Malware Analysis Report

2025-01-19 06:46

Sample ID 231223-rww5lsgca4
Target 311b174d92256dafdb276d9ae38af093788cf1986f6029f37e41a737d32fda59
SHA256 311b174d92256dafdb276d9ae38af093788cf1986f6029f37e41a737d32fda59
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

311b174d92256dafdb276d9ae38af093788cf1986f6029f37e41a737d32fda59

Threat Level: Known bad

The file 311b174d92256dafdb276d9ae38af093788cf1986f6029f37e41a737d32fda59 was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Checks Android system properties for emulator presence.

Loads dropped Dex/Jar

Acquires the wake lock

Requests dangerous framework permissions

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 14:33

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 14:33

Reported

2023-12-25 09:44

Platform

android-x64-arm64-20231215-en

Max time kernel

2690313s

Max time network

146s

Command Line

ir.miri.ashh

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.miri.ashh/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.miri.ashh

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 udp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
BE 173.194.76.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 admob.mehranarzani.ir udp
US 1.1.1.1:53 www.google.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/user/0/ir.miri.ashh/databases/db_default_job_manager-journal

MD5 aeb6d28b69778f8a089321d4c08201af
SHA1 c95f0e3ae221faf01ae3e7924ee9451044f610cf
SHA256 a0101ed500fc87f5c7aa44f0d7f0a2ea102b9b475f99f2ce320b0c01bcc6045b
SHA512 fa3f068ef0535e5b6f150bca7bc0268ebf70861e302f62ba6687512558262dafd54ec87cad7cbbeb52bebf3cac53e286c40d2cf5c18717cebe9f68c71c4014b8

/data/user/0/ir.miri.ashh/databases/db_default_job_manager

MD5 6bf4074bab4f79ab4335e74dd6f9e828
SHA1 2dd60ebe94dedff4716db5f760f24489604c931f
SHA256 818c4036b9dd7477e64e92a256c79b9b8d6b068cbb9b49182e393ee8786a6eaf
SHA512 9130751c7ca698e176a2a7e187ae3f8805e24b46be887e663d1228489a9d75ebb51dbff9f8e87108400cae1159d48780cb6eb63ee7f2dd1f15a25a1db7511e89

/data/user/0/ir.miri.ashh/databases/db_default_job_manager-journal

MD5 f6f7a9177d7005ef7496e1c8ffe886a5
SHA1 fab277a1ea9c4c4828fe213ea7368cba2c7e57f0
SHA256 2622230ee0c8e893954196ef148af3f6b072f73b436b5e9f1410a0ca163847ea
SHA512 91d752f7effb6fece9d6e7b479a138e94bd70146e87f32ab41b1d754ccaa47e22810bea9083250c015a1839ae662479fe532237e3a817af808c5842e98adba4c

/data/user/0/ir.miri.ashh/databases/db_default_job_manager-journal

MD5 7545bffbf81fd8d59ec7fe31a3e36d6c
SHA1 b737fa030d7716cd1788b49ca1f3623789f5f34c
SHA256 3c6bb0224c9efe25c5ff9939f919ad42eab61fbaa92c07dfe144feeafefbd7cc
SHA512 319e5fd9d98234d3c85b9ca2a789ca54c96718791aebf372042d11e52d9bc9945bb666a2a0a667983586429ba55203537ccadef911b2c7f75f2f53cec337bed7

/data/user/0/ir.miri.ashh/no_backup/com.google.InstanceId.properties

MD5 a24ae3831b3dd1122592a8189099dc50
SHA1 30f50324efcb9cf74068561b0155d3d426b7f084
SHA256 03f32de140b7f59b935751839cc9bf5cb0a5bd982718f95db90c81ec7d24817d
SHA512 847c431a299ce987a10fd34c0f05432f7d18701ed19692a7bcfb4b726fb8cecfe3ccb5068bac9eb466094cd7dac0b155914048d788ba4518b839ba42ecc24eb4

/data/user/0/ir.miri.ashh/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/d698c429-2edc-4edc-abe6-617de18f03ff.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/user/0/ir.miri.ashh/databases/db_default_job_manager-journal

MD5 452c0917e773df695193fb1aa6f87492
SHA1 d1968a6d5dd158e296cecead3cf7f317abdd2d99
SHA256 5e07d893d8825f5355a7c410796aaa56000c5f1dee1b9ede5c9dd61c14ab641b
SHA512 fd49459098b761be0ce6c1332565a99dbe431cafe6ba6474f5dbb0ea7426e53d04c19065546fd71eae0c1b7f81fe25a0458c1f8be16111c440377f04d0ab5e6d

/data/user/0/ir.miri.ashh/databases/google_app_measurement_local.db-journal

MD5 c94ee2ca5625bbe5fbea03669f8d7d5d
SHA1 188f52f91a95c4dcd71fdf9fc21ecdbff6571335
SHA256 29f21be12dc8a5e8b1e5aa9afe891cf019d555a6ff6f40b990e5c84aa438f190
SHA512 d785e82ac67dacd8d4aacef5e303756cb4f6dec6e3e154b86665568cbb5c1e836a48a24d5a51b40b9a7870c3a673a0139d0c658516bdeb29f5b16b0de387c1b3

/data/user/0/ir.miri.ashh/databases/cheshdb-journal

MD5 3063a53e4664534e5e4de822458ef152
SHA1 23056e50eeb91c044a216684d5025435593151c1
SHA256 f286c3433904c80fa9779964b0e8d786d07e8f8703bcbb26e78bf51c77b2cd88
SHA512 2c353b64c7e80a1f823901a8d1cc208f49d5adb2f2321fe94797669b312f22e76dc57903c370ea79aafdf52008905a0674d7db514ee8368e536eaa9905414f0c

/data/user/0/ir.miri.ashh/databases/google_app_measurement_local.db

MD5 73dde037d43818d6392e51665bee0446
SHA1 79d2b7aaad055aaa21aa371d61b05684c2164073
SHA256 d8aa44c8b932aa136e23d352f22689c2173c343125e0e7588bb111fb635b30be
SHA512 95c88a7ca75a3f60fc3715bcac6a0a0f67bcf8a3a9fde5482f15e8da321521faf184548fc7a31df3f6019c48214b97a683b9fd7d0d2b1bd5595e50fb5d80f4fe

/data/user/0/ir.miri.ashh/databases/cheshdb

MD5 0660d3ef5f0245096a9fa0f61d6a8666
SHA1 282222362a5a05e3153b7f6b49ef35c667b19542
SHA256 1091580378b83e0ab3222d05659ab9aef1d2c65d766d5e04735b628d7a760ba2
SHA512 18bbe88051278314b76611bd68156ce60a9c3af3818d39991fa58d28bd9bcb8476eb00ef52ad8ae7d16c1d7ffcd9f2e8a858e2fd806ae59b5d85a8c3a9ca12a7

