Malware Analysis Report

2025-01-19 06:42

Sample ID 231223-r8cazaedhk
Target 359bac11a4594fa8acda56da2014c93f514e7744be36095038145c3e59d2acad
SHA256 359bac11a4594fa8acda56da2014c93f514e7744be36095038145c3e59d2acad
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

359bac11a4594fa8acda56da2014c93f514e7744be36095038145c3e59d2acad

Threat Level: Known bad

The file 359bac11a4594fa8acda56da2014c93f514e7744be36095038145c3e59d2acad was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Acquires the wake lock

Reads information about phone network operator.

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 14:51

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 14:51

Reported

2023-12-27 09:35

Platform

android-x86-arm-20231215-en

Max time kernel

2862558s

Max time network

130s

Command Line

ir.fadak.qanadkhunegi

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.fadak.qanadkhunegi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 tcp
GB 142.250.187.196:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 sbxsnycokuqz udp
US 1.1.1.1:53 phcscfrpudvby udp
US 1.1.1.1:53 vlicwgy udp

Files

/data/data/ir.fadak.qanadkhunegi/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-journal

MD5 8fdb7ce2c81b934fa3e97b166cf47017
SHA1 c0ada03ccfdbfc901fbefcab0ea93c5bd4db9d94
SHA256 d249b41cb8c1a929c9e14764cbedfc2d45edaa72c4c4f8bd858ca2f476c91333
SHA512 0fef609edce5fb8aa0d052605330fb65d3fef540ed273024a880f3e5c77ed27d82de836f62160c7f8228a4979b7a98bf30ab8acd54ca0cbeaaa99ce98d690e4e

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-wal

MD5 39845bc6c32fe0dadbdaa9b421ae4fa9
SHA1 0320ec3d887b012cccf90fa752831e40468c7525
SHA256 3a379539060a881446ee26d4b7df3364b89e6e433db724ad180f81fb58dda7c9
SHA512 f220048516741b65167163b4ff1dde61042d588d5f63928fad41582bf2e432819c87182e8687b3312e7f1da23762357de932b60d9bd72e6a9e31253c22357d15

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-wal

MD5 495e39e05b80fbc3bd60ab2cb6e6e804
SHA1 6f6f923c73e8f49feca67c6f5aeec3015f013aa6
SHA256 c287a873a00dc5ac31202fa9cfe4a9398a2ad759d967d246f8bbb6d7b7e9fcc8
SHA512 a240c00b8a9dea9b3490548c1dae273e6317a32f15248e443993bea950a0e92a1bf57b62d9d5e46660cc43beab66b5cf2cf5a4b5b8c8b85df1cfc84907627afb

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 e61b20c7cc3866eb67a39e7c02163052
SHA1 184707bbdc79107492fa9103145ba992e501eaec
SHA256 d00db624fa26d8bfc547d9257a697018979b5ccefebbf044e68eb90e144248f9
SHA512 e8f1617f2c0793dadbbfade696b563ae868151ae6a3868c87ac3a769fd5b45d055fa2be73c3ef28ff3691f604a3b6e3f019035f9fca68b1628bb67e22ee12b74

/data/data/ir.fadak.qanadkhunegi/databases/__pushe_base_lib_db-journal

MD5 0601e536f64022df1bcbbb56e2e1612f
SHA1 cf4d0069564ca2ebbcf9cbb39213405f213af405
SHA256 fc6628824491b14210045aff543bfdda43e700484e0ba1d8349609ddcc51a9e9
SHA512 3d3e606a5dae4e365807594ea85389b1cd1679c1861f6b0cdf5dee614f211bb47513876b6f82de1d6c61fe7f860608dfcb4c401325dea0a57bceeb9f14a09c64

/data/data/ir.fadak.qanadkhunegi/databases/__pushe_base_lib_db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ir.fadak.qanadkhunegi/databases/__pushe_base_lib_db-wal

MD5 8fe6a5ba1882986a5e79590af89053ab
SHA1 cf71c25b2a91c7b0ea2dffc9a0b455138a36a43f
SHA256 74c6b3cc821a3a2d2a4609bb1abdd8acd60e96e1fa40a7073a0929cb598a5375
SHA512 fed3e8dc0056262b19dec6d27d396e960e833b36cc4cbca004fa1c592bce82f6a737c773d552895af66f20f327d9cf73edff780e4bcbcaf6e0c145e38d26578f

