Analysis Overview
SHA256
31b2f45a55756c896224cc9c6d100ce10b3ca807dea600a11994122f91c4fab9
Threat Level: Known bad
The file 31b2f45a55756c896224cc9c6d100ce10b3ca807dea600a11994122f91c4fab9 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Loads dropped Dex/Jar
Reads information about phone network operator.
Requests dangerous framework permissions
Acquires the wake lock
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-23 14:35
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 14:35
Reported
2023-12-25 10:05
Platform
android-x64-20231215-en
Max time kernel
2691619s
Max time network
155s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ir.alghameh.mahali/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.alghameh.mahali
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| BE | 64.233.167.188:5228 | tcp | |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.169.46:443 | tcp | |
| GB | 142.250.200.2:443 | tcp |
Files
/data/data/ir.alghameh.mahali/databases/db_default_job_manager-journal
| MD5 | 35f02ec0295cd7fae8be9361601b0e33 |
| SHA1 | ab831612b47b84fff8052ebbfed0651143b6089a |
| SHA256 | bbf54fd2575e986d4c4ede6093635ae5679eb53ec1fba4f9bbc316395d8547ab |
| SHA512 | 38925cb953194685b0f8800bdd62c20bacdb79466c6648b6774d8efa1f001d4ef144535fcca941916770d049251b369064ee58f7cbe48e0e6b54bfc686926a28 |
/data/data/ir.alghameh.mahali/databases/db_default_job_manager
| MD5 | ea628e04765adaf4238a5dcdff4bbd51 |
| SHA1 | a801947619ea8c368efe9c006a324dc6339ac60b |
| SHA256 | 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4 |
| SHA512 | c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe |
/data/data/ir.alghameh.mahali/databases/db_default_job_manager-journal
| MD5 | ae9d685577a8f32c2954813f19d14490 |
| SHA1 | ec1c4103ae88c333abf14cab77f9e9b345c7d969 |
| SHA256 | 1193fb00f87a84a45da8edc1a67754121a5a57e5c4b3b273095b62407a4013c8 |
| SHA512 | 953bf87f1e517c4bbdd1768d7baacb32ff7b8ad0ea4fb4ea4dcd93d1aace0e75d8cb6df6cc7a86dcccc442107ee1a69984d5fc9ba58e4c6e2ead9c22000a2744 |
/data/data/ir.alghameh.mahali/databases/db_default_job_manager-journal
| MD5 | 1b0e004fa3225062367300d3d842e19d |
| SHA1 | afc0b375f42b872e75c55eb95a8c486130047a41 |
| SHA256 | 7c1833b1656332e26d6ba34fbe3ba194d6b2f2468322cd40314226db48c95f34 |
| SHA512 | b6d8e7609520b9a4a120c62ec596acfeebf528e95094d83cfd71babd73a1242f121e5ac6d4c121ee1b69ccce97ce945a81b35a1872fe1b4caa3e08dc921549b4 |
/data/data/ir.alghameh.mahali/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/a4bb2fae-fde4-4f36-8476-6618e01d311e.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/ir.alghameh.mahali/databases/db_default_job_manager-journal
| MD5 | 41acf8e21c036490d00437d9042181e2 |
| SHA1 | ec30bd28d42f68924fa4a9dba9630f0212dfe669 |
| SHA256 | 5692a4b74d84c051dae8055590e4dcb497fc7624fb6fbd9384494ee70b937fda |
| SHA512 | 287cae94f31efb413cd1e1cd99f032018ef5f4c697864d4d30361aa9188b40acf4766a9ad9ba5d3c4a9d939ce4b0542f77e070dd295b07fc0147662fa14b7fc8 |
/data/data/ir.alghameh.mahali/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/4f86cc62-fe5f-403c-a7ab-39891cb6be16.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/ir.alghameh.mahali/databases/db_default_job_manager-journal
| MD5 | 5476845c9778756a3b61724479937ca5 |
| SHA1 | 5cb01177df39242c9918ba1aab441e5ca6e3aeb8 |
| SHA256 | 0bb183e7e15bde2ee3d7d76b103402eb8f2a70f2cb2c84b7926fede7d5ff7f4d |
| SHA512 | 130efe2583c0eeb9d12323bee85ad086019bcbd9b900219ee903a67bba57b7239551b699adba614fd8d5fb81bf213024c3772b2fc83b9f83c813e3c4ae8ae592 |
/data/data/ir.alghameh.mahali/databases/cheshdb-journal
| MD5 | 5052883981f73c9500d4f95b69d4e54d |
| SHA1 | ba0e78f4160bc3fe436979f5d4d9b246983fdc7c |
| SHA256 | 7ded45ae2f390d6989616dc7e5edef3a1dbfba7887ae60e4cb1970668a92fb20 |
| SHA512 | 4bbe1f23d0055d6b790934b156f32c0613cd94eb50c7a7b7c391d71faf8a14e906a99ef5f4cd1940368286511488e0a262f7f34de0d45b7c448dd675ee6d1fc3 |
/data/data/ir.alghameh.mahali/databases/cheshdb
| MD5 | 163b0e3f017becbc89b9d7f330b78f09 |
| SHA1 | 1ef9cd8ac8655190468d0ccece0a4738634ab0f9 |
| SHA256 | cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36 |
| SHA512 | 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd |
/data/data/ir.alghameh.mahali/databases/cheshdb-journal
| MD5 | 5fcac7df7a4bcd0fda1b6a534134b478 |
