Malware Analysis Report

2025-01-19 06:45

Sample ID 231223-rsyt2adfgr
Target 2f9871e446cd0d731d0e4cd1a94bdba97669ec8c2cc656451bae62d2d2133a80
SHA256 2f9871e446cd0d731d0e4cd1a94bdba97669ec8c2cc656451bae62d2d2133a80
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2f9871e446cd0d731d0e4cd1a94bdba97669ec8c2cc656451bae62d2d2133a80

Threat Level: Known bad

The file 2f9871e446cd0d731d0e4cd1a94bdba97669ec8c2cc656451bae62d2d2133a80 was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Loads dropped Dex/Jar

Acquires the wake lock

Reads information about phone network operator.

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 14:28

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 14:28

Reported

2023-12-27 04:48

Platform

android-x86-arm-20231215-en

Max time kernel

2845357s

Max time network

129s

Command Line

ir.ziba.maikrofervamaikroviv

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.ziba.maikrofervamaikroviv/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ziba.maikrofervamaikroviv

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.179.234:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.179.234:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.179.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 www.google.com udp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 wocfovqtbqnnxlg udp
US 1.1.1.1:53 fjhplrynlxiwjw udp
US 1.1.1.1:53 hfecbxsakdg udp
US 162.243.147.245:80 ip.pushe.co tcp
GB 216.58.212.228:443 tcp
GB 142.250.187.196:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/data/ir.ziba.maikrofervamaikroviv/databases/db_default_job_manager-journal

MD5 d451e2e12752ccc8e7be0f9aa966612f
SHA1 2878f0629c8202ec35b5d4efe4eff82b7a820320
SHA256 44545a958eaffc37976ad4595dbe1e54a9880da7cb4cd0c21ad27e2f6fcdcd29
SHA512 1969ae15c4a7e688ac17452308a7fbfed0e19c6c676ded29def77959994821fb55a7f0539f2b61fc2dc33f72bd645a2d0657ac2ff79f68c7fc5cd66a4a1aceb2

/data/data/ir.ziba.maikrofervamaikroviv/databases/db_default_job_manager

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.ziba.maikrofervamaikroviv/databases/db_default_job_manager-wal

MD5 efec6f405ce4374d9723712cd2b39679
SHA1 78a2c8a2f3eda0bef9a025947f4971e6d1ece617
SHA256 be18f539ad8b75e2f18b8bb55e54de1988844a4df855611171ac724d791e4626
SHA512 d6c7972d32fdf0ef3137064f193dd8cadba5a9d2db3dc32cae18dd9753dd0ac9f83cb52973a6a75c6f8a688d38992a5eef606862249fc9382bc1a61d9dfcfde2

/data/data/ir.ziba.maikrofervamaikroviv/no_backup/com.google.InstanceId.properties

MD5 4e9d7d6b468392664e88a444777cc996
SHA1 084be7464fdf487aa447e9c031b4171e5ea2a80c
SHA256 b95b35f8eed044e353cc01836e99b07d19eb149b1807aa2867738781cbac2611
SHA512 abccc99ea24b1df192803553b71d2f5e6c8dcf2fb1b5ccc88c549b07d87e14b7396fe9564b7cb5f62df06db11273cb6108b6e08dc578e07132c49cbed0c2e50f

/data/data/ir.ziba.maikrofervamaikroviv/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ef565aa6-5e27-450b-b3fe-a929edac0270.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.ziba.maikrofervamaikroviv/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/804770c6-9cb7-43f3-bdb1-5fe2b8e0bfc7.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.ziba.maikrofervamaikroviv/databases/cheshdb-journal

MD5 f7c46603a22a18a8fccf1f7f50bf4832
SHA1 a4728911f771c9dde3532b5a3d0efdba5d1d4d54
SHA256 cb46320a56867ba9ae99384c7f90ba25ca68da701a4376b2f0e65e73a35b3aa0
SHA512 43b8ea315aaaa5b6fec724db09001d53ee3836492f19462f919858adc3574b5f6408ac89f717d8647de59564de75c984c619d8d2f0d8d6b365c8fa7af2476532

/data/data/ir.ziba.maikrofervamaikroviv/databases/cheshdb-wal

MD5 d9483821406e540a3439de42654bfd02
SHA1 74f53c8b44d30401f1f748ba75575a6f033bffde
SHA256 811349e770f44ca7a06139306580a7b1741ba052efec90330bcdf37fe8a1d3bb
SHA512 b52c7b27c568103c17e3cd0c14b99103e83758e7b57e418c6c012464f2f483b30e950193cf81b1f3058382219b6a5c537fd9585b30ad993b7038005631c4926c

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db-journal

MD5 a62b76f88b722016a4d0b0c78a9a7eae
SHA1 e15a14f21e3ef34ee04dd00993839514eac0cf74
SHA256 4c3cd5b8f8e366026ab899518fa257cc7c65c2e374540c5173524b6fd8c7f205
SHA512 c7e67432e307d78354fe5af8e4541ac5187d798b9a1b8c3c0d83345bba3d179a48096f67402fdf6a0ad56797af77339f9fe95011549cfd0c58362223d366533e

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db-wal

MD5 a04807f03a0b3eec18a076c0b053933a
SHA1 39b26b4ecf5222af3e3259f253d3d4f83b7f65bd
SHA256 5d782a756efb0eff96d386ae48f68ff91faaf4cc85f92f2620c592242d3d70e0
SHA512 5ec5c7ed7d46df1a844719d120910acc7795fcd10710ea05ab55433ecb45530b8fb7e1746631bb55883deb42cc65bc3a0aa52d56822b1735aabc38d1e97a6aff

/data/data/ir.ziba.maikrofervamaikroviv/databases/cheshdb-wal

MD5 daa70e73fe2dce582e85f1a833ff660c
SHA1 20dfbf949e721ee7976681e613a45a16029d4960
SHA256 91990e8ae0cf75fa4e28c02ea05b8d5c6807d838c4d40d84f3a337fc00f909c7
SHA512 d7e0f3ecf7decc86498a53edba10d3fdc1a3d757fefac9f0d5dff1ce50e0bad0ecfb29916c00d09b05ce1f8492cf0ba9a0be8a2dba3bd5f43def65da492cff9d