/data/data/ir.fadak.qanadkhunegi/files/parvareshkaktus.db

MD5 c21d73eb360bc0e334cdf0bc82872334
SHA1 64da16a0fdfbfc81c5cf50074cc53ea99adb9c04
SHA256 6766561058fe7e80e8aad31693b86cbc33d15f31d43fc51f87c517a0f43e4284
SHA512 4a38ca890dc28c465c14696cfe511af9a64ffd918a79a4ca819a9423512b4b738ffcf8b212411f7976d659d01cda218e1a780bf69fb34dbca2511e9bf0c7ff54

/data/data/ir.fadak.qanadkhunegi/files/parvareshkaktus.db-journal

MD5 d89b1185b0b32c77a2bf12f6815db61f
SHA1 1c0ca4f1aa3576b63da85fa79805c9407315be04
SHA256 53dad0d5012e0b92275a163b8d12ab8b4e54ca717f5381dbaab8360e6f011893
SHA512 59dcc6bb16949fbc6114a935d4472976ab35c29505f0580175eaa0c0ada94e6b926dd7be91671805f84925c422b6df23531fea9b97e21aa525e66f0662e29f47

/data/data/ir.fadak.qanadkhunegi/files/parvareshkaktus.db

MD5 2e81a3b5218504b003c72c88cfe55c6c
SHA1 3b87bdc748cf2a296b42d7a5accf68b23f23d42e
SHA256 1fe75e2f1520c89da73f04560bc18afb573e17e7b5b8ca91e716394057dd06ed
SHA512 570024f98a2f9dd101b71625046a08b787519047eeed0d759718ad16c73d7c2ceaf4b2519af894f03a15827c04c29faf9e5440749faed4d290adb3256b273dff

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-wal

MD5 1eaedcb6fc84681882b191541e6f56d5
SHA1 4ed08da4d3ba12ecef73f9d8f565f4dd99305f23
SHA256 bb134be9d4666929055ad926bcd1cf6e69a5abe1ed1d7e0ad356159600f70b6f
SHA512 78293333e747d3d1d61656c57b5d5259ac098d0df2c9cc6890a55fc6f71015b90edcc67d8bd7d4b5d86fc31c84a647908950210246dd1501fd4b639257e25ac3

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 b01b477ebae710d8e6ac19666ca60e97
SHA1 54d3b61cba4b0d836d028f88ab8a847f9cd125f3
SHA256 c04dd1df0660055e6652a84b8444e910d413ef23d18b0303e3125217c911148f
SHA512 30d576894244b11733b7568d8a58ef73622763ce92436ce1e588856974a05a31854e57930ecd7419781a6216ab0900a9e521101c63ee11db559072e27e11c293

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-wal

MD5 e321129f8a4391be70d22c1b1ec1b32b
SHA1 72c95d469a981e2ca3011434519a546fc0653054
SHA256 31040f32db66263414de1d315e0a8ce5acdf04876da4c22a7005203c04d2f7ce
SHA512 007bce36ac832d8fa6785592a51f763cb476dde26c3f23966198825d58d24825e9c014f7ecb69456ae90cd96d902603d69bef4eb703ef121b673f81f6038fbfa

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 0f9c97e7fe68b5d3b15b6a88475a6cc4
SHA1 1d3378928a4fe1414d6ceb62c7967c59ab2986b8
SHA256 a04915c05eacd687930fbdf6a62a6393d570b55e9b169ad137a852f1eb734bac
SHA512 f1d6b9c8e5117b3bd74abfd62288283618b6795a32130b46db882bf49bd7eb23055c84e839c5b6b56efa27d857c875c7396216a9fd05f657349bd0bdc1d4337a

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-wal

MD5 b6b4eb72d1475922db9cdb145646c1f7
SHA1 c6ac6fd020105597ff4ffd7349a85cf56fc95b84
SHA256 ffc1e397b49f9a219daed72e6e45e879057a5c3f57246174743168204e3e42b4
SHA512 b9d58f4696fcb3494be5dd959a31e8f3848a578a587473f0789cf66efa5ca9ec26090b8be36f234cbc89229fc73e5f39adbef5920a8d94a3b47af14cfcfafed8

