Analysis Overview
SHA256
22d0cf17678633c1d9240ab42444ca1e8a2b644724012978c4a645cb0e128ef1
Threat Level: Known bad
The file 22d0cf17678633c1d9240ab42444ca1e8a2b644724012978c4a645cb0e128ef1 was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata family
Requests cell location
Requests dangerous framework permissions
Acquires the wake lock
Reads information about phone network operator.
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-23 13:38
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 13:37
Reported
2023-12-26 18:10
Platform
android-x86-arm-20231215-en
Max time kernel
2807051s
Max time network
130s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.askar.rejimi
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 142.251.168.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
Files
/data/data/ir.askar.rejimi/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db-journal
| MD5 | d04b552d2d85aac757c3b35aaeebb99c |
| SHA1 | 7af5f779146faac66d162c2ca28fec23d254257b |
| SHA256 | ec7cfd86a73cbfefa8b930f176c56ea6a5364d8ade482f65731bacd452658220 |
| SHA512 | e0d072ac0d0964b27eb880074d3105d07c599c471ae29ce0a4b9b21c026bf067e9428c1ffa1e74cd1fec2fdef0b94fa2ef1ed5d3fcc472fb96dfe5c86dd06c3a |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db-wal
| MD5 | b3f032d9bfd228755d81996ca4d30c16 |
| SHA1 | 3128d27d0227e47b6d9b706af6731d2b5977febb |
| SHA256 | 780cb42c5112bba528398823ca934a44324833230597be5218b821f60dae61f2 |
| SHA512 | 14ec1827ef30bcbcfff438c347043b99a801180c2509ebf603354294c8a456b15bf29baa5d83d00506e065311a67248b121e3489059c1b466099056c6dc60ab1 |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db-wal
| MD5 | 4e060427964e660190fac5632a32a3ba |
| SHA1 | 5cca504a6b1483574667bc5ab40ffa7054b66577 |
| SHA256 | f34936c1f773650877b031c6747a258d15c2b96aeacdb1f96028f42d0e8b933a |
| SHA512 | 1e53ae239399cac3904381e85d5bb11d74c161d342bef56ec096b652b945d74761bc011c28ea68b1d107c29ed70c5e2a3c70dd95aab8c7ee7da9e34534746b77 |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | 1e85a6b8d581be9cc66b666e4ae73d87 |
| SHA1 | 60c28c1ab24bc4d5842cd79f63ae8e7933d3dd54 |
| SHA256 | 8e5a7123faa6cc85b2a0d2e293f22f9752d6e8fc9ab82eca82336d995ee45abd |
| SHA512 | f7402b9fd24952cfdff15bef1b236f44c489c9fffa7022c2935e42057a1648d5335c6276ca04545ddf3827606ad66ddfd162fc220d1cfa923125ebec317e849b |
/data/data/ir.askar.rejimi/databases/__pushe_base_lib_db-journal
| MD5 | 69b942f02125a672201e47ec45aec532 |
| SHA1 | 699a135e3ceeed88eac45dbe0767a7cd0208113c |
| SHA256 | 24122844f5c78b536e32046ee8bd781b6bf7d64e38274198a1a4e3c1a35dbe55 |
| SHA512 | 5134c44dcc3b3e8a123300cec2fe2effa33e26e6ef59042e3bae7c3857b5bf2275b06bb8695389fc5c86d7c81331ed8f759518a1e6c9f6e94986e55f96f30b8a |
/data/data/ir.askar.rejimi/databases/__pushe_base_lib_db-wal
| MD5 | fa6d175444d727e889fe4b40cae7a3fc |
| SHA1 | 4248f925b94a4fc62b297751aed282cccdc6001a |
