Malware Analysis Report

2025-01-19 06:44

Sample ID 231223-rv44tsdhak
Target 30b340181d61f248aacb2c1030a7af1497c6e5ecf74b41171f9a222239e4955a
SHA256 30b340181d61f248aacb2c1030a7af1497c6e5ecf74b41171f9a222239e4955a
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

30b340181d61f248aacb2c1030a7af1497c6e5ecf74b41171f9a222239e4955a

Threat Level: Known bad

The file 30b340181d61f248aacb2c1030a7af1497c6e5ecf74b41171f9a222239e4955a was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Requests cell location

Acquires the wake lock

Reads information about phone network operator.

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 14:31

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 14:31

Reported

2023-12-27 05:42

Platform

android-x86-arm-20231215-en

Max time kernel

2848688s

Max time network

141s

Command Line

ir.askar.kodak

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

ir.askar.kodak

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 srv.magnetadservices.com udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
US 1.1.1.1:53 server.magnet.ir udp
IR 178.216.250.25:80 server.magnet.ir tcp
IR 178.216.250.25:80 server.magnet.ir tcp
IR 178.216.250.25:80 server.magnet.ir tcp
IR 178.216.250.25:80 server.magnet.ir tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
BE 74.125.206.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
FR 216.58.201.100:443 tcp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 bgahmgx udp
US 1.1.1.1:53 oqoezhocfrojayw udp
US 1.1.1.1:53 fqziqyd udp
US 1.1.1.1:53 oqoezhocfrojayw udp
US 1.1.1.1:53 oqoezhocfrojayw udp
US 1.1.1.1:53 fqziqyd udp
US 1.1.1.1:53 fqziqyd udp

Files

/data/data/ir.askar.kodak/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.askar.kodak/databases/evernote_jobs.db-journal

MD5 0a550cffb6febcbcfe4fec4fde0fd7cb
SHA1 7e8ecc5fe0ce335f5468dee22c9825d74379adda
SHA256 a273204adeaa723bee1022812b9423b511a8ff5cec40a035395537e2beececc9
SHA512 ac5d4f91c5c47e1bd6371762f131f602bd8cede4c97378f2fc2ac4e4db5ca88a8eacf454e50cc3bf69e126951ab9474fd48575d1d15b6ca4ed112ed834666573

/data/data/ir.askar.kodak/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.askar.kodak/databases/evernote_jobs.db-wal

MD5 67d6f2f1ada6bb0022e108eb21efe987
SHA1 ce5224e2b0ea04e41b048abbf585acdbe8632d28
SHA256 ac4b792b31651de5754cf01e2cf071e7ab5bb75226e4642727d7d495590e7950
SHA512 36fe67929dc5c4d0b00f146c7e740307abd4554dad16ae808bcc8ef3bb8daff75ff7280f39e9082150053775367c29a290835cce18bef85567bf8999fbe97963

/data/data/ir.askar.kodak/databases/evernote_jobs.db-wal

MD5 b0a1b46272b36b5737deb00f8ecc69e2
SHA1 07d28f551be23b8d659bfa1002a6973f6d11c5ba
SHA256 a76f505e84921f1d6ab3885e6a384ef89298641cdecd7636f8be88e57d029615
SHA512 415282293824d6f4cb918cae3e404dda1d2703b2fc2d272d017d2ff3c5ff2b533fcf26b1c5faaf9b68cf713eda85ba09eb4086a2b73670a57886e8aa898e13be

/data/data/ir.askar.kodak/databases/evernote_jobs.db

MD5 2a783a76682d6f35dd81890e988c82de
SHA1 b387166b6321932c2ddee28fd764b92c97df1022
SHA256 408acbab5ee2acc85956c88c2404abbf59aa39b084f8bd7dfe580da3397ff57f
SHA512 23195865c6a5fbf9b067fd24453c0a69975081972eb89eee92686cdbd6caafb409be336e275b2d6ae2b92eabc127ac5a634b4ebd103391a601e58eceb31dcb99