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 0b66e8ebe0b6c41a177aa3332f30af51
SHA1 d323a1c91204b886ed283693fe19cc71ede3a519
SHA256 7508a1b15c3437c865de69835ee3c0066f1af5f8220933e5fb9d5d9b302281eb
SHA512 b7355b457ed7941c49f48b2c49333b2ac290145b3ba149ca2734137b6173292235376fbe964a7370c9e0af0ffba7d0076062c331eee3a190a6f7b12fa0339cc4

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-wal

MD5 135602d52a12ddff9f24a28619deb48b
SHA1 fb96ffd80dde26f6f1a728a79be83fbe9880a67c
SHA256 6ff11133ebce5c2bb7aa600911be8c5716575fd2c550773a3e81117d9cb5304e
SHA512 a216a67d6688e4e25fbd3b6b36b6d86819ee11746927c606013014a9d095dd75daf8b8c1ed04baf908c587b1833bcf3c5a8e75707b54cba29a0712651d54bf69

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 f94e0252fc5eded93a74fe7d6988e13b
SHA1 86ed9bfea7059e0f2f56a51e049d0e70d01b7c23
SHA256 774624c1231283482087e9db0606b0e59c5d048c6e952009529adf8c90fcd264
SHA512 38c502dfef7a590f9b1958fe4adbe0a8c0769ba1335389b77c98e432a9c7f5b6a3ebdec80244842ddc3c44f23d37025a16d69d2ddaa959c8fd1d3e6a670aaea0

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 14:51

Reported

2023-12-25 12:42

Platform

android-x64-20231215-en

Max time kernel

2700984s

Max time network

169s

Command Line

ir.fadak.qanadkhunegi

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.fadak.qanadkhunegi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
BE 142.250.110.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 172.217.169.42:443 tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.187.206:443 tcp
FR 216.58.201.98:443 tcp

Files

/data/data/ir.fadak.qanadkhunegi/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-journal

MD5 479c0d834bad6a1e8880cf15a81d4a25
SHA1 ec0b65aadb48295519fb7ceea419f596c918689f
SHA256 ead93844018ae47f5aa31d450e7b0bd1a0ffaea96a9486a56f9f33f4fe38af5e
SHA512 66a1e841538c50dd8abe393b47d726bb1ce175e24ec198501fcace9efc2186227f7fcef68741a65063a44415e620297f7cb1b125221930ce4eb3ac0d26d6b952

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 00e829076f54c72b50b63fd6de296a03
SHA1 fbeb1b8be863931f98a7c29224a03b89f9616ab2
SHA256 c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df
SHA512 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-journal

MD5 91e29afe757f6267f3e91b0c71ec1d98
SHA1 61916e5da9ddfdb3d094db5216bf83d8f0b9686b
SHA256 7c85db6911a98d51a652f011e03862431d7bd570e4e37c002895dd6993f070ae
SHA512 9581e6facafef464acc1b0fca65ed5b975d1070d29b64647efca400500f179e351eacbcd6aa4e92b204b98326ca0371e6187110357cdd9f81ef3a7b2c8f7407e

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-journal

MD5 7835f4b6bea316577f73ad689a8399e7
SHA1 4721f6d59b77549c9b90e54b9f44a6baba54e95e
SHA256 daab1e37db99ab65bd5966f887fb0d5598a82719689cef46ae361c86bdd18d56
SHA512 33bad380c13ec9114594c9a0839f6d36fd38eba071405f33c5912ca7eceb9b95666f179de529f0c36ff96558f500cc329eb6bd181fd6525c1ca4e5ffdab0a7e7

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-journal

MD5 735f672960e177ea06de71877c7c77b1
SHA1 83504eace5bf212dab2c340a70218dcfd1c69365
SHA256 434d029497695372163e959bfde745786ea9b249e6e42257060086826574802a
SHA512 336eb3cd72bcae5bc9529c309c98064659640a29a4f863e10ab7983108039354931e01636ec012c9828233feeba671d2aad6a5a36f10f1f5f9f8661f452e5cc5

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 52e0deaed78ada5b5d745d0d3c5c89be
SHA1 0124e0a2364f6372a84baad2cc39102d10de9cd5
SHA256 b786f01462196091f2e1afbbe7c3107d43ce459d458b69a0048d55d8be14ab73
SHA512 c686373587c3463497ce8e6074c88cadb10cffbc7efad335004baa4fec29dbf883a53056a58ecc0a4d69113dc8d9ef9612b4497bc368883ef79f69dc9a807626