/data/user/0/ir.miri.ashh/databases/cheshdb-journal

MD5 24baa2f0b17373a4208cf9206af27146
SHA1 143dd02728ceb6bd19f54f5ff637284d55ef9400
SHA256 f4528177b5cb81782b027a9d3647630cba9b031776bc65cea5b6150c4658f153
SHA512 c5d66d67d7fcfbae1c390d29df20a8bce7ae30e1573e70652de789e034149346e618a65e8ee9df0352f68d6c1a1298e65ba5f6baf43899a1a64288c3af2b9f0e

/data/user/0/ir.miri.ashh/databases/google_app_measurement_local.db-journal

MD5 a7669afda8ea147413f78ce599ee249c
SHA1 55bdf8e8c03f06982882d0d13e8222f400110908
SHA256 81314bf5a21faf27aa8317bd37abb29c8cb0ab8e36762aa1eb14977b3855eaa1
SHA512 9c169804042218001a2f2c2791400ec0cd8c65e8b19446f24d8ec4bc9ae9cf6dd6bb9eb56ce0cb5b36824ec2b59751af24df89d50da0b1f1482b6070bd0319e7

/data/user/0/ir.miri.ashh/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/2a785ded-7081-4df5-908d-de5458be15eb.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/user/0/ir.miri.ashh/databases/cheshdb-journal

MD5 4a3c163a667a27f3b009476fa03e611b
SHA1 27b4fdd55206a2fda81983db0d0f2df2dee59fb7
SHA256 dcc784a9a22d9a8b569d871a37bf25eaaf1c40026121f5fc83bf58af198dd2eb
SHA512 1f9eec66b9b5ff78640c5c89b28f91264b83c9ffc80de9b4673797f9f8240403faabb20a828bba9655934add06209facb17cbd7e057ab3c877f95bc0831ae69d

/data/user/0/ir.miri.ashh/databases/db_default_job_manager-journal

MD5 bc3430da805f0e900246309b283227c4
SHA1 e0b412f60a624e2f8890113348e7325abdb0f6df
SHA256 ce04eb58f37c454c2620539e6b5e37739718c65edbaa77aec706c483c0d558dc
SHA512 46f10152d17d94cc03064d5a7fe79cfc421eca5ce2ad45b111a9d61e42f75558d5e005bce145cd41e0224159e2333f8cf610931925d9661946715463d86cd1f2

/data/user/0/ir.miri.ashh/databases/google_app_measurement_local.db-journal

MD5 56ab1fdcff6318a3cb82936624320d3f
SHA1 0e34d681799fd839e040489fc296c82b6c0ee6ed
SHA256 d2e5c6abede763b2a07748ca4b07813da9ff3e1a7994ffffe8989607ed5f3b15
SHA512 ee02897079e6231ce019e4c2926326eefc0f295b00324e6979dc4318783cc4bcf86a12ccd7b7cd2b6cbe02036b346ad16920b13b1c70d99e75d7102217ce0ced

/data/user/0/ir.miri.ashh/databases/cheshdb-journal

MD5 98776f6ea0417225a26c8398813e6685
SHA1 fe6a0b82511fff6684007abdf36d1de6b7f5bdde
SHA256 4eb8e72f700794ed2ef1375a504b91712950375892426cb91eedfc13088c257b
SHA512 a6784ed53d28f0c290ea98fc530b92b27b72e30aa2cab92c45574e0da2b7ba171e1b75e30f0296be55d54bc4671a60af6b094ddfe7ab3293f9f98424eba865a9

/data/user/0/ir.miri.ashh/databases/google_app_measurement_local.db-journal

MD5 4ff4189c72b66afd7fbfa412b756c812
SHA1 b39dcc9cdf75db056ce635e6e85f3c1b38d9d3a2
SHA256 30489131a723a7f0f6ecc1252b3d1d47b614dea52bf337f31813006c7928f958
SHA512 a5acbd94cfaf9d1aab82e2fe0a36b53b45e341c4bb95e62c043773f7e53418470cf1484633e69623ceac6d3453dab6d723e36f607848eddba3d527d0ecf6329a

/data/user/0/ir.miri.ashh/databases/db_default_job_manager-journal

MD5 be0668face6b0de637930a36f9fb3fe8
SHA1 42ecbcdddc2c59674876e4ebcbd2019db36f32b9
SHA256 f77b408a3e42df732e180284a02a454ace752bc0a6d78a35470ecb0ec07ca34c
SHA512 ce3a59f8c204a9f2137fcc11db39b449322d2d4961e36086292fb0311481b92392a3dfb38952503e74bb7fb83cf471f26a27ada7e401f800a4731e83a61fc11d

/data/user/0/ir.miri.ashh/databases/google_app_measurement_local.db

MD5 fe40d5f1ea9fe2d53ab3db27c56b2100
SHA1 28938ec7116a05586c74c06260aef106205a7f24
SHA256 731a1392aa0c75cec1beebd2fe30a0eff65d9ae49ac099e14e3bbe15b6f9e910
SHA512 0cc18b32bc1ce3dc765f883c0866d8f3ca5313a1e3929b3ec84abf2b5debfa553894884030276dd707c255b1b4df14fb8ac00fa41b631d13cabd62fe002e3304

/data/user/0/ir.miri.ashh/databases/google_app_measurement_local.db

MD5 8d0cd16581ff038bbc5e88cff4e8ad97
SHA1 af55a06a1a75e0c5505b71c89a4959095fca7b51
SHA256 bc034e9e3e9900bd23acd68a09598e0f4fc6b44bbf09c889e1f21ee4a6094e89
SHA512 d3aabd95a96fb1a86bb7623b90df3cd435f2897f59926296d8df1a13616b7f1570562648777a3706cd62681367727247e006f9dc503868d660e87ab7e6ea612e

/data/user/0/ir.miri.ashh/databases/__pushe_base_lib_db-journal

MD5 4357c8dc2d1fa48b44de21b107aacd9e
SHA1 a43447596f52289475394dd9208126fdd3231fa9
SHA256 cb489920fdaec06ca318a0a12aa6529389f470eca227d5003752daab5f971d8a
SHA512 50755f794fbb5fa740e897eeceabea11a9e9f66e2f76aa058eff07ab84a76bbbc1bb9919e77877759d560e8d49ae7d7764fb097ff32de19cff8fea4f7a4ef68a

/data/user/0/ir.miri.ashh/databases/evernote_jobs.db-journal

MD5 3e5dc19ffa60614ab537f4a5a62c74c2
SHA1 6960f066bc63e60b4acfece1b379202c07ab4942
SHA256 22395b09e9d67d77366e0b9cf135d56e979b1c6641faa4f201b6e120250f717d
SHA512 83c29901d90ddd590632e61e1b30ddacb8ca85908aff4eb0aa36c1957ba4b3378be795bce87f402e68e7c17abbac92bf825ee272210ec86a39ee8d5a56baad33