| SHA1 | f1ea948e63d0bef04200fa5d770722329b6aaadf |
| SHA256 | 10a2a4f4f29d3d1a3d00474290bfe40969f8e2ed8cc2fcc7669747d1d275f30f |
| SHA512 | 99213b21ab77191a648c8272d3c42fb4a990162b6b3d25fb77c8e5da507a6d2cdb1c5a901e0f2a9c3dcc3d77950651f8aa0123a15fb1947a7bf86c55189227ae |
/data/data/ir.alghameh.mahali/databases/cheshdb-journal
| MD5 | 3777b377b11da4af98844a7600def17c |
| SHA1 | 4cfa5b2843c7fd71b2263d193b5b0c28984d1bec |
| SHA256 | 737166a13be3927363516dec212f4a8765a6d50da2aea52ad057a95885f7f734 |
| SHA512 | ec8e05d436322af2a6c41d54937196803d42c620dc0ee90346dc09cddf83a9b6649a0eca8c2dcbb3eaa363b5ca6497026a6b2ef90fcdc29ab848b1a35ca6e672 |
/data/data/ir.alghameh.mahali/databases/cheshdb
| MD5 | 53d73d575660371ff672eee0b199f2fc |
| SHA1 | 11b1e5a03c4dad6e857bb3fa802025a0975f6448 |
| SHA256 | bb28bf23f0b37229e04ed58daa36db3350ad168912e74a4dba6fcb3fab28fde8 |
| SHA512 | 4524938db9e36b09ac6425e35eed755e9e034cfa4db5c490d8d2454bd17caf31aa299142fa37a69847b8b768eeb071555a5e2151ce75ccbb395fd95fdd58d906 |
/data/data/ir.alghameh.mahali/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/b4b57889-645d-4acd-b175-d8133e52c7c3.jobs
| MD5 | 404dc7072b4ea8504e065f1b8cb4e299 |
| SHA1 | 15aac173e86db3adbc55380dd3bd1f9fee790793 |
| SHA256 | 2edc28eddf834b1213259985fdef21f0b26a33c8f8a0e3223cfa7783eb219266 |
| SHA512 | 64d69d179e5ee88043b0c038afcc76a6037a6ac4e6baa4a21b68a4ea00804083ce6879a00b8fec72c694a996cdf4bf3dc495f67455a214cb800f0cdd30286d27 |
/data/data/ir.alghameh.mahali/databases/__pushe_base_lib_db-journal
| MD5 | a0c66e543104c2b1cd59a0a383970e26 |
| SHA1 | 4f0c7352bd8d148529b0849b6d4fae4b7b90f035 |
| SHA256 | e45aaafbdd45b8d4dbe24d81a81175dc54f02774da88ae3ec7607f4627297029 |
| SHA512 | ef5ac374345c0c3437b1f36f336883c29aeaf6915cbc1d6ac7e28918b5fd6b119c88a044f3835970efedaa64637a10debeb47ece46d9fc9ff408c9c08028785e |
/data/data/ir.alghameh.mahali/databases/__pushe_base_lib_db
| MD5 | abe9fa56c177c65db8c072e6d81fc41c |
| SHA1 | abe9e9bb6f7294324f549af4435f58578ae69f2f |
| SHA256 | 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a |
| SHA512 | bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a |
/data/data/ir.alghameh.mahali/databases/__pushe_base_lib_db-journal
| MD5 | 109c15b646bd5a66b9222d4de30277dd |
| SHA1 | fa5e0511c4bea584f1b52d23329c2c2eecb4ff3e |
| SHA256 | 68ee412289eb0802835389a7843ce02705500a1ba8c3f134b9c1b2eed6e0b25e |
| SHA512 | 9deed785e99e02c031a34aca0544a1322ab3d021ba29736b46590fb0480571d820f321f61dfb7bea116fa3770a49bfc5e352f979f61e3a6c03b8ba9c29c16147 |
/data/data/ir.alghameh.mahali/databases/__pushe_base_lib_db-journal
| MD5 | 769e1e357a738834ff254ed7998a66b2 |
| SHA1 | f51f1ec3d2aec0592c31bd70509ec665f7f4f634 |
| SHA256 | bc05f0886824dc2e7c8a0f5fd163401b6bf462b48b954f242288ce2bc8e8dc7c |
| SHA512 | 132918c117c2f733342c905eed99f3ae667ed553c604844b65d3fae63ef08a8d53d7c0525333d034ee72106d75fb04b8464d8d1f28ac502dc45367a0fd10f24a |
/data/data/ir.alghameh.mahali/files/db.db
| MD5 | bf004c661a87bdc5c921263b95d4f597 |
| SHA1 | 29bb28ce10bd692154d4fcc0eb24bb78b404d16a |
| SHA256 | d0fcfc22c95e781e942e45e4c5b68cb9067d1b6874ff21d926931626bc2ec9dd |
| SHA512 | f90917657c06e72fdcf46ae7c4ab7a337b6a0c396dfcc9c46e434f1db6266eb686ebf86130ed3149ad5399e9d73170cf23d661d51cd349b5196d8e2fbff8d0bd |
/data/data/ir.alghameh.mahali/databases/__pushe_base_lib_db-journal
| MD5 | 8d880a2f33f9809b84d8b9f2819320ca |
| SHA1 | 42467204a9a8afd93e3e0939aa307f0f752fd7eb |
| SHA256 | 9d1ce4010d136cc2e85dec455ae630f141a35f229c4dbbcea1f804449efc6bb1 |
| SHA512 | e0956145618e9f5ca611cd72ee708aa3e7c5c91323cb0743db6191cf236439138bba7f32f2a012daac6670e0a13663b7d7e1cffc57af2868f60dd1f4af3df495 |
/data/data/ir.alghameh.mahali/databases/cheshdb-journal
| MD5 | 39296d5a1ba050d0c2c0a6a333e9e93e |
| SHA1 | ad9c309c837da6320bad4e07f33146db573d6fa5 |
| SHA256 | 0879115c271a14e9c7e12348f3275c5fa28ee26b8af186931a66b9a6a2f5ee51 |
| SHA512 | 0efc6dba6814ab24c2fbf264308ead9fadcaf21f3170326c60d6bb6eaa5b0d4d346c4cc5309ede381dd29e7162efce2331cbfcd7179f4d3de779103623a54f2b |
/data/data/ir.alghameh.mahali/databases/cheshdb
| MD5 | da5d17ebc7966966b4e71c31e7bef838 |
| SHA1 | cce13261706ea5b18698abafa8bc0e2ee0227c70 |
| SHA256 | bc9dc8537e00a1c7d697811ebc9f1265fc543a743f19837cd80aa48b1c4ad788 |