/data/data/ir.fadak.qanadkhunegi/databases/__pushe_base_lib_db-journal

MD5 dc991ad910635667a10f1fb20bacbcfe
SHA1 645b8ad83db9f32a2de803ab22708ff774e57a89
SHA256 c959c6cb71fea5db044e52ae216e7674e2e0359652a9a936b4ded41c06f60169
SHA512 31c5236dac4f560437d97e932a2077c78cc7a6432cf5950f587d877f0c1182f507ad3545bc827498c38deb29619d0b3d4a7efa6b6306a3c354c072abcefde6c9

/data/data/ir.fadak.qanadkhunegi/databases/__pushe_base_lib_db

MD5 abe9fa56c177c65db8c072e6d81fc41c
SHA1 abe9e9bb6f7294324f549af4435f58578ae69f2f
SHA256 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a
SHA512 bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a

/data/data/ir.fadak.qanadkhunegi/databases/__pushe_base_lib_db-journal

MD5 a2a0896a8432589065a3f46c16df480e
SHA1 62c87937fe67b78a1eb3d3ef50d9ea8336aad137
SHA256 e02a48d510e15aea37a34c9389c26cb6b5ccc6c2b4a7cdccccc5c6fac454788f
SHA512 cf63b581b34756957ec209382e3ce5a67eedb935a3b6d12c274f1c2de51d10de5fc8af8404fb20513d1a79e81faa68d45a7c73b131d1727f10ff982ef0b21763

/data/data/ir.fadak.qanadkhunegi/databases/__pushe_base_lib_db-journal

MD5 5fb83e70bc3419f829ee3e7db32f39a6
SHA1 206ecc635c36ab1d7e2823c79a748575e5a2712d
SHA256 804da17aee7d7a60f13b2feb0e4b91dbd6fc3183d0746c7e87f907e1267626f9
SHA512 5da62f07e060d97d6d638ca7c9c9c6b4ae9a931b5f484b6253262cd80a8a2fed4f096f5c95f12bbf3c03356b49d93320171a04a47e0c714f9226a17093d4b631

/data/data/ir.fadak.qanadkhunegi/files/parvareshkaktus.db

MD5 c21d73eb360bc0e334cdf0bc82872334
SHA1 64da16a0fdfbfc81c5cf50074cc53ea99adb9c04
SHA256 6766561058fe7e80e8aad31693b86cbc33d15f31d43fc51f87c517a0f43e4284
SHA512 4a38ca890dc28c465c14696cfe511af9a64ffd918a79a4ca819a9423512b4b738ffcf8b212411f7976d659d01cda218e1a780bf69fb34dbca2511e9bf0c7ff54

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-journal

MD5 e41763326fbf828b2f1347f9bf1b5f1f
SHA1 d04d641c1d41ee71f7c114e9963768c049fe8815
SHA256 9f70685af2d403fe862b2cc282d2c636f700ae88bcf26f334400fd9de6ef4fc1
SHA512 7ec49cb48b2047e041f081292090390fd2b96091665a3bb60027d72b9cb0f7f730b29b5cb6a6f3571d2450566bec3b105fec76e2c5770986558c7a139ac68ad9

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 be6d3580abfecad4ee6e5957299b72e8
SHA1 c2ef4a8deaa54ff7311a2b3a57e986cb30b35b44
SHA256 ae6e06db0e77c745f42766422b939839d9470113a6ed85e004dea3e3307139d1
SHA512 628aaeeebe5ec4de62e4631058d60c801e9b7e3e07ef107fc88c9c209998bafa7fd56f878d94619b42a31e46020ef9487b559d2fabfb1c17ef18d9168700448f

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-journal

MD5 0e864d7086c8450116d58d5e969a76ee
SHA1 a259278ceb37cb8d520db2d446a65439e084dcaf
SHA256 cfd3ba06adfed7e40a499fffb21f39f493cacd2c38197f80c532d62a4d43d6d3
SHA512 35e724fb87e82a75b94ce4bab8b6b83f22191f608a69c33de568fb56d156503f73ba2a67c1f263ec49d44b1e65c53800687cf6358f7fd13bfba990be2640934e

