Malware Analysis Report

2025-01-19 06:41

Sample ID 231223-rvvv6adggp
Target 307c4942042791a8ad9bf14476fe647a953e8eb01ef6a7b14ab484d0b329497c
SHA256 307c4942042791a8ad9bf14476fe647a953e8eb01ef6a7b14ab484d0b329497c
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

307c4942042791a8ad9bf14476fe647a953e8eb01ef6a7b14ab484d0b329497c

Threat Level: Known bad

The file 307c4942042791a8ad9bf14476fe647a953e8eb01ef6a7b14ab484d0b329497c was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 14:31

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 14:31

Reported

2023-12-27 05:34

Platform

android-x86-arm-20231215-en

Max time kernel

2848160s

Max time network

137s

Command Line

ir.ghazahae.bokharpaz.d0

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ghazahae.bokharpaz.d0

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.200.14:443 android.apis.google.com tcp
US 142.251.168.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 tcp
GB 142.250.200.36:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/data/ir.ghazahae.bokharpaz.d0/databases/db_default_job_manager-journal

MD5 3d42fbe544c0f929df961c92fa21260f
SHA1 b1b1ce269b4656881c1e64dc82fa84c120e2a2fd
SHA256 a7f9e16f1148d675e50595bba2610f4e5fecad98ebc92f192346bcce2e305c4a
SHA512 089845f084abae9f33e5ade219ff5b179ae20f40ddb40885e43bb5d44c8155a6df2f5ba6e9d5708d18a1be2efaa6dcbc4b18d60d6d8ff5181e753f4552ba138a

/data/data/ir.ghazahae.bokharpaz.d0/databases/db_default_job_manager

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.ghazahae.bokharpaz.d0/databases/db_default_job_manager-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ir.ghazahae.bokharpaz.d0/databases/db_default_job_manager-wal

MD5 cf5cc2243e70f7a87cd8d92bf060d63b
SHA1 752a5ca3b3007d93e6f68a126c40b6f5ceca5eeb
SHA256 d572b5b032ba0608f83486ae88795a7b48d7f098528a3dd1252096bc2bfcc47e
SHA512 87e6b6b1ef8e9d4b40751d92081931594473bca8d30ed9031e84a809968a64a75244108084b898033a3f2c018afabbaeec7d171ee3a9342dfeace6c59a90a351

/data/data/ir.ghazahae.bokharpaz.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e99fda1d-eb53-4a71-80f5-bca7f9dc2937.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.ghazahae.bokharpaz.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/bad315dc-3dcb-4639-ab93-e0539d89a77b.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.ghazahae.bokharpaz.d0/databases/cheshdb-journal

MD5 87258c5a151ca7c0d5c9fa969ea74e72
SHA1 3b0ee9db12543e24216c0cec5b557ae887449132
SHA256 70bc44b65e31b1729f10ce7269d8940b367930ff505af4474d8b3767f90957a8
SHA512 f34ec503e45208c2dbc174426a1450bdff0c2cefa3f6e5921b5c05ae5998e420e7de2b819ea8f36e7fe4fa2abb339557d2a9a16e27f036dd5dbd37c5eda88382

/data/data/ir.ghazahae.bokharpaz.d0/databases/cheshdb-wal

MD5 ebc3a7220b6f2b10df4f8d6a3061ed2a
SHA1 694bdf9bf16bb32210005074cc041b2864520df0
SHA256 dc981700dc44fe037a9e0195f7ec70a265f7c9fdb251ad3548e0f1c4c1524c02
SHA512 58b9e1c7cca82d945352bae06a0e1144b89b9b95a63b178a370dc3d8cad54884f1e0faf15c864dddbc295911640f639067109da04355ba17a7792a8ea8d035f4

/data/data/ir.ghazahae.bokharpaz.d0/databases/__pushe_base_lib_db-journal

MD5 915430e6af428c933a8ec61970ea8db2
SHA1 736dd822bf0c2bb55679c68a6f542a566883be57
SHA256 18b643cadb3046ef35404ec7e3af94a3e0ed10f4d3b1c224dc4c7d7632aead36
SHA512 ad309b92dd9257779b547bfe1fdfcdc0121ef77ce191d2e552273cccc3597598c3c8ef30e41653f2e9f4f41271813192aa2ace4746f21215f41550f008c84eb6

/data/data/ir.ghazahae.bokharpaz.d0/databases/__pushe_base_lib_db-wal

MD5 d1d2d8831e76d0438cc3ee54c312c8d2
SHA1 7e2d8ff90968ec3d3db886e819139b1f89b30da7
SHA256 2de465fae08fcf37203c1c0db13288a358e4c3d5c863dc7d7dcc62c29462e0cc
SHA512 93252884d081c99c51322c185b5b5582fa8ef410ef10f1ced3ec499b2bc950751fe03721143564a277f2b5b50dd23328e82a62fcaf7c7f0084154e8e0d1299bc

