Analysis Overview
SHA256
30b340181d61f248aacb2c1030a7af1497c6e5ecf74b41171f9a222239e4955a
Threat Level: Known bad
The file 30b340181d61f248aacb2c1030a7af1497c6e5ecf74b41171f9a222239e4955a was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Requests cell location
Acquires the wake lock
Reads information about phone network operator.
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-23 14:31
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 14:31
Reported
2023-12-27 05:42
Platform
android-x86-arm-20231215-en
Max time kernel
2848688s
Max time network
141s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
ir.askar.kodak
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| BE | 74.125.206.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| FR | 216.58.201.100:443 | tcp | |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 1.1.1.1:53 | bgahmgx | udp |
| US | 1.1.1.1:53 | oqoezhocfrojayw | udp |
| US | 1.1.1.1:53 | fqziqyd | udp |
| US | 1.1.1.1:53 | oqoezhocfrojayw | udp |
| US | 1.1.1.1:53 | oqoezhocfrojayw | udp |
| US | 1.1.1.1:53 | fqziqyd | udp |
| US | 1.1.1.1:53 | fqziqyd | udp |
Files
/data/data/ir.askar.kodak/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.askar.kodak/databases/evernote_jobs.db-journal
| MD5 | 0a550cffb6febcbcfe4fec4fde0fd7cb |
| SHA1 | 7e8ecc5fe0ce335f5468dee22c9825d74379adda |
| SHA256 | a273204adeaa723bee1022812b9423b511a8ff5cec40a035395537e2beececc9 |
| SHA512 | ac5d4f91c5c47e1bd6371762f131f602bd8cede4c97378f2fc2ac4e4db5ca88a8eacf454e50cc3bf69e126951ab9474fd48575d1d15b6ca4ed112ed834666573 |
/data/data/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.askar.kodak/databases/evernote_jobs.db-wal
| MD5 | 67d6f2f1ada6bb0022e108eb21efe987 |
| SHA1 | ce5224e2b0ea04e41b048abbf585acdbe8632d28 |
| SHA256 | ac4b792b31651de5754cf01e2cf071e7ab5bb75226e4642727d7d495590e7950 |
| SHA512 | 36fe67929dc5c4d0b00f146c7e740307abd4554dad16ae808bcc8ef3bb8daff75ff7280f39e9082150053775367c29a290835cce18bef85567bf8999fbe97963 |
/data/data/ir.askar.kodak/databases/evernote_jobs.db-wal
| MD5 | b0a1b46272b36b5737deb00f8ecc69e2 |
| SHA1 | 07d28f551be23b8d659bfa1002a6973f6d11c5ba |
| SHA256 | a76f505e84921f1d6ab3885e6a384ef89298641cdecd7636f8be88e57d029615 |
| SHA512 | 415282293824d6f4cb918cae3e404dda1d2703b2fc2d272d017d2ff3c5ff2b533fcf26b1c5faaf9b68cf713eda85ba09eb4086a2b73670a57886e8aa898e13be |
/data/data/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | 2a783a76682d6f35dd81890e988c82de |
| SHA1 | b387166b6321932c2ddee28fd764b92c97df1022 |
| SHA256 | 408acbab5ee2acc85956c88c2404abbf59aa39b084f8bd7dfe580da3397ff57f |
| SHA512 | 23195865c6a5fbf9b067fd24453c0a69975081972eb89eee92686cdbd6caafb409be336e275b2d6ae2b92eabc127ac5a634b4ebd103391a601e58eceb31dcb99 |
/data/data/ir.askar.kodak/databases/__pushe_base_lib_db-journal