/data/data/ir.ziba.maikrofervamaikroviv/databases/cheshdb

MD5 8b71f670b7c57df951f8f997da1f0370
SHA1 a481d2ae64574ef52c367ce6adbf96d08c4c3374
SHA256 c8b0fa5a2bf9f001b97659d35f9381126a2e98bf4a901eac827acc99e018a2ca
SHA512 2c139bd75ab40c087873b9762d0565972bd609a76402f4e344a3a9ba261b0929b6cb7786754cf25a3d96fb0d2f0ac004e0f02a8babc183ce848438c307f455fe

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db-wal

MD5 bb5cd561ddbd145c783264489178cd93
SHA1 df3069d329140e19ecb17a2e914f1128e98bc795
SHA256 ac4acf050cddd0e7dcf2ef9c01fce8d5f55810f81f97b79fa068054796cd1dd2
SHA512 768fa8fbbc5e692d99397c03b946af7ac12d791214174bdd23bccfd197386fe967a310b6e5fb6440565bdefa4fcedc4bf6b663f3152a817d4193bfcc19886f69

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db

MD5 22b01526fb7b058a50e14e1e597cabf4
SHA1 d97bdbf50cb408e30b16f635426cb74cc02c4dae
SHA256 549e5329467b90705c1b107299275cf57ac2195aebf05b06b887012180c8441c
SHA512 f1bf6e26e3874fd5ee271ca034380e9bc9102ca34035a8b8ef28d02839189fa12fd3b8c053828dd7ae9d26c25ebb2ac387d291fee68ef586f456102df84e372d

/data/data/ir.ziba.maikrofervamaikroviv/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/a80a765e-47c4-42d1-bb26-d89a1b8930f7.jobs

MD5 c77a1d7ddb6cafb25967b7d80156540a
SHA1 20875572212c98a6bc45617e5a9726d12da7d1e4
SHA256 61783776b43547286b8e7c8328732c1529d4e830e3b376ea872459d36a6b3ce5
SHA512 201878457836551479733b1e81d6373b86cb895de47b1f60e3d10c353e8f087a92f8e1864e98f686059d4c0984a47c0e14e2f295867ccc680e01086b2e1a247c

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db-wal

MD5 e370e662de43182822dab2c61fc1530f
SHA1 82fd9689af2d3313d2a7f730612dd273163003ae
SHA256 efdd66987581cf9a4a182e76bde542a0efbd4b02beb3f41fb482c517c5e78371
SHA512 73d841a193b45b9d0cd44614bfa3a201c950dbb63e7dc6ccd3cdc9e02e2d47c809aca5d22965ed61ca6bbf13764f87fc00ed6b8d143e885be4a2a976354b100b

/data/data/ir.ziba.maikrofervamaikroviv/databases/__pushe_base_lib_db-journal

MD5 a57760c2d8f445c84f178955e6920947
SHA1 50785f069917f2d432899debc6f0372cf4925e3d
SHA256 5d65a309bd13d91bdcb7a33f487a5b7421a510bc8c876ba85d9e38d191d5bc29
SHA512 100e64efa504b74a5e716b6ef56ffbd678160f4ba7ff96127a8c9aead714e1f089deafbc20d949dcf752de9e19dcf12de205274e9684e1a17a516ed618b36f9f

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db

MD5 903abf26d4bae3767e4b9661742c6bed
SHA1 5de3a0ff60d88877783fc47bf97c2d6c1fdeda3b
SHA256 fc4a3b3c19b2ae0cdec4528068e52f13ead1eb286fb59686e9db8f3a73d3df87
SHA512 a206cdcd1c9d69985aa64288bca4ef135ca8f1baeb5a6e783b1922dadd0343341244af2d9bb6f7cae4597cb8266ef62270be95d8b09b69211504a738e2900294

/data/data/ir.ziba.maikrofervamaikroviv/databases/__pushe_base_lib_db-wal

MD5 a591f91326b9e09e9d7f555a82670188
SHA1 c7d567b31050ccdfec36ca22baaf692d3405647b
SHA256 dbdc457afd162f87890fe35095b9ceb8401cd6a94cad59a77e21074864484fe7
SHA512 efd4b240ab9abd0f97151ee05a10d367794173a01e453979cba885f48ce3af1b0aac162371f72b94a728862030fe14bbe0a457e9f98dfc36306e10184857caff

/data/data/ir.ziba.maikrofervamaikroviv/files/info.db

MD5 9c0eeecb93dc2ed34945b50f13bd1762
SHA1 7281909dc5eaa6268737bf2c318157e79276c9ee
SHA256 81e5e35a1f3492c6d9d8b7c035023e0815ddd6e4dd1966604bf92a00438a91e4
SHA512 b7321c29eb6313c5947be61721d671e65bac16b7e8aa611319cb6fc6f5b75ce622db6fcdeefd5c527b881f4170dada582b67af0d995b3f4c4374b0d74fa93eab

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db-wal

MD5 eabd95dca8bb039c894a9a172c3263b3
SHA1 6db192e96a6837a0dd5128b42d69f8996e0bc02b
SHA256 8b9ab7da0ab0cb13d60516789276be00a2ccb15e95805c6ebff391b2fe8efa1c
SHA512 6a46af86216bd03ec3d8d593f1582a1b66286b93e0c10f27157f7d614c450ed181acfb5d3659cdbe8ccad96d2416eef49eef728c200fcc37376e5caad82aad76

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db

MD5 7c99742355b8a99a874be45e9dc6418e
SHA1 867ac3070d3afe51935a69169704fa0068b2bea8
SHA256 16ea3fdb4e01ae2e31d404a0b56512a33c1851146b3f6aa56c9ebc733c41a57f
SHA512 ea725f5fef5786a5ed18732f6b5ee308b5dac1e05b18a257d55b8b0c39bbe883cda8c538b2cd93573e694d506ea8792c47595542f02877afad70fa8013e691a6

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db-wal

MD5 c29a052ce5d21d5433da9e649e55a61a
SHA1 db7286b81a4f82198441f36075c67ee25921c502
SHA256 7d4c1b1cef9bafd9e2f43bb5fec6e3333d8a49ce9c13d4c454351194dc58207b
SHA512 00075156f326b4f330bc2c7e0167e301bdbaf751ce73ad32ad735807dc6b1208a817a26f567e6d14fb62ddb0057fe2874460a4a93fa67b19ffe8ba07446b3287