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 e9119f44e742e0b112dea1b69a9594df
SHA1 7bd337592789a4c85f8c46f4326799692690704a
SHA256 8c05eb5f3eb8bdca39a545d5b1c9eb7d6a42356d9cf1fb071c4b053b2526b934
SHA512 bfccb02ad15dfd2d742b8cf6e3a0a47c32fdd3b111470d9ee78d8552c092b1165ce473b4f68fcc5a30f67b4b6442d74cf7c1cd76325d743e4f4ee00fc1a07f27

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 907add55dc5449c27a9df1cdbe60c92a
SHA1 3454a41786b53e696c91d511ef50204c349c2d90
SHA256 6c46e4fcd6ea4cc4d6f179ea0d58fc79497654d789ddde6ada9bd72a4ad9786b
SHA512 5886a4d12c51f2d3f5d26a857f05e1a1ced26c0fa669a2d6c4ac3429d59ccb4a549ae047b3713823853d6216a1193f420a2a7e47d7342473376d83c3569a13ee

/data/data/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 bc8ddf8585d64e417be8b24e36e929ef
SHA1 1a4c3e9f9f39fe6b2e5a679b12b7b1b7b77d7124
SHA256 0e3498e21ad30f24ecfdcdc1e40738d542d4dd815813a8b56eaaee0b03f822bd
SHA512 5404a1cea6dbf73e3dbedd7b48dfd509b7948e09fbcb1e2700379d31463d47def35e030c2c7efa1950efdb50454763e7a68ff9ce9355482c37428e56e2525402

/data/data/ir.fadak.qanadkhunegi/databases/__pushe_base_lib_db-journal

MD5 160f46c64d85992e71fa894d68255f01
SHA1 12a04be471152bd971f863e3600b94aaf6b7eac5
SHA256 d2f03e7bf6e3eb716100469ad9bb9e3a0493b3ef6916d8cdef6268ca3af41126
SHA512 4a3335dcae05bcf2a8ec66bcbc82aea66dc694f28fcfa465958dd775923235403c810647279a45345415f46d286173c88fbc51b52c58a473b3b5225df4f1cd39

/data/data/ir.fadak.qanadkhunegi/databases/__pushe_base_lib_db-journal

MD5 20c85c12aa27aec10c880de2b976ed21
SHA1 750979e23a1205b6e0a60f41eec0da9e77490657
SHA256 146429b42e5c52871c9b47578cd275233d0651144c3e19332295b6b3d2087e6c
SHA512 17fd97c3f025035994e3c893067a1d4a3a2407d47051c02bfc58cf97dec3bec4acff739047bf47415ee2c12b1b634fc9140931fa9f8f2ec5536bd3d8ab07a547

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 14:51

Reported

2023-12-25 12:42

Platform

android-x64-arm64-20231215-en

Max time kernel

2700988s

Max time network

145s

Command Line

ir.fadak.qanadkhunegi

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

ir.fadak.qanadkhunegi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 udp
GB 172.217.169.78:443 udp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
BE 173.194.76.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
FR 216.58.204.68:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/user/0/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-journal

MD5 25c2d516a1e2476d00a97f4bc7d68e99
SHA1 047d7a73530b9fde2570df050459ed564f17c5d1
SHA256 2d69d477c090c91efb639022e49bf0e99fe20764ae6cfa3bd8d82a07be7f6c34
SHA512 51b3c5405a7be7ba7b9bac298465621dd457d885062af2f6de185b742e7955d01c015088af9ae823b9577384a8084d981994952a24682d0442c115fed600855d

/data/user/0/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-journal

MD5 d73466bcf213b82bdd6be5f49a63000a
SHA1 5c17d94b63940321ef414903eff2260ac3beecf0
SHA256 67b10e377ee18260d22d379deb80ec02ffc73f02f36f06e07dc329741b76e501
SHA512 7010555bc44b86a97ad7190a029b9e44152b850d1094b150a3d863d70eca4e9e0273d16b202760ad27850827bee6ab9ef4ecb75a01d7443cfd4bc841b0729ac0

/data/user/0/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-journal

MD5 dd96c2ace1854289266df2a5d4b66128
SHA1 6039578eeb746a7b75ba0f69a2ce8f7bf7774387
SHA256 2405b853d2f640cd8fe85f94670cc2728b8e24ed1a5a664ae84f9a04f6bb33b6
SHA512 384c31357aeffdd55534982d3ffa1e00dcf068f2009df7496838ad15c7066c673bd265feb9a8ffba5ba4c727bd1bf739e62192bda528996a3fe9702773661a1f