/data/data/ir.ghazahae.bokharpaz.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/5e9ec822-3948-4bd8-8319-926720936524.jobs

MD5 d65398333a20001e90d4ea86cee8ee2c
SHA1 8d851d7d82dd3b75ec48f1b6c5aabf1aa2bbc0eb
SHA256 273c237c47cb507b0d8c2b4b59743c40b1a531d13f957f0c430f3470f0e977ef
SHA512 6261a77820efca7548b8f3ee17c7f2311e64f88fab9b4d008c0c9c1f7b91673e8a4eb18cadb7b999e129e14da7095096ef9ba51af1a3577e0674eedd3acda596

/data/data/ir.ghazahae.bokharpaz.d0/databases/evernote_jobs.db-journal

MD5 fd6c6fe9d438a77b2e3dbbe14c914a63
SHA1 80826b1b691b97e398d58eaddb0e144f96bc879b
SHA256 945b03c3410ff50be00b667a04f064b37cd6b2297462accbef18716a9089e0ad
SHA512 7d1c8b58449358707ed31c5b7b951639b113dc26cb0de57318051e32b4481319b361cc67983d7cbc30afd824b14a04464927c43366862c44a593f82c5c288514

/data/data/ir.ghazahae.bokharpaz.d0/databases/evernote_jobs.db-wal

MD5 75567434490b176daae2ee37faeb4c64
SHA1 f3245e92b4886287030272a120cdc822ecbda25c
SHA256 b1b0dd7e633f61a83f39b9f5b6e898c53479daa33ea4c575cee8b5aa6872e839
SHA512 9d9c5047fe6421d210481311e7ca4d9f94b3f5d668e46911d4a8c7783e09394e841688aec6279d64342364c89fef7001562065295ff7ccab7323d6d123c06f9f

/data/data/ir.ghazahae.bokharpaz.d0/no_backup/com.google.InstanceId.properties

MD5 a9fccff4898cfc01d9d31fa6b017e04f
SHA1 01cd8427e7dae035711a6905113ddb9082e466e8
SHA256 019882dee0a327a7a192b334a71dd94b5421eefc58266c3eeeeb7ab41e5b6078
SHA512 06633603e0963cff25439f5c5a83e14b7aafb1b1927d958a3a3b998af5d8777ab78f2f9cf8d39097414b487db5030fae4494f7a3e5cd67fe00fc7d9212cc08fe

/data/data/ir.ghazahae.bokharpaz.d0/databases/cheshdb-wal

MD5 bfac76e44fb40152bfa374bb6d630103
SHA1 b40821c5a4f4bb45f8841ee3a1f0451f8bda70ff
SHA256 7ddf52482c73850c9a02d7f2449b2c5794f44b077e36641d130c285001c476c0
SHA512 776f216469890613316e3de1a897305137643ccd076cf7b93742ae1fdb8c1ac5f1e668d8fbfd93efbd35cacf67e768f25e8a8f4a9e380cff3abb890461970512

/data/data/ir.ghazahae.bokharpaz.d0/databases/cheshdb

MD5 8abdbd75ad6463cfaf042807233d62c8
SHA1 fecb02990f0dfb9f7d413a05821e443b4d94e13d
SHA256 9f785f45f8679d5172d8ab42080653fe9eed101d63ed9aaabe4bef5de62c30cf
SHA512 abf7855a496575b25dd5fc7c3e2a60a7cb3daf171d8abe46b48e1d19405b68e4038a5b258f75e77cb83cf101278c25fc389b363aea52eb1c14ba515ec46a8814

/data/data/ir.ghazahae.bokharpaz.d0/databases/cheshdb-wal

MD5 7cb097b8f501372f207e3490996a94b7
SHA1 ea1209130f83b4e4529fd984275e3fe5b1a976c3
SHA256 9ee7e3760ecbd3a67b8ff1731586c43aff0b6ca31001a8d4191d34d171557859
SHA512 64eddc81ca5cd20401e1d71ece20ef70e7c529327ded6c24e21d477a6df79472811c48b4040a33ec02cc4f1d8fbbed8829fde8393e4e8e36ed9ebbafc7f8da92

/data/data/ir.ghazahae.bokharpaz.d0/databases/cheshdb

MD5 3707c7d6466007866655875b35ff8f2c
SHA1 ed9b89bc350d1cca6e8430624e1bc78624fc2b8f
SHA256 c3ac00a4b4cfbc96515026daa5eaf3f6559deeadd0cfc24ddbd755cf7851191c
SHA512 3825a97b5d919ae96b17c60dcadf28506c60b5946a523334a2361beb93025e7223c487779c4985bb53547ce47b337df64fc45d8ba2db58cd9810f5e4333fefe0