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db

MD5 2fe8dc6ff2dc07181cf30e7f0063b649
SHA1 25c2fc5f06f9e105785d187a32d8bd8a277f49af
SHA256 f903ba67a27c6a9c22482b68322be25eed0abf0ef71e049a859872df6dbc18a5
SHA512 d8c72e3058162109d2ed446aee233556ecf377e4b3da2bf574c4eaf6b4de965fd52652b8dcbc549cd02b8c8ee1b040b8d133eaacc86e4ee8bd1c91cbca7b5dd0

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db-wal

MD5 92a7f11585e416546f963d03bb05f81c
SHA1 df959bb911d4e2698a8b4caa0e700efe625a34c1
SHA256 ba2d1c2b30963a8e858d6ab3ae14cd20aa3bc89505e1b105a59df213dee579fa
SHA512 8911987964084d8d46056f1e3be0e5cedf0137b8744afc2437193a6d524ad996451f4a621007b5cd15ad5e56c1659970d36db7ac4d3d020d26a84ed6685abe41

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db

MD5 720589f0f2f8201900329edafc42a113
SHA1 3dfa3a3e1bc6f006b0488abc3a0143af6abc1c27
SHA256 543aea7cbf3be4c12119572af98ea6fda72e8cf886edd19a6ba8a80263e16c59
SHA512 bc4da98c2bc11dacf7e5b8edf23ba5a123faadb5a02cbdc4f082109619ca956c93b3f2d1a5b44aa039ccb0e0915ecddbfb2bd71307df7fd4fba6d38ee9cb63ea

/data/data/ir.ziba.maikrofervamaikroviv/databases/evernote_jobs.db-journal

MD5 7d521d3970db48d7ffdaea2d02a1e775
SHA1 c17662c3d06389f33238bf0a458ae5abcb1fb382
SHA256 65fcf7fe030dea34e08116834e0e8512595eb32db69ab7f688faea19a44e55a4
SHA512 248e02f4663a55633552f23d5c6c53d34f9212d8b78851ad8559659b92f3257f11ffbcdce3a05728c21055038a7f1511f4b085622e306cc32528e3b968e54090

/data/data/ir.ziba.maikrofervamaikroviv/databases/evernote_jobs.db-wal

MD5 e248ba250aebff60f078a6a114fe4891
SHA1 f93f6457c38b3e86950f4959ecb09c7a77a4b32b
SHA256 82c1990096e4f07ce973ef6e3ba382f7d5b5f179d27a09a27f329279c0abf454
SHA512 62cd527fae6979e9e33ad40bd4b8b011f3b899bb222994a4dfd193ec7db53b3a258b2db7ae938d66ef70b70751bfd8abb67921bb82c9c4d5033fefa40b347f5a

/data/data/ir.ziba.maikrofervamaikroviv/databases/cheshdb-wal

MD5 afd0a983c082261f9a9717718f8e0672
SHA1 90401c420dd82df617e0b237d3754953321f4d30
SHA256 52ade2950a02ce15707ca40d5e1444a97193a0f83e289e9d0a8b64195816df97
SHA512 f6fc1f19a9bb4c429ba3f766f99566c1c6114ddfad53dbc5463c689c2d5529edee280f8afbd1cbae0bfd7b9f7be67a1de99c0c28c9fc5d8f1edd129e99067b26

/data/data/ir.ziba.maikrofervamaikroviv/databases/cheshdb

MD5 44d1ad221a8787855b2f2b16608203e1
SHA1 2e0173b54d854f0ca43c3fffcf558f235dec1a9a
SHA256 d39b777cd897799371e3af5fe71985f6c744f8b3d13535069d0d9e9d3e3cdfad
SHA512 10baabb68c3dd6280ac735ce7634b81a2e07b7f93f6e35940ea8bc11efedb9178dba0d14b3f3531fc7782c2d7edf9583eea2adfeff93774522983ef03d0e4784

/data/data/ir.ziba.maikrofervamaikroviv/databases/cheshdb-wal

MD5 a3a6889c3281c7ee96b67b9519df3276
SHA1 ea979a0ebb20e3a6e5262fe39bf0f797430aa2b2
SHA256 4753c06fb6d9df44eba815d50d630a8bc1598c6e08b241686c04cf3b3caabc2a
SHA512 0ce5cc34335e46e88fe70215f262bf1cd693f357f0ed82eec5b464b8bf1ea640f1c91d6395c0ef47d49e030528441af5dce0a6eee142be1b98dc951707985dc0

/data/data/ir.ziba.maikrofervamaikroviv/databases/cheshdb

MD5 71af19deec1a86a32b3a083737ade563
SHA1 e1eab59efb18a43fa5ccfac7a2cd54448b2fdf42
SHA256 ab21d0811a84f70a5d4f71a99e568734102e60b5cded55fe9de5d1829e2a1bb3
SHA512 6c69d064ffc0bda516f8f16554dd23e3712ed3d96d822a99ccf36f36f563c3856d9a1ac11c53552d491a2138b741e7b78d072fe0f60172e64a88053a471df586

/data/data/ir.ziba.maikrofervamaikroviv/files/info.db-journal

MD5 4c3498b51b405ac6cdd866b87feb3964
SHA1 09e2c2021ec5b1e97f781a21d61fa0fd5fe9b91e
SHA256 b7dd6d49dde2228a86c9a3c74de304725197cad98d521f6a11c6d96689a30e9d
SHA512 f7ce314c2b074b5f91e05f6658af53d31ec7cd399d07cd7c3c8e3b9eadc7d68dc047987ddd50ba901456183f60c43a536ad44b958081fa8fca405ca2334f1f0a

/data/data/ir.ziba.maikrofervamaikroviv/files/info.db

MD5 87cc98ac5390d988291a4da13b7e6d47
SHA1 8d467741b212e26d08ce3ed3a3cb856c6cbcc4bd
SHA256 65a96c5691a5d8e2f1422c465e3e975b37c063b009daa8bc573e6185236dd57f
SHA512 c9a1d0027dfdf80dec61daa3bf4342e5f0243020084cb350d61ed6e168c4b29560bbcb801dab295400fea3c81827a0ea59e8a054d62d1bccc8b5b031b44416c0

/data/data/ir.ziba.maikrofervamaikroviv/files/info.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ir.ziba.maikrofervamaikroviv/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.ziba.maikrofervamaikroviv/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/ir.ziba.maikrofervamaikroviv/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 14:28