/data/user/0/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-journal

MD5 e9eb732ee070b127930eede30400df14
SHA1 f211b5a0d6b95403c10eed3ae7ccf0945fad785c
SHA256 977ef61a98d5e4625d8345f75abee07809eb35e5dadcdc1f741deb83e0fb6fff
SHA512 f8ec0a15c60b62d553f16bd3119f860c0784550cfbf9b1ee70bab57b45af167aa6ef42115656a5a52c40c65032342d12e3ed87d9b067890f7040812928cee3bc

/data/user/0/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 048b880f9dbcda8ce4082160736dcc19
SHA1 eecd3c87d90a668c4bcd9ab587b1bec66c6086c7
SHA256 efa0bf4c9afa9f0b370812dc2b0b80e1bbf1b9fd2146e2c0e3c2affa166471f5
SHA512 42e1fcad2ad6f12ba15963bb4baa2aae9e9af0ff4538ba2f9b812a6a0250f134acf4c75ada83ec7491b55d6f1c36bc72866314985678dd29a5dd5bc72173d8f2

/data/user/0/ir.fadak.qanadkhunegi/databases/__pushe_base_lib_db-journal

MD5 b2317fc813be26cafb7a4863151cab78
SHA1 ecd75fd5682bc1a62257fd127f8e39412ea7d7d7
SHA256 60372f40553ece64cfe32bcc0d25a3a941fc01f9609eaaaa5aab3a15fbef462c
SHA512 646762774ef570106a22477ffd9fc1e8c7dd53869949f77088e136babeb0e5019f48d9072b562ef238afe9356c166631b1cced6e6ed4a487c9aed48dd3f48253

/data/user/0/ir.fadak.qanadkhunegi/databases/__pushe_base_lib_db

MD5 2cdf77d5c14dd3f313b60c691579a0b9
SHA1 6a74a7a3170cabead82152871c90749afdd6f310
SHA256 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0
SHA512 eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c

/data/user/0/ir.fadak.qanadkhunegi/databases/__pushe_base_lib_db-journal

MD5 e6af5edd82140d2f47d4eb301f68ab2f
SHA1 0d8de460f481b2f6c87b14e29a37b667c1e28d17
SHA256 09142a981d23c3ca2222f85d2611b4b9b834178c4e0779518df2bf4300d48c4a
SHA512 415c6a6af044b9a0b23958f6960346a2fc9ab9cebc3ef13f4692403c8f8981ef333ca2b0444c00be2f6447da5505e7337a8815e914343802b5cbab92f71d61a7

/data/user/0/ir.fadak.qanadkhunegi/databases/__pushe_base_lib_db-journal

MD5 0f98cfb9ebea880496c01d2f7e349695
SHA1 9184e385c25be7307e0e2b0a0e873ed20ed99faf
SHA256 ceeffbd8938bd012a5dc89da9a6d26c4f0d4796c774c0bccb6628f8194987ac6
SHA512 857f526e612609f72e1cded831b9834634dfc4cb609492819f6d51f54201a4470c5289aaa57e4e9d07fdbe1e021d8cd2b1bd8eaf4ac77d4ba85e6134e15ec0ba

/data/user/0/ir.fadak.qanadkhunegi/files/parvareshkaktus.db

MD5 c21d73eb360bc0e334cdf0bc82872334
SHA1 64da16a0fdfbfc81c5cf50074cc53ea99adb9c04
SHA256 6766561058fe7e80e8aad31693b86cbc33d15f31d43fc51f87c517a0f43e4284
SHA512 4a38ca890dc28c465c14696cfe511af9a64ffd918a79a4ca819a9423512b4b738ffcf8b212411f7976d659d01cda218e1a780bf69fb34dbca2511e9bf0c7ff54

/data/user/0/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-journal

MD5 77d718af62618b3041eacb7f82ced837
SHA1 1df238d6f0db5e472fbe43aa9ae41ea2ea4fea0c
SHA256 04a01345ade71aa577cd9d8dfd569c3720454a537c41b52f091ef14b0aea6a8a
SHA512 cd1102b4b456858de2de994734064c5b3dc5bcf4ea333c9b5e253db2aef19ac54291077288d07dd35aacda45a5807dd02cedc4cdbea88ac28524d0a60ccd8023