/data/data/ir.ghazahae.bokharpaz.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0a0eea0f-0483-4d7b-8f13-77afe18fabbe.jobs

MD5 6a54a5e6aefea25c27096e9429a4ec5d
SHA1 daee0735cf793466b2e33d8ba3f5b35803c622bd
SHA256 dc681fc56e1da3dd89de9963c9ae72af0e490c0f78fa1a3f3bd780cf0cb6a0d6
SHA512 40eed0b0e13bac2c96d7abb651adef93a153b2aaeab7ef50c2566256620ea1a9bb9bb57297cd3360014be5349eb6cd1e018477c6af4db6df6eedc499b772e887

/data/data/ir.ghazahae.bokharpaz.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/39d36d17-0987-455b-9ba5-1a7d6b0baf0f.jobs

MD5 bc06c8d1f7b1662e9aa95f931a45058c
SHA1 3f5873e102eb2c0112ecc905d30f6db6d3477e45
SHA256 217fbefbae549af7f9dfec2a469f377f3fe70e30be449e434a703deb6aa85991
SHA512 47a786558f40f28e79e118e99d208567f70824a04b26f48dd364be914ed0a978ec861fe2f3e14526eb2898d417c47d933805adacc285db85a7a1fe5e6e02a579

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 14:31

Reported

2023-12-25 10:08

Platform

android-x64-20231215-en

Max time kernel

2691774s

Max time network

163s

Command Line

ir.ghazahae.bokharpaz.d0

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ghazahae.bokharpaz.d0

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
FR 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
GB 172.217.169.14:443 android.apis.google.com tcp
BE 142.250.110.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.169.36:443 tcp
GB 172.217.169.36:443 tcp
GB 142.250.179.228:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
FR 216.58.201.98:443 tcp
GB 142.250.179.238:443 tcp

Files

/data/data/ir.ghazahae.bokharpaz.d0/databases/db_default_job_manager-journal

MD5 d92554cab3ad6421972e03cbe78665c7
SHA1 ff35ed9fa082bc70519bcfe248b8685254efba95
SHA256 2390c7642873502299cc98f7961d3153a3089c035f3574c486e73ee2feefb4e5
SHA512 325e57f15b781890cecd2ddf146a9d052d37ac1d5b28ec5827fee7ac91493047f705310bd9524aca01ca19efc9ded02821079f70bc739dbc0346575f3db431e1

/data/data/ir.ghazahae.bokharpaz.d0/databases/db_default_job_manager

MD5 163b0e3f017becbc89b9d7f330b78f09
SHA1 1ef9cd8ac8655190468d0ccece0a4738634ab0f9
SHA256 cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36
SHA512 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

/data/data/ir.ghazahae.bokharpaz.d0/databases/db_default_job_manager-journal

MD5 1413392b8786c916d391039ffb225997
SHA1 c7f3281fa2e6a5ed97022c0697d55273bc652bff
SHA256 45b512e9786a7670cfca93b0885ed3dfa6ef629c84d9b367516748ac149bb191
SHA512 eae29ff151b1feaec0f8b7db22a7dfa83aa4d9e0e0394a12c1d18182e4fc844a7609f651034b9e07c0fe00eda30229a8469a90329bdf773d854664e18578f3f8

/data/data/ir.ghazahae.bokharpaz.d0/databases/db_default_job_manager-journal

MD5 3bd6bb1b2d0c029bdbfc5f89eabaadb8
SHA1 ae87a9b21cf4e7eff93619416dd66365d6f1b701
SHA256 3959a5ce3608864b1671662dffac5da3a6e443c49d20339fe20405c3370ca50d
SHA512 8af609b9a5f4ba0fb8bc8944977e95558fea73d93bdf8cb14e3cda59c16b3b3027ee68201e2ebd47e89fbe3d5e7bac9c4b3b44244ef66272f0c7d7eb6fd2ef34

/data/data/ir.ghazahae.bokharpaz.d0/databases/db_default_job_manager-journal

MD5 3b2c3adea46ee9bd81cf7a8a6f2b2fb3
SHA1 e825d92c776f4a4a2796cab26b51eb257d9b5dbc
SHA256 b4359a4e0af25f71994713cb0c8b99b29e96b42f3b8ce0cfe0ed25cab974769f
SHA512 44da89aa4897015c4718c386b329669a37a11e93b860c0f40964b03a6a991b71044265ff18d0b0e3c8d55a0f90538a16760b32963db3d4c5a02fecf03c73cba2