| MD5 | b95f112f0d3d407a263544ee03a1da3e |
| SHA1 | 59b7d7c97727b2e8dea0045493a5e8e4ff454a10 |
| SHA256 | b6adcec4b06899fe966ea7d468798415d31e9e0bca87daa3b7552f607cd05be1 |
| SHA512 | 73d08eb69007cc19365b3c4908dc46ea16ae90c248737b172b33893192fc25866dd3a24f97f8a9f64af02be8afb5f1ae70170569650341945be0888e7e0b804c |
/data/data/ir.askar.kodak/databases/__pushe_base_lib_db-wal
| MD5 | 1dacb189e28e3ad328696ddc5bc8edb4 |
| SHA1 | aea463309a103c38661673f7c5bbe22afbb306c0 |
| SHA256 | ffd05c0805e5c7869b8494451e9a3a29f84e2e87017533819eb3e7dee6e26370 |
| SHA512 | 4c02b66cf0916b779b7b83907f77fdb88642e038c2c354a4649a515ec5f32522eb6699ba2ba48d1c87f76afd0cc54b2d08ee885fac0357bda924db9ac6db5bd8 |
/data/data/ir.askar.kodak/files/db.db
| MD5 | 9ba2f45f641156553c46f70814dc4dcf |
| SHA1 | b68a8721fce2808053a06326b37401197a246930 |
| SHA256 | ecb9e1bbd305dd382aca124cf023bcb186c0977d0c2c0421bbd7c96bbeda8679 |
| SHA512 | 0a27d93e2aa0548843c9c3d018a10396dcc78c8d46e39d68c952672dffd67c94c4a21845e5f4fa8d11460c0c64915cf31d0ae4a9fdab0503a600f279c95bad5e |
/data/data/ir.askar.kodak/files/db.db-journal
| MD5 | ac9b35044c3767b3df385e32ff3358f6 |
| SHA1 | b39aaf71212f89660f2afc9cbc13ef98337f004e |
| SHA256 | a410d37f8d1bc9d83ace3b13cd740a6d473710751d200fcead7642937de5a112 |
| SHA512 | 3b4804fe838c5bd6fd4adb2f4ff8783305b553c86657d473ae60ce6c28fc3753450b289f739320673b13eae186bfdd35f9547ec5804a18c3dd006fe3aaa9ddd6 |
/data/data/ir.askar.kodak/files/db.db
| MD5 | 5812fdcfc1bcd6b12963b79a4e74a2a9 |
| SHA1 | d82f49ab97d6552d8ad7bfd7e6d040a2cd543992 |
| SHA256 | f43a3912789039545305c6e28b6ee99c43dc59e7cd294daae1c0ba328cfb878e |
| SHA512 | 519eb449bedda6c193f0aa6220f9874bb6d8e99c48a33a87ef03618c9862bb58dc68fb4bc6cf34792fcdd97ccf5d4fa62193672110463b8c2269fbb219eec55c |
/data/data/ir.askar.kodak/databases/evernote_jobs.db-wal
| MD5 | 27e0585fe68393f8a514b64c2c5e7f8c |
| SHA1 | df9096ced33ebb88f3b8ccfcd05483b4c88fe463 |
| SHA256 | d2448244b091e982a47a6987b0821ecf96cf26b1ff1fb00c7a15317b621fa56a |
| SHA512 | 9176f5c89e1590d5b017e7ef2a24f7c557f451dc42f01cf8befd7fa3a9c49dc6fa65c65f004142f1094f107ddef7bbaff657e0920a2d8bd01a8e3dc12829c1ef |
/data/data/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | ba793d6e2ec7d86a5a35a68f0745b360 |
| SHA1 | 66c5e0236bed5fb6066a2c2b770421d79c632373 |
| SHA256 | 63e420a58ca7e80b76c8fe9109f05e01897c87b16fcbce0591222c2f1de8119b |
| SHA512 | e55de7d6010e946b42571b470e33d150234bb90ce8bd1a30f0e584f9e92dcfd2344aea89b840ef33b3167859492a66c745787f0e0647228cc5d54f702009f6de |
/data/data/ir.askar.kodak/files/db.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/ir.askar.kodak/databases/evernote_jobs.db-wal
| MD5 | 23f62c4d602a597efacd2aa722c0cb9a |
| SHA1 | f42505a2f028f696434a0977ef82fde90b1a2098 |