| SHA256 | b03caf662b45ec9d32826f93cfe4e2e94de93696d9b0777932d5a40b5e44cb04 |
| SHA512 | 1832aff2ebf4715b27ecbc22199ca6a7b6647eee9ee04c1ba9d2fc2fcf0d22727a318be2bc84c5e06be6f2cddafc34ae92cb034f9f115ace05a8b7896fe9bb2b |
/data/data/ir.askar.rejimi/files/db.db
| MD5 | 2ad0805d0e0e498c76129193c8cd7c2a |
| SHA1 | 690425f40ca78650389d8715b1c8050f9a04dfee |
| SHA256 | 57c46329f50fef3efb4aa0e1626d9f00cb21091a4723f0af4e882636ac72ae45 |
| SHA512 | 5673a16f7b1a21532d601a0dbfc2b9041481155b49c27d3bba498a2596a0ab790122281539d3aec002d9027312d5b6fe6a9873d817025bd7dbf4059f31a5a71e |
/data/data/ir.askar.rejimi/files/db.db-journal
| MD5 | d61ae149799876333911db1ecb6b152f |
| SHA1 | 3b648b93b1a911db033a03edb6b53317858942bc |
| SHA256 | 9ce9b134c06be6fa1c7251cd6b8dfc1363e7dd0e691bcf1c05ccc0d0fde30a7e |
| SHA512 | 443d9f06448055c58aea0b2f84b3c0bb8acc2adae0a1aeea539161cb38f5fd52d5142d0bede47371aecd4def2f200905b00aaad0bef63688ffe248d27f5ee755 |
/data/data/ir.askar.rejimi/files/db.db
| MD5 | 38e4d1b74ee106082c0473fe1d400717 |
| SHA1 | 6c9f8cd9923d003a8ec1cabb153b8f03c0ed9c5c |
| SHA256 | 6833cf98d853b548fa7af1dc64c8f38b52a188b01a367dbc28d44d0c179a778e |
| SHA512 | 6879e953641cb4c7f7c4236fbf36cba682038d2b2ff8abc2c2d8420c7b6c22260e86e334581ab4b63cfdc22f129f8d67d0b3736bf49263b603f9dd07beb3d341 |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db-wal
| MD5 | 857223f716f4172348032d2987eeab9d |
| SHA1 | 096ed513ef0ade5783cba1f40de876327c17c007 |
| SHA256 | 6451314453ffb609b3fbb8e3323a3912181e83b0dbf7456f22b513afb0827c34 |
| SHA512 | dd26df54719557fe8c06309e4622ba1a358cfe26080755e06a0f29da7f5bfdb2ab1c910217e6e16c87bc2e7e4772c965964aa5152d7af88664794566d94e947c |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | 16dba76426172ee9774eafd5bb1c6132 |
| SHA1 | ab46dc78481eaace392262ae26bf33e4e1cad303 |
| SHA256 | 5a37f7284e772a57f65b08a38abe5911d98ba2c2dfdbc71a3c6c8c392a430d14 |
| SHA512 | 18aa47b57566d56ada9e02d66897a738c3d504fe8d9ec8d39504cfe476b66196701ab414a079da5043cae800e3b8ed907d6458c25e7219b2ad65a3d946aa15b2 |
/data/data/ir.askar.rejimi/files/db.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db-wal
| MD5 | 56b9d09fd95491736be08049b1f401aa |
| SHA1 | ffcc8af8da637870f6b38ade9b65de989f099dd2 |
| SHA256 | be6f8c5fab6ce1def34d1973dcf960797f4b8dc22b7bd0f04bbdbe7aa78aa01d |
| SHA512 | 07f7b8231be7b3b5410946473c67a1217b9214ba27dceeb8d99f1f477dc2f03bca946ebcf6b7be96c84bfe8111b1d099334a629526770b8a1a54fcdbeb1b6d68 |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | 9fcae231c077cbe79d78564cbae82cd0 |
| SHA1 | 0912ec13559309486f99fe0e1967efaeeee708da |
| SHA256 | e96c329f0453af3d3ccce90db1c01d6ec268af94a72c9e444fe1ef9b80551ce0 |
| SHA512 | 07be170167112a8acddf92a902551fc9fd4ba89ac00c681415ae5e418c9b75289d3664240709fcfc7c32d1a91f9be471ce21a8e0f8327f932a1df8c28b701670 |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db-wal