/data/user/0/ir.miri.ashh/databases/evernote_jobs.db

MD5 3cd9e0f51794ba56c6b658620c4a776e
SHA1 1a4c8b4baebf348297d3ffad7dc164208c50243d
SHA256 501b7371cfad19d926f53de991d54259fa0674618efcf344ccb0f2787d9a21b7
SHA512 36191d3e6b6a1cc90a5bb8cb49eb4269a563fad34c1f523ebb3eecdc98b4783e067296beee01959b46188621c2ba5732ead240c70daecc52fb3bf577e6e4d6fd

/data/user/0/ir.miri.ashh/databases/evernote_jobs.db-journal

MD5 fa9567d5299ed0ac94a05e54935f083e
SHA1 3249239dfb3b476960c44ad34339a87d4605ce65
SHA256 b709e6829b07c25ff0054fdd28c6209d1555351660f69d4d510e5a516e4dce44
SHA512 8f0a7885061ba6fecc1c77c3f7bc25280b42d9d6048230063cd9abba68f0a8f3466afa87a9b14ff4599b7a57b750b68af2ae63de3edacc0a342d69c6d55d64b7

/data/user/0/ir.miri.ashh/databases/evernote_jobs.db-journal

MD5 c3072d882c1ed9134e2da553626c0eb2
SHA1 7bf90d1788fc2196495a759d5c34dbef2ab3ceea
SHA256 969a13b8153fe609c93e854c4ac4598831c6edf9a8352e1b0c9b85027365aff5
SHA512 b80df4f9cbc9892c139e5f4a0f07c2c1e3abb10e5c4aacf14252530f93038c84978ca12772a8f494e848247da8a15c41dd50168a757b81e15a16d7720072c4e3

/data/user/0/ir.miri.ashh/databases/evernote_jobs.db-journal

MD5 8e11e01f4900de19688b17196774a7bb
SHA1 acf9f33b5a386cad3dc3d776fce4e6dc355085cc
SHA256 8bb62504d62323b20e31a2c50648ffb8a3571143ff7c32cf980a9077be3f7c27
SHA512 ff8c9d43e2d3c4d80f3db0c1324edfd507f45ce083835f3f4f553370409ae242e654b6d5be8f95f93c74bd01a5b164f3a3537501d83316d3196e7cdeaf56792e

/data/user/0/ir.miri.ashh/databases/evernote_jobs.db-journal

MD5 6822f8a4e3847ca9ce7b74ea3f9fe565
SHA1 44261e414622dde77e48dbff66ca4abf5a3f3848
SHA256 3349fc456a648fa5a991b378e1a30e6bc74734b902f340ca65d917982340a207
SHA512 d311e61e72059eed411a4aa384ba0989f5f752b243c516c7033d4adf987763c67b19afe040925bd80a50a0dcd89b378b5f30fa32bf23390592f4dcf20ae15f79

/data/user/0/ir.miri.ashh/databases/evernote_jobs.db-journal

MD5 c65905bde092d7df38f22ad42c5da84a
SHA1 75eca99618ec286ebd49ea2fc5affaf28c08a360
SHA256 824b9fe251988f995cdb3c645534255d0460f36792606c72b1d14a64fe8a3826
SHA512 609f52fb613be60daa275dc60a43d016d01cb091695a77b6e8b7563972f2530bca2242a441dc0c9cac238e44e61d9037efbbb80bae20386c9575b1363c449130

/data/user/0/ir.miri.ashh/databases/cheshdb-journal

MD5 38e83ede7ef6201e94849e75131ccfaf
SHA1 b84d07a793a1824584d72bcddb1817090bcca024
SHA256 0b332c4ccb23c5891562df8b90deaa1abc04599461884d83a2b0bbe31f32f552
SHA512 eb398fd4a829014605f179c9204ca999e2c90f8013aa299e64ca8dfc3843bdac4d358c57a27a1eb723f03bd6cde95e58cb2c9bd58d593cd421de3a1b05c77d81

/data/user/0/ir.miri.ashh/databases/cheshdb

MD5 097b56387213d6a5a389d135444ff3b9
SHA1 b5a94f2b0c7da2331d4cd0ca2ec9cc7e56ef058d
SHA256 ccbb0db22ea9ad7334684785356121efaeb84d66a796dcd4c7e9e0720d3a3439
SHA512 cc84e79ef26efcb07c6a661e2be50061518b8689dfcf2ef7ed3c8aa14f0e98fd520977037c62c93a124f2a049eab1ea8741e910164189cc70b49a71f2833ac25

/data/user/0/ir.miri.ashh/databases/cheshdb

MD5 7e6a17a0e8f55829b6d50fe2dbb5d29b
SHA1 0db67010dd98eb24310031b3b899e4f53ed800cc
SHA256 aa6473ccf5611442fe9402a9d861015b9aabaa7eb3f9e2efa335348fc2d302f3
SHA512 e91f741fcb087125f8cbdd773e1e891ed2b5717e3224c7dc1931e2cc362e23b65d677749b07d60e37c673103d202bf82812a64886d5e07354f163597b022515f

/data/user/0/ir.miri.ashh/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.miri.ashh/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/ir.miri.ashh/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 14:33

Reported

2023-12-27 04:57

Platform

android-x86-arm-20231215-en

Max time kernel

2845950s

Max time network

130s

Command Line

ir.miri.ashh

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Checks Android system properties for emulator presence.

Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.miri.ashh/cache/1582435991586.jar N/A N/A
N/A /data/user/0/ir.miri.ashh/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.miri.ashh

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ir.miri.ashh/cache/1582435991586.jar --output-vdex-fd=82 --oat-fd=88 --oat-location=/data/user/0/ir.miri.ashh/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
BE 74.125.206.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
FR 216.58.201.100:443 www.google.com tcp
FR 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 ip.pushe.co udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 ip.pushe.co udp
US 1.1.1.1:53 ip.pushe.co udp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/data/ir.miri.ashh/databases/db_default_job_manager-journal

MD5 fb5e5488cdda9e9c7ce6a85c8c51fd2d
SHA1 87ba4e3d0f94b0996858a78797fe6ad1fc8a17f5
SHA256 5a52f48a1601c97d400b5466aea15a7310afdd39ee9fbc6b3dc5acdc84009603
SHA512 e056fee1ce2a384baba2bae79f6fa5d02544e64eb9ab6ce05c405b047165ae89c58c94b2aea29a2a1208df36ed02e2d013834c5db53ce1c06cf4afe3f1d4f6f2

/data/data/ir.miri.ashh/databases/db_default_job_manager

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.miri.ashh/databases/db_default_job_manager-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ir.miri.ashh/databases/db_default_job_manager-wal

MD5 011edf9107a8eeef78900ba6495dade2
SHA1 85b4734e1a555041a07c47d197bccddd9a1fcd5c
SHA256 988d2231230eb8ddadc2da61b43d87008ea49be88a7dddfeabb3677f76b60722
SHA512 c0ea03bf87e4c7ce129eeaeac29304896b00f180d129224cd18e669fb1a24062825549036f80c7c5d4e8f6ab9c7829140768ae1db88db834bd75d0e345525c3a