| SHA256 | 27bb0fc61e1a876b8780789bfb23a0776661beeeaf195f3972fb3e3952945ee0 |
| SHA512 | 4ffe0073364412cdc455701a56379bcd1bfff4d0a63b9c8b2e1c239d22fdbd3a11f2b246a8c60e2701f9a88ba9593e5d82c3828f59e1f3d57ac04239748cd447 |
/data/data/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | bbc3e0489f3974c90beb44a43c3ff7e7 |
| SHA1 | aec5c30465417929b34c84130956036dc82c07f3 |
| SHA256 | decc70b4e8b851c0575b0cd5e40315e1213409e8be23ff74c495033d0d65181a |
| SHA512 | eea159de8a20eda578dce1bbe153e0d0507b9ee0db28aa18af5d366acdbe6506163da8308fa7920229f32e1fbe736ab55a94c98d508929c9f04ec6c55ff4ca37 |
/data/data/ir.askar.kodak/databases/evernote_jobs.db-wal
| MD5 | a57efe993874f89ebed14b8a44d76c57 |
| SHA1 | dec90c2f849a6524af291fb8ecbfceddd27bfa7e |
| SHA256 | 134d164264024e462bd18df35ffcf280d770ffe445ad1319d01ad631aab57402 |
| SHA512 | ed29921b16eac0f465fd5c214570dd872b7fdec51e654e43ff2375b8359634657a246b7e58b4bd39a576b4db1204ddd93f32d1786e55de51e05cc32b8ae38e16 |
/data/data/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | f3d426cb501ae1adf6c4e9992a283b87 |
| SHA1 | ce8e15a00b5b49de6f957ad9ace815bf5a857eaf |
| SHA256 | 93e7b85e31889af91e956293de513fc88f53aab935786b0cd2e90c35ef5d4d9b |
| SHA512 | 908ea46ccad393adf226b17805a14a430dda4fafbad8d956d0ecfbb0cb1b230f032c189dac9b151fe38e0b5ace2bb9ceefdd88bad776128c39c11e4697875d48 |
/data/data/ir.askar.kodak/databases/evernote_jobs.db-wal
| MD5 | 1ae3ece28c454cbeb4d7eb846eacb929 |
| SHA1 | 9d1debc8b5746e071615ed4a308a68c5fc23a67e |
| SHA256 | b84a47300af1c92e458fa62a40e8408981c423e350cb45c99e7eb08976b85b77 |
| SHA512 | 4e134e1d36e4a35e96147fdc9516fdc1d6a6f77f4526cf61f9e16635ff9346eddfcb912857fc341d463856e0bc95709817afabac1e13c33507d633160fa3a639 |
/data/data/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | cf61cf556f75edd8670f8ab99bf4acf8 |
| SHA1 | 353815e152b89a423979e5b5fcfb68e301556ad8 |
| SHA256 | 5b708a5871b72af83037da41557cba847b3d6a0231aef008bab71b2f3293aed9 |
| SHA512 | 34e636d8d6eb2495866cf5eb73a2b6818d47718ff2af88f8d23cdbdb9d1d011b62ea9f61b3d11754f250da17e19f7fa1383d82d8a16d5703a4519e4c68792eed |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 14:31
Reported
2023-12-25 10:11
Platform
android-x64-20231215-en
Max time kernel
2691923s
Max time network
144s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.askar.kodak
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| GB | 172.217.169.8:443 | ssl.google-analytics.com | tcp |
| BE | 142.250.110.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| FR | 216.58.201.98:443 | tcp |
Files
/data/data/ir.askar.kodak/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.askar.kodak/databases/evernote_jobs.db-journal
| MD5 | 324c5279ae25de3fde6705f9871c38a2 |
| SHA1 | 7a7d78c22495c0b58af63b03c896073ff6e27843 |
| SHA256 | f40792e12a8d4fc1f2013a1938e5fa5d0f13887e3acc6686b024ff21aa6e540a |