| MD5 | 44d3af66269f3b6fcf77e6c42bbd135e |
| SHA1 | a6af5f0cbde1a1df33b89850648273d63f7991f5 |
| SHA256 | 948430b5482a79a288a52855c23e02d9d9b2006037c746ed2ee2ade2d1b08746 |
| SHA512 | fe0fcb381d007fa03e665ab14f9a00f83c73886fd0f7027379aad60810a8e3e43d476b5c1a7eb1ec6c2a46df54d3819e82981addd1f1fd1d3bc883d0d8a36c8f |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | 40d0835ee14caa9fb84fd2417bdb6b91 |
| SHA1 | b3c00167d04516a0564d84ee0ee6652637c93e4f |
| SHA256 | 228ea989204487c5f38866c8828857edd99cc9164cd427a34a41c585124444be |
| SHA512 | bd84fd43601938d09aee22d2b18d68ab0aa45da917c7e8f760027f633f3c8ebe1baddf4e8e626beeac36d43583391cea4a50a8a0c72ac591cc6fe73e31efe7fe |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db-wal
| MD5 | 0e31ca9e1f2bdbeeec2a006cec9bcc64 |
| SHA1 | 1bdddf1f7e9eda7111c3a5c497606e748b03e210 |
| SHA256 | 0820c47a91a4974e6d5c28c38420ca833ced29a6dcd9a197bc1cf9bdb68dc118 |
| SHA512 | fb22ec0914cdcd7a78907d2f9e2bc2b48111d455773cf6c0c23bcabc823cd18ec02295c2731eb1cfb58383b97d49b3b770bec216498824c34454e10c6368ae95 |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | a9bf23a09f0575171020714d8214d589 |
| SHA1 | f9c2823e5aa1c6c1ebe5862e5e7d19cf53dc521d |
| SHA256 | 6a6c33b88f6c0f670a5c8bae6ba4190f6bd4dae9468f921b13a0e4b0960ed3a9 |
| SHA512 | 143524d8cac60877eb5b7c848731f33f02b6db52add672ab498d51bf3efc78a8646ab0dc3ccae9906256dc01c7c91fbb3783d1faef7950776f0360f87a9fba5f |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 13:37
Reported
2023-12-25 03:41
Platform
android-x64-20231215-en
Max time kernel
2668508s
Max time network
149s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.askar.rejimi
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| FR | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.213.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| BE | 108.177.15.188:5228 | tcp | |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 172.217.169.4:443 | tcp | |
| GB | 172.217.169.4:443 | tcp | |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.200.34:443 | tcp |
Files
/data/data/ir.askar.rejimi/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db-journal
| MD5 | 3bbbcd4a02277d0c9acfb389fdd0f1b7 |
| SHA1 | bd1827244a48d1b9514be98829d784ef231ff483 |
| SHA256 | 1087825cf36efac1d940aeac9fa968553eec9006ca95baa153da927b5b5e9ac5 |
| SHA512 | b04d77169e7b7c93d141846354e2b3602299db77348797d0cdbf1923facda6667d0d2972bc1170bde850d8c8935950cf91799a7fdaef82b04e57f53d5d2b8bcd |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | 00e829076f54c72b50b63fd6de296a03 |
| SHA1 | fbeb1b8be863931f98a7c29224a03b89f9616ab2 |
| SHA256 | c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df |
| SHA512 | 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db-journal
| MD5 | 91117d5615dc1670348066a4ae04e67f |
| SHA1 | 9c112f5c0a29f6ddf57615099a3f2c450fa46dce |