/data/data/ir.askar.kodak/databases/__pushe_base_lib_db-journal

MD5 b95f112f0d3d407a263544ee03a1da3e
SHA1 59b7d7c97727b2e8dea0045493a5e8e4ff454a10
SHA256 b6adcec4b06899fe966ea7d468798415d31e9e0bca87daa3b7552f607cd05be1
SHA512 73d08eb69007cc19365b3c4908dc46ea16ae90c248737b172b33893192fc25866dd3a24f97f8a9f64af02be8afb5f1ae70170569650341945be0888e7e0b804c

/data/data/ir.askar.kodak/databases/__pushe_base_lib_db-wal

MD5 1dacb189e28e3ad328696ddc5bc8edb4
SHA1 aea463309a103c38661673f7c5bbe22afbb306c0
SHA256 ffd05c0805e5c7869b8494451e9a3a29f84e2e87017533819eb3e7dee6e26370
SHA512 4c02b66cf0916b779b7b83907f77fdb88642e038c2c354a4649a515ec5f32522eb6699ba2ba48d1c87f76afd0cc54b2d08ee885fac0357bda924db9ac6db5bd8

/data/data/ir.askar.kodak/files/db.db

MD5 9ba2f45f641156553c46f70814dc4dcf
SHA1 b68a8721fce2808053a06326b37401197a246930
SHA256 ecb9e1bbd305dd382aca124cf023bcb186c0977d0c2c0421bbd7c96bbeda8679
SHA512 0a27d93e2aa0548843c9c3d018a10396dcc78c8d46e39d68c952672dffd67c94c4a21845e5f4fa8d11460c0c64915cf31d0ae4a9fdab0503a600f279c95bad5e

/data/data/ir.askar.kodak/files/db.db-journal

MD5 ac9b35044c3767b3df385e32ff3358f6
SHA1 b39aaf71212f89660f2afc9cbc13ef98337f004e
SHA256 a410d37f8d1bc9d83ace3b13cd740a6d473710751d200fcead7642937de5a112
SHA512 3b4804fe838c5bd6fd4adb2f4ff8783305b553c86657d473ae60ce6c28fc3753450b289f739320673b13eae186bfdd35f9547ec5804a18c3dd006fe3aaa9ddd6

/data/data/ir.askar.kodak/files/db.db

MD5 5812fdcfc1bcd6b12963b79a4e74a2a9
SHA1 d82f49ab97d6552d8ad7bfd7e6d040a2cd543992
SHA256 f43a3912789039545305c6e28b6ee99c43dc59e7cd294daae1c0ba328cfb878e
SHA512 519eb449bedda6c193f0aa6220f9874bb6d8e99c48a33a87ef03618c9862bb58dc68fb4bc6cf34792fcdd97ccf5d4fa62193672110463b8c2269fbb219eec55c

/data/data/ir.askar.kodak/databases/evernote_jobs.db-wal

MD5 27e0585fe68393f8a514b64c2c5e7f8c
SHA1 df9096ced33ebb88f3b8ccfcd05483b4c88fe463
SHA256 d2448244b091e982a47a6987b0821ecf96cf26b1ff1fb00c7a15317b621fa56a
SHA512 9176f5c89e1590d5b017e7ef2a24f7c557f451dc42f01cf8befd7fa3a9c49dc6fa65c65f004142f1094f107ddef7bbaff657e0920a2d8bd01a8e3dc12829c1ef

/data/data/ir.askar.kodak/databases/evernote_jobs.db

MD5 ba793d6e2ec7d86a5a35a68f0745b360
SHA1 66c5e0236bed5fb6066a2c2b770421d79c632373
SHA256 63e420a58ca7e80b76c8fe9109f05e01897c87b16fcbce0591222c2f1de8119b
SHA512 e55de7d6010e946b42571b470e33d150234bb90ce8bd1a30f0e584f9e92dcfd2344aea89b840ef33b3167859492a66c745787f0e0647228cc5d54f702009f6de

/data/data/ir.askar.kodak/files/db.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ir.askar.kodak/databases/evernote_jobs.db-wal