Reported

2023-12-25 09:40

Platform

android-x64-20231215-en

Max time kernel

2690073s

Max time network

144s

Command Line

ir.ziba.maikrofervamaikroviv

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.ziba.maikrofervamaikroviv/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ziba.maikrofervamaikroviv

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
FR 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
BE 64.233.167.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 162.243.147.245:80 ip.pushe.co tcp
FR 216.58.201.100:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
FR 216.58.201.100:443 tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.178.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.169.46:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/ir.ziba.maikrofervamaikroviv/databases/db_default_job_manager-journal

MD5 24de105604eb7d1ab5c63e00e6972ec1
SHA1 843d486bfd1debc7dcd1f49b6e8e726099fd2e22
SHA256 0e15e04a158d67d13e78a4915f56f3fcbafb74589a31aa4c6496c193df6545c8
SHA512 73d028516a19aa5b95db7033314698da275f0a48fec4d7832cbc7562c4fa405af3f212380c965807ce14b97b1e9b11137a10de47e73afd3a58d811edaa3e2539

/data/data/ir.ziba.maikrofervamaikroviv/databases/db_default_job_manager

MD5 eda4e5f53129dca7344c7e3f3e6d9513
SHA1 ed01e856ac998b6c3de46ac8a2a155f09d6db185
SHA256 7c4bbb192102dd3dfc3d30cd5542d9a115cbc6c52369f1630eeb9e5ea81c8e5b
SHA512 cf733d69c95b4db67de951dbd2b4f3c9b31008dd0b7f8a1d42bb14820def6b34a5bfa178d1e8cee0dafdf64531751674e7f6398743e915ef469bb97662c063a1

/data/data/ir.ziba.maikrofervamaikroviv/databases/db_default_job_manager-journal

MD5 aa685e0af6f6363cd27b7051b4a98417
SHA1 76d3cdbb880f1bfe7a0a096993500dd246d0afc3
SHA256 a54c8ce0cf5ee1915866f9402aef81fe7749cb7defd0df698a9496e8f6be11b9
SHA512 e8f8dfea6071fc7d460d776c6da58662f84168c570643535b9876bccdbe1a34c86542a803cb6f64356f94391a29ed64166c8970a8450c99a7b3f2092e2df3ab3

/data/data/ir.ziba.maikrofervamaikroviv/databases/db_default_job_manager-journal

MD5 c1440d3ba2ebc3eca840180319cc4d4b
SHA1 a6a6c1b6b8a988857648c65f60377d60853cf88f
SHA256 aabcfd90ae8a9b32d637d44e6165a0696ac7a9ef384d22bbc6e7838309eff9f7
SHA512 ff08c467e0ea56c97fb00fc3e4369c78b312e745e068217943e372611da5d5599fa584ebbef600a1c94c9c0247ff7d35e6af0790b1274ca1579faf214e7d9706

/data/data/ir.ziba.maikrofervamaikroviv/no_backup/com.google.InstanceId.properties

MD5 cc15c732cb53457b89990e78f2d6865b
SHA1 a1f31bc556fdc307e60f46f4feafed817bb8aef0
SHA256 6f3eda4a5fdb086c257fc8c604265e23351c4181f2ade6e7c66dc36a03097c58
SHA512 0eddfcfda063a359152069855e4ce2d7a95d67c3636be254128939475ef5fe33b472b527fa72a23f5ec31bfcd140c8308c488f0d9f5e9cefbee70cce50c10d32

/data/data/ir.ziba.maikrofervamaikroviv/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/3a999d47-0e69-4c92-9425-60cc1c7fe6b4.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.ziba.maikrofervamaikroviv/databases/db_default_job_manager-journal

MD5 ffcb66151ff333871515c3b5fbc31a79
SHA1 36dd388436e7978761545f9297391a7ae816a1db
SHA256 f3dcadb262650bb6377242775a31f6ff75f158867ac2177a2e2c42fa29cb3fd3
SHA512 54a8a83667ca6e4dece8c315a961f231bd43e9a08df20c49e0d83bb40477c2eea803e88fe627076b0ce1a0e6363436f61f83327cc0ddc191b22e8af520aad025

/data/data/ir.ziba.maikrofervamaikroviv/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/148c26ab-afb8-44f8-a52a-0c36178dc4d8.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.ziba.maikrofervamaikroviv/databases/db_default_job_manager-journal

MD5 6596739e1339c0930355852441a9b70c
SHA1 cc6b8c04f972701c13eb7f24bb1136f7fe834fb1
SHA256 45e0e9cda5bfcaa556fca1d1494291de34a09712ef653e41b78a04f36ae38aa6
SHA512 535397f743f01b8b7e2baf6876c017f1f7672acedceb2c888cea1452a2070f4aa7b22135109cb4d392e395bb6e3926b1b170d63cb444073c5b14d84828d0874a

/data/data/ir.ziba.maikrofervamaikroviv/databases/cheshdb-journal

MD5 fd7db7525fd289ad0eab0b4094b5d510
SHA1 6e89d0b268c3384ee9044b050917053b18594c1b
SHA256 2d1fb8da2ae42a63df73b7e12a8c29dc1098a337d3250e5eff21dfe13aaf5dce
SHA512 fd7e184cb0ab5a64a80eb10362d05000f4e466b38c67832b58b7a760c1cf794e64f7f720b6bbc759a45bb3e66b403a56e40361fd3345029f0f52cd38205f5058

/data/data/ir.ziba.maikrofervamaikroviv/databases/cheshdb

MD5 259a1e4e7ebc4b0d0341ffcf0c3bc2ea
SHA1 9b8da5a0b24833a3e84567d9d8ee0d2f54d7b48c
SHA256 4f4987ac3d84abad3490459fa7a32b7bfadaae5f329e15dcff36e07d34faaeb1
SHA512 dc1296e2b0b18dd83a3782acb700e155ea9a60ef193bfa8c98999e7cc3c5b73a97c20a974cc956ab438aeeba812ec2d2f401fb2e714bb9bb5fb421fa4b7a2313

/data/data/ir.ziba.maikrofervamaikroviv/databases/cheshdb-journal

MD5 69d209b1b37caea1f403d67b746d4d05
SHA1 1a3eb71189b31b4bb8ecc559e14dd95823e456a5
SHA256 931b579ebea4d8c8fd09fac25c89417ada0dc9b982a62a0d8881fbea656d2a4c
SHA512 040b646aa290fc7fdcc82d9a77c6d58e19e7029df674ece4050b567e5729862b77dc5e8d1009c8b6484e31d9db5547b0e98aad4c522b8be6ccaf7bcce653f89e