| SHA256 | 65acc8b37e6263d37ed4e2c017c354632d04e5a7a94e19f51c6b868b4c3c402b |
| SHA512 | e67e4aaad366150782dcf5c015f51254cdd4064d6bb9e5f6532f496022bd5b3eb0225ae91d5b9290e6db8bf8b45ab4e8210da3b9276a0b96b8d764dc4622e987 |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db-journal
| MD5 | cd544675ee220d21a4ff0221547f9b94 |
| SHA1 | c6e0acee2eb8d896f42c304e90bef0c22dd32493 |
| SHA256 | 20d80c9fe46e1ec5cfedf7a1290ff86552f95298ca50ad4bacf760c676aaf596 |
| SHA512 | 6139e72ff95db6ee1c9a8fc6b022d0d454e8a426b5c07ae23eea547f71c4c533b9982a3a34f3f1da59df3eec10693906518d29b6094b7ca9cb71f34a660b01dd |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db-journal
| MD5 | ff11ef2e32fd6d8825b20000d9dd238b |
| SHA1 | 50b24895ec7a0af87d104d8b174d366440793bd6 |
| SHA256 | a4c62c5370f7bff964a91502093a780f05ec248cd248f705270d616f162b9b46 |
| SHA512 | fc6233948d3d066fe56308bf01fc05de4ae1c7583aebb051070ab925e4d8901bd2df227ef450fec052cbec68e8f7440a47ee22c567c9a76441072d949ca015df |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | e99e0a6c51acbd6fdb4092dcd1022e4d |
| SHA1 | 6ce7ac8777cc4c4a2086cad5cbcce27ee4fac32e |
| SHA256 | 5771440dccd32c945dfaad87e9a15c5ef920724f2881379ea5a5208a3aa4784f |
| SHA512 | b64746b9f3289a07e2c25efef8663698ac3f1935de672e86d5c7ad86fa69d5ecc8e808122201b4898c55d26272998a0ad7227b7e4b4d52cd690aef7f838dcb33 |
/data/data/ir.askar.rejimi/databases/__pushe_base_lib_db-journal
| MD5 | bc84679b6080c42e50081625d262dd69 |
| SHA1 | 07b8f42400531253617370b86d90704358c3d754 |
| SHA256 | a79d348b7eaab47a0b2e06f237e189ea453fb4b57c770b04be5f364ae6c28afa |
| SHA512 | 6101845433f2edb80c01948fa669fb6d19731017a4bf07b718e09720089fb994e593df5b98a5f6a3de1785d98de7af3ab06b310e511b9f3f8368492d5db82740 |
/data/data/ir.askar.rejimi/databases/__pushe_base_lib_db
| MD5 | abe9fa56c177c65db8c072e6d81fc41c |
| SHA1 | abe9e9bb6f7294324f549af4435f58578ae69f2f |
| SHA256 | 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a |
| SHA512 | bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a |
/data/data/ir.askar.rejimi/databases/__pushe_base_lib_db-journal
| MD5 | 61bae5ab7df74b63af80ac6ee1336cc9 |
| SHA1 | d17cc780ea57c92bbb11daa9a5059c8120309514 |
| SHA256 | 47549cb8b0f019163794e98ba03587b74a8aef3b8629657a4e6d453071345c92 |
| SHA512 | 0ccb00063fa3b7811626995ed51aab815ead05c9e4d617ada7da4dbaa1b05f4242e66867f64612f5d38773539d9160bddac4a797f6e771bf5c402684d2b442b7 |
/data/data/ir.askar.rejimi/databases/__pushe_base_lib_db-journal
| MD5 | c0c2a92adb4cff201268dc5810306147 |
| SHA1 | 02c7e1ac84516076b4058f06ae9b714f8b3ec35c |
| SHA256 | 626a735bafc49bdccf4c416627a472461ebb160e03076f1e58d972bec78f9f04 |
| SHA512 | 8eaf63d9c18422b3c585f5cf01b3782b1baf8893d79500927d44862a1804ec84a71ad6b5ec6868f4eba7c5a599fa47534b8d7a63d0055c42cfb344b27a100791 |
/data/data/ir.askar.rejimi/files/db.db
| MD5 | 2ad0805d0e0e498c76129193c8cd7c2a |
| SHA1 | 690425f40ca78650389d8715b1c8050f9a04dfee |