MD5 23f62c4d602a597efacd2aa722c0cb9a
SHA1 f42505a2f028f696434a0977ef82fde90b1a2098
SHA256 27bb0fc61e1a876b8780789bfb23a0776661beeeaf195f3972fb3e3952945ee0
SHA512 4ffe0073364412cdc455701a56379bcd1bfff4d0a63b9c8b2e1c239d22fdbd3a11f2b246a8c60e2701f9a88ba9593e5d82c3828f59e1f3d57ac04239748cd447

/data/data/ir.askar.kodak/databases/evernote_jobs.db

MD5 bbc3e0489f3974c90beb44a43c3ff7e7
SHA1 aec5c30465417929b34c84130956036dc82c07f3
SHA256 decc70b4e8b851c0575b0cd5e40315e1213409e8be23ff74c495033d0d65181a
SHA512 eea159de8a20eda578dce1bbe153e0d0507b9ee0db28aa18af5d366acdbe6506163da8308fa7920229f32e1fbe736ab55a94c98d508929c9f04ec6c55ff4ca37

/data/data/ir.askar.kodak/databases/evernote_jobs.db-wal

MD5 a57efe993874f89ebed14b8a44d76c57
SHA1 dec90c2f849a6524af291fb8ecbfceddd27bfa7e
SHA256 134d164264024e462bd18df35ffcf280d770ffe445ad1319d01ad631aab57402
SHA512 ed29921b16eac0f465fd5c214570dd872b7fdec51e654e43ff2375b8359634657a246b7e58b4bd39a576b4db1204ddd93f32d1786e55de51e05cc32b8ae38e16

/data/data/ir.askar.kodak/databases/evernote_jobs.db

MD5 f3d426cb501ae1adf6c4e9992a283b87
SHA1 ce8e15a00b5b49de6f957ad9ace815bf5a857eaf
SHA256 93e7b85e31889af91e956293de513fc88f53aab935786b0cd2e90c35ef5d4d9b
SHA512 908ea46ccad393adf226b17805a14a430dda4fafbad8d956d0ecfbb0cb1b230f032c189dac9b151fe38e0b5ace2bb9ceefdd88bad776128c39c11e4697875d48

/data/data/ir.askar.kodak/databases/evernote_jobs.db-wal

MD5 1ae3ece28c454cbeb4d7eb846eacb929
SHA1 9d1debc8b5746e071615ed4a308a68c5fc23a67e
SHA256 b84a47300af1c92e458fa62a40e8408981c423e350cb45c99e7eb08976b85b77
SHA512 4e134e1d36e4a35e96147fdc9516fdc1d6a6f77f4526cf61f9e16635ff9346eddfcb912857fc341d463856e0bc95709817afabac1e13c33507d633160fa3a639

/data/data/ir.askar.kodak/databases/evernote_jobs.db

MD5 cf61cf556f75edd8670f8ab99bf4acf8
SHA1 353815e152b89a423979e5b5fcfb68e301556ad8
SHA256 5b708a5871b72af83037da41557cba847b3d6a0231aef008bab71b2f3293aed9
SHA512 34e636d8d6eb2495866cf5eb73a2b6818d47718ff2af88f8d23cdbdb9d1d011b62ea9f61b3d11754f250da17e19f7fa1383d82d8a16d5703a4519e4c68792eed

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 14:31

Reported

2023-12-25 10:11

Platform

android-x64-20231215-en

Max time kernel

2691923s

Max time network

144s

Command Line

ir.askar.kodak

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.askar.kodak

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 srv.magnetadservices.com udp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
BE 142.250.110.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
FR 216.58.201.100:443 www.google.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
US 1.1.1.1:53 server.magnet.ir udp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
IR 178.216.250.25:80 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
FR 216.58.201.100:443 www.google.com tcp
GB 142.250.187.206:443 tcp
FR 216.58.201.98:443 tcp

Files

/data/data/ir.askar.kodak/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.askar.kodak/databases/evernote_jobs.db-journal