| SHA512 | c0bc3a7a7970c3594711a50a4ff3dcdd7120c880fbdb4af81cce44d8c576b5b292435a17a5953337b7804d2f6ce7479d60bef588df399414ec51023e8fe0296b |
/data/data/ir.alghameh.mahali/databases/cheshdb
| MD5 | 4d0cc830b31640602ac1a2bc13023322 |
| SHA1 | 2a2299c4f01ebe1052b582cf3514c0c54b8e3f41 |
| SHA256 | f61c942fddcb420fc55d47770a4ea4e159d972c9a4f57efea8fc4d31dd24c2b8 |
| SHA512 | fdea697e8a0e7854fd0af66245775b5b388a6f7b2469f6c8574582e3990391c8549f5076511002da23d66173affca9cd11b9865027356bcc2054d1f577dde24a |
/data/data/ir.alghameh.mahali/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/ir.alghameh.mahali/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/data/ir.alghameh.mahali/databases/evernote_jobs.db-journal
| MD5 | 162069acfc6fa17a5f636dc9d27aa01b |
| SHA1 | 8d59250d9c9db5b39a907eb74c5ba9c3120db060 |
| SHA256 | fa274e8881011b9f34c947f1f388fb6e8957197c417732dbff7de65d3367c09e |
| SHA512 | efb645932d36cf20a2f141ceb36ab91d5287a06facb8d7336d9c9af9fa5c75b06d7fedbd8c9a441d78e96a6885634215ac3ddaac381d4a846cc77014cfafc787 |
/data/data/ir.alghameh.mahali/databases/evernote_jobs.db
| MD5 | a8fe5c6db881feb0dae7efbd418bde3d |
| SHA1 | be9b01796ce3ad9879933ef7cc6b8f2a1094edde |
| SHA256 | ec5bfa41be0994e83616e99b60aa603e651978833be4779ec5eb21454f80842a |
| SHA512 | eaa9b1e4b25195e7cfae4c512bb00a0bfa1edb1b1c6289ffa95277c6aa0f6a168d34170bee898512d4bf72349e29ab7ed379388f8332a662276926c55c6bb57a |
/data/data/ir.alghameh.mahali/databases/evernote_jobs.db-journal
| MD5 | f6638c13ada28e12ecace516bf3ca963 |
| SHA1 | 61429596f41f5bf49cb33fba666d3708d9f2de16 |
| SHA256 | 8b954286a52f175f2c6b582a6c4faa46951ca0927476e9c6b878d6b25576c4c0 |
| SHA512 | 1127f8d6e9d665f28ce24f312c1f0012621f590ada36cc14aac8d138591b2b6dd2b0e30a01cd759c220b25d810df5a6dcf8506437ec405e3a81f7a649832297a |
/data/data/ir.alghameh.mahali/databases/evernote_jobs.db-journal
| MD5 | db8147b73e09b006ca7d3214e983a276 |
| SHA1 | cc51448a6946079e93613864c5c78a12dd3ecb28 |
| SHA256 | 648dbb806566c0b996a8c69b66dac58140928e5bd0cc131c75f21eef697bb646 |
| SHA512 | a255ab6b72cc924162d1e53906a5c7f018dd68dc74044809f3cb7dec60a8bc75fb463eb5992ab00d9e0702075be81851c5d818f342060e34ff0388fb1ef124dc |
/data/data/ir.alghameh.mahali/databases/evernote_jobs.db-journal
| MD5 | dba70f4f07c338b4ee9df00a1bf19eda |
| SHA1 | 1068b0e7019f5fb9ad263f039de6aaea5e134ebe |
| SHA256 | 071722605c675c8fd99dce955abe928048dc0010976e004e8981a3347c4408b2 |
| SHA512 | 49218479e3013cf9b91fa12469918faf83b6e92913b09c4b452bdac503b04fae8a0a6bbbc3ef71aa9fbe8792ef2d9043788fbbf0e95cb48f6b1407f58497d3c0 |
/data/data/ir.alghameh.mahali/databases/evernote_jobs.db-journal
| MD5 | e7873c1bad32ee617b8fc4007d02e430 |
| SHA1 | d06a4d33e4b3518709df5539b881c63c6214a316 |
| SHA256 | 96ba1a74685777603483c71e71c165dfb597f2391e2730b2526e4a18f83baa98 |
| SHA512 | 9bcf7023599a61840717c9d19f5b95cc2fe02ad50d84cb9e5e4d31975db7f18386384b2d0dddb2619a1e22aca51040194a69bf4f1d881e516d5daa8e8eff146f |
/data/data/ir.alghameh.mahali/no_backup/com.google.InstanceId.properties
| MD5 | 7425baaf9e07d70e6d4b47fc973cc001 |
| SHA1 | 38f33a5bba8edbb3311e9b7e3d6ec911f3c2dc09 |
| SHA256 | 4890966c372fc878dc9fb4f84c400a6c0e91706e0ad9eb3320b985825e87d29e |
| SHA512 | f342e0521220308d47ae103daaef59619b7ec101e347a76f3e177e425daef066dda35c51370cde0e07f36fd8d0a528c895a5f9e75fbfa4e0a3543d698de7e728 |
/data/data/ir.alghameh.mahali/databases/__pushe_base_lib_db-journal
| MD5 | dde3115dacb16b0a49c09f638dbf5bbb |
| SHA1 | 1613fc723522fa01f66e0948c039e08c717db180 |
| SHA256 | a4d36843028092ed1d689ed0306afe34b12ba95c3ee8c2decd308d3302a87abb |
| SHA512 | fb1b6ac64ba1058cb78123ef340abdf1ad2fec92849293966fe8642c06923620f4a92bb8f8369ab61f9159885a167244e0d6daabd01e1c35f3a35750b451d71e |
/data/data/ir.alghameh.mahali/databases/evernote_jobs.db-journal
| MD5 | 42f6bdf03eb22cdaf24062600b496353 |
| SHA1 | 7046ea7ba3e5d912104d9e92ea8644b198dd8fcc |
| SHA256 | 491d6d432baa472aa756d02a0c307390ec6c742e36cae3f2334f2cf6a9db0eff |
| SHA512 | a3c27ca324b00b713918f97da9e5d37289eccf013299287f618a3697c5fae5de8e378bb572652a6782e843f502ad74a80594037d81160512a574dd0c4b3c3e93 |
/data/data/ir.alghameh.mahali/databases/__pushe_base_lib_db-journal
| MD5 | c36026ae019fd1fb0ce5263077aeab4b |
| SHA1 | 45fec60a45ee40584956d164d6fd4ebaf7e418df |