/data/data/ir.ziba.maikrofervamaikroviv/databases/cheshdb-journal

MD5 56dffaecf6b1662b20e5a31b7e3d845f
SHA1 057edf061c431fe9f8816f63a8af446bd53a9da2
SHA256 c01ab07f022aea72362fb212c5dac941148509a7f52aeb4ca921dc0808945e25
SHA512 add4391e422760712c393f73635780d0437eb2070bef41adebd3375ead6ed354ffd8d696f476f0d4419549d42cf979ab7c96458161b74de366258d1bcf2bb410

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db-journal

MD5 559829da86aac06673e84dd3a04cf6e6
SHA1 1bf842433ef238b75ae0089f7fe713b7739d0a30
SHA256 3bff702f5ef69fc542417a1aea4a925e8ad4965fd6346191dffb9f5fc880f6e6
SHA512 97111568f2decee6348cdfe9581de232f53f2f233deadd3759c469b50e8ca6ae43b6f91cd2d6d9d2b1c75a55e7782480bf20e16d07e8020d712b7389fcded114

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db

MD5 6da302a2e5fc0263420684f38a00e3fd
SHA1 9e1c35e91c3b84600dd8ebc10e072ccb91b5895a
SHA256 a9b2f6227429fd83edc4db9e62c5e3f8c45b55598f7b10c3132d6b339283c8d2
SHA512 6e91d3076e4f382a5e4119e6429b90bd4d604c858acb4914e8b67226f4ad0626e29726e09d12965f075ac6aebc49eb22faf0f5c6a286913aad9515887f91fa1b

/data/data/ir.ziba.maikrofervamaikroviv/databases/cheshdb-journal

MD5 1dd90e02bf5dab17fb4007040d5e3f9b
SHA1 61e16b616df51bcf953228540f8a1c35aa2f6cd3
SHA256 1234c2d05962baab41cb03dbfd451d774c928e68e6fbe5b8eb3ee5a31c3a1ec3
SHA512 36036a6691344cfc195f43116048fca95bf143ca36fe5041c83ac841e226d0b53f2f4c33334055bc7b359df2e3e74fe684ffdbe5a427408d18638cd21482162e

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db-journal

MD5 fc5fd0c2a0bce69bee8f456cac211750
SHA1 1d3f3f817755c4ca53e6003d08347791ad9d2821
SHA256 8b922ed3f5ccebde3a42064fba3c1b19ad20ea433a4c49af3199ad5f64d5bc3f
SHA512 1222dc8561aebb7c8f29f01834c20ed9cf040628a8885ca328203cc06785a79869dec8a0c5eed3f196e551235b870d200bd214ad6f203d0f81e65e80e39d5f29

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db-journal

MD5 f7aaf5273dd33989292105ae2eaad174
SHA1 e0fc8110e64fb3550f3962583aa20a6da8a9ee2d
SHA256 4388ed6cd408dda44ebba674dbd303b2d37f2ab6097e64e6472b367849e8831c
SHA512 2ba9043609580f5aebd65d37b80151702c3c436e4b5f71462019223d7e2e1e203bc2acd68df615dc48b28c26e0c76292eaa5caf68a22cf891f9113c3a85daec0

/data/data/ir.ziba.maikrofervamaikroviv/databases/db_default_job_manager-journal

MD5 bd940bacecc9c639290fafe2bfb4718d
SHA1 dcd90fa48dda594fac7e300ee9a46ba6d3966bf7
SHA256 0dbbf935c8888a157b0ec24be1baa3cf97160eaeac447dcd79467b19df1b40c6
SHA512 d9bcaf8e481b8d8acb31f70143848bdd707b675cee55fac3ecdf57448c216b0f73ffcac42b1f7818c9df42ffbde7d271b2bca89e699592fdbc6f3092ad134b91

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db-journal

MD5 0765691a38effddab95034dc1ff469e8
SHA1 290cbea916a5d39019b9fb81ce1d312680cbbd08
SHA256 9687fc5be73fbe48e241969924b2c905539680a2181c58cb0741b0c36ec22ce1
SHA512 e5c7e7f4f9482c71b76a08f8b6d31d679e6e4de1863a3a9394b32690c1302fc3d8a25c32d95d2efbc5cf439449f0dcdf2127b0e1a9a182f9bd2b29c690591caa

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db

MD5 2a740a38e2af6f513b20fa95df78b23e
SHA1 905c29e7d3924dab561f862a179ae4cad2985cfa
SHA256 2c776f3dcf9921253394064b5aa847d960a1384e46f230e8994e1ba39705ef62
SHA512 1db64593b475e6a2a238caa1819f28cf78f1e8651c870c8cda127a804bdb8a09e80886889b0c197aa3b4caf9711fca0c1901f3bc2c8f4b151fe265071c7260b6

/data/data/ir.ziba.maikrofervamaikroviv/databases/__pushe_base_lib_db-journal

MD5 97a779276c10b3ebe4b755da01da6225
SHA1 d4b6a92692a47ec34ff78d984a864ca2f0af6744
SHA256 ea401d016dd7b724fee6404a072164851b1c311b4f5dfbe01b2db3bc4798a557
SHA512 cb615a70c24b019ce536a62de9ecec5e82674ca022c09b5b72e09795833acf374473e42323c1bf0bc741b3423320021ffe18561455983a1160d2ff5a04428d88

/data/data/ir.ziba.maikrofervamaikroviv/databases/__pushe_base_lib_db

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/ir.ziba.maikrofervamaikroviv/databases/__pushe_base_lib_db-journal

MD5 f2c7839c713e90255246257a93867856
SHA1 60783c71bb5756db6c63744e92377ba390e3e839
SHA256 b76213aa8eafda44cad2ca80b3c031aa8fc122fd2daba434f39f320641ac0c49
SHA512 34197871aa70d0bc661838aa5fdbd2970255fa4748109646bcc1c554d187cd38611713e71986818ecb1d65928cd7ef2a56ba122e3e9768c95abafd46da3de799