/data/data/ir.ghazahae.bokharpaz.d0/databases/__pushe_base_lib_db-journal

MD5 94606eee7fcce9cc440af47b2b0198d4
SHA1 80ede6c77c261c7a82fb0150c424afee74381fa8
SHA256 40ab3f85cf14e027ba2c880bb245a0fb63796118e2281124716383002014ceaa
SHA512 f5dcf571540c84d8e910a4d1e37d31c6dd39da07ce189f467540229dc4de2cf122af12210ace96ea88b623924d888f17f6ceecc8cbb5bd1231d96dee1bf6bc44

/data/data/ir.ghazahae.bokharpaz.d0/databases/__pushe_base_lib_db-journal

MD5 2784bb94f55aa351758db4ef5a3c21ec
SHA1 8e04766512f671bc00cef86814be381b45bb672f
SHA256 d29bfc35b140c01099b09007f2f73b206c562e87ff0b70d3b47289c32a47d18f
SHA512 46ff743390ea316866727b9849024df52bdd39db8ea21578fb4848fb6ea702e30fcf348142806cfd1cb6961029521a12d75b5ebea5daa67c05d6c577271aea14

/data/data/ir.ghazahae.bokharpaz.d0/databases/__pushe_base_lib_db-journal

MD5 beec429f1bf053175947afa40dc67b8f
SHA1 6e8d20a6343fb612e8a5d869ffcad4c65b791cb3
SHA256 002cb87ec15c51d6fb43f6bfce637faeee18f6ad08d1213db09bd35759049c8b
SHA512 7108a1486e4f54c4c5b8e9c86fb4fb4f5a45ba7ec19c4d0bce0614f95138bf1c96fe6c5100f84de26082a98414fa9806dffd2326a09bf6c0fa16cdefb4d6f185

/data/data/ir.ghazahae.bokharpaz.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/a4d07f9a-8e09-49a5-95e8-d63053728162.jobs

MD5 34f2b481fa67b625aa5ae12dd3b8fe6b
SHA1 233fe7e8f244168c3a5816d8fe6a41a8bbcd0cca
SHA256 e88d6abb3befbadde4b69aa4cc7f9b2cf20dedfdb0bc67194cbc57ef408528b4
SHA512 456b702f7f49ba873443c2e788f2372f1c3974f6490e471936d1d2be41d4fc1fe6ae17257b65e70648f8edc1e47080c145e90ea2ddb85ba49e10efc0d23a3d33

/data/data/ir.ghazahae.bokharpaz.d0/databases/__pushe_base_lib_db-journal

MD5 749825f68f49d18ee27b98f5217be634
SHA1 658b774ce4265640f8197a3b346c5f243c72f28f
SHA256 b26218f6426d91bad651f9cd9a9945d15129981b23790bc6163c56ed9a0f723f
SHA512 36f1d83b26ac79b58bcd8c12764a86912e21247c913f8117498a0e692134649c1cfa33df9f0070ed2580f413df1f5591eddefc3d348a0e14d6d08f6a4eacdab6

/data/data/ir.ghazahae.bokharpaz.d0/databases/evernote_jobs.db-journal

MD5 9231f6d11c55ff8f4a85e6e546daa180
SHA1 c80f555182cc15f35b7ce5c9660d7613335f201d
SHA256 c850deb8494136afbe05c7d0e3076fff3f0f2b937520d953daebc228c23c9dcc
SHA512 b16fb94d3a8cd6f091237dcdf2043680ad24d3b5d27ff67312834e35df07dccc3e7e75bb907b7ca1e0797db30d42aff2ac30b537cc78681b224c8401ff313f2a

/data/data/ir.ghazahae.bokharpaz.d0/databases/evernote_jobs.db-journal

MD5 91df0547ab6e641b435fedbd049b890b
SHA1 a9529d9a746d664434f258df331a9190ebaf5aa9
SHA256 f723ac117df4bb2467c3380ddff185ee006b5d318ea586d06631afd55882de27
SHA512 84898d8b7f31d0b21881643112e0239d0984ea9b62c5fdc91a7aae8b5e5edbf56629fbbbbcc595737fd9f2686381869af227e4b5404d1c9a20a346ab42fa8395

/data/data/ir.ghazahae.bokharpaz.d0/databases/evernote_jobs.db-journal

MD5 50f4c45d8d45cfcaf319751a78f6a514
SHA1 aea48c054aa1861d57074df0b8f524c84effd1d2
SHA256 0e425fea9c71e201ae2872d6d02ef28c88fc970e062cd45a7ead505293d48f46
SHA512 ab4ebb2bcdfb049d1f8089efe583c3383d72e684fa14a35d6b24a5941bda8ac3458746b462b1261e342cb302c643c5223238bdcfc910f1983b32f22a5ba3e69e

/data/data/ir.ghazahae.bokharpaz.d0/databases/evernote_jobs.db-journal

MD5 781235d51ab68743d91ebc8e0d631c0d
SHA1 da9296ff1f6a09c2dcf2914ddca19b8fe5c2e776
SHA256 b45393c1212aa2ce14374d59827cdaf6f95d7e53d0fd26989726397ed8603008
SHA512 556bc5c38ae75401a384d43e5ed2d8ebebb0493f3ba079f71386946c4654eff557fd5537ce1ab74a60555a56e478e80a93dfd4786a2df6a7f95921ab16439ceb