/data/data/ir.miri.ashh/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/47401cb5-d794-4d53-988b-2fade2b50c7e.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.miri.ashh/no_backup/com.google.InstanceId.properties

MD5 abb79907b349e379103bbeac27cb7992
SHA1 a345f9ea3f71d6aafd6a9b8faf9562c9af4e3af1
SHA256 f17fafec8ef32d69e45a0bcc998783b7005fe6d0b34de48d903df9b5add54123
SHA512 a187bed2ee7afe71bcd571883a6698e65b1fd7cbf8fd7953d1cbf24938d85e8040c57fda0754a180027b98d61d68e693edb812f23d8c9e02d6fede61bc157c32

/data/data/ir.miri.ashh/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/40d4b38d-8f1e-40d7-9fda-40e59539e08d.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.miri.ashh/databases/cheshdb-journal

MD5 c0264cb5da198746c6183363e6f2d10b
SHA1 2a54a639da9e7a2703566b3163adf076aebd31f9
SHA256 1681ad6c10da2c78de09d41f89f9e06a1a1988f00b9f137ba0fab759090e8a19
SHA512 00440aaa2ac9b99510e04c29768807622ee7adbd26d66de104eccea8bb952c524432e6f601bdba9533e7b5ef5d66f17ee5c1055b7c8a9f05f472f5276a89d8be

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db-journal

MD5 54dc424f7d659ffae835c6c9e1c5b716
SHA1 7938484b38c6a48377ef0ff6d438f96145cff4db
SHA256 412c116b32a9c6062db46558f20b69a106794c505d1b53279e0db62093843acc
SHA512 58abe199b4a2839ac14c782efc18873c2a5de1749197425b34e3ae75a5ca51378c6b43da3d08b1c769689afb98d6d27751d3f163b9a2170515b85ce49050f7d0

/data/data/ir.miri.ashh/databases/cheshdb-wal

MD5 53be84a413f6b6cee691c76507002c70
SHA1 f851f7dd2f2179b2a17b1ffef37cd6918dfece77
SHA256 77f5c4538301b61d2757f7edd1cf0c0a6bc107ca8cd569a54129ffa148dff362
SHA512 fdfb71a46ffcd98ca6ee173d42c01180b4f879a3702f4b4474a255d8473754b1497f2fe964a38da0a075042f6746eb44a1e84aefee832b2ce7c2c08db18bc9c0

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db-wal

MD5 78a0ad43d9d417c02bc5557bd1708da6
SHA1 e5acd30162616549676b3c03631642faebbdf8be
SHA256 564267c5571e355024d5ad6e8c9d26b4d68e7d72b937528024d313beeddee51e
SHA512 b56201d14ce5ed1268b15aa8f40deeb00edd9c1fbb037b86ac7835b1b66497262008a656008162616d152038dfedf1d7c225824d82c36ddab43929a3eff42ab7

/data/data/ir.miri.ashh/databases/cheshdb-wal

MD5 8758cba7950040076c71ccc7706a75b6
SHA1 924251c6fd3275c2e5dfcb829f8e28f66b91de3b
SHA256 5b10881bedc0382a69957c9139edcb30cef3de7e877496f5a575d2f23503939c
SHA512 64653a59d4c42430e9fbbe2964a2785a26fc2fa416d8e033352112fb3d9cf58a311190f972046b375db2da5eda8b4a14b0ba7f7ff3748914f790f5d8b1be8c23

/data/data/ir.miri.ashh/databases/cheshdb

MD5 ea2e4a4ef8961ad68e15188df5cf4ee2
SHA1 c16b0cb54b6c114c4d112bf5eb9a40e3f6618df0
SHA256 0c1ed45bf704b5b38a4e733d7c9e8d897558595d803beab569c30fe633c7fea5
SHA512 3c3df169fcef3f669f0b61a8e36b58388be24268a95b5cd5a559e1a699424e1091dd20f8c63c0c81e743df3f08c095b4a87b8faadc09230d93b9afbd2f1db8ec

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db-wal

MD5 dc8cdd95ad611537e87d2a277bc44e5b
SHA1 b13c82c988bfb565fbe86b6a0f6bd02ab550c163
SHA256 495a4757f1154631abec5d4271efb6f3c917ad38bdd3a805699b3bf0454dc9bf
SHA512 d501fce514c435f9255bddba95550546fb41c1971b089c49e248a6ca9d76c38ac70833ff93e2dcfacb8f21db8c0a2859338e1ce8a49f428405b48bf23a29e9ce

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db

MD5 255f94c7f213d9cf13683dc7dc34005e
SHA1 6082deaeddc5afb111625d8932bfb88bcd79134f
SHA256 05b1266bf3b9666b263bd3abd9de6080185d28d44171ffdbf5020bd614d68b7f
SHA512 6ca7e59cf5a3cfd08f47de0d4a1134af3a21f8f8d8f241d0b23584523fe8cd6f495ac2f0a6e8d016647158e5fd71c981bbb2ca2f3415ba132bb276b00dce40d4

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db-wal

MD5 f17b4a1372abfaf5802b062f77693379
SHA1 9189c40931a920c06c61f1fd2e6a4d10381e57b5
SHA256 93121474690a58730956cfc2bc505c020a6430a9bbde5db15954daa4d7cb1ea1
SHA512 f91f69d11004aaa39d899ce6031abf3b98040f9ba09f92105ae1581708aae5551a0084f0b5efc320261f4766b37e2453a06a91f7335f38fb924d906afa6c4f4d

/data/data/ir.miri.ashh/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/fd77a587-652b-4ad0-b53f-32996d73dd03.jobs

MD5 3b6cd78cf1b2cca5a6c38ce9a347f20e
SHA1 bba71dd1fd2a2de4c8c4427c594a5da09224d4d4
SHA256 1e47690f9063c4d4c1147fe318c0b3b4e0ef2a7b06a36a003c3ada5e1247c524
SHA512 ea9e3efb79eb7affa444acf5aa8271a1c2c54ab4e2c248be1a836278b3a15a0dec5e1b05938c805e0cb8c62992a42b1089398c396a4f756ba7a821aa96448102

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db

MD5 2a7f5d65679b21a0b3d7c026899f3344
SHA1 7d900f0ef9912b32df3fe6125cf247a466132346
SHA256 3da8bc4eb0a4523c6b342862932498718cff3898cb3ffbb0b1848eab9748a0ad
SHA512 c87e9c4bf00ad0ff3dc93272b04b2155aeda43dd75dc04b1d20dd60380edbeb35734fcf654581b929d03525011d1905ed4c95046cfb86664eb6d89a085dd5349