| SHA512 | 8d07fe4149880d5821e916ce626acfbcfe9be1c91f5db90df2970332a9453f4de4b1d52f34de1789c73e9e80cb19eecf309bdd4a0f3f839c1bc4f6ed285a5fdc |
/data/data/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | 00e829076f54c72b50b63fd6de296a03 |
| SHA1 | fbeb1b8be863931f98a7c29224a03b89f9616ab2 |
| SHA256 | c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df |
| SHA512 | 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc |
/data/data/ir.askar.kodak/databases/evernote_jobs.db-journal
| MD5 | 37d0a466520ddc8195515ef584cfea6c |
| SHA1 | ef7e8c8904b47fd557365e8d135ed18602399eda |
| SHA256 | 6a8528eaf19642696303aba0def67e25782be36e8da2e1e1206dbba580d4d992 |
| SHA512 | 52c1f58de44d1c552235452a334eeb8b12fc4d209e35efaf5e28f745bef73fab44b5fc5402a88d007551f4ebc60e720db19e67161515f2942507a0464416cb9f |
/data/data/ir.askar.kodak/databases/evernote_jobs.db-journal
| MD5 | 60dec711314690f625fb7eac47fce8c4 |
| SHA1 | 17fb52ef91766427a0b51242170ebdcb0c5704e9 |
| SHA256 | f3e445fd7c718a3b41bd843150c126610549e8d8fee35d5474c5b1bd947a778a |
| SHA512 | 02ebe9c50690a190b4419850b72ca0ccf51b992d0664c39fa796f6000c0544cb1fc2d787ad409e5cb32a60bb5748041263e7785ec57be5c926e91313b35ddbe9 |
/data/data/ir.askar.kodak/databases/evernote_jobs.db-journal
| MD5 | 3e505cf74dc26e9ed08c5550d0d2763a |
| SHA1 | 3b9dae392fbea814988353e90445cecb43ae5356 |
| SHA256 | d52174846494241560a23df01839abda333fefe8b8081965b37a79df806d01a0 |
| SHA512 | 6f5196aa89ef993e53faf0482f69d0979d422c720b7e1dc335c8f89f96ed0c15a25ac70fec673af5dced04c0b1afde8bd57fcac80186223fb14e5856d0c3443f |
/data/data/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | 3a515c8e08316fc6a2589d6bf8407581 |
| SHA1 | c1427f8ec6943c50d8930390fc81c57aaa332038 |
| SHA256 | 8990740a6bb365c5ea357706b2b112d3c818f639c0d0fbd462d73767c984fafc |
| SHA512 | 897796a01f3397b4a0a117f5b8dd153aa2ab65dfa38a35e062929323d4f480538bf1e8a4ed830f091dd6d45d46d2df90e52c58b1fe57023273794a8480011602 |
/data/data/ir.askar.kodak/databases/__pushe_base_lib_db-journal
| MD5 | 06d9db501f1dbb4160a9aa8d11df1b46 |
| SHA1 | 7f01d0e91eef824d50c5d9b78837c93104cd4f1b |
| SHA256 | 7f231ece1bed966cdd247a44254a7323b8ee9c0f4b90c2471597f3b91da01bb3 |
| SHA512 | 7fd4644e303add656a2da086feac5713a443e750bdb42c729361b86b92d9efb142657807e6094be77b8339e5b459fcec5c16253f7d5937f7daf97c1028e50f54 |
/data/data/ir.askar.kodak/databases/__pushe_base_lib_db
| MD5 | abe9fa56c177c65db8c072e6d81fc41c |
| SHA1 | abe9e9bb6f7294324f549af4435f58578ae69f2f |
| SHA256 | 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a |
| SHA512 | bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a |
/data/data/ir.askar.kodak/databases/__pushe_base_lib_db-journal
| MD5 | 05dfe0026c4d58bb337aa4a88aba4752 |
| SHA1 | c58c902049db18d164e5ecf6dd28844a84a3f962 |