/data/data/ir.ghazahae.bokharpaz.d0/databases/evernote_jobs.db-journal

MD5 023637014987612536a41eda4d9126ce
SHA1 e127b5cb03d1a4c9bdd0e3b4d36399526f4ad5bc
SHA256 8b628f791890ed2964eac5e6423650d85ce8a6ccf2e0bfd27b43df730c2629e4
SHA512 72b81d893304dabe5b0e92a7ec14d09433031f0a679dc4fca5b22b447d80636d5a65b8475ae8589606bb750a7a8fc3388b8e77c15147b4d0c2fc9f9312b7c1eb

/data/data/ir.ghazahae.bokharpaz.d0/no_backup/com.google.InstanceId.properties

MD5 fd95d56488e8e2967921f5648d2d7f10
SHA1 8832f7e682488121abbe481cf3d0724479b12325
SHA256 09e5aaeac18cfd2c80a034b742dd7b9e470f6481720bc35906a25d8a7c7ce989
SHA512 0c3276b4eafa8034ef562173f3a891aad5fcc6a1cd669893c1b1272bb800940da0db3b74b3f3440255ee9a820f1e76308561f222339365e5cf9ccdb44ad2bd57

/data/data/ir.ghazahae.bokharpaz.d0/databases/cheshdb-journal

MD5 ac08ce235e3879fd7367d02112c41052
SHA1 2de46dc850cdebde245d1ea7a7971d44c1d04867
SHA256 5ba719900db4e23a7186824959bac345250d4360d8fb4731280920f5224ee864
SHA512 396d5641be4ca09d2690c1f1f1e023cfa1d4050723411c3e71ac72ce537066f29fb7f79bb193494e91eca8bdbba361eed72cf3859bf053cbe3196c6fe0de47f6

/data/data/ir.ghazahae.bokharpaz.d0/databases/cheshdb

MD5 82e49d9b4f64e1a74a8b20d6a68d9493
SHA1 f6023a2b9b3f4b0c55ba41268c91a5de8e9d4020
SHA256 b8be18b5cce617b53361e65bd69c571e3f2d3314954a4b54532b21777fc62a0d
SHA512 ddf20a2f54bb89045d0a93d96f0a9fce9189aae747fc578f14a4335fbb9786b2430672c95182c98034fed826053022e9234f2aa2c16b32c8c1e30c4d2f51c061

/data/data/ir.ghazahae.bokharpaz.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0504ec9f-5a29-42d0-9a66-130f2975fc5e.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.ghazahae.bokharpaz.d0/databases/cheshdb-journal

MD5 fafc16481c74c9573b4c1db5c4896620
SHA1 4a428bd17d8ce5550f82e5b4d336b2c4cd896ed0
SHA256 675bee7b0681f354915aa60b6b5d7d2dbc00c7d8526bd5261bf05282d8b83e9a
SHA512 541149df4a18e58a8a84a0f974fa7f0b8fe807cb0a15fc2c9ca47613b79fa80ec9cee1a2f97ea83ade94a3cb87a9baa136bf8c4872dd4c30625decfe1356ef12

/data/data/ir.ghazahae.bokharpaz.d0/databases/cheshdb

MD5 3e90a05344049f10db137e3ac28d6eab
SHA1 576c3553f0f612de2aea0d9114c4968d91df2332
SHA256 a3b03b92439b14f97815e9c675dddd706679280d7d488473a6237b09153db5cf
SHA512 565c8def67237ba0834c65c23691dd540866e2582509601c10b90da8dc294155de21748ed2e1f778080dfccb8c9c95c775e6a04171698c75cc451564da65ba4e

/data/data/ir.ghazahae.bokharpaz.d0/databases/__pushe_base_lib_db-journal

MD5 27d0bb960e276ca7204396d2638eace8
SHA1 55d66bfd25d6dc7a275c8dfc6a684919f149d38b
SHA256 e769d51f25c570c8104b5a08c8b2d333468aede036824e45c20ea4991b99829f
SHA512 5f647c88057916bfff54cabe7d50f1c05e917107617a6e199d66020fe4a8aeba36858ef94cb80e657c1a83f64339ff23f51dd14579160e735ae01461524f8f3a

/data/data/ir.ghazahae.bokharpaz.d0/databases/evernote_jobs.db-journal

MD5 75b85e498029bda84e226f0a3a8d418a
SHA1 4b1f95688962fed63133b62fb06f347f564c07d8
SHA256 a868a3ae0d67b11fb079a07b1d48ce7830910a93b6eda4ecce51290d521b7198
SHA512 59d859deb2c6c0013a37505009de3d414548ceb7e937ab0034242d6ba588588c874817dc73976f9702d560595e63b042652c81f228be4fffec47be6fc3983b7e