/data/data/ir.miri.ashh/databases/__pushe_base_lib_db-journal

MD5 ab4fbbfed404e037d73d623859d54b32
SHA1 b8f82c6bcaace7368f5e1b470e9d0812d9367ce2
SHA256 1bdc61a22411a2a5f91a55e877c86213d6f7fba38a25311579a8b4fe23f9d327
SHA512 d4aa2d1a81ef65146406810e5b0c0ef0cca84fcd4d337ea15f68f5bb9d264d4c16b1f191051544a0a37611936fd8c2ef4773aa3df159baf8da404ee82dc7cdb3

/data/data/ir.miri.ashh/databases/__pushe_base_lib_db-wal

MD5 8deb9a68f4dd9fc8bb9d3c767a711db1
SHA1 2c34719276dda6a5e3a21f222c72b3bcb44194bc
SHA256 17729760463d4b15c2fc800f0635766684e8737601f5168aa8b05d3ed0481059
SHA512 c5c7b61ad96764a3cb1d7f1f5831c29407b4c1ec8e2b141a3b5daa399df8e2a792d349489cdf884c2eddeef2514aaa677ecd2212c873ae584177535af67ea296

/data/data/ir.miri.ashh/files/book.db

MD5 d7e978fee10b1ea784a93ce1b40afb38
SHA1 549a5a04fccf02ea73b1be1ece61a545d4c68e48
SHA256 bcbce38f031792f7878398b3446a9dfc655e02d14ef0273713567038f38fab5e
SHA512 bbd380bc3b61ef7ca8a1c8728d88006d89816520e75955849a8c7654c4e0b5da9e6295b1b09ba163ffa2f3ebf9f395c75f3a30178dab652ffec3b5d7756cfcb8

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db-wal

MD5 702f424fc274072b80bb6af9bb24c0a2
SHA1 9a4ee34ef55c7b52fa27b5ad40efd747fe1e83a8
SHA256 f6946791089159ee83a90063294f7bbe42198d63c0cd4f411759fc160ea8e0a3
SHA512 debe148542f2613f5bd1884c8a3a0b073b2a579a620959357f26fc04e011355c8ce1e223935bf54d984d27e8157b9c5c91973266fe5ebec3365d2676d5fcca93

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db

MD5 ab8a574553d7e74e2a6336a3f05f4aff
SHA1 3005b4a11069fa1d15d55ba02214f8f6aad93582
SHA256 e28c948d1b17a0a5240362ad0cd679e452781f1def2c318a3746ed53da68bcbb
SHA512 3acc6208bf095da8fa7e6e10c7fbbf2431e13239477dcb6e638d1f05fde86649273592bb525b23ede44e002b87635f2824274a78719a5035989f4e0244841bf7

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db-wal

MD5 401dc5214c629205ab6d49d8cf20a71c
SHA1 1ccb01655e26f8f771e27834a1c534a494d6fca1
SHA256 b5785d1b30024428a196296802519682165666e76cd52425d15318c3f84f8aba
SHA512 1ef603000b4bda1e5b8331e73a7d10394085cf8a9e28207d2576bff73b8f38bde0711edbbd444fe48d2ce2e8a29b4f1727e857a468d0090a67ed3e4a919dce2a

/data/data/ir.miri.ashh/databases/evernote_jobs.db-journal

MD5 1a1930c5d4e892eedd83f2d44a08304c
SHA1 5f474f1378717402ae21c3724916d8013fc3501b
SHA256 8a372c65c2966cee28a97567e936651b9cd69ec4218febd0080d660febae72d1
SHA512 c7f7170044365ec081774e07663b3359ce025ca05bfdf794489e27fcf776b066a341703fe20fab03468b17bb8da56a7acbe3606bd8b51e0db98369d1b59b80eb

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db

MD5 720589f0f2f8201900329edafc42a113
SHA1 3dfa3a3e1bc6f006b0488abc3a0143af6abc1c27
SHA256 543aea7cbf3be4c12119572af98ea6fda72e8cf886edd19a6ba8a80263e16c59
SHA512 bc4da98c2bc11dacf7e5b8edf23ba5a123faadb5a02cbdc4f082109619ca956c93b3f2d1a5b44aa039ccb0e0915ecddbfb2bd71307df7fd4fba6d38ee9cb63ea

/data/data/ir.miri.ashh/databases/cheshdb-wal

MD5 9d0563f7aa05ed22e0f51c4e027f1313
SHA1 ca75434f42aea42c4861883ea91893bd06e66b67
SHA256 4c359595170ef8fad7f74de17b39f3ac02cc2058e90f523a96d4d55561d8034d
SHA512 351add40f773706a3c37fe2ae6a8d63a4b205f6970e9c77d485006db8ec0e551687971977def47baf25411f9de7333b51b56c268ca163d2853792964077cf4e4

/data/data/ir.miri.ashh/databases/cheshdb

MD5 b6c17b40743bbcdae7f4308543a325c7
SHA1 5b48cef79d7a2895e484bfd8369cfb0a2bbfdbe4
SHA256 6a0a61740b2b41c43bf86b5adaedc968aa45be20dbb51c5a7c126b505142e7ff
SHA512 f2254fc25dfa1d937ef86ef6a85b271e66004c54de1939f67ca00f5ea52b227695cfe5b4032b1e017859b7e17162ccd680a75b8b7d19d79067ac2f1e23e6caee

/data/data/ir.miri.ashh/databases/cheshdb-wal

MD5 adf289afbd74f66447f1b9e1181ddfed
SHA1 46d66b510fb5fb4f55ad243e2907988ff7c20339
SHA256 b9fe627c9aeee09be9c5ff1a405f9ee75e7d95c5bb6a131cf2d1a326b4ecd974
SHA512 49e6ff6f9bc56b240edd49ecd2ec19e5e852c4775e6d02738c5359a0ef70eb5a0cd22b9848659662c2296ed535da6e77e125debb9d8ae0e1f4afe8b091d31424

/data/data/ir.miri.ashh/databases/cheshdb

MD5 8b710a352b89128a5da6bed4414b8b80
SHA1 1d5e83173f246c95919258dbd7f18894c6973cc1
SHA256 ac3257fc86ebfd4ea791a326b246c47ff7fd5b216d4d6b72ad3cc7b3eee17096
SHA512 f7da0e19c6e93a110b7df19a03bc8aaccf30b7e033c97a24d24fbab4929b0ced30d15816c65db3791ac2e28f34445047e20dccc1917ec8047f35c8144e547dd8

/data/data/ir.miri.ashh/files/book.db-journal

MD5 a05f6211c2d23008ad636f8709c8fbfb
SHA1 6fdeb32af88a37ee3d29dcaf957e83516f8c816a
SHA256 3ef000d59db5a00c094b0e32178e03252976d987bfd665f0aded6aa83d22d330
SHA512 cddc95fd517d67d5fa331f792795c6f76a675555afc548ab60420ae1ef6b58be4158ad3167e570f27f11102efdabcd3b0b485c4df0f5216f52753e92284ca1c2