| SHA256 | 500fa8f5050258f564ce2479b45999c1fed923090a7c47a875ad9ab62d6332c4 |
| SHA512 | 9a56d06d2f5afc2d215a57d9801d2a02e62a83222224568f20fb96a48e988cfcb0dd6b6efbaea7a5f5a97915ac32bad085c20db61cb8055e068d14443ffe3318 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 14:35
Reported
2023-12-25 10:05
Platform
android-x64-arm64-20231215-en
Max time kernel
2691562s
Max time network
161s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ir.alghameh.mahali/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.alghameh.mahali
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.10:443 | udp | |
| FR | 216.58.201.110:443 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| FR | 216.58.201.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| BE | 64.233.184.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.178.2:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
Files
/data/user/0/ir.alghameh.mahali/databases/db_default_job_manager-journal
| MD5 | 18990401ca89186388aff4b4681357cd |
| SHA1 | bced3ae704d4b774ab4ab80a76af205f0f0ca2da |
| SHA256 | f528faf8ff921ad4ffb06a6dc5ad020688f885e1093d8834965e8a01befd7029 |
| SHA512 | e0f48019e040b5a250bfa94cc387066aeceecd9f74aba2b4c91f10be33380a9cc7c203f1d094e1448ebcb714f0b017f5368a6e8e6f1623ec3d0363cd6728d431 |
/data/user/0/ir.alghameh.mahali/databases/db_default_job_manager
| MD5 | 171aedf968e17a2744d2585715606cb9 |
| SHA1 | bbeddeb3b89fcf809619c35b4a318a80e7d5b029 |
| SHA256 | d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e |
| SHA512 | 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b |
/data/user/0/ir.alghameh.mahali/databases/db_default_job_manager-journal
| MD5 | 4c1d621079b8d12b1959a6e9ab3712a3 |
| SHA1 | 38d27b8094d2b3fbfea1a5a2d03f4c89834ec1b8 |
| SHA256 | 1eed2f03d8ba3a80b2d67961d5bff084221d049aa2ef644618caabf3ae22d4e2 |
| SHA512 | 66bfb1de994552f8d774f5e7dfd24be25019b50a589ea8fbcfc80b9d9fa880d9f93d44b27533b4dbbbf24099e9e531b96d457efc2340827f2cc252b551864843 |
/data/user/0/ir.alghameh.mahali/databases/db_default_job_manager-journal
| MD5 | d08ddb9e2b4945232220fa21b93d86ad |
| SHA1 | f28f06c32c52fbec26595bf383259f22f63066e3 |
| SHA256 | 2fb031ab1f12737735ea7f7f19f14cab618dfea6c0c9044910d3633cb686d3a2 |
| SHA512 | ffcca30fbcff0f7d12e4b9f747d77d1b0fed0cebaa4a646742c06cc41826cc4144b56aa09627c941dc78c5d7fbeff34457d20b2e21974cc6ec51ed9de11ff157 |
/data/user/0/ir.alghameh.mahali/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/46865a29-dca9-4478-b961-aa5956785958.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/user/0/ir.alghameh.mahali/databases/db_default_job_manager-journal
| MD5 | dee14a266ce106f853ab1649a2760bb9 |
| SHA1 | b33f12cc6fee4b4586c3ebf5525f50aa63fc59fb |
| SHA256 | 303ad5ae72712258603e7d3830e7c80ac95c724d2ba80289c1fd935551c254e5 |
| SHA512 | f358ff9206a5ca6e4955069c4347ec8a9d786493545451759ac1d18dd9ae5e635dd6ebbb8c0060c2acbeb7a0945711402fc0d7110d99a52f64dfba47180dfdc7 |
/data/user/0/ir.alghameh.mahali/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/dbabd5d5-7d22-4113-818c-fc36d6b40850.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/user/0/ir.alghameh.mahali/databases/db_default_job_manager-journal
| MD5 | 4dcabb89d93a1f752ad5aebee57b4dcc |
| SHA1 | aa1e0b9f6858824d474e5c4cf070d683379ce825 |
| SHA256 | 37df48f86742c41c9904ffffa6099f78d67b544be7630a1fe1d7a37180260fa9 |
| SHA512 | 729dc0557a243def0f85d76aeb98919c9f692ef87d0163242c92717e9d810caa176949b2547c6e4a178e340adea1d0a01bb46445dafd0597ed95a380e3f77475 |
/data/user/0/ir.alghameh.mahali/databases/cheshdb-journal
| MD5 | b6cd0eee140be8663031f34704ac09c7 |
| SHA1 | 9ad9c54e54eccf5e1413b69b0de4e2b56228d851 |
| SHA256 | 8758bc7c7975db0b0b96ad667ad9477567c55684c43184adda0d0fe08ac203eb |
| SHA512 | 7893b962cc5d50e649b0dfad30c0a284de94d1c21286b6426e5e4734afae7699d99aeb542035fb101b9ff5126c2b904dade0843ad7ef96de09cfc91ba5b9cf6b |
/data/user/0/ir.alghameh.mahali/databases/cheshdb
| MD5 | c058a59352faed1f951e8f7d033f5eef |
| SHA1 | 17fc71b7d0702b9bd6ed2e7b56918bd80ab60f24 |
| SHA256 | f2eaeb62d3884bdd5843248a8da585dd89c93bb80fa8696aa1c60d68d6a8fe35 |
| SHA512 | 6489f1d2626926bd03b85ca87e4181909f552c821e3f338d304b3a6160ad1bba5db67db61f404ced645c322f66408344db1dd72ee7711e619d6c031f52c62f7e |