| SHA256 | 57c46329f50fef3efb4aa0e1626d9f00cb21091a4723f0af4e882636ac72ae45 |
| SHA512 | 5673a16f7b1a21532d601a0dbfc2b9041481155b49c27d3bba498a2596a0ab790122281539d3aec002d9027312d5b6fe6a9873d817025bd7dbf4059f31a5a71e |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db-journal
| MD5 | e1724923f279dfbba84485897b3d0785 |
| SHA1 | e18288dbe98b189d5f9959340942b7acb3c6da84 |
| SHA256 | f7a20537a26cabf17e27ff929630c85805b925dbce1c67d55605e92eefd7cffb |
| SHA512 | 8ea7a3b4f31e44717e0903f7bbe377b460cca5a47bd54b1b0ab323e4c76cd62c508f4909d6e1a56b84870ba0aafeae065125f5c17138f46fd5b0ca8865931b6c |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | a619d95ecbc7cc42a57cb1a6c25661ff |
| SHA1 | f53a831749948bccba6d9a0c0adf7d28f0c6b73d |
| SHA256 | b4db271012c15391bc4e1668f10d2a2825b87262a153dc32acc15650f6e2b70c |
| SHA512 | 2235f94ae825310023c6bfd35ae81ebeea6dcdd66176bffadd6270c98c75dc122801727515159f694ef69e9fe71b16cfbdb833b8638e77e2dc0b598c4eddf257 |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db-journal
| MD5 | 9d0f25371eba697a7b663a9497f227f4 |
| SHA1 | 0900af30e008a9cbb50748d1512d01df5e8730d5 |
| SHA256 | 4eb3ecbf060b694ff6a9a4d5f66993cf8ccec0b92127e2243b5223842cd9b0b3 |
| SHA512 | ea47094d3e133398cc1205741e1317f06608227f1ccc809e0c8b20838f1aeebb35f06539e46e5eeaa0dd77e22cc5871f8bcf36b2016c003eb1e73371c3bed0a3 |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | d7614c5f083c55855072abdc7c65e95c |
| SHA1 | 4e252def37dda21af23016a120ca790caf101f1b |
| SHA256 | 77354132e3d059c1e667d1d1cd1e2c6c30adef882ea004e69a6626655c754a7c |
| SHA512 | 18509838410ff9f869a7346e1ecd453bceb833ce54435146c6760206a1b23a2b6111b6a10af2ff73f082ce077bada5a20e545d348d72d47112a74ee4d5a23ff2 |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | d593e387adc52285bb58f4ad97e6b72d |
| SHA1 | e3fd09ffec593b5acc10dd4d714a2605e81a1dfe |
| SHA256 | d8101a8bbee270b33ccf49648d6b05acc5cf641a06645ab34893774e1ba1a905 |
| SHA512 | ea545657ead0ebe6cddd92d623319e98a499c3e372979396f36f354ad055b04ceddfde2e8e0e59702993bf1fd5b297313426c29f5467889e312c07f0237af299 |
/data/data/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | e131a0de2b7c3c39cb8bab9689d303ba |
| SHA1 | d69ba940f8b17d3a1296e355b7761268ff0d9032 |
| SHA256 | e3d45e254771d9bbc192ae7b560e6dcb9d90accac52db39172b49674579cee27 |
| SHA512 | 550664f97a08305b86f9578e4eccfa05e69bf52b9ca4b135168ecfdb46b30a96291a8046dd9270f57526acb513d90e6c0799a0114d2701d82f63fa85bbdb25b8 |
/data/data/ir.askar.rejimi/databases/__pushe_base_lib_db-journal
| MD5 | cbb463307698c7c4fa8f859beea326fe |
| SHA1 | b8f9b8407b6e16bd0920b6ae0d6b12115f19b25b |
| SHA256 | 57561d378649d0cbe5d3effad28e7c2953329dccfa64f32623d8c0653549d98e |
| SHA512 | 8a1eac81006c4509c040a982356f2cd1273c1a9a161836bf9bf74b9e5567e8434552532b284680f0bcd8d81647e8a4debe15f1d254eecf2ea8e0d6e5f11f8ef0 |
/data/data/ir.askar.rejimi/databases/__pushe_base_lib_db-journal