/data/data/ir.miri.ashh/files/book.db

MD5 e8e4d6a9afb05e12a980bef8e547bd39
SHA1 d86477523b16642d4d72fe76c72d788685d2676a
SHA256 d545ab8922ca8b4bf4e67a0447ee4d5e1c46ce204f9cd2e4b94e97d0e170b3c9
SHA512 a05ee9fe83720a6fac52622d11a124b4a7655af2e893fd800fe27e67e2719c783e45dfb5e1099988d6cf25be908f46add6e12c2286b1de7786f71d69415b340e

/data/data/ir.miri.ashh/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.miri.ashh/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/ir.miri.ashh/cache/1582435991586.jar

MD5 2048eb6124a452540ee51dae4145aadf
SHA1 d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451
SHA256 105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864
SHA512 bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d

/data/data/ir.miri.ashh/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 14:33

Reported

2023-12-25 09:44

Platform

android-x64-20231215-en

Max time kernel

2690308s

Max time network

164s

Command Line

ir.miri.ashh

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.miri.ashh/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.miri.ashh

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 sdk.cheshmak.me udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp
FR 216.58.204.78:443 android.apis.google.com tcp
FR 216.58.204.78:443 android.apis.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
BE 64.233.166.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
FR 216.58.204.68:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
FR 216.58.204.78:443 android.apis.google.com tcp
FR 216.58.201.98:443 tcp

Files

/data/data/ir.miri.ashh/databases/db_default_job_manager-journal

MD5 2d4d9c38e9cc585cb61fc87ede20d68c
SHA1 1fac8611d22a1ef645604194d3d4d8f6a4ace87f
SHA256 cb38b67232bc727f7db64cc3d7d61b9d003a0e97584d264bf760d2bddd981c0d
SHA512 5e9e9cb03294a583d021d70eb79126dc42a7c5a4fb0b06e25ea04cefcf56ae7e919707a9053a5f0d587419d8e0fe51a106d6f5c56767fa2d8b06771bbc43131e

/data/data/ir.miri.ashh/databases/db_default_job_manager

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/ir.miri.ashh/databases/db_default_job_manager-journal

MD5 bcc0bd0dd3578d808c6ce9fa6a322da1
SHA1 cb5743a5f6194c9bcad4bd614faca900c10c0c0f
SHA256 99408bf34ae6ffa074da5ce6f441e4d4888a5dac8f96bb7c0e3779fbf077c57b
SHA512 71ece42a9fa195cae095adcdf93eeebb97d74cf0fe35641af3659b6c642b263cb8c5ba7247dffb1c18e4d49c6713cdf326e41caf3e298f3f20ff4bbbb9b82c84

/data/data/ir.miri.ashh/databases/db_default_job_manager-journal

MD5 0e230d47f0dbea39d96f0d6258db5549
SHA1 9876fb1cb32e0a537b51ddc1e7e9a14d6767cf98
SHA256 e2c110b7acdf4210b19060c777f0e447c440336d65dde932741b947770451935
SHA512 99d09d7178615a3b3c2a3bb5891c18eb5db4e2d1e69a8f671d3535af3e97f3bea2db9f08caca5733add51b84b4d4477ebc67867a406bcb7f4e0f4de43884b2f0

/data/data/ir.miri.ashh/no_backup/com.google.InstanceId.properties

MD5 a2e4d455031329145d59c6635d7dd142
SHA1 7ed67389021374735366f4ff25fa9b1e234b17d7
SHA256 e76dc3e1730f5f3f86aac4debb661787af0fa2642c29d3e33b770b7e08d40e1c
SHA512 1c5f9dc9984ffdc71b1d8f1876a60fac239af82bcbfb1d465f458e8e6876994a25312496f186f1df818037ae25c92de5f50c4e4be7ee90cd76679800da963893

/data/data/ir.miri.ashh/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f2f4386c-4097-481b-90c2-b5ff475fa23e.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.miri.ashh/databases/db_default_job_manager-journal

MD5 4bb32209fef83c290a84c47c9636e590
SHA1 6a67a6f5833cc1c01ba79ba828e44fdd73105e7d
SHA256 2e322e317a0da44797844379c805c764eb7f24f794c456167859204e007782db
SHA512 cde38e8a9652fc197d1bcc016274fbb808025272c0160f57c226c3a485bc612a2a17cbd85199e2d2b9872d1efa3be1ef31d918018398699fa654606766e0887f

/data/data/ir.miri.ashh/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/86afe5ec-d191-4b6f-9b79-19a56ba0374e.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.miri.ashh/databases/cheshdb-journal

MD5 d80dece5c3d8c4392358f4584700ed69
SHA1 507f80442570db70b128756c532607758de294b8
SHA256 f6283fd7a66e9a5876964d7bf5534c198331cbae5866590bdd259bf4beeadda9
SHA512 e729e904e04de95146bad216e336805cd0a2e25510634d41af20b288c6973979dfaedb55a6ad02c0930a1ffe5e7dec1938493ace515bd33684eb20675e5341c5

/data/data/ir.miri.ashh/databases/db_default_job_manager-journal

MD5 b926100d4014573af79979aad43f8e74
SHA1 80d6f8b7f8432bd8790373a01aa0f2040097dbd4
SHA256 423b7891b43c48bec3e1cf1c4615a7782b394784a02a15bd941a0c3c8690fc37
SHA512 515b07651f5575432df1f23ab9776345e9548592c8e0b201dcadcf61da1b48ee39ab7a2f4867edeb18a696e70e539484f6885d109f13067c3771ff86cc24331f

/data/data/ir.miri.ashh/databases/cheshdb

MD5 163b0e3f017becbc89b9d7f330b78f09
SHA1 1ef9cd8ac8655190468d0ccece0a4738634ab0f9
SHA256 cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36
SHA512 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db-journal

MD5 fc1b00d01fa5cb45ed1562ef869ce047
SHA1 b5aaa9f694817d98b3c74946dd2fb86cdfda5582
SHA256 f11f139a9c072da683c5446f456bd7811b815484db055021e77a08b6841c9161
SHA512 2cf20528c7a3451780689be5a02f229541c80dee903bed22809939dfdcd498814a7cf4ae320c0438208e6b97e62221e3babd6d25a805ddd8a5be5178306c476f

/data/data/ir.miri.ashh/databases/cheshdb-journal

MD5 e21dd5416100bbb8206519a914c706b7
SHA1 23b11b47fe98b8233a7a2e3e2a87c689cd1925ab
SHA256 d386d33d8cf6e8e8418964be071cb80bbac6ff92afedb4b180ddfbc667201431
SHA512 bf1983b3ce0c9a5887d4c910bf9e8104b9cf2fef8bd4e377f6a0a5303bcfbe8265a3bd1b1861033ba8698572e1bcf649fc6a6fbde142745e525cdc0df487dd3d