/data/user/0/ir.alghameh.mahali/databases/cheshdb-journal
| MD5 | 7c77e6384a06eff4aebae2579b50da52 |
| SHA1 | 10a2cd09a38279c3959d0348bcabb8f7d95fa674 |
| SHA256 | a1688008b6bd8c906d5126da6cef1928b46537d1bdb38a2471d5419b5048bbd2 |
| SHA512 | 00ebfc9b16b99c3fcf88d8292b80cdaa3c1824aa3fd17fd2190d007adf2859fc4338a68e5480f2809cdf6fa082eb27ddb01c2f1939c25c28bd93f66a07ec2ed0 |
/data/user/0/ir.alghameh.mahali/databases/cheshdb-journal
| MD5 | e91a2febfa5c49a11e9f16c87936d53d |
| SHA1 | 04e612c6486ee677d213e7c68af7807268ce17e2 |
| SHA256 | 65c0d93c09e2aabfbfd5b447da479a9b9dcbc81109491eef423d038de8df0a9b |
| SHA512 | 45648cd077dcdce9c72634f0e841edeefcf82afc8263856d2482445a72eb2df94a8d1dca693b562a63a7c8ac57fc341d95dd5ce461311c1656bdfc869b96fc31 |
/data/user/0/ir.alghameh.mahali/databases/db_default_job_manager-journal
| MD5 | 9bb06e5be78e0f66323c5665409c19d3 |
| SHA1 | 7ef525e3bf0f5fcfb4fc95b496d51fedcf08b1c4 |
| SHA256 | bd1d1130f3ef15504f62fae01d0b48ac5986465c9341fc40d212e4a6c638366f |
| SHA512 | a67e8ad7704c5cf150a5ed354355cbfa0b17ad3ef08a448128d8b46c946d2afe3e94ebecf59b306e3c795ddb642c728bcd73c756bafefe9720d4a491d94897fd |
/data/user/0/ir.alghameh.mahali/databases/cheshdb-journal
| MD5 | 1a995e3a5e5f2dd79c47fdd6e61ba354 |
| SHA1 | d2c41b2538ada843e80483730b48887a93d818a3 |
| SHA256 | 58cc06487167d6e75dd150b316d03f27d3b876151356dbf52266e573e4e1cb82 |
| SHA512 | e892703e5ae8582d0b0923478f56dfb19629ce095dd30f75bfdc2fbe0d5747412317681d653ac163e6875b4474066f31e417b31745ccfa944076bd86c273c741 |
/data/user/0/ir.alghameh.mahali/databases/cheshdb-journal
| MD5 | 999822bb5b695946db816332160574d0 |
| SHA1 | 2e21e109e20b15c6b4aec6e9564f96d83d0ff753 |
| SHA256 | 687d15a23dd5fe17a9dc6dae5b67a916c5d10ba2af4144e94a785f3b60eaebc7 |
| SHA512 | 3c29579e3bd65c73162e005e36e9dc21e8f3e4e6496941251a1c6fc22909755ec2f4cc0f2ada8ad599f690b53ba6df5b46e2bcebd3a4225fbf40ba142d7bc286 |
/data/user/0/ir.alghameh.mahali/databases/cheshdb
| MD5 | 2b0af1eb5ab859fa41a735bc5d656a2b |
| SHA1 | 4cc6d39017f592d779deb9d28777dbc0d416b446 |
| SHA256 | 1b3e4a6ae18f6d16f52b724af773c4a909f325ca2b2b7d3b3e04dd4836d756e5 |
| SHA512 | dd4a044c4369d764c797a09130cf152a41b456459a0aefa6861f0c0329fcf5860f2ec718a753ea16fb1fe33d7fedf1b6f2e8b1700e21d2714324e8c7abfa3d75 |
/data/user/0/ir.alghameh.mahali/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e9d7ef76-5169-46a9-805a-b61a1588b23c.jobs
| MD5 | cf63a2485e4b273d40b1f81d4c5f0b48 |
| SHA1 | 4f0ac0328f0189c0956ff0d0d09bab07798c53e7 |
| SHA256 | c02926ef6dbea6b227156e0d5cf3be98b674b89d925b2296eee5d37792ddfcfd |
| SHA512 | bd77113d82675031e60d9271099cec1e64ab01e1a263b9f4d3289969c0758eced154a593421e81cedb0a5975a861919ec3f308ad770f21bbefa75214b647ff83 |
/data/user/0/ir.alghameh.mahali/databases/__pushe_base_lib_db-journal
| MD5 | 3423362687827f5f8fb06d9841653cbb |
| SHA1 | 405796acda1970694e247aa841ee63fbe450b062 |
| SHA256 | 9b93dab10e49ced2eb0c503975972b7698c2c1c1b533fc0e2e2deebd5f4522e6 |
| SHA512 | a4d43c9316f2f650eefb2147d49d5892237e5c923ee12964aa613f9cacc6a2bf0aebfd5e9680941b5cfecdfca4f7d881fa4a6903f3f75ee369f5fc643b940397 |
/data/user/0/ir.alghameh.mahali/databases/__pushe_base_lib_db
| MD5 | f41f531c07d4141546a531ff9caffdcd |
| SHA1 | 9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5 |
| SHA256 | bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646 |
| SHA512 | e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4 |
/data/user/0/ir.alghameh.mahali/databases/__pushe_base_lib_db-journal
| MD5 | ae167bc90a47ffb70164674891a710a1 |
| SHA1 | 0c088d63106ee12cd539e4c8173bd62bbb9e2d17 |
| SHA256 | c873f784911824cfb0f6c732b01f530b4064039613fe227da4a80c08a42b38c0 |
| SHA512 | faf1e8dcd1b7a5b7958e78d349053c670ac919aa8599886f31060b416903b3e076f2a74a331a73497bd344d17616ab265e30d88de5708784ab9791a91fd684f9 |
/data/user/0/ir.alghameh.mahali/databases/cheshdb-journal
| MD5 | e7d079901fea03e86c56d8348b06ef25 |
| SHA1 | 78955e7501744a9691f5dd1fb865f582afcf6d1d |
| SHA256 | d5343ec1c76740c98f6e45082ba468bcc9254430ffce85153ae929d74685ce09 |
| SHA512 | 5d5e981a76a3a6a680fdb73a20c48fbff1ccc76df0371ef1904351096df1a091a1c13a05691f06c10c2eb140ba34599e3a9cf8f467b1e9bd0c1c64ed9cc85fc7 |
/data/user/0/ir.alghameh.mahali/databases/cheshdb
| MD5 | 08bbad4966371ee8c59bf303c4052d2f |