MD5 324c5279ae25de3fde6705f9871c38a2
SHA1 7a7d78c22495c0b58af63b03c896073ff6e27843
SHA256 f40792e12a8d4fc1f2013a1938e5fa5d0f13887e3acc6686b024ff21aa6e540a
SHA512 8d07fe4149880d5821e916ce626acfbcfe9be1c91f5db90df2970332a9453f4de4b1d52f34de1789c73e9e80cb19eecf309bdd4a0f3f839c1bc4f6ed285a5fdc

/data/data/ir.askar.kodak/databases/evernote_jobs.db

MD5 00e829076f54c72b50b63fd6de296a03
SHA1 fbeb1b8be863931f98a7c29224a03b89f9616ab2
SHA256 c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df
SHA512 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc

/data/data/ir.askar.kodak/databases/evernote_jobs.db-journal

MD5 37d0a466520ddc8195515ef584cfea6c
SHA1 ef7e8c8904b47fd557365e8d135ed18602399eda
SHA256 6a8528eaf19642696303aba0def67e25782be36e8da2e1e1206dbba580d4d992
SHA512 52c1f58de44d1c552235452a334eeb8b12fc4d209e35efaf5e28f745bef73fab44b5fc5402a88d007551f4ebc60e720db19e67161515f2942507a0464416cb9f

/data/data/ir.askar.kodak/databases/evernote_jobs.db-journal

MD5 60dec711314690f625fb7eac47fce8c4
SHA1 17fb52ef91766427a0b51242170ebdcb0c5704e9
SHA256 f3e445fd7c718a3b41bd843150c126610549e8d8fee35d5474c5b1bd947a778a
SHA512 02ebe9c50690a190b4419850b72ca0ccf51b992d0664c39fa796f6000c0544cb1fc2d787ad409e5cb32a60bb5748041263e7785ec57be5c926e91313b35ddbe9

/data/data/ir.askar.kodak/databases/evernote_jobs.db-journal

MD5 3e505cf74dc26e9ed08c5550d0d2763a
SHA1 3b9dae392fbea814988353e90445cecb43ae5356
SHA256 d52174846494241560a23df01839abda333fefe8b8081965b37a79df806d01a0
SHA512 6f5196aa89ef993e53faf0482f69d0979d422c720b7e1dc335c8f89f96ed0c15a25ac70fec673af5dced04c0b1afde8bd57fcac80186223fb14e5856d0c3443f

/data/data/ir.askar.kodak/databases/evernote_jobs.db

MD5 3a515c8e08316fc6a2589d6bf8407581
SHA1 c1427f8ec6943c50d8930390fc81c57aaa332038
SHA256 8990740a6bb365c5ea357706b2b112d3c818f639c0d0fbd462d73767c984fafc
SHA512 897796a01f3397b4a0a117f5b8dd153aa2ab65dfa38a35e062929323d4f480538bf1e8a4ed830f091dd6d45d46d2df90e52c58b1fe57023273794a8480011602

/data/data/ir.askar.kodak/databases/__pushe_base_lib_db-journal

MD5 06d9db501f1dbb4160a9aa8d11df1b46
SHA1 7f01d0e91eef824d50c5d9b78837c93104cd4f1b
SHA256 7f231ece1bed966cdd247a44254a7323b8ee9c0f4b90c2471597f3b91da01bb3
SHA512 7fd4644e303add656a2da086feac5713a443e750bdb42c729361b86b92d9efb142657807e6094be77b8339e5b459fcec5c16253f7d5937f7daf97c1028e50f54

/data/data/ir.askar.kodak/databases/__pushe_base_lib_db

MD5 abe9fa56c177c65db8c072e6d81fc41c
SHA1 abe9e9bb6f7294324f549af4435f58578ae69f2f
SHA256 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a
SHA512 bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a

/data/data/ir.askar.kodak/databases/__pushe_base_lib_db-journal

MD5 05dfe0026c4d58bb337aa4a88aba4752
SHA1 c58c902049db18d164e5ecf6dd28844a84a3f962
SHA256 dd99c42101baba523f89854840f51dc0aad6a77d26b762953b16e149c62ef126
SHA512 de073039a861d6205b9e76ac715942e821736a347dafc77a5a57f64cb6d7d6af053b55009ee2ef0c0351af9e7f659a4d01cfbe4db3493cec2fecd494c214eaec

