8ac82d5cb2cf

    SHA256

    3ee1a8a660bfd2c4da33e212de71a4618e2e22274b9224eb9106101dc21ed505

    SHA512

    f3eca4841c0311e00c54dc790fa97a5a2eb2d049dc9f54cfed58b574b3f1898bc2982c9daf93a02b76804b37cecf7b6d1a402934ed1b73a48b1f84b6cb532551

  • /data/user/0/ir.teliyam.pitza/databases/cheshdb-journal

    Filesize

    12KB

    MD5

    d340bd3187dbd6658e78398e7be5fcb5

    SHA1

    d8f7a093dadcda6ce7e05b23689dd259dc5a0b9d

    SHA256

    9312ff143fc3229f2bc2b8e01dde82c1305a5595be7f14120f18bbc5da618e66

    SHA512

    7cf95035d4b8d479b96c5966c0b53f056cfc8c5e3698bbab11945028a60984c92ec21589021dac9962f6f9f78080a3e7cbdd0f0cae7fa287275cde1a04fdf78e

  • /data/user/0/ir.teliyam.pitza/databases/cheshdb-journal

    Filesize

    512B

    MD5

    3e35bb679d0bac313856e27d6be02d3d

    SHA1

    81bd48d3c60ffb4fa095b1653e8fee348dde1aaa

    SHA256

    1b6496cce1491ce97e7e5b471228d1b1c40be5ad960711f7c118b9b83222899c

    SHA512

    ab24a88e17644670139bd497311be89d37ac311489a55ed483721b5cd0b0b041ca865532692f80eb095cbcfcc9ce9dac40df9b541e481c89706f8efab9efbe71

  • /data/user/0/ir.teliyam.pitza/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    11944f6295d57c466d1bff79f88cd1f3

    SHA1

    f1ce7881419c5713285d49d7f8f07aa4cfc83079

    SHA256

    4daf1d73639d8e26df25beb8ca27cc53a01563b65fdd6599afd7cd464881eeaf

    SHA512

    c784e20335a1eaf5790fa413374bbc8542f5a30da03a932f2f18c460d89ca5ed16487f0dcad73918e7a207243793b118b425cc7e6dbcfa365f5ceaa0ae35f1df

  • /data/user/0/ir.teliyam.pitza/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    1a768082dc84e8b9851edd98024dbece

    SHA1

    312e265ceb5fe44e4e5372c87986ce2b382c07ef

    SHA256

    ca4695c3c681778e6df80ab1fbeb9ce61d50df01bb7ef4360a1e04714d2dabcc

    SHA512

    e502999ec4c57dcb1f2f00beaf87f570e62c6d2d3bb89afc6c27dbfc9e0ae7a8dc3a207af45ca9b98b625738d61812ee97b080aa26a9531ec4cd850a4ebd205d

  • /data/user/0/ir.teliyam.pitza/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    06debceb4739000055fd1e2a7c9dc389

    SHA1

    b4c5bc9d7af811ba61a18e0730a3a9ccd79af4c3

    SHA256

    321c272c6a106e0bc22460c59ca0769b18571d9df2531af6cff7ff1a61ecfc46

    SHA512

    834c4d4482b716a96cd1daa235eed696d65f10d3a7e103db8ca0d791022561960143a7ae19f3c7fc89f5098ca67e69f44893ef7472cf165be3fabc5da8d0152a

  • /data/user/0/ir.teliyam.pitza/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    fd467594db2dd6db217d2942f3993470

    SHA1

    5ac5712e9eaaf7931f53aab7c9c1f63eb54fa2f4

    SHA256

    a2b37c3ab913013c0621a0486c941a8c0c5521bcc3662ebc45d0194dc7f5ec3f

    SHA512

    18b89a809b9febd8a0ddb8fc8d26b6fa85110a124ee63f377261ad9cec0187f6f4daf1d33c5f2d58b7a538cba780d0315aec2ed6ccb47f6eaabc692384bb64d7

  • /data/user/0/ir.teliyam.pitza/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    069b007cd6c93decc164dd943fa4846c

    SHA1

    5d07d666e74f87f04346d15e6ed529c7ebf2d8c4

    SHA256

    92680e8499c8893b3d7460b1dbc179557cffb4db90a8d76360a9948a48b9c5ab

    SHA512

    1b06dcab10ae3892bc2d68ecfd31e341d058129d5b45099822578d487e13e0d2c9171f9142c6f13a61fc782426be54ed5c331c7514b3d0f87f0f33ee30cba795

  • /data/user/0/ir.teliyam.pitza/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7abb30994d78047d2a19341953b9599a

    SHA1

    a8e5c4f8fa6eb5fcf00527c325f53dd29c47be79

    SHA256

    55e9b9a83590634b29c06d5de449f855293f4534d3299df4b6e7240d81e07f46

    SHA512

    874daf4d376de83f8b0a14f2337e2742201269baa341f3ad2f77d506324f0606dead74c35b605911c24adcd7cbf7c9a43694659976b2d1cf78953f7947abd87c

  • /data/user/0/ir.teliyam.pitza/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    bf2de20c8fc09242ead8b1c80f33c7f9

    SHA1

    5c87bbaf7c5ac3aabad8455bcdb31305f8b9a825

    SHA256

    89a793b413983f46118d1abcd9bc8ed0d62af6c856e175aacc9354d654a33e68

    SHA512

    0312aa337083391669b708176be5623b24b9996385522b20682b9dc46f2a27099af172560a5cbe3b9c6731aa89270cb61480d5fbcd6b61cc9f07deaa497b99d4

  • /data/user/0/ir.teliyam.pitza/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    8c9cb8ffcd69108bd62e28fc192cfacf

    SHA1

    5a423dcb2dac624c67b40cbcf34809f8ee0543f7

    SHA256

    7c6830fba0cd460a9aa2253c88635ab7494af8be8bed63b788cb9ac7679de5c1

    SHA512

    fe52f6ee51cf3855c4ed65d5050b9f92612cb023e6cc398cc16b8f2ad0b93c3b628e5b0c96556c3147da399064558acd5d5fd3520477757716d5a0e9760e7882