| SHA1 | bc8d1e1cfc3d9542bdc2ef18d54f9c469394cad8 |
| SHA256 | e240d838d8cd87ac52ed43975efbb13d41970fc73be62f62d47440d9e34b1d10 |
| SHA512 | 9998c4973df913e6df5baa25223e7e45649b989f0d186f84336545af85f9ae67ceb0dd1c85fdc7d68bd4c3f91158a3789787add55bd46fd82cc29cc4751a9f2a |
/data/user/0/ir.alghameh.mahali/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/ir.alghameh.mahali/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/user/0/ir.alghameh.mahali/databases/evernote_jobs.db-journal
| MD5 | 0d08f99105fcc39f5291b5f978888a53 |
| SHA1 | ac9a952aae8a7b0d6c4a053acb241d53bfe331b9 |
| SHA256 | 2b59fba0199b2ee18322a8a5eeadccbf7b143bf46fb33ba9a42f388b3bb4dc93 |
| SHA512 | 963e01e4e39dccc040576f7eac31ae5e20265bcf21cc0719ed27c5399176c1b42c64b9ff2652ae4a8a1194e199f35ae84c9bf1b98bbc64d489811c8fea046f47 |
/data/user/0/ir.alghameh.mahali/databases/evernote_jobs.db-journal
| MD5 | 79c7788da19ebcb4f50ec67d2ecdf78a |
| SHA1 | 516bd9626c077fcdf6380d01b4b993c75dc977a7 |
| SHA256 | b181068c09a9a73b4510884c94fbcb420703c875cb188e21accecb677b7fc57a |
| SHA512 | efaf83e8e9fe0c704f386045e3e4310848b099548a118da562e9456d7a9a063d5786329ab6ad6c28c95739c49af83790de938bc55fe427275f0da25a1d150a3d |
/data/user/0/ir.alghameh.mahali/databases/evernote_jobs.db-journal
| MD5 | edb2b1a3e5808bd195e125602c712e0b |
| SHA1 | 0e3944ec68019144c786db455be29c59194b277e |
| SHA256 | 5e36e5f249d3c6526e0d0bb2e37e7f6a7c93791ae05bb2d8f805d71e0fbd1941 |
| SHA512 | c139c9cbeb7a0c88bff32650d602746247c4e650143bc36b507440c2d7bf50e20dad30f35e01c493caeaf08eb8e91b5fee2dc8b62d70d374919556c7921e4dcb |
/data/user/0/ir.alghameh.mahali/databases/evernote_jobs.db-journal
| MD5 | 06623a3f5d2f16281f8ff87e3ed05281 |
| SHA1 | 2f28052e5f02dff3505e76a498fd812ee2a96551 |
| SHA256 | d4f54198dd35e024d992c22165215bae050bb8c979d3a7b374448eb4c4f890de |
| SHA512 | f6f359c648e21b67290e3e4239b84e54b73308cd77b8ac78d46694cc414199081e967e4c5cd861d74540030f98a198fba47baf8f48d215fe0fee1695d931cd23 |
/data/user/0/ir.alghameh.mahali/databases/evernote_jobs.db-journal
| MD5 | a372c3d5555a5bec5e188bb85cea29c8 |
| SHA1 | 856354e6c7991cc873d21e6cb2e00407d6ffea1c |
| SHA256 | 681e5cb49fd274c35b8d656ea01d1d78279c3e757e5a620c4fb62f070e72214d |
| SHA512 | efe9aac50d13a20da0cbe27e2d4b78e5677ab702205fb1148d1e50d841de26ba45b34e64735ebb18a75b1fc837cf28f078e1fc245b93d98af2edc830ef4ae1aa |
/data/user/0/ir.alghameh.mahali/no_backup/com.google.InstanceId.properties
| MD5 | c694e04a1a678e1c2a8878a54d09059b |
| SHA1 | fa5c2f7abea92e6d282731c1f492892e087cedfb |
| SHA256 | 27278e59849a31e713f64fd1d93afb1313f75b7dd2b00819cfbdfc8e39a02746 |
| SHA512 | 2e57d826b96e3e07d5ef6218f8968579532a208e85789946d3ec9690487bdcd6c8f932b429c275c198c8b20e2efa92e58721e4f94f028e745333531255bc0069 |
/data/user/0/ir.alghameh.mahali/databases/__pushe_base_lib_db-journal
| MD5 | 59bfa528cae6389460724deae2d485e0 |
| SHA1 | e8f1a50dcc63787b6381c7e8ed6039163612258b |
| SHA256 | bcac55e1fceb0830ae2be6cd3674ec44ac66010f86969206eee4550dc2b6bc44 |
| SHA512 | 2a418edd65b8f5a9438310c9f889dd2364c6654baac61f1a714481e18752afbb14ad75baa954c39e995b5dc94b24aee1fe1c32d83f9f73b7b64fa0da5c1c9213 |
/data/user/0/ir.alghameh.mahali/databases/evernote_jobs.db-journal
| MD5 | a296ecca8d83464e372164a53c9765dd |
| SHA1 | 0ec348f957e8ffcab66cd3d863eb6ffb752ff54c |
| SHA256 | 3c5c5d7ccd2594034814dce71eb31502620e0d4ecbf15cee4b8c184f3a5a6332 |
| SHA512 | 6a7090c04f9b9de7d5a7a248811c991ac8ff365533d916816bda0b6fcc561745e4459b455ea4807a7fd4dae8bab260a869fc462d81baab34abf9e73ab6b32027 |
/data/user/0/ir.alghameh.mahali/databases/__pushe_base_lib_db-journal
| MD5 | a4305fcfcfc57b11b405edcfee9679c0 |
| SHA1 | 70b329a57c451e783f3615f5016b44088dee2d75 |
| SHA256 | c2abf1f6a58c9261a8a25da4e2ae1f6f57af6a31ce22ca6b3d19f00ec06af13c |
| SHA512 | b530f57c1f896e153fc214a523ba1c61e48c7f69c35e6c93357ed0f09e0a770989c1e105a9c63532f4894736d30b625b548e6578f39f46576c57661f9ae5aaf7 |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 14:35
Reported
2023-12-27 05:29
Platform
android-x86-arm-20231215-en
Max time kernel
2847895s
Max time network
149s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ir.alghameh.mahali/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.alghameh.mahali