/data/data/ir.ziba.maikrofervamaikroviv/databases/__pushe_base_lib_db-journal

MD5 59341cf2581e298ece7295caf653ce62
SHA1 967d8a1b7050fb7cd7b6c0c392c99ad5f1666526
SHA256 a62f7c15957b9f9b63f33f04fe840d8691adb8173e027002c39c05b3ba42186f
SHA512 60c58a914e3e9229b4ee632e807739fe166dc505bcffc71009750a1ce3a448b7ebbd12fb57879b97934ca65c82c557f96a5514144c9c11fa0cbc909a3885b051

/data/data/ir.ziba.maikrofervamaikroviv/files/info.db

MD5 9c0eeecb93dc2ed34945b50f13bd1762
SHA1 7281909dc5eaa6268737bf2c318157e79276c9ee
SHA256 81e5e35a1f3492c6d9d8b7c035023e0815ddd6e4dd1966604bf92a00438a91e4
SHA512 b7321c29eb6313c5947be61721d671e65bac16b7e8aa611319cb6fc6f5b75ce622db6fcdeefd5c527b881f4170dada582b67af0d995b3f4c4374b0d74fa93eab

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db

MD5 a2d3b03b170069e67a6705fa9a24a5f3
SHA1 1b4c0f5e929010358e2736b3bed82f4b944269aa
SHA256 14a74169953edea880672fc6fee27449f732ba9a505b28c36acf87fab50de8b3
SHA512 50d314b55f1612fcf6ebf258baa3cf6a6b147cebfa2967150f2b2cf1244516255ebe6c7172056b503c83e5d3732eb83b89dcc84a01bb1e6ed0ce9157955ed2f9

/data/data/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db

MD5 16d25bafaad6d158417c16a475df3342
SHA1 19f5f3ca61d8e6187df7e380d2101d29617b6096
SHA256 fdf55fb5d0d0c487f44f35136c21584ba466445659653dccbf647d68b789d051
SHA512 f197c7ab1d5fbe0baa123a69dc07daa3b1f5e083993745fa190547601ef4109853f6476efc9ce00cb6d5ee60f1a204157be5081cd312b93caef3dc97574fbadd

/data/data/ir.ziba.maikrofervamaikroviv/databases/evernote_jobs.db-journal

MD5 3e9da9a2df70685f925f49d3bfaa6f2f
SHA1 e714191a59d22b93f52c17467eeeed41cbf90cff
SHA256 96ffcea5dc20c96cb01c08b22ec6b9fc03edfac681969247220e8d251c47a422
SHA512 c14294aee168da8b22a185919eb977a2c9ff1a0b4fe41dc9108976db80dd70ed10bb322b5f2e4b6b3a93b60a9d2ab4440172311c2242f6412bda8147a6362163

/data/data/ir.ziba.maikrofervamaikroviv/databases/cheshdb-journal

MD5 cc21fd6b7f31af899b13e4f7f3b40fa7
SHA1 a3c1b410e3a1855620899c3a3d570580ef47d60a
SHA256 63eca603dd52b2fadbada6c3559a0a11326b640d4d3014f4e8149b95fef623b5
SHA512 d98033348598e1787ab68df4681fee65e76547be31f0adcd779d8117a4e8c3f399dc18a7cb2009c38d4b4045a41cd4ce7e6c33d60a66298f1d641cf10decbcc7

/data/data/ir.ziba.maikrofervamaikroviv/databases/cheshdb

MD5 5eca6e164a9c90ddd8ee5f82ae920bb7
SHA1 a44d45fe0803d3492396c763b74efa1e95df0573
SHA256 19b2cc916e83c208e89c61c4919124dbc24c128abf305f7ca3250ebf26ea0a42
SHA512 0c451c4e7da93789065c4d9401709c4636825e36054c798e82ea9d456cd610ef07ac5f50161ac51f096eadfc92c8fc99a9c2241ad8621ae056fb11f6dcb60955

/data/data/ir.ziba.maikrofervamaikroviv/databases/evernote_jobs.db-journal

MD5 f6b8f1de9d7cd14edd4b8cdaa8ea9172
SHA1 cef7b15a9d95c39d1da6704dbf823cc858409612
SHA256 7693e886a13e7d2d8b8a0e6ed56835ec41d895a5009f1d69d8f08a72390bdd1f
SHA512 63b96f9e92335e2d63cf4147d23cfef479b3bb055979cb0236ed68b8d075f5269906577973b20edb73f2367db890246d6b520ac6350fadcb7639b812ba8108cd

/data/data/ir.ziba.maikrofervamaikroviv/databases/cheshdb

MD5 e2f0f5258648eb021f6f6eb2c51b21a7
SHA1 73e941d2a05c6a0ebd4b57297ff7e0b2427dd79f
SHA256 eb30cc646b3b9e48c389dc572717d13eb11d782d65d68593cb508fd93091c729
SHA512 406bdeb1009f86a0d1181228f0667f30ba5aaf927b672a36ef112113deeee4f0f9a0f390eb2e5b013c22939180425cfc5d55e17ec04a0e720f6942c4fc3b49b9

/data/data/ir.ziba.maikrofervamaikroviv/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.ziba.maikrofervamaikroviv/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/ir.ziba.maikrofervamaikroviv/databases/__pushe_base_lib_db-journal

MD5 09a63d4e2ae0c180a7245c7122695b46
SHA1 403e3650e2fe531610df79ae263f3d511f626926
SHA256 123a938c9ad9332458690a9c6586e646990caba562470837b9b41395c61e1b48
SHA512 76189124af16082a7e1fef8f1d190bb1ef19f4836826ad408b90228cb9de3257efe2ac0f556c2b3a32a48bb25298b09836fce0dbfd2b59617c0cdcfdece97d2e

/data/data/ir.ziba.maikrofervamaikroviv/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/ir.ziba.maikrofervamaikroviv/databases/__pushe_base_lib_db-journal

MD5 26a751dd9f45b79b9b64b9d90973de1a
SHA1 6dc414ed7c6dfb8426d7823b72bcd70c7606881b
SHA256 da90a5b7d43083e39c4d8fe369d0938bfb4149cb6b11f18dc5b5e08e09ec0564
SHA512 a13df0854c3aafc36337d22dfa16977bd2546e8b90988231365f143e7a68c96208eed005f964188c41d05e56713cdeb0954f532fb01c7bd407d09d333346c362