| MD5 | cb04427503eac9c6f2e26ebba85afa6d |
| SHA1 | 7a74bdd3ab02380b06e4b0789d8c638a45830207 |
| SHA256 | 197ac9a8074929ba4bd8aa67a83a55546f529fada098d816543f2faee4671e5d |
| SHA512 | 952eaca690bea2ffd381f0cf63295e441b7debabf563944a38a988b09a3cf9324f4409c7b6b6178e9eed3339c822427c3f4006ab09e60beca5ce731fe4798d6c |
/data/data/ir.askar.rejimi/databases/__pushe_base_lib_db-journal
| MD5 | 0ea987dcf402d37271a8e75dc3422e5a |
| SHA1 | b07d47c4b4861437f58fcc84a392229c0e8f00e3 |
| SHA256 | 660b502924412b264d761c81120b41e02efa1bccfc94d02c6ff5547d5e1f35bc |
| SHA512 | 9e73864dad239ce027bbd7dd64ec73414481c35df2465edbee5fb50043edbee3a63d385d6b478b68bf9b210ce8a903fe819ad8ca31ebf8aa16285cb61145279f |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 13:37
Reported
2023-12-25 03:41
Platform
android-x64-arm64-20231215-en
Max time kernel
2668546s
Max time network
151s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.askar.rejimi
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.169.10:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| BE | 142.251.5.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp |
Files
/data/user/0/ir.askar.rejimi/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/ir.askar.rejimi/databases/evernote_jobs.db-journal
| MD5 | 0f10d0093a56bcc8bdf0f835f8019bfb |
| SHA1 | 5d74804c1e36692b617490eaf6745e13087d5e29 |
| SHA256 | aa67d1f0710d8aab680dcb0a38286e67d4e383005b015a11cd3643c17ee21cd8 |
| SHA512 | 479c18a49adf17a15ba9f2361c8f3bb955e59ba55317e37b92ea930bd4fdd2fbab236b2d7d47c35853b3566a5ad666c0fbc6d63ca56b1cb7ab0bc92cab5be9f1 |
/data/user/0/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | 47080e3bfcf2db9b8620f2faf6c5857a |
| SHA1 | 6f63c1851255e0fa99567f047382074b086d38bc |
| SHA256 | dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb |
| SHA512 | e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473 |
/data/user/0/ir.askar.rejimi/databases/evernote_jobs.db-journal
| MD5 | 756978e4c3a9065c4e36b420dce1b21d |
| SHA1 | f824a252373bbe08ffbe5d996ef3d33e894f941f |
| SHA256 | 9c3cb0735a81f0b577ede0341f1408517ec7e4c6188ca97784379b1f55d3805b |
| SHA512 | dfadef561919791e3d31dc4aeb616c2cbd2354e43dbaea8d038ec7c65eb86db75741a58d1739f3eb25c5e3f28fcb1345ef1c4722039fbf9ca84447344d6a5097 |
/data/user/0/ir.askar.rejimi/databases/evernote_jobs.db-journal
| MD5 | 279b4fb6246886f8e150414737f0c6ea |
| SHA1 | f0fe9ee5d89573e6cfa6278ecf549d99b6415dcd |
| SHA256 | bc6e6020a33da5b8ad4c7e3cb6ca27de53991ea4445c2666b3ba26b7be9df595 |
| SHA512 | 7830a0d2aca285102cd442ee9245122d3a767ab374c14061b06472174514d95b409c0b6f0f68df1a13c629c8220ed012ab96018854662b62694ffa8d14982960 |
/data/user/0/ir.askar.rejimi/databases/evernote_jobs.db-journal
| MD5 | ad4f9d740e43c178a4ac085e58de5cc2 |
| SHA1 | 1b6d729917a963d09d24b9589a6bb7d1968dab52 |
| SHA256 | 1a8c0f9955ea811cdfc71f1ef410daa11d39f877874485492cdf33de1f2c812f |