/data/data/ir.askar.kodak/databases/__pushe_base_lib_db-journal

MD5 f6b0f6151d6dea8d83c8a2a5ff218a70
SHA1 92ba594b0ef889427808c6218fad3f8ff908d77b
SHA256 a7be9171e561a56bdb2cca929ecc134b24a4eddb7c1464ef39beb930dfdabe40
SHA512 980ae629259143e52912024b4e4764e29df4c1108a65488c2c679cc1d44681573c57a7e7610470d990852b3dd9e6d3b52f71db8664560d19caedde96740b4bf0

/data/data/ir.askar.kodak/files/db.db

MD5 9ba2f45f641156553c46f70814dc4dcf
SHA1 b68a8721fce2808053a06326b37401197a246930
SHA256 ecb9e1bbd305dd382aca124cf023bcb186c0977d0c2c0421bbd7c96bbeda8679
SHA512 0a27d93e2aa0548843c9c3d018a10396dcc78c8d46e39d68c952672dffd67c94c4a21845e5f4fa8d11460c0c64915cf31d0ae4a9fdab0503a600f279c95bad5e

/data/data/ir.askar.kodak/databases/evernote_jobs.db-journal

MD5 2310561e524d71fb5fec81732805cea7
SHA1 486846bd148a30a215c76a8cdd90f0a20fcd09bc
SHA256 9e104fc88a35b1fbb2c945ba58d3d8e3579be63af3aa9f40475982cf9a48525e
SHA512 578f2c54544e84ddaed78e213c21e14c365e6dc603de43b7adf0aff4ff8b08a7211e1207173ce25cd8b03e7537b2b4a53ac532e9a94fc49c6af6940921e30fd1

/data/data/ir.askar.kodak/databases/evernote_jobs.db

MD5 220541d47c520ca70c4713af52231082
SHA1 fff7ebbe6791eb0a8a97aaa0de106c3ca61758f2
SHA256 13bf611e68b03341db4bb159b9496c83fe970799c2096966bdd16460efa8a40c
SHA512 021c5d757cf5bb102d3c2b2dfe272ddf37eb2f32a738cf555e18c325ea3d8b29522e1d8fa5af87c0270a2ae2f402f6e0c61705e0238506b2a61e435704ba15ef

/data/data/ir.askar.kodak/databases/evernote_jobs.db-journal

MD5 1ee1d316a57654e87d073aab10df9331
SHA1 d51eab2cebfa9b2fc7c2ca456ca5b0cbc40b8476
SHA256 c83cec2990d0b5a3df090ba4ecbf2ebef7f49247a38fbe92277c70721660be50
SHA512 4b407d6ab5e295e6c35472941791ceb89be754c0b148034520d591ded0409317b633c41312273a95dcca02abd7d66c386a47c13348bf4a1350fd9a52fd4fb628

/data/data/ir.askar.kodak/databases/evernote_jobs.db

MD5 7cfdf371871bc00c346ac6d1d3175aeb
SHA1 8b48a8461f05fe61fe1595f894bd158b03c20d3c
SHA256 75f65b64c9649894b61a391c0d68d1794aa6afe8bb3da1142d4b9e0b643c7045
SHA512 b0a4c8c9044007763fc9ae9bb7266ff0e17e2a61af8c2ec2e1178c1a3172182bb5e3b2c652a297cdf40d730e5b0ef67df2ad6d94f811b2aae69b26a379d7ac75

/data/data/ir.askar.kodak/databases/evernote_jobs.db

MD5 771826c4b29aa787910c7164200ecf8d
SHA1 f7f7c9c8f96b991d0374b4d4ab2bfc5f699bd246
SHA256 fd7d38f7d79098143e85515013f30ce0a96fd793799abfe5f57449a8410d6471
SHA512 616ccfca3f0430d10f0c54ca440b961c2297283b1ac8195e306d569873ceab9d90544eec64cd116db18d4a22152d3e9c964136439bf1aa43557c5c282e09e414