/data/data/ir.ghazahae.bokharpaz.d0/databases/__pushe_base_lib_db-journal

MD5 49c351a5defb553b976f0156be4c1e17
SHA1 8a6543e41766a43a076dd5e6c24678536d4abb69
SHA256 abf9e2448f4bee75ccae04f94f74198ca15cd6d180b2e6787be7da6062ac25a4
SHA512 c66bf8832c0daa8d42529466e777012296000c5ff4e0c6b7a18a340710bb0087300533cfceedc589fb7713a9c6be2d59149d025f12a62ea6288701e3bb20890a

/data/data/ir.ghazahae.bokharpaz.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/23ddef57-ad26-434b-b1fe-2a091b59bb21.jobs

MD5 f43923b6b5f70490a256c5a7a085c33e
SHA1 f9621a66dac9e1a6bf3c9c14f9028de6efabd9ba
SHA256 0085c678f63b9157a3bb2e660d22a5d76095cd9104b3745200ddf8e5a5d5d787
SHA512 a6098cb0e4e07d5a9cf0354a15c5682058ce5d8e8310ddd527adb60e4368ed4d67f7228490f12705b8951772d7cfeebc38655731eb74c89e71cdd06663bb6df9

/data/data/ir.ghazahae.bokharpaz.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/df281e0b-1490-44ff-bfd6-b9f48e1f8394.jobs

MD5 b01292f77543f8029c646958db89f5e4
SHA1 d9896a02eb7cdec17acc46e66f336e35d246cb6b
SHA256 b97b0cb63a90e83690e9545e4e78ade516d3289e17bc85c0a9377054c6d39d97
SHA512 3299ac6a6a8a9cb8c3fbd4518a5852cbbcd3e4f0f536c7ede3c7ea698e528fe5028d1cffa153506358d74a505f5149aa0149642ff35b61f08dc6ed8149597383

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 14:31

Reported

2023-12-25 10:09

Platform

android-x64-arm64-20231215-en

Max time kernel

2691838s

Max time network

132s

Command Line

ir.ghazahae.bokharpaz.d0

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ghazahae.bokharpaz.d0

Network

Country Destination Domain Proto
GB 216.58.213.14:443 tcp
GB 216.58.213.14:443 tcp
GB 216.58.213.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
BE 64.233.184.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
FR 216.58.201.100:443 tcp
FR 216.58.201.100:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/db_default_job_manager-journal

MD5 8e1775196e4308c9a79908ca0a008149
SHA1 69d6f918f3d31f5aa121dd735285b5ede6c904e6
SHA256 4efaaa5998bbe0ab2370f6e6fb071938798b480ae62b73685d3a65026cbaffda
SHA512 1347ed7be16babd19ff954a21efa3d18defb9741a6b28c5e46dea84e48e20a2f8a37937553cf4b71bc56e6f5d41d48fecb0e5cfba854024842b709ac18817639

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/db_default_job_manager

MD5 3cd9e0f51794ba56c6b658620c4a776e
SHA1 1a4c8b4baebf348297d3ffad7dc164208c50243d
SHA256 501b7371cfad19d926f53de991d54259fa0674618efcf344ccb0f2787d9a21b7
SHA512 36191d3e6b6a1cc90a5bb8cb49eb4269a563fad34c1f523ebb3eecdc98b4783e067296beee01959b46188621c2ba5732ead240c70daecc52fb3bf577e6e4d6fd

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/db_default_job_manager-journal

MD5 eaa02afb827915104c245da1d94eecc1
SHA1 0cf473c65a12a347d65aee77fe68707d5dde6f3c
SHA256 5a65bfe46328685cfa5009691102f0de9ad2985a12ecf7ea1619ebee5db14dd1
SHA512 e5efeb777553083d2a3758bf6da8dc12dbf1bd01927865f598f5c3f0d437a4d452575ebd0a8512dcb4583b4efc4519ba65ac77d548576eab7c2f7305ed4f92cc

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/db_default_job_manager-journal

MD5 9d558148d644c5846f283bddfcff3c1a
SHA1 cc8d954c976369d47c94c677e3f8aec4448198ac
SHA256 edb4ccbf9fc0180d18c60c70ad24ec4fa63cc88d2cb4d8da08e25328978ccd79
SHA512 6a90ac3c347bdf895354c6ec33de7c93cead70c78f025c15bab6059b94a7ae12be52ec77adf657bc51252244e62e337144b5cab561a015465c8ce115b3e2be6a

/data/user/0/ir.ghazahae.bokharpaz.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/df91ae04-7979-4489-bfc0-8f70041c4707.jobs