| SHA512 | dc5501e1f78a8af831ca5e3fbcd1df38215d5442a4c1bbbba9b4db8c74c2fd8637f64dfafcbe8d7587d38bc3702ee9d2e801eacb3b8ee7fc3cda06c5b0e24400 |
/data/user/0/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | 93b217fd9dfc0b97254aa3aea9ef954c |
| SHA1 | 0694395e46b12b30ab3a520f2243f3f291345aa7 |
| SHA256 | 90ec81703ee74e122335407b191fce9293c5d30ee59f9a36cc9d724c3b42db76 |
| SHA512 | 1a7115ebca197292973c75fcd71b55f130fa88b4b0533b7dfd25bec1021d5cf3ba75a5e23ce02fa043c40b136822295e00be570e4bf853f6a37c3ed799edd445 |
/data/user/0/ir.askar.rejimi/databases/__pushe_base_lib_db-journal
| MD5 | d3ece9e611a351400deb2e553fe83514 |
| SHA1 | db3e8cd784976594fca1608c495494b84a28221a |
| SHA256 | 44fcf2421c4c2b363fe996f3ff1cd2a4c8e79c26b7c1cab480bcf5c1e6f6acd8 |
| SHA512 | ee13567620f9061473a4b9b0cd645a9a814e054f4e25feca0cecbdef4df82411a354ddafee556c9cf8a93192d879ce190245692df4d51939b237b4fbff52203b |
/data/user/0/ir.askar.rejimi/databases/__pushe_base_lib_db
| MD5 | 2cdf77d5c14dd3f313b60c691579a0b9 |
| SHA1 | 6a74a7a3170cabead82152871c90749afdd6f310 |
| SHA256 | 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0 |
| SHA512 | eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c |
/data/user/0/ir.askar.rejimi/databases/__pushe_base_lib_db-journal
| MD5 | c44e99e02b54de107bfeee381ed5190b |
| SHA1 | 4039d911fbe012bbc49273e907a4555371112e2b |
| SHA256 | d362d6c5a64ccd374916266edf48c6a1b08390e898853f0eb4824c4447438aeb |
| SHA512 | d907ac4d39fd869664874527ae98467647b1738fca465d5e4020ecb431f5f9ece8090979a382953d9a6638a2f2ecbd4bf06f5c75a6896d44ffa302e6fb66ce7e |
/data/user/0/ir.askar.rejimi/databases/__pushe_base_lib_db-journal
| MD5 | a5eb85c15b060a6832e435d632be3002 |
| SHA1 | 010c4117939f77449e5d5c952d2d28da527bf719 |
| SHA256 | 6c89771abb7ba3c67a8ac81f2377be1c605a0c95228fee8e13fbd33df30033e5 |
| SHA512 | 9c0800b2816397503e89a2e47c946f185139530b6cf5d8098dbbb426b1e8523bb5e28c171475849d2f07a4b1d143abc32b998aca29b7a1082df9dfd08607919c |
/data/user/0/ir.askar.rejimi/files/db.db
| MD5 | 2ad0805d0e0e498c76129193c8cd7c2a |
| SHA1 | 690425f40ca78650389d8715b1c8050f9a04dfee |
| SHA256 | 57c46329f50fef3efb4aa0e1626d9f00cb21091a4723f0af4e882636ac72ae45 |
| SHA512 | 5673a16f7b1a21532d601a0dbfc2b9041481155b49c27d3bba498a2596a0ab790122281539d3aec002d9027312d5b6fe6a9873d817025bd7dbf4059f31a5a71e |
/data/user/0/ir.askar.rejimi/databases/evernote_jobs.db-journal
| MD5 | 63d8ebc21464c71053eb740b817aace8 |
| SHA1 | 693084b25802e457182f8b290779eecee7960e86 |
| SHA256 | e787042533e21358d53eeb7e5e37b93e065859bbbfd43dee015bc50ea2f1298b |
| SHA512 | 168eb96e2cf76796f09fe383ae689b311db22306ee663fd59c7527e2c9be72a6f7d1ec006c1108b92d5fa77484a20c863077fd8e0c2fd34176894834a9523573 |
/data/user/0/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | 4e791518dc4538e636bcdc32e0e61d6c |
| SHA1 | 3867dee6817aa4b3f54f6056ac7084cc26ae9aa0 |