/data/data/ir.askar.kodak/databases/evernote_jobs.db

MD5 94820ef66d46d4cc6f997e427e383127
SHA1 05400c7b5068bc885a396cb48530e3766e6f6ff7
SHA256 c832652445ccf7a7fe0b8a7033fa0c5db9a5ce83aae3c5a556a184ee17eff4b4
SHA512 0b27cfbf5ba445ad93a3e1f858a63a339999ae4d3dc583f1f7f2fa847aec5ecee4877fddde4eb25ed380051896c338ee5fedf50e8a43fe2574989188a7c946ae

/data/data/ir.askar.kodak/databases/__pushe_base_lib_db-journal

MD5 9942d0904f785df8873e47f372e9422c
SHA1 580a3bc6d8cf18339f18c8ef834b6224760f6e2f
SHA256 4a5014fe6a88759f5632b36786e4a61bb0086595b160db70da3bce42f52f5a8f
SHA512 98ebc3fd889ac01671e6618900420dd7d25ea4ab3eadd4609745105859e7f40c57abf97ba9301bd44b342a180f7f1b3ffe19242a8c434c029de026c2a9148f3a

/data/data/ir.askar.kodak/databases/__pushe_base_lib_db-journal

MD5 22d3b5888418eaaec46cdb301d791f06
SHA1 25ea23add4a40489d064a3b9c691ac8d54d4ba6c
SHA256 54f7f58a4ebd9a8cd93ce44376232f8088bad1feed793f1b921e119f796270e8
SHA512 24ed492796e7d3a62e352fb69c24582491ab07c4c56dceb6f5bacfc315708d06d0ae7695ba18a3f64af0f47b74e893efcc301e66ae5119fd8bf013cd026a9f97

/data/data/ir.askar.kodak/databases/__pushe_base_lib_db-journal

MD5 0aa034cdd89989976580b0a5f7cab002
SHA1 6bef647a3c699158130f30674e5a7aa2174e360b
SHA256 0ff51a28f4cb76c5927e734801fee2928b53b0d0d73be14367cbbd8616959d2f
SHA512 4b854985373adaf51b5052c9bd2b44a73a76085b5e36bde832963897fdecab2f76db66935536f4d82219f4270f8ea2264e32c96e7b26c454385135ab795208cd

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 14:31

Reported

2023-12-25 10:12

Platform

android-x64-arm64-20231215-en

Max time kernel

2691971s

Max time network

149s

Command Line

ir.askar.kodak

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.askar.kodak

Network

Country Destination Domain Proto
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 172.217.169.10:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 srv.magnetadservices.com udp
BE 142.251.5.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
US 1.1.1.1:53 www.google.com udp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
US 1.1.1.1:53 server.magnet.ir udp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
IR 178.216.250.25:443 server.magnet.ir tcp
GB 142.250.179.228:443 www.google.com tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
IR 178.216.250.25:443 server.magnet.ir tcp
US 162.243.147.245:80 ip.pushe.co tcp
IR 178.216.250.25:443 server.magnet.ir tcp
US 1.1.1.1:53 srv.magnetadservices.com udp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/data/user/0/ir.askar.kodak/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/ir.askar.kodak/databases/evernote_jobs.db-journal

MD5 27ee4c8ebc6c5654008e0758dbcd6ea8
SHA1 fac809b558bd69d2702c0ed8418d20b62d442f9d
SHA256 39b4941b21885bca565aee8aa235407cf5ce369dd305063b635883c872e32985
SHA512 27541655cfc0584fc3f9f37c9666d2b9e1a09a7a9e6e4cb79358bdb63edce1222a48b3e2604398ce1ed58d52af04f5d21c98528dd6749bc996208c17a2657ea6

/data/user/0/ir.askar.kodak/databases/evernote_jobs.db

MD5 47080e3bfcf2db9b8620f2faf6c5857a
SHA1 6f63c1851255e0fa99567f047382074b086d38bc
SHA256 dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb
SHA512 e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