MD5 e2e046a11fab20f7b2a6b40b9e0619f5
SHA1 788d0558887d1450a13900743bffb90e5e5f4a7c
SHA256 2ca32393893ed149b0852c527eca1ca286dd381202547362cac1c52126964f20
SHA512 40ec48bc534e24759485e80595ea91a58f4fa1bac9815905204eb086968fc7200a8de86d9c9d143f4b4a0107c4bc7a9a520ab90d3b6ea778c83cfd1e7dd3bbca

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/__pushe_base_lib_db-journal

MD5 24bb27a29cce733358b520d62cea1682
SHA1 73ad2ec74f9228853a401b5c86192c72c6c1d283
SHA256 78b1fabd23c328aa4be32778e3214175a74b5e604ed76562957a0c6b3ffc6cf3
SHA512 e04960acca45cef05aa8c082c9582574384d9a6a5d1b2a1032c8f07e170da9ac1bf3b0acb576b2edc3f4fb0fd942492ede9313f0177147731f93d63cc3a4557b

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/evernote_jobs.db-journal

MD5 5e50e61fde1c0c2c1288c786a4bf791a
SHA1 885ae698f87f83a488996a9956b1e6a9880a4c9d
SHA256 b3f9f393fda8f6978723e418284cfbd88bad38ad990de2181d04d6583a16817a
SHA512 376bc913095225e71af4ad6c9103a2f439ee5194441f3895cec5aaf63f8c95ed716aa34e0e79abbe3dc26067ede16fc374a38b26373da4d1bf577b82a2a3248e

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/evernote_jobs.db

MD5 f41f531c07d4141546a531ff9caffdcd
SHA1 9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5
SHA256 bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646
SHA512 e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/evernote_jobs.db-journal

MD5 d90f9da9f9f497236329842fcf0b7bf1
SHA1 e7a59cebecefa07559ae97e005d7bb563373c7e0
SHA256 921da27d30b39c68dbe144a7a97285cb1e4c0f921bb357d0047d5b34426baf25
SHA512 f49f51f4a4e4aa39ad1ceca15b3d01d05b697d440704e0a95dd98926540cada679a4997c208240fbcd7c99910ade538e9e29b0ef80cf1736b7df8104fe757d18

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/evernote_jobs.db-journal

MD5 1a9b339e209c268551bcfedd4490369b
SHA1 2aa5d592c42a0441613eb51f7de725d315961ec5
SHA256 84c8ab2ee0db99a9328ba88de0a3b5df776a8f9600dfe487332b7269b37501d2
SHA512 c458f124ebb088b1a4e56fb5d5bfe5afe8c8bbf254dcf4fa04c83b20ddab69653ba9230531063b50743b272e6d6bd7040376346d824a7bd95468bd31964f977f

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/evernote_jobs.db-journal

MD5 6eb64b3a4545fd6c4c2bf72da27664e7
SHA1 e882c27ed6100b825e4b6352928ec847cf4a1fab
SHA256 165dad486808bcb8537a29c66e39df2acbaa7bfad70db74635a25b234ad94d05
SHA512 8db1e041665c8d7580a783ffa875ee68865ae7ccb655441605a6cd1978431f253b035e66a425586bc0acacc3c41c3078767dd3312e091324b61df7fb10384d50

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/evernote_jobs.db-journal

MD5 82216bce46d472dabff0352a2a859924
SHA1 ea398caac7491e244614cda58dcd1454badf2777
SHA256 213dc030c7e6b50196a4dd1362eec1914469b8ca418996e5c2a887f31cda7d43
SHA512 a7a764c84abd9f37952d821d67e2655574c15d8619f3ffe47d3d6d2f25ed033c42264a234089bda1fd3edcfc106f2290c7e02d3e156544adf3365c7abb1d89bb

/data/user/0/ir.ghazahae.bokharpaz.d0/no_backup/com.google.InstanceId.properties

MD5 f186d4375a73fb02bc05cc5a1039e86d
SHA1 c5bd20ad61c7fcb7750103a69b07ba4a0a4be681
SHA256 22f4e1ad129b62d157b1ea84cb30f0c134a2b9c3778219a4298e36e93e48acb2
SHA512 a32ea66933f75b2f629a846041317a5d7fe2195c67f88b2246b71bcd91fee9a4a4af0c66ecec080c34aa204eace0d2162ea7677eaa850b88ff7a5dfb54842208

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/cheshdb-journal

MD5 460a5dee6ddfc0940774be4a0fda491a
SHA1 469657c0a0a6c44f8be64fae6d4b8be4f2e49c13
SHA256 6e8ee237a0db83eced5b656f0ed453e738922cdebe8538360e16a498f651d335
SHA512 13f9cf0e5b2420a2dedfe1be52ac8fc109933ac6b09bb489cc7ae163169111e8ba0f87788d61f411604dd8094e4e76b437e8b6ef002030693bc3387bf827ff2c