| SHA256 | 301eb00493fa331796bb58f04113a4e9ceabc2faef359ca7b8385f4f70d5a850 |
| SHA512 | 7faf50c8d54abbcff03501122d3412ad358bf7040070fdbb7a7b1abaa147465d4ca14f39b0871907e420b80fd615ced29aaadf88c30e2719a7f5ce0c337ca958 |
/data/user/0/ir.askar.rejimi/databases/evernote_jobs.db-journal
| MD5 | b42cf3bfe7c4282650437df59c6487b6 |
| SHA1 | 9b1c1877288140a5ffc3821d1349bc80d8ec378f |
| SHA256 | 14051ae6f9313b8fe2b4d22623404a2d073d40a0a7fcd45a6862c23e019228f2 |
| SHA512 | 15deaf4d437870786af9bcc951c82c1c104c9607e999c5fb011ee08b3bcd1ab02b9d4bdb73a4d4cf443a5c63280be0e8be875d2dad8ecd9d598032c43e721fd1 |
/data/user/0/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | 193b0d60c2df1b976bf08cf6bb56a4c2 |
| SHA1 | 9904358984c97de573fa30840c8520781c31368f |
| SHA256 | 844ba5c2b66ffacfe5af9295dd482b17b4debdbb3d3fd24f4dea90270c3f9613 |
| SHA512 | 76ee3b55a193d58516add652c2d6b7eb605ed0bf291a442a507e3d4a64e535fc355f5c83b576945e60057181011b982588c6300efc9451fa8d52597639627989 |
/data/user/0/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | c238d9cec6a852480d55a70eaf10179f |
| SHA1 | 63d70273e6a402fb07d2d307cb61992f5d10530a |
| SHA256 | da3e2c390fa2a1e0e53bffa2d58b0d8d7a93cf005aae6182a77342e783feb3d1 |
| SHA512 | 742c44f409a11d63a23734c774a686148df4dd9b81defedf936c08e8ee14270cd0f3f4e91ffe272bcef10098616b82c10d73210cc12bf203e8558bf44cc61e2b |
/data/user/0/ir.askar.rejimi/databases/evernote_jobs.db
| MD5 | 7c16923e83c1aaad56dd8c41596ac015 |
| SHA1 | a240bfa8f163eb76ccbedc61835f8111a7194861 |
| SHA256 | b7ded59c42a7f0fa1c51d3f4629a9c28d7171d64ce416d6df49c1a656ae9444a |
| SHA512 | f7caaa84f8fa368ecd26a47b7f228f83ce10f3198a2fdb896ef8875da9de4f5f405a0464be635ccbc2855d098474c04495b3309c02781b8c60a093fc27306846 |
/data/user/0/ir.askar.rejimi/databases/__pushe_base_lib_db-journal
| MD5 | ecb99a58b39daba2236244521e984aac |
| SHA1 | 8bd7829a4253183202a60674ff0ba1da8e6243f7 |
| SHA256 | e37012db342059de2acf6613c0635b626c355d481af09721af19560435b927fe |
| SHA512 | 510c4b65af78f6bd7478d7fde7747f28e0b4a91eb5f4cce9cf29d6c213c1668582760075a73f71ca3c13364fa72630e37cad97a2c0e93151cb35122350904986 |
/data/user/0/ir.askar.rejimi/databases/__pushe_base_lib_db-journal
| MD5 | ad532ed0a485a8d7dbafd160da19df18 |
| SHA1 | beb068bea7ebe354d7273d94356dfecd9afbeca9 |
| SHA256 | d3ae4c9edffcec22ce0efdef6a16ac831c449f4f407713422772137d252f33e0 |
| SHA512 | 4c436ce3b98f0c25163b6bf845ecb55c2c81cf764b2a77b836a91c634ff0e2d09bd1333890c2f95dfbaaae344f0f2657803cdc30386ae6a336b7e70e89018908 |
/data/user/0/ir.askar.rejimi/databases/__pushe_base_lib_db-journal
| MD5 | 04c6459fa23eb8078eb2604f9a8f09a3 |
| SHA1 | 56881d49471e539cdb3aa218f1abf43035f2efc7 |
| SHA256 | 515f3267f06907e30e496bf93dc96d5346e7aa10ab3ddea6eed46756c9f6b7e5 |
| SHA512 | c2d542b9781606267dd93698b425340929e73facfecd9c32cf05cc5649579b5abfe2b470e53fe7fff6083b2ff79fb774d1d1259b81295803e2ec468b77b79145 |