/data/data/ir.miri.ashh/databases/cheshdb-journal

MD5 d830067e4cf243739e3b1d4c075ecbef
SHA1 df699cdfff59db5423afb1fa606c7663a81f1a40
SHA256 4afa8f10da72b8d3dc729db846e2a5a2ec6419c77156fa77259b86d20b00da54
SHA512 9ab1a30b51469ac800dc90a376de36f5043fc43781a34582dea63ab10c7ef2fdcf0ccd1a07a549d1a3e146653a4cd76f738034844bbb1dd6d5393bf762f55d1f

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db-journal

MD5 3cf694ea54be11f4aecf9141fd1acf48
SHA1 3702b3aae8acf348b93cdf1ca8a13c02bc3a8ced
SHA256 159dc401fbace65ec2b2906208bdf62b9a415b833959b16be5b891e74e2d4be6
SHA512 da6a43d2f41246490410c90c35ef7489f108d98b756f03e02285d79e3a6aedc4bfa6f16b626b28c4006ba39980ea5b4fba0cbcb6c4a69a6d9aaa7f1d658122a0

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db-journal

MD5 492d63156c7e20b81c9d853c35de471f
SHA1 c220b21fa139cd3779d38b69859e618ba3cf59f1
SHA256 a36c0ba331945b96cbc539e90548e5380327b52831c6428856073bdca43a69cd
SHA512 7ab59a5601f505181501b120f8baa9c4b7fc096d76c1c51d68c7ac3af0a7dca450f8fe3e726d91816d9b7c703631d06988c2f70a50deb827c4c1b962c1242465

/data/data/ir.miri.ashh/databases/cheshdb-journal

MD5 75e6311e4a68b94718c73a21c5a985a4
SHA1 327bda9db90bcfff3986a912a3ec159cfa4ff97c
SHA256 b5dfb4af2465778c3f5bca159f50d1815fb8f07dfa23d9e47a4287acee7fafd8
SHA512 d5be6ba9b2caf072defe5b12264833071bc233b1a31cfd2099c7587b95e8ea00235a4a963def6c8bb4d09dd39e79331af10613ec07ffc14d61b43e2c6b99814b

/data/data/ir.miri.ashh/databases/db_default_job_manager-journal

MD5 31abdb60d1b2ba166202ac89eff2b7f6
SHA1 3ff66399b76f196c0ee74f5865d70fcad0be3bff
SHA256 d589ec2a995f63a5af3281e4b91c80e09ed2afe1a84315d18fc62050b9360534
SHA512 1b40cec1a058250ece995a4c34d9f23fcef0fa5358234bfbcc3657c92b6b3a7658dbf118709de354664c9e6202fb7fda8abe875284c354c996b077d1fe35a27b

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db-journal

MD5 07694e69f3db150ba733d2d5d4e02ad3
SHA1 2c4f5723332af28ca7f267733a92e957a2ce87be
SHA256 5c6c8104c8e29e6b4395187503b6688f4c6242e30766b09c2def1f185492f888
SHA512 7d4b8950508f5db8b3c2e8ebfc9a223e139c4cb62cede284cb0cc73d8dc92d515957036b7ef52d94471e6b672448f4dc3a065066deff10b3c4e92031c7465f65

/data/data/ir.miri.ashh/databases/cheshdb-journal

MD5 36c8aa27fcc11375a5e6988bb7c9cdc5
SHA1 141cf1526d3bea1d9c2557e572c68cf6e86688e9
SHA256 80f0b92fb00594f621e45ced82b0ea305b858719192c6dcdf1eb9138b912b09a
SHA512 5bbea80247c5eb609b299ff5f77a671375d0dfab511e654d4d8a34e4f7d1fea30fa4d4418f0f06ca33ae73b445a4e287486aa49b0a48b540a866fcbee77b3eac

/data/data/ir.miri.ashh/databases/cheshdb

MD5 69c6365a2590414cae333e38c0004f75
SHA1 e922685fa87e99967391e15cf086a5f34dcb571c
SHA256 5159003465fc0b8a248699a125cc734bd630ee4d99357711953204e1bb8cc965
SHA512 7aaeb7a8a98bb62fdeef1c07c9d1f3c5d87f08eb2a926750fa411486dd8f4e073139da5e4de63a0186aa34d04bedb4629340296003a905ae1cba53059e20bade

/data/data/ir.miri.ashh/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/03b03093-c264-4e90-8293-cc37fa48eecc.jobs

MD5 32f9f19a52bb2976bcb1e60e15a42398
SHA1 ea3a656b9abba718cd06610b5df42874fa896734
SHA256 b1a629e9c8d8420c9645281c17b32c91cd69e8595a3421fc5649161167b5a637
SHA512 697aaac5639750b93c4df78be4536ae8d277ada1f8a0fd2f9a4d631bf2c9508cdf24cc3764b7784106c0d6b0a7c3cf218871f615deba47d324816797747c958c

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db-journal

MD5 f4da5f66965e2a637dc47464f85aa135
SHA1 ddc0a74329b9bf716c920087231685a4de06f2ba
SHA256 b53d520cb22abea3cd1bbcc90860e9825d9d11afba40de60687664ac77b1cf5b
SHA512 4c815093985b9f47800e7aff204e14726a5f0efe519ec66ddb7b276c41b14bd4fad1ac0bb7d68524f20fbf1c70065c313ff7c35fe0675adafa9f43233d127c04

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db

MD5 34d543a0cfef546e7d1016c4aa6cd173
SHA1 c1920dd3ac6efc9440f255efbbfa3df24f0c0d9e
SHA256 ee8afc4b4e4bf5d9b9a3fa0b3733c17e59fe76a2e1b9bdd78dbe4b60b3fa8a50
SHA512 c8cbe17a932b77548c8da00a719e0282ce31fc8b01ca92c34c6f02bbffe2fcca1165715dee853b0716880f036a2dcb5ac4ab07a761e513876e2b5129a493ede4

/data/data/ir.miri.ashh/databases/google_app_measurement_local.db

MD5 16d25bafaad6d158417c16a475df3342
SHA1 19f5f3ca61d8e6187df7e380d2101d29617b6096
SHA256 fdf55fb5d0d0c487f44f35136c21584ba466445659653dccbf647d68b789d051
SHA512 f197c7ab1d5fbe0baa123a69dc07daa3b1f5e083993745fa190547601ef4109853f6476efc9ce00cb6d5ee60f1a204157be5081cd312b93caef3dc97574fbadd

/data/data/ir.miri.ashh/databases/__pushe_base_lib_db-journal

MD5 436aec0c040ce55b7de68e397daaf16c
SHA1 b702bb22cdad8a034e85b648869499b611dca135
SHA256 96227efeec91a87a964adf156c9ba412c9c0110024c6e0b5d793290bed265d03
SHA512 f239b41713d2aea037f2508cb0313ae183d381a82e8bd7556012f8a7c036d8def541e4c1db84fab381050c2162ccf2b0af2eceb1a67bf8777c2a701084e7b406