| SHA256 | dd99c42101baba523f89854840f51dc0aad6a77d26b762953b16e149c62ef126 |
| SHA512 | de073039a861d6205b9e76ac715942e821736a347dafc77a5a57f64cb6d7d6af053b55009ee2ef0c0351af9e7f659a4d01cfbe4db3493cec2fecd494c214eaec |
/data/data/ir.askar.kodak/databases/__pushe_base_lib_db-journal
| MD5 | f6b0f6151d6dea8d83c8a2a5ff218a70 |
| SHA1 | 92ba594b0ef889427808c6218fad3f8ff908d77b |
| SHA256 | a7be9171e561a56bdb2cca929ecc134b24a4eddb7c1464ef39beb930dfdabe40 |
| SHA512 | 980ae629259143e52912024b4e4764e29df4c1108a65488c2c679cc1d44681573c57a7e7610470d990852b3dd9e6d3b52f71db8664560d19caedde96740b4bf0 |
/data/data/ir.askar.kodak/files/db.db
| MD5 | 9ba2f45f641156553c46f70814dc4dcf |
| SHA1 | b68a8721fce2808053a06326b37401197a246930 |
| SHA256 | ecb9e1bbd305dd382aca124cf023bcb186c0977d0c2c0421bbd7c96bbeda8679 |
| SHA512 | 0a27d93e2aa0548843c9c3d018a10396dcc78c8d46e39d68c952672dffd67c94c4a21845e5f4fa8d11460c0c64915cf31d0ae4a9fdab0503a600f279c95bad5e |
/data/data/ir.askar.kodak/databases/evernote_jobs.db-journal
| MD5 | 2310561e524d71fb5fec81732805cea7 |
| SHA1 | 486846bd148a30a215c76a8cdd90f0a20fcd09bc |
| SHA256 | 9e104fc88a35b1fbb2c945ba58d3d8e3579be63af3aa9f40475982cf9a48525e |
| SHA512 | 578f2c54544e84ddaed78e213c21e14c365e6dc603de43b7adf0aff4ff8b08a7211e1207173ce25cd8b03e7537b2b4a53ac532e9a94fc49c6af6940921e30fd1 |
/data/data/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | 220541d47c520ca70c4713af52231082 |
| SHA1 | fff7ebbe6791eb0a8a97aaa0de106c3ca61758f2 |
| SHA256 | 13bf611e68b03341db4bb159b9496c83fe970799c2096966bdd16460efa8a40c |
| SHA512 | 021c5d757cf5bb102d3c2b2dfe272ddf37eb2f32a738cf555e18c325ea3d8b29522e1d8fa5af87c0270a2ae2f402f6e0c61705e0238506b2a61e435704ba15ef |
/data/data/ir.askar.kodak/databases/evernote_jobs.db-journal
| MD5 | 1ee1d316a57654e87d073aab10df9331 |
| SHA1 | d51eab2cebfa9b2fc7c2ca456ca5b0cbc40b8476 |
| SHA256 | c83cec2990d0b5a3df090ba4ecbf2ebef7f49247a38fbe92277c70721660be50 |
| SHA512 | 4b407d6ab5e295e6c35472941791ceb89be754c0b148034520d591ded0409317b633c41312273a95dcca02abd7d66c386a47c13348bf4a1350fd9a52fd4fb628 |
/data/data/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | 7cfdf371871bc00c346ac6d1d3175aeb |
| SHA1 | 8b48a8461f05fe61fe1595f894bd158b03c20d3c |
| SHA256 | 75f65b64c9649894b61a391c0d68d1794aa6afe8bb3da1142d4b9e0b643c7045 |
| SHA512 | b0a4c8c9044007763fc9ae9bb7266ff0e17e2a61af8c2ec2e1178c1a3172182bb5e3b2c652a297cdf40d730e5b0ef67df2ad6d94f811b2aae69b26a379d7ac75 |
/data/data/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | 771826c4b29aa787910c7164200ecf8d |
| SHA1 | f7f7c9c8f96b991d0374b4d4ab2bfc5f699bd246 |
| SHA256 | fd7d38f7d79098143e85515013f30ce0a96fd793799abfe5f57449a8410d6471 |
| SHA512 | 616ccfca3f0430d10f0c54ca440b961c2297283b1ac8195e306d569873ceab9d90544eec64cd116db18d4a22152d3e9c964136439bf1aa43557c5c282e09e414 |