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/cheshdb

MD5 16fc8672e0ba89aeae750c927aed2f32
SHA1 8ce7b1c5e31bc0a87d59fb8f340e115f7945d658
SHA256 3f5ed79ac4bd09988aebf870dda11789b78f6f369a58c6f7d0878842d96babaa
SHA512 f1a23a75e3f4e9192a4fb00dc4f0ebdeac38007d12c586dcf02aabcc11f3a9919db4cccc1e4e25e4f814739167ca7f53dc969e6e6430e9379dd7979f9d39ba83

/data/user/0/ir.ghazahae.bokharpaz.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/fb556307-e117-4a2c-a9e5-7a105d836923.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/cheshdb-journal

MD5 ed06bf755c86e38f7e7fd73caacd8589
SHA1 185fab2db72c1a93bb13783c3686ba3ffec30edd
SHA256 b1c7312e3067cbfc2855ba2aa535a50b786f09848add2d18f324025663677059
SHA512 3e394088a7ce41c2f264ab21fa5dcf0e7c4903860d093ed004768242bc4b0f29cad2c5e1812706901ed73e9903ecee6b1c9769fc153b77300fa40c565f37e11d

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/cheshdb

MD5 144db595b24eb490ed0ce80b6a16bcb8
SHA1 33f11b6b810dfded11e1d31922de8cd82fd888b9
SHA256 bef8cb9e71da93469699e5673c5e7c2cbdeb7e2e2bcf8d8043cc671c57403e00
SHA512 f89a276377692a367fc787fbde36c7827e8b8a1917f93aa0fca431e048dbeefe8929b57047e74c101de3814635c6ee59ec0658b2d600de8be62420f25243cb55

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/__pushe_base_lib_db-journal

MD5 4640ca711dcd831674b42f4d40a5919b
SHA1 6e0fa2bb071b25b940bf5e61a4487831ef17ccf2
SHA256 67c0ce6eedec1229d9864a6583f58bdf10fdac7e5f991e3d415867a3157eda74
SHA512 435dcd8e0e320ecacdd66889cb5ddaf03859d80d7884d9009f9b58a1878a188c13706c486955da807b45d1b0c5d45611d96a0f750d632818baf4d9b96ec740c2

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/evernote_jobs.db-journal

MD5 e42559ca9f23cbca8fd009e6ca5e206b
SHA1 3fc030b0ccc0f17a95b09be1e7034a211e128340
SHA256 ffaf1728eaa484024885267ca664306010d280519569920afd63ce7ad0a67b15
SHA512 f6b238863627cc45bac7267bb542f82e0f766fbb69ace85123b224a2ee87b5da6ee75e4faf47a4a5c60a9c59e4a02a15058157b45d167f74c3f1b6dedf4a9cf2

/data/user/0/ir.ghazahae.bokharpaz.d0/databases/__pushe_base_lib_db-journal

MD5 04a70b00f5a0f0ace235d3f8c35c6fe1
SHA1 b2b588d6ccc1a53e01f82eddd03695fd71038e9a
SHA256 346b6f2a70255210dc71887c9fd083ea43e7c77f2b372761fd1381c3846bda21
SHA512 c3c4778fe2a966d6167ee239604306daed0a9ef443b1af42c39af1cba09b2d57e96fff5a618b6645ee2ed529463de530226746751e3858471dbd51a0fb3098a1

/data/user/0/ir.ghazahae.bokharpaz.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/abf578b3-6a91-4574-97f7-13c6a0e19f8c.jobs

MD5 8cf0e60b4a0d9bdb493e9c8d5d1fc634
SHA1 67120fda4950440d1b1d4928973e41a58bc7bfdd
SHA256 d365c6623684a1075a4450b5e43233bec31c6002a4b7533386ec499842fd4fd1
SHA512 89ac3a7e0c3259ab54f5c1b703002fc0c60f3e497f5b5639f6296106bbd723c531fd982c27e561124386f95b1ec99866247a9d729642d24ba1a680beae8876c1

/data/user/0/ir.ghazahae.bokharpaz.d0/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/bc0652cf-8c2e-4484-8717-c9942e77fd5a.jobs

MD5 9bfef68d67a98e7aa234fc35b42b1702
SHA1 442419e15c66a8b6f104447e941464e853bd7529
SHA256 d7cdd21b1da44dc544da8e9fff0297bf2aac38f6677b9d865e6bca0a46c78303
SHA512 ce3a241005fdc2fa5c3feeef1222ced781e80bb41852ca4fd7ad1bf25cc3ef204322731c737072bb8823e4c4f9c52e6ffd2bb6e3d5f615ac2a350d657195b52a