/data/user/0/ir.askar.kodak/databases/evernote_jobs.db-journal

MD5 d0f9ccae344b6a67015112223e43a367
SHA1 bac5d4c2fd8cf68198ba890c448cb95d170fe68b
SHA256 e685cfbcea8caef833f5a5991f8948a93791bd7dc21bc1526f6f57f007df8727
SHA512 472b8ae401ec3d281b122a84b54412ec239f1c08749a02181e97246950ab46227c352675c06cfc7b191a8d9f3645e6f13dc0d7a475b07b0d766cb5e2a412008e

/data/user/0/ir.askar.kodak/databases/evernote_jobs.db-journal

MD5 4625adea8b3194a02ace5d4ddf10e261
SHA1 c0b50d6463f4c84a21ed92757d456e9c5a4e1d5e
SHA256 6d2a19e4216e1738c98d25a4b6c8e3190625f9995e298a138d3db8771b753fce
SHA512 2c35dfea90d1664049e269c8b8a3642092d2197923d193cfb3a9183a98df391ce5aabfd672bbfc9bf1a251f8ff053c707a4dde283ff01cdf6b13c90ef987dbb0

/data/user/0/ir.askar.kodak/databases/evernote_jobs.db-journal

MD5 0c62ce15ef69721f6ecd4e207973efd2
SHA1 0a5ffa566a82e7b696325c52b809e4116d3b04c5
SHA256 85b4540286c55ad5bcc58f105b437a5ac6b1492e44e17695acc62e4a55de0a57
SHA512 ca97e503fe781326f7a508fbabaecfab32147446ef48caf73036aa685518d8ffe237ccfaa081f189b2832793164504e35952636b6677a1549734e8cc6842cf84

/data/user/0/ir.askar.kodak/databases/evernote_jobs.db

MD5 ce268969b75cd3568455b97cdc353b86
SHA1 0eb8fd7bc36c8606b15da2dc2f58e5822e4bb999
SHA256 82b8b7cb8072ade89006bffd1ddf35baba172b7125e317a261ddcbe0916c1657
SHA512 8a5d7945b0b2869444a7223bcbd16424dc56e8467fdb30e9d462051d4371a2a2ed81ebdf7294f33f7cc97fece2e8be3bbb79a6cf35bea334694d6e77b51ca005

/data/user/0/ir.askar.kodak/databases/__pushe_base_lib_db-journal

MD5 b14d6a4d7ff4b99aea490ff69891031c
SHA1 c2d696bf1356160533005f754856b5f31b736883
SHA256 33ae2de3ec65d3237d5519aa07383abbf007fe3b5852cbe375f06e31bc41efd8
SHA512 8483f26f2e26ab76479eed3ef9e1a64026791e0d68d0d9f1ff5761a58766436b7f03f61ef52f85872d3d8ac6f78074800054ca20db9b4b280992a7ea5a902297

/data/user/0/ir.askar.kodak/databases/__pushe_base_lib_db

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/ir.askar.kodak/databases/__pushe_base_lib_db-journal

MD5 f9c8c0edb138f1d75f3e30f81b8bfe99
SHA1 9defe5f0cd0e84d11c368c0ac385d1b983f7e0c9
SHA256 4ece6a5de06e22bec3b4bd6b15becfc4b29af1cabddd7ab39fdc7c9bab368c35
SHA512 41202f79424e8a3c8670ab00a0a8121e7480879d91eb99160069eb1b377937c7ff7f0e4d727a240860222c4227a9117e890ebe51a5830406ac036da9a539b5fb

/data/user/0/ir.askar.kodak/databases/__pushe_base_lib_db-journal

MD5 dcd06908bec1487ce4957e9c188cd5d7
SHA1 178d3e8115a98c31dd565c530994784412666236
SHA256 d6975d5bde57cd6a83d3c989ef3578228a13a783524361db9fba23e984f0cf58
SHA512 682cbdd32aa88675a6f5e9efeeeb5ca8847b7b59df3b564cac7171ef0bf1e537a6e22d7a6a99b46e1cca4ae28732aa23eeec882f63af5b8f0c702f02724065a0