/data/data/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | 94820ef66d46d4cc6f997e427e383127 |
| SHA1 | 05400c7b5068bc885a396cb48530e3766e6f6ff7 |
| SHA256 | c832652445ccf7a7fe0b8a7033fa0c5db9a5ce83aae3c5a556a184ee17eff4b4 |
| SHA512 | 0b27cfbf5ba445ad93a3e1f858a63a339999ae4d3dc583f1f7f2fa847aec5ecee4877fddde4eb25ed380051896c338ee5fedf50e8a43fe2574989188a7c946ae |
/data/data/ir.askar.kodak/databases/__pushe_base_lib_db-journal
| MD5 | 9942d0904f785df8873e47f372e9422c |
| SHA1 | 580a3bc6d8cf18339f18c8ef834b6224760f6e2f |
| SHA256 | 4a5014fe6a88759f5632b36786e4a61bb0086595b160db70da3bce42f52f5a8f |
| SHA512 | 98ebc3fd889ac01671e6618900420dd7d25ea4ab3eadd4609745105859e7f40c57abf97ba9301bd44b342a180f7f1b3ffe19242a8c434c029de026c2a9148f3a |
/data/data/ir.askar.kodak/databases/__pushe_base_lib_db-journal
| MD5 | 22d3b5888418eaaec46cdb301d791f06 |
| SHA1 | 25ea23add4a40489d064a3b9c691ac8d54d4ba6c |
| SHA256 | 54f7f58a4ebd9a8cd93ce44376232f8088bad1feed793f1b921e119f796270e8 |
| SHA512 | 24ed492796e7d3a62e352fb69c24582491ab07c4c56dceb6f5bacfc315708d06d0ae7695ba18a3f64af0f47b74e893efcc301e66ae5119fd8bf013cd026a9f97 |
/data/data/ir.askar.kodak/databases/__pushe_base_lib_db-journal
| MD5 | 0aa034cdd89989976580b0a5f7cab002 |
| SHA1 | 6bef647a3c699158130f30674e5a7aa2174e360b |
| SHA256 | 0ff51a28f4cb76c5927e734801fee2928b53b0d0d73be14367cbbd8616959d2f |
| SHA512 | 4b854985373adaf51b5052c9bd2b44a73a76085b5e36bde832963897fdecab2f76db66935536f4d82219f4270f8ea2264e32c96e7b26c454385135ab795208cd |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 14:31
Reported
2023-12-25 10:12
Platform
android-x64-arm64-20231215-en
Max time kernel
2691971s
Max time network
149s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.askar.kodak
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.169.10:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.213.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| BE | 142.251.5.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp |
Files
/data/user/0/ir.askar.kodak/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/ir.askar.kodak/databases/evernote_jobs.db-journal
| MD5 | 27ee4c8ebc6c5654008e0758dbcd6ea8 |
| SHA1 | fac809b558bd69d2702c0ed8418d20b62d442f9d |
| SHA256 | 39b4941b21885bca565aee8aa235407cf5ce369dd305063b635883c872e32985 |
| SHA512 | 27541655cfc0584fc3f9f37c9666d2b9e1a09a7a9e6e4cb79358bdb63edce1222a48b3e2604398ce1ed58d52af04f5d21c98528dd6749bc996208c17a2657ea6 |
/data/user/0/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | 47080e3bfcf2db9b8620f2faf6c5857a |
| SHA1 | 6f63c1851255e0fa99567f047382074b086d38bc |
| SHA256 | dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb |
| SHA512 | e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473 |