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 14:28

Reported

2023-12-25 09:40

Platform

android-x64-arm64-20231215-en

Max time kernel

2690089s

Max time network

146s

Command Line

ir.ziba.maikrofervamaikroviv

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.ziba.maikrofervamaikroviv/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ziba.maikrofervamaikroviv

Network

Country Destination Domain Proto
GB 142.250.187.234:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 udp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
BE 74.125.206.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.169.68:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.169.68:443 www.google.com tcp
GB 142.250.187.234:80 play.googleapis.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/db_default_job_manager-journal

MD5 dab5dfa8772ffa6d2eaf10c77b997a9c
SHA1 e8a4665e0b27dd538e31321071d203c2ece5c815
SHA256 765770e1333cd2b54c9a8a1d00b2f5fe06038bc706ce3c00fb595e9ae4948d25
SHA512 f48929accfe8048007b4803d04bf64c78e32e526313a424a155ed45bf6b76c831a1fafbdfc9db38cb933009619ad459085019003a2db8c76deddf56019a325ed

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/db_default_job_manager

MD5 62ef29f099c478491cf2cdf54ada3cdc
SHA1 416c0aa7e0c37eab26ec8a264b7d6c770fd1263a
SHA256 70a9382553d64d5f3e9194e2cbe82b5d20083cc2cb320fefaa77dc1daf631d37
SHA512 536aaafd71957fb0f4c23301507dcae9056c6a154da12496271f295693d0c2b50a618c2e52a1031961d77241c890a01ed0b839dcc6d6234c3eb63f4b7ffdb471

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/db_default_job_manager-journal

MD5 5e2bf1d4a7338a5f26c16c2dec91e6db
SHA1 1b0b76f725e903d46dc7191d52deef4490f9d85c
SHA256 afb1a63ac455c93825d986dd90ea6e67c35155f1aafda57370d4a120cca8c5e9
SHA512 f4481e098e894262a0bdd39950baf1e1694d00f6591e6458f9cd955e8af4030717ba84b74bc9008471c3f2f9619bf7bf3a9a99aa7f1243d4067dc634a5a7876e

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/db_default_job_manager-journal

MD5 730fb9f6627d9bcc9fa282d710b7daed
SHA1 1e0c44c6dad120ce5a969094b184c98ffbc393e5
SHA256 7afa3f4335edf437dcee2b74fc5aa5c7a73bf3e6ab42a0f806fc2a4b47965ebb
SHA512 126fbf57c2863bf3fd5092e4766ad249a47838cb4848d85cecf30b0991900af3b09ad8eec36120d67261b06f85fc739fe7cd27f6c1bd5333c28b82e16fae5329

/data/user/0/ir.ziba.maikrofervamaikroviv/no_backup/com.google.InstanceId.properties

MD5 8df9f9f08ba0c7d938d82b95a884ac57
SHA1 e19ccdcf2ea3d4b714d0bbf5294789cde19e7110
SHA256 aa2fe81b6beb17afc01e99232cc119cb435a2f1a3a5d82d1e6fa438883e9bfd2
SHA512 322a92a7f10d7b17eff33655f6970dade2e133c9463777c8141c3cc55d9474d4e5a8aad7f005b63c9d7e4a32a3427234ee160d0765a0de2f84201f669285ef68

/data/user/0/ir.ziba.maikrofervamaikroviv/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/a2fba5a3-ff2a-442e-8066-6c56154bbec3.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/db_default_job_manager-journal

MD5 2cdc6c2963cafcd29758bf00e4eabeec
SHA1 eb4d740ce73d584d55272ebcb011d480e0110cd2
SHA256 8799a97c143aab63068ab76dbeca440d9c9c3e4c0869943cfc9a2bea52f06832
SHA512 4f925c7d55428bc77764acf3bbbf118525b8f300c075ca70a5c061de6b2209122a5e797269ebe561c69268a21343a95c373f6783cca2e4b26028eeab7dfa5b69

/data/user/0/ir.ziba.maikrofervamaikroviv/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/fd7fae9d-d3fc-4428-89a0-ec8318837b88.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/db_default_job_manager-journal

MD5 31d0678e34188f1f8b016c0d8b23ce48
SHA1 4752f22905874026fc3b2df232a791b48e307662
SHA256 cee6375268bcaad419b3fc1b67db79accc9472205fc4ee6f713df008bdb5a062
SHA512 703d56a7df807f93680498f5ef59bf3aa170ea199dd74377cdead203d0cbb69388ce2dd44ebdab9373158bf111c5fdca00b4308322a7861a328b53d66fef9efc

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/cheshdb-journal

MD5 8ebcd495c677b5ff4f1197488e7a59e5
SHA1 ed5a2e596c20f017d2c4d900ccaf20859a4810a9
SHA256 a8ddc543684f52a080efab3fcf2383045b98d8bcabd0d0bb2710c0e495c95fb4
SHA512 9408d0f18b39d750a1dc9b4fd61f5f94806c97fd8a7dd01563c028567899abd44b641b37da6d3123e0ddba038ca6e92e59492fb3fde2a0faba37a0d45dff01f7

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db-journal

MD5 3a522dab0da4bac3fcdaab81b01c9c65
SHA1 b7d9e9f48872f353e2a5773aaa6b44d32add6333
SHA256 03488cdec3c625039e67f33f3608cad60e5e28d9f1086d7a2a77f65d07c20634
SHA512 95bf0b8fcaf3d39c9796cf1f931ea336b4f3be6cdd96de1b61fecc76534f829b69fe0d172dbbaebdd300300ccc878acdf68c10554b84d92f761af854823c8d82

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/cheshdb

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/cheshdb-journal

MD5 6bbc779e9dca07bc3d330ae124ae62b6
SHA1 504330597fb9a448a057d590fd1c6af485e8aa44
SHA256 c712edc0ac8a39e672306d89b2ba6778f8e224f00a9faba22af857a7e0b949c8
SHA512 ec81d98cda67ac20f1381ad3c123c0c63712f6e729a18141b4a11e372cf5dcfa6778182635fbac8f1ad0066c773354a4fe8703a1b55bbc4c455d978ce242cb5b

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/google_app_measurement_local.db

MD5 6fa8fbe3cbd1fc593b8bf7bc5ea6d839
SHA1 24f8374e0281de1bdf51176550b8745259bbe644
SHA256 5aa118f147ad6deb1c13d5d2e18528082fa05236b2e01c5cf62e2af32758002f
SHA512 0b2982a068a5568af28b6209e369f56832d5e79df0bdfb469f4c66c04bae32b19bd7e666e30c8c85759c316a884900bfed07d835a55abbf161ec5d1f36332eb1