/data/data/ir.miri.ashh/databases/evernote_jobs.db-journal

MD5 116088fa4a766d07712edc4a870225c2
SHA1 c6af3d40a158323533c3d5b386a8bf13bdc788e5
SHA256 b999e03edeaaf956337f236c82e67cf2ec30621554c8b43d4da64761f4dc382f
SHA512 48d0b893b53ae14026419619b4f45b86fb0a94e1318225bb47183c9ed38034a5a6ce7dbb83aa2660ef30a101a6c2fe9dd6a5d7b1c9706320a0c4fce81299886f

/data/data/ir.miri.ashh/databases/evernote_jobs.db

MD5 812ecb65622fbca987fc10a0d670825c
SHA1 5bfa9712a352b3bb62669e64d7c1b3dded9db330
SHA256 0c5bdccb4bdc5782a6cc1e9cd540a5bd70901790cd303c78350dca645ebfa96c
SHA512 57e00123f2f21d3670acb774ea22f42c7f440703352b86c0fb9c4dbd73ef088641dd17a674abb4bd01111d3399eb249ca0923452ba3a8ee43019c92b2f03a6cf

/data/data/ir.miri.ashh/databases/evernote_jobs.db-journal

MD5 33c524db1d58c77ba621517c57af6765
SHA1 fe12a74f84ec00ecbccd9bd646e5e6119c50ac78
SHA256 ab84387090b5f2dfea4c448cef5095664df213c216dd7e15b4414d10641541df
SHA512 d21eaee27cc2de8c2bb5031386504f3ecd5bea894728b505fea0d3c317d7129712b1359d050dc4995257cfbb4fb83f927182fb3656edf872dea2ced2f512821b

/data/data/ir.miri.ashh/databases/evernote_jobs.db-journal

MD5 f0e9284976b554b41e3004ee709434c2
SHA1 cb95d2f34129b60041a9e442f742366a3d8180f8
SHA256 b62649ed5a59c3dc93c92361c18ab040f1cb22e20716dee14c7ef05caf7d6761
SHA512 f9154af0164bc5f2f4c12284cdc6e62618deacbd0a8a2a36bd603aac2f75f142ce011ece55e661a903a3f8240d0d0bfd9cb1b8973729cb4c4961420fa79de252

/data/data/ir.miri.ashh/databases/evernote_jobs.db-journal

MD5 edd0b0ff06d6c6216d0eaaa290f2a6c2
SHA1 78c4e550c489cf040a8531e1fa0c5c986b69dcf3
SHA256 a394a3ff1e64b50fb3692c25398a7629307da354a30dc875a846c9a24aa699f6
SHA512 94a53ee465cca4f50d53cdc03da20eb67e8f78eeafef495ccb7fc38d653178a9b8dc95240171f154ffb1732e9a834e657f4fe1d6861bc4f3f35fe4ecd12053e5

/data/data/ir.miri.ashh/databases/evernote_jobs.db-journal

MD5 ec87333468b0caea90c7cb5109416041
SHA1 c5689c11bdaba329e5ea85aa8b8069706973a9f5
SHA256 2e4a7330714d6d32c07556b539dff9fe3a984f6344d3d579ca4b97fa939cb806
SHA512 cbefc969ecb4be834885cb8097cdc24c03b7385765cc2fe84b361808282813cbf09a96cf8e0187fdf30504b64424a5865f70057ae062bdcc3cb6661905632af7

/data/data/ir.miri.ashh/databases/cheshdb-journal

MD5 4ab2c0866bce73628ab5c1e8a063aca9
SHA1 65bb14d09abaa0e9b2a9729466c05cc5d741ef82
SHA256 2bd5ecef33afe1ec2f31724963adf287901dcc662123655166294cb42358b183
SHA512 c75d698bfbf51ec5f535fcfdb3cf72f72ff23e61fdd7cad57c46115e4c2ba4b7a01bf51b01743e832ac3033f5262e72aafeaf69777b887b54279c9d56276b6c8

/data/data/ir.miri.ashh/databases/cheshdb

MD5 8b16e60a0177bd85ef5838e9fe4c77bc
SHA1 8e3b59e96f2b052764dbcd96dd75efd97ef3d700
SHA256 2a11f15790e4fb141a13d6ae2c33969e6a2a82e24f3819721568ac0d8064122e
SHA512 5c80861b268ffe5950d3da4d71001e7b67cb67ac5f91a289b5b5adeb2a9366e351263d937fc888b028e230c63a14e98e91c20a3ae7d9ba013891202ec0256364

/data/data/ir.miri.ashh/databases/cheshdb

MD5 01c4b287695ff339e99aef65e7f992ad
SHA1 e2d62d678dfa629541d7ac0fdacbeb2a52060801
SHA256 83d663d0bcff1945102526fae97df2922240056352593f6cb2b72bb305e6aee3
SHA512 5a9ac888a925c942973351eacc093da5b53e201442757b7f31583040437340279bcca3a6fdefabd5b76cb0f4d7a734faa802fe484f68ee923778128ee3d64d55

/data/user/0/ir.miri.ashh/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/ir.miri.ashh/databases/__pushe_base_lib_db-journal

MD5 6943836169a975505d9db2288cafcddf
SHA1 4ffb124da854c124402601639c948831b5a94c27
SHA256 7b413e75fcc07507c47817f5e250e2b5d215a4c7e8b624dbc9aeca746b58d319
SHA512 71b8fcfb60246698477200a5e07ab12227f611526403443432aa6aeab90ea08e2798a6e797c43d0bf830c96afe8c1211a472e29db3fbe7b4d5773883cd9d85ef

/data/data/ir.miri.ashh/databases/evernote_jobs.db-journal

MD5 c54956605c869c24ead52572d3719ec1
SHA1 c1822e487fc07c270125abef472dd1f28fab6d2f
SHA256 eb5bfa7ace9c4052b4506bf2750831e12dccccdfd0bd7f981f85573f1be400fd
SHA512 496a2788d72aec68035d6c92aac66a8c0559893823ea1c1f700a8e086bf6a8f54aff31e10a496cbd179c31edc9da724b4f792040c7caf5d1e910dd96660a4544

/data/data/ir.miri.ashh/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/ir.miri.ashh/databases/__pushe_base_lib_db-journal

MD5 001179c4f39178182cd6679c44a0a5dd
SHA1 9776991d592b6ba4c2da73aa673651b8c1c2b14d
SHA256 853d7f7d17d92bf7a61a3b7b45362f67c76b18ed2dea0626f519edd5962c6e55
SHA512 2b6438a607815186b8e8d85560b6f9096afc9a06aca26be670a4d38e3b8489a34e5d2ecbaeba9d70f5d307b53f232c45a2763b954689c7dce78d05f5d5085fea