/data/user/0/ir.askar.kodak/databases/evernote_jobs.db-journal
| MD5 | d0f9ccae344b6a67015112223e43a367 |
| SHA1 | bac5d4c2fd8cf68198ba890c448cb95d170fe68b |
| SHA256 | e685cfbcea8caef833f5a5991f8948a93791bd7dc21bc1526f6f57f007df8727 |
| SHA512 | 472b8ae401ec3d281b122a84b54412ec239f1c08749a02181e97246950ab46227c352675c06cfc7b191a8d9f3645e6f13dc0d7a475b07b0d766cb5e2a412008e |
/data/user/0/ir.askar.kodak/databases/evernote_jobs.db-journal
| MD5 | 4625adea8b3194a02ace5d4ddf10e261 |
| SHA1 | c0b50d6463f4c84a21ed92757d456e9c5a4e1d5e |
| SHA256 | 6d2a19e4216e1738c98d25a4b6c8e3190625f9995e298a138d3db8771b753fce |
| SHA512 | 2c35dfea90d1664049e269c8b8a3642092d2197923d193cfb3a9183a98df391ce5aabfd672bbfc9bf1a251f8ff053c707a4dde283ff01cdf6b13c90ef987dbb0 |
/data/user/0/ir.askar.kodak/databases/evernote_jobs.db-journal
| MD5 | 0c62ce15ef69721f6ecd4e207973efd2 |
| SHA1 | 0a5ffa566a82e7b696325c52b809e4116d3b04c5 |
| SHA256 | 85b4540286c55ad5bcc58f105b437a5ac6b1492e44e17695acc62e4a55de0a57 |
| SHA512 | ca97e503fe781326f7a508fbabaecfab32147446ef48caf73036aa685518d8ffe237ccfaa081f189b2832793164504e35952636b6677a1549734e8cc6842cf84 |
/data/user/0/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | ce268969b75cd3568455b97cdc353b86 |
| SHA1 | 0eb8fd7bc36c8606b15da2dc2f58e5822e4bb999 |
| SHA256 | 82b8b7cb8072ade89006bffd1ddf35baba172b7125e317a261ddcbe0916c1657 |
| SHA512 | 8a5d7945b0b2869444a7223bcbd16424dc56e8467fdb30e9d462051d4371a2a2ed81ebdf7294f33f7cc97fece2e8be3bbb79a6cf35bea334694d6e77b51ca005 |
/data/user/0/ir.askar.kodak/databases/__pushe_base_lib_db-journal
| MD5 | b14d6a4d7ff4b99aea490ff69891031c |
| SHA1 | c2d696bf1356160533005f754856b5f31b736883 |
| SHA256 | 33ae2de3ec65d3237d5519aa07383abbf007fe3b5852cbe375f06e31bc41efd8 |
| SHA512 | 8483f26f2e26ab76479eed3ef9e1a64026791e0d68d0d9f1ff5761a58766436b7f03f61ef52f85872d3d8ac6f78074800054ca20db9b4b280992a7ea5a902297 |
/data/user/0/ir.askar.kodak/databases/__pushe_base_lib_db
| MD5 | 171aedf968e17a2744d2585715606cb9 |
| SHA1 | bbeddeb3b89fcf809619c35b4a318a80e7d5b029 |
| SHA256 | d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e |
| SHA512 | 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b |
/data/user/0/ir.askar.kodak/databases/__pushe_base_lib_db-journal
| MD5 | f9c8c0edb138f1d75f3e30f81b8bfe99 |
| SHA1 | 9defe5f0cd0e84d11c368c0ac385d1b983f7e0c9 |
| SHA256 | 4ece6a5de06e22bec3b4bd6b15becfc4b29af1cabddd7ab39fdc7c9bab368c35 |
| SHA512 | 41202f79424e8a3c8670ab00a0a8121e7480879d91eb99160069eb1b377937c7ff7f0e4d727a240860222c4227a9117e890ebe51a5830406ac036da9a539b5fb |
/data/user/0/ir.askar.kodak/databases/__pushe_base_lib_db-journal
| MD5 | dcd06908bec1487ce4957e9c188cd5d7 |
| SHA1 | 178d3e8115a98c31dd565c530994784412666236 |
| SHA256 | d6975d5bde57cd6a83d3c989ef3578228a13a783524361db9fba23e984f0cf58 |