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 216.58.213.10:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| FR | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| FR | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.213.10:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| FR | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.178.10:443 | safebrowsing.googleapis.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| FR | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| BE | 74.125.206.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| FR | 216.58.201.100:443 | tcp | |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | neskqjvisb | udp |
| US | 1.1.1.1:53 | thxolebcnenzug | udp |
| US | 1.1.1.1:53 | irntavv | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
Files
/data/data/ir.alghameh.mahali/databases/db_default_job_manager-journal
| MD5 | 8e1beefc7d7079f2a8c3b8562cc2187f |
| SHA1 | 8b29aa3d164ad754600c4d88c838bfe0064c2540 |
| SHA256 | 24142d94c34aeb99a2752df8fde90d6c04e6a6bc1b4dff6e6e3a760da890caeb |
| SHA512 | 4cec8263f7483add166937e7244f21cd3906876892aa4d9641d0ccae7290ef3b5b1fdc37175176cbaa2bdef0c8c0a066b69d8b121cd2516d0f0476f3f79b0566 |
/data/data/ir.alghameh.mahali/databases/db_default_job_manager
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.alghameh.mahali/databases/db_default_job_manager-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/ir.alghameh.mahali/databases/db_default_job_manager-wal
| MD5 | 7b33816539e43b14a57a08fd361a95a6 |
| SHA1 | 799b7a2b8fe72fd6d04d89dd6eaa37c8e560060f |
| SHA256 | 3ca5fe36b7ebd3f44ab229cc2f988d2c4412f116ff30a0f8bfca3a373ffab99c |
| SHA512 | b6bd59567da0226ccd17747f2d8f3ba636a042afc43b319d03a2706cd8e41fd29c9c47105c4e8f081c3ab9f79b2a5e10562eac7ea01b909322ccdbb5162fddb5 |
/data/data/ir.alghameh.mahali/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e96ce7bf-37fa-4455-98b3-d7b6eac37184.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/ir.alghameh.mahali/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/c1f34834-8dc7-40d0-b6a8-58b705ccd9f7.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/ir.alghameh.mahali/databases/cheshdb-journal
| MD5 | 7ff773ac7eb195a3cf2f7e7f9c8514d0 |
| SHA1 | c8e66250efd45dcdd61ecb2e7c3c2f0c371f3f37 |
| SHA256 | 6709a0305753a42d9d2c6460da72eb3d5cadceacb2e0f565eef35b854d0fa745 |
| SHA512 | 8269347ddb2b1bda9e790d4ade565ff7d76b23a9b47f6642a79ca6898db2501079a8c41c9f609e8988c0a3ff2aaa69014d9c1a128b3a3b3b0abf321b27ad0568 |
/data/data/ir.alghameh.mahali/databases/cheshdb
| MD5 | 1f347cea6a53594be878e35079bdabc4 |
| SHA1 | ae24631f83d3c875dd678040baafb5e64fc6ba6e |
| SHA256 | 46cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5 |
| SHA512 | 6f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9 |
/data/data/ir.alghameh.mahali/databases/cheshdb-wal
| MD5 | c15a251321144cd0f9e94ae837228ef6 |
| SHA1 | faa6ba98cc8aa7c77bf5b2a7fa58c2b5c5805f42 |
| SHA256 | d7b30bb8a38d9c919a34fb3003fd9f777cdbc2d322f8142bf2aa600a16671504 |
| SHA512 | 8eb1688922240e3ce1e0ba96f28ff9f5c65a3e26289474461a65637c5ad8e2c027d8d7acc3529342813bdb2c3e4bdfc1427b8457666a215d84e12d146e19ec1f |
/data/data/ir.alghameh.mahali/databases/cheshdb-wal
| MD5 | 2c46781cf586b52052e8c2e9b83ef83c |
| SHA1 | 3ddfd102f6f6753178ddf96bcb577873c4fc4458 |
| SHA256 | 97085580c3a9507c5acd0bba5b208b1ae5dcf110341d7c1f450f421b561dd231 |
| SHA512 | 6c6a085319e3a35987cc8f028bf5600f81958620596e1c4d4a3a6f06d8ae9d480d661af7129591df085799c472320854cbc7079ae5e8ec2d155d49e413fdf3d6 |
/data/data/ir.alghameh.mahali/databases/cheshdb
| MD5 | b503a332067f3cf7bb89655f1d7fbd8a |
| SHA1 | bb5952ccf22f3f12aaa3b14439174fec6342819f |
| SHA256 | 421219c16151d95817919907c40382826f6746541d2a63ac5bc3378158d0423a |
| SHA512 | 09743878ef1e16361f6d7ffd70363c381ed84308fdc7101670161ed1b7e02b1ebce95aaf6726cff553614f74a225ba5f5f21e84aa50a60ad43f38d9d2068a4ed |
/data/data/ir.alghameh.mahali/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/b90a9d68-b2db-4496-9e95-f305ba81d62e.jobs
| MD5 | 56e0e29f9095f4b8e92e094d28ceaf37 |
| SHA1 | 1fd33ce2f3f6d1df4c1630942383a59912e327ce |
| SHA256 | 5dbb4fb2557e472f8006fb70f4d95768c383aee1b081bbc09c542e16a1636ee9 |
| SHA512 | eeabc049d286793a2f2173458a6de454d10e2ace3ee925125947906252695e3e9980a9d7d010cca793aba059cc9fe8b4fced6c7cf2a183b0f6200b95218cc3df |