/data/user/0/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 5258384d5098b9ffb1f207e8a4192f67
SHA1 952d04e3850b26409977da4833501eb2d187c9b7
SHA256 924c30b6bfc33774517b5eedc9203686b126bea878f71b4cd4e7573c10f80e5a
SHA512 78ff8fdb6f5086b3a0e5e6516655f7d6ae9823e9224833fd971008c833900853cdc982f2fa1bbb712732549da4ecb142b5e17284f64aac0a0d9f31ff41a6e0f7

/data/user/0/ir.fadak.qanadkhunegi/databases/evernote_jobs.db-journal

MD5 80b09ca139e5be5918c823681c725441
SHA1 cd17c0b0f49935963b11c32e0d9af71bb894db56
SHA256 a33054b81e15a69b87b8830d3e39436486c6c38f0f156a9c4c9ca3cc79536428
SHA512 5a3cb1ecde77e478dac5a44a6f49186d391cc4467d4bf4219b602db06446aa477bce6792c31b8f4808c1316f522988d2a13bb9369b0e0530058b7d7a615c3d33

/data/user/0/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 1df2edf11cd2d9d126e0cc9afdfe8886
SHA1 d683825e7134ad50d46570eee1bf85a294d3ab70
SHA256 4909f8415e0477c79dcdc171e5009fbb043d56000a713fd86aad846c24548ac3
SHA512 3325114f3cbdeec81e1e76613a7fa29309433901ba1d4e41817bcfea9a194b9fe274a1660a6a5c9ce57a12ca128f6345d8596d927364a87968ea86dcf06daacd

/data/user/0/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 2f51c8ee3b1b98d01a6aec0b92299535
SHA1 7013fa361d8250186e0e4a6ff2cfaf772ff45490
SHA256 a61da6bef26d343e728144c2015c29e0a053f11ec5f580321f47f95c508e26ba
SHA512 412c03beb9263e95cdda188dc1a62d9fd8b70b79476a122844ba95d81fe8f935f6fae0a3ef3279472b6693a5e9d5d4d6eda8e4f786f854d5f9ce807db442e37c

/data/user/0/ir.fadak.qanadkhunegi/databases/evernote_jobs.db

MD5 df76ebde6896773ffaeb2f7e51ac0fed
SHA1 487c4d64ea7e7bcde49fa0c72596fd0f6abb944b
SHA256 6d3569801b3b5fe1f957098eb1cc7efe74f4e548f7bf0cdaa33738d0eeccc307
SHA512 798045875528640bbb188937d11ad221d369a5f91955511da10b9b58fd9acc208fec885843b05c0c25476d11388c730abae723af56c6696f5717c093c71edcb7

/data/user/0/ir.fadak.qanadkhunegi/databases/__pushe_base_lib_db-journal

MD5 8bd06a403e1f40f611e24ad581f13f81
SHA1 5846b71ed6a11d5410295edad6271afa67253d27
SHA256 84a48869858d4b94c4e380d2e83b3e838efb85e1ca67a5a1e420c7fb508c4bb5
SHA512 f3cfade62ed8de55db73bde44ceed17188d43ab3eca2facbf20165fcdd99c6136aafc09c430bbde4696e5fe3e7cf898e616e7b9dff2a9e0eeea81eaeed3a101b

/data/user/0/ir.fadak.qanadkhunegi/databases/__pushe_base_lib_db-journal

MD5 bd82639e9e4de1ebab0372da438002a2
SHA1 30ca71bfaffb9f56164e322b2a6691e86d7bd8ab
SHA256 96410d51002c070de8985b13a8d54b3a7963b0f00871d2bde53d1148c305d6fb
SHA512 012d9a04222b2871422040a9f2d33fc524ff5470f10ec44dae0c93a90d3126878b023fc5e97c8bad132ff4cc9bc4352acc7521c0587a2d8aa492a7359c004b4e

/data/user/0/ir.fadak.qanadkhunegi/databases/__pushe_base_lib_db-journal

MD5 adf3c89b2901698638d87bcaa327fbbf
SHA1 651dcef406254a74d980e6ca5b9343809c8b6ff7
SHA256 e8608b88512cd577126dfb841b4a6cafa5c63a10629c1e3586cf1ac0ac3c2ce7
SHA512 c0cab19c6b18cc75e2116110cddf6af2515f372af1b90cfd9467852f001f4e1598e24d58bc032028520fd14022d34f8b7acab8a72b4d203c278a445f278ccb51