| SHA512 | 682cbdd32aa88675a6f5e9efeeeb5ca8847b7b59df3b564cac7171ef0bf1e537a6e22d7a6a99b46e1cca4ae28732aa23eeec882f63af5b8f0c702f02724065a0 |
/data/user/0/ir.askar.kodak/databases/evernote_jobs.db-journal
| MD5 | 80ab0133b5a07e74e328239c37fde95a |
| SHA1 | d920b24e8a8d730520fb2ef2fe670a2d70390216 |
| SHA256 | 20d0cf6828153c16608e725fad1e89efa6cadb6b8e827010c8c6562a076ddb97 |
| SHA512 | 7311b8b54deabaca23f5a6e161c2e66c96e249d0f8cffa925cd6fa52e4759e5b37230e363b421f77e2d24e5829b7c5b1795a6827085a592fbc5222fa8a2fe0db |
/data/user/0/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | 0962d51e0bcd135e9cb94a04d34fa2dd |
| SHA1 | 6747484965ddcc841cceed2773b79452dacf2c77 |
| SHA256 | e404fa181b5aec749fdad297458ad72d59a5f8a20ef3786b92d240d1b0223395 |
| SHA512 | 8d69a4a26e0b3947abd58af1cf0e0ab982adb87763690507f31c7ee06dd32868b6c36d30afc19c02b19d330513eaa9ae13c18cd54ca3d2db6c4fa9a76a2ebdcb |
/data/user/0/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | e73abd0457ccbe68dd4648e2ade38509 |
| SHA1 | a88983978cf1980500c206bc04c6857338c4fdee |
| SHA256 | c521ff2445e2dd6fc876dd7129751419decb5bf1749aa0f35be481bd826462a5 |
| SHA512 | dd74257336408ba98de97f6265afc7664e2a48aee0fd8f2e60b901c4ff2f8bf772e558aad6012d12f2ab631c2ec8446e6b06fadb80f57bea301785656a11e793 |
/data/user/0/ir.askar.kodak/databases/evernote_jobs.db
| MD5 | 7737d6401146d55f8883425b5d4470d9 |
| SHA1 | 9772ac7796bc7bdf8845fad741cbcc0cac5ed60d |
| SHA256 | 19e1086f978076f8b1ba0e690e47951f34a72b024622682d6592c41c96c67148 |
| SHA512 | 3b5aabbebf366ea898f9ad8f2795d0e9308fa2ad32ca9450f9de44816bdc5a2c5721d27ce47543bc8b5189c2974dd45b853ee9745c70fc9860bc333936f729b2 |
/data/user/0/ir.askar.kodak/databases/__pushe_base_lib_db-journal
| MD5 | 07cf5e2e2e1aa7476fe6a1a3b8ffad0b |
| SHA1 | dcdb6f5bb3c36c20cab9b53980971ed410fa0dcb |
| SHA256 | 12229fc5c8eafb59a0164fe274cfd860e8a89402321332ea825dfe80691acac5 |
| SHA512 | 1ef25e61e77bc6889adc5ec13b235a78d18ea2fff09069c288ec3f2dc5533200ca3956785a56ae4f448ab9f54b6d2caff119d319f6488b0640077e2f862c2a00 |
/data/user/0/ir.askar.kodak/databases/__pushe_base_lib_db-journal
| MD5 | b72c99518ce898f50e6f7acf7bbff864 |
| SHA1 | a33bd259326cd232c64787e89946b210e7fca6d3 |
| SHA256 | 9a344206240445b3d0d2658f79d0a9bfd8deb15fabcbedebc5c346c253aacbc6 |
| SHA512 | 067ce47aad58f4ff96ce0e2ddcb46d3a9dbe94adbf43e884863947fea3d08c07840432fbde673ff41e969e20545458fb80cc8c69b5fe217ada3faa60ad8cd752 |
/data/user/0/ir.askar.kodak/databases/__pushe_base_lib_db-journal
| MD5 | feb993a7d1cd67ce57293b35760a0152 |
| SHA1 | 96f72bdd8fa3086b8160aeb3cff7b803caffff7f |
| SHA256 | 46fd6b6dc17c11b085f0cc6f632c8a8cfe586500a5b8ec3bdb7173db8635fd6d |
| SHA512 | a1d28e632561a6663f5c8667f628e5b4eb06c2d92d641d09b4d4444adc959ceab1c3af614e21cc376f8c208b803d2ae4a8afe2c17e8c49428541522f79159cc3 |