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/__pushe_base_lib_db-journal

MD5 3c38f60636b4ba10a73945cc5bd76a07
SHA1 2bb39152e674b136e7527860a9788d2953a36f27
SHA256 a48dc96484e6a450d1d600d784dcff4b9c22e7aa0c7b650e0f7fc32dd1d650d7
SHA512 f9925468a5a54ef1b957d971d034f09714a313c0683bcbb3cc29306833488e221705262e5354986aa95ad0fc1caac3535e49ce198fdd9174e49a9d49a1bc7513

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/__pushe_base_lib_db

MD5 f41f531c07d4141546a531ff9caffdcd
SHA1 9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5
SHA256 bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646
SHA512 e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/__pushe_base_lib_db-journal

MD5 435bf6fc003b4a630f0246cee8de55fd
SHA1 6e73335ca7f231afc87ec79a64c2fb04de4df221
SHA256 92fd03276d417b57a0f77e01a2fffbbc8327394f3a983eb7813410da85b9ee1f
SHA512 7b0eca80e7bfeffd47734338a7ba69cb8da98757c65a7b4b79d5803d5407690f135a9f16ebee5807ca215c210f28d663cb659c8db42c2bebbe08783909e02539

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/__pushe_base_lib_db-journal

MD5 3df91e540b41759ea355c95e26c9d510
SHA1 87519c96fda8668bc6d736d7571045767331a568
SHA256 767879781819910fe6792c78597361b23a027f2b521ed53befa8197f24f6a1f8
SHA512 ca8df0ed5b1521e1eb3180ce676399222caf91d41c1c73fdfbf22098ea04601f2e6cc507d4aa16103378adc79707a22d3a2edb9b8e5ac91806de859d923f1df5

/data/user/0/ir.ziba.maikrofervamaikroviv/files/info.db

MD5 9c0eeecb93dc2ed34945b50f13bd1762
SHA1 7281909dc5eaa6268737bf2c318157e79276c9ee
SHA256 81e5e35a1f3492c6d9d8b7c035023e0815ddd6e4dd1966604bf92a00438a91e4
SHA512 b7321c29eb6313c5947be61721d671e65bac16b7e8aa611319cb6fc6f5b75ce622db6fcdeefd5c527b881f4170dada582b67af0d995b3f4c4374b0d74fa93eab

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/evernote_jobs.db-journal

MD5 bc1a2c2ab70a5f66efb1df13aa274bbc
SHA1 4ce8c5caba2818fe84d8e6370d869e55e3918316
SHA256 34b15157a43798518ff93737e23de3d2d4f8c854732927d2e703cd202eb610f4
SHA512 15302589a7141b1dec0772dd689c265facb34c99e3387b01e9bfeae9196d8b057c1b851e292842e064c25a873a5e05ac03d6b2da61f0fcb78bac05b84001a58d

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/evernote_jobs.db-journal

MD5 f792e2d5e6966c6d44b001c56a697ce5
SHA1 49c89c990260c01d5cea05107f027ac8454da46e
SHA256 28dada8adab26029772cd6e3bee7805914791a66eb222c13ddeeb31177560f1a
SHA512 2474dd55b2972fdd05f766c2d74a33a5a783ee3766964f30547e55d879619f90ca66422881b5e143cd6311d2db042afc29464d39409e75509bea9822b3298eac

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/evernote_jobs.db-journal

MD5 0ff602d5e58733d78781288f2dd1a6a3
SHA1 db00175e5f79225a6b8ed3c06d22eff1f05723aa
SHA256 b4f6b92c85a0905b90ccbfe3be51e9a26fbd2036974c2f58bb372a48ccabf519
SHA512 c3042c8c8b42162ef8317254b34b1765a5c8a9a31d73e364ae6946e2cae16d8409acb026da4bec76660a24243a3d23f1f8395f6b2619d0418d8195e74cbccc77

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/cheshdb-journal

MD5 df5ec9eb1cad6c3c4e5a65859a345ac8
SHA1 87577e5d89f0672c9e5598ddb6345b897c3b7f12
SHA256 db8b2ca498d76508d5e9af2b0a4818a942bdd35f8eb65216357b590586a41bbd
SHA512 ae04fe764c2b1e3b6533a6c4422949e65cf2c84259d9fbbce7a69d39d63a406aa399daa85472ba24488aa011375f8fb110982b69233e48c1886689f6bc7c4842

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/cheshdb

MD5 72fa24d2219bcf2b6feae281084b962a
SHA1 9c0cf4bdf14862b2d0f0d3a14e1d3dd4a8e29c36
SHA256 a15fd1419cecc7b7425d14ce4f8de7216d11ab63c217a70cdcc01fd639420871
SHA512 6025e8cea8d1d4a4455587e4799abc12b81d67e3a6633746e2a96916b944c9625ecf3be34d37f7310be75da6aba97e369c4cc5e5c0d49f67802c97468ec3d8fc

/data/user/0/ir.ziba.maikrofervamaikroviv/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.ziba.maikrofervamaikroviv/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/__pushe_base_lib_db-journal

MD5 316c556863bcfb465fa3b3310e4f0e3f
SHA1 3f438a347d74b364822573125b61fac3255790cf
SHA256 eddf6a90f7f11b7985e9fdd491d63a994014ad62b6ef58b01c002ffbbe9a3b5d
SHA512 25ce8aa5f24030b5d278e03d606cb06114f06f3219572c6c5b1e468effa551d93b3ecbf625a914c6aba32812ec17c05ace12757fbabfa585de4a5b01e0da19b9

/data/user/0/ir.ziba.maikrofervamaikroviv/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/ir.ziba.maikrofervamaikroviv/databases/__pushe_base_lib_db-journal

MD5 456b670934318a8ee04bef7382a827d9
SHA1 25525b735d3ae17e5e7e6cfb6437b9a9549d6045
SHA256 6214bbaf943e7f1a6afaaa64b4cb20404c663e0bdd01a913c038af6ec811830a
SHA512 63f546196843fcc6dfec8b5d09101aa7d61304e687981e14d9e5b4c2f889047ff3096c95fe4c519148b3829ae54c8d0fb7b06c81c48e06f90603564193575bde