/data/user/0/ir.askar.kodak/databases/evernote_jobs.db-journal

MD5 80ab0133b5a07e74e328239c37fde95a
SHA1 d920b24e8a8d730520fb2ef2fe670a2d70390216
SHA256 20d0cf6828153c16608e725fad1e89efa6cadb6b8e827010c8c6562a076ddb97
SHA512 7311b8b54deabaca23f5a6e161c2e66c96e249d0f8cffa925cd6fa52e4759e5b37230e363b421f77e2d24e5829b7c5b1795a6827085a592fbc5222fa8a2fe0db

/data/user/0/ir.askar.kodak/databases/evernote_jobs.db

MD5 0962d51e0bcd135e9cb94a04d34fa2dd
SHA1 6747484965ddcc841cceed2773b79452dacf2c77
SHA256 e404fa181b5aec749fdad297458ad72d59a5f8a20ef3786b92d240d1b0223395
SHA512 8d69a4a26e0b3947abd58af1cf0e0ab982adb87763690507f31c7ee06dd32868b6c36d30afc19c02b19d330513eaa9ae13c18cd54ca3d2db6c4fa9a76a2ebdcb

/data/user/0/ir.askar.kodak/databases/evernote_jobs.db

MD5 e73abd0457ccbe68dd4648e2ade38509
SHA1 a88983978cf1980500c206bc04c6857338c4fdee
SHA256 c521ff2445e2dd6fc876dd7129751419decb5bf1749aa0f35be481bd826462a5
SHA512 dd74257336408ba98de97f6265afc7664e2a48aee0fd8f2e60b901c4ff2f8bf772e558aad6012d12f2ab631c2ec8446e6b06fadb80f57bea301785656a11e793

/data/user/0/ir.askar.kodak/databases/evernote_jobs.db

MD5 7737d6401146d55f8883425b5d4470d9
SHA1 9772ac7796bc7bdf8845fad741cbcc0cac5ed60d
SHA256 19e1086f978076f8b1ba0e690e47951f34a72b024622682d6592c41c96c67148
SHA512 3b5aabbebf366ea898f9ad8f2795d0e9308fa2ad32ca9450f9de44816bdc5a2c5721d27ce47543bc8b5189c2974dd45b853ee9745c70fc9860bc333936f729b2

/data/user/0/ir.askar.kodak/databases/__pushe_base_lib_db-journal

MD5 07cf5e2e2e1aa7476fe6a1a3b8ffad0b
SHA1 dcdb6f5bb3c36c20cab9b53980971ed410fa0dcb
SHA256 12229fc5c8eafb59a0164fe274cfd860e8a89402321332ea825dfe80691acac5
SHA512 1ef25e61e77bc6889adc5ec13b235a78d18ea2fff09069c288ec3f2dc5533200ca3956785a56ae4f448ab9f54b6d2caff119d319f6488b0640077e2f862c2a00

/data/user/0/ir.askar.kodak/databases/__pushe_base_lib_db-journal

MD5 b72c99518ce898f50e6f7acf7bbff864
SHA1 a33bd259326cd232c64787e89946b210e7fca6d3
SHA256 9a344206240445b3d0d2658f79d0a9bfd8deb15fabcbedebc5c346c253aacbc6
SHA512 067ce47aad58f4ff96ce0e2ddcb46d3a9dbe94adbf43e884863947fea3d08c07840432fbde673ff41e969e20545458fb80cc8c69b5fe217ada3faa60ad8cd752

/data/user/0/ir.askar.kodak/databases/__pushe_base_lib_db-journal

MD5 feb993a7d1cd67ce57293b35760a0152
SHA1 96f72bdd8fa3086b8160aeb3cff7b803caffff7f
SHA256 46fd6b6dc17c11b085f0cc6f632c8a8cfe586500a5b8ec3bdb7173db8635fd6d
SHA512 a1d28e632561a6663f5c8667f628e5b4eb06c2d92d641d09b4d4444adc959ceab1c3af614e21cc376f8c208b803d2ae4a8afe2c17e8c49428541522f79159cc3