/data/data/ir.alghameh.mahali/databases/__pushe_base_lib_db-journal
| MD5 | 72e3996ada14dd48a0baf4911a345095 |
| SHA1 | dd327b05bbcf444b5c2b27ce99e8b17c356ec257 |
| SHA256 | 0cc6722c69cfdcc2495c912e742ac841674876f118e5c5dc97bbd454c01f1b95 |
| SHA512 | 39449ce0795d1fe5823741ea21232ca4edd0e8543c2708f19ac4dfcffda6cd765f49107f858f72e2bb6903deaa25a2f35991bb1215d56f7e7e1da1971c09bc44 |
/data/data/ir.alghameh.mahali/databases/__pushe_base_lib_db-wal
| MD5 | ecbc90cbca315eba87cd5cb2b258b068 |
| SHA1 | 5a1ebfe4331985c8fe01fda79351bdaf5fa60e44 |
| SHA256 | f07304b53c82a4217b22045e029ad0387929a875e088bea90f80c0b9b134b6ed |
| SHA512 | 79321072b7ce22b2b445b40e57f3a5bff7a3facbdcadb613e4ae2b06f4e2e755d80626a87e916ca107153f80cc4478d9eea8c196fa3a8d657ded19fd187a914f |
/data/data/ir.alghameh.mahali/files/db.db
| MD5 | bf004c661a87bdc5c921263b95d4f597 |
| SHA1 | 29bb28ce10bd692154d4fcc0eb24bb78b404d16a |
| SHA256 | d0fcfc22c95e781e942e45e4c5b68cb9067d1b6874ff21d926931626bc2ec9dd |
| SHA512 | f90917657c06e72fdcf46ae7c4ab7a337b6a0c396dfcc9c46e434f1db6266eb686ebf86130ed3149ad5399e9d73170cf23d661d51cd349b5196d8e2fbff8d0bd |
/data/data/ir.alghameh.mahali/files/db.db-journal
| MD5 | eababbf22bc1ae72cba1a28ae7983154 |
| SHA1 | a91fe3a1c442af5009c34a08048c6b8a8c2a9be0 |
| SHA256 | d6acfd8b4dc50c44acb71560f4ae592a4b1762f7e3ce81bc6b130ae749a0edab |
| SHA512 | 35ffb8164cf97c8901361278d5d825b24e397bde6255b0e01c486c68a2565126a4497c6a600eb275c43ff4d5cf5112da31ec05180228576abd09fc8b6e36eb89 |
/data/data/ir.alghameh.mahali/files/db.db
| MD5 | 2d3a5b1e22cc76a64dce80e1bfc950cd |
| SHA1 | 24af38fa2e64fe9dc34aec4ed0987c0742429619 |
| SHA256 | 59bee15a988ea5526c076ac2be19a7c881fe7a3255248767ad1f5281b100e420 |
| SHA512 | 6c514ff7051948932c17f9b6e2864471383a9ac8048c4f1ba87d76af63d6a4733e8f6cdf500aca5f27e341f2fae112d4b797ecccb09abc9e58d3021998a0c820 |
/data/data/ir.alghameh.mahali/databases/cheshdb-wal
| MD5 | 142433cf2be860408daae152b6a9313d |
| SHA1 | 0b1f2618e2c32e6403971d047d165dd37a604d58 |
| SHA256 | 461a9de30656fab07cf5cec7e1a43b20bb50202d395d6a10deac40fa0f17019e |
| SHA512 | fa4b942e2421be28b359ac5f2ebef4fd4c54a9682d907f8c9457cd4a07916893712441dfd7fafb610d6e4503c92bdc1a44a67de8eef5a8695d80aea8b93bb67c |
/data/data/ir.alghameh.mahali/databases/cheshdb
| MD5 | 7eb40138f1646a267bfcbe5bb8f3fa83 |
| SHA1 | 973d2e0f6bee7dbb52a2ec1e4af7d4fcc6a037c4 |
| SHA256 | 461d53bb5c22c2d41615fb151a1dd6c1817e7058142e2986ed84a326ffab6eb5 |
| SHA512 | 883d1fcaa404ce32d37461b5c89c74a405174432a45ccb10c9b0895570e37512a02061fe08d32e2528dce11f8fbb1c5a28db5da618cf3325cdc9003be11bb741 |
/data/data/ir.alghameh.mahali/databases/cheshdb-wal
| MD5 | a974b59a10b47998f66090ef687f95c3 |
| SHA1 | 47a59728dd30b4b2aeecd6be208532e832a84dd2 |
| SHA256 | 9f266de34095cda9aafe51fb0232861677340173f02165493e8cf7779c8853df |
| SHA512 | cc1088238550dbaea7d183121d3be0a44d14f4dc58d1775feb86bc891c65175af8cd09e7e51d76b2cdbe8124ecf70f42ff3c3eea861af409890ce417ab68e342 |
/data/data/ir.alghameh.mahali/databases/cheshdb
| MD5 | a0a6ed3b6fa49e456e18e3b0c7c28da2 |
| SHA1 | 93dff5ff79e7aa32c4eca7f7b2f7d516e56a3dbc |
| SHA256 | 15513bad64ef9e1efe1a511de2bdbc7ef59c9eedf3a9faa3fa8e704d5a3634e9 |
| SHA512 | be3fabb1e16133581831956615d19adf7ff318b9fdd39b9e5d0db37634b5d1e62c0e7a41da9a284232d10b3aad952d93349ef339f055146cedf5fd81032d8968 |
/data/data/ir.alghameh.mahali/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/ir.alghameh.mahali/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/data/ir.alghameh.mahali/databases/evernote_jobs.db-journal
| MD5 | d7396cb1373014d2c7660ce92a8221ec |
| SHA1 | b65887a01c63883fd3a52c96a37ca477530e02b9 |
| SHA256 | 868ddd361c4a0f20cff717bfdd7afffc6aedf5a75845a85518e08067289fa3c3 |
| SHA512 | 81d2c94a2edc13363a9e778fbf8725be2aa26472302310aa2e0f056efc29e0839bcdd2c9346024c94b2e6ca8c7acc4c11895182ed81308d779c32a0029bd87db |
/data/data/ir.alghameh.mahali/databases/evernote_jobs.db-wal
| MD5 | ab657649684227a86e0eb753f29047da |
| SHA1 | 77f448299401e227f2d7153d18b432ad918a97d7 |
| SHA256 | f5bc80840109bc9085892c7d8d5960ceb9c31a0ff42f3a730a0df3cefdfe7f84 |
| SHA512 | 6fd5848c95f3e1c791d0222d4891146afeb5326209aa2d71c67542973291cc81c9df9508f580d6ed15d7686fcea0c1d7e328413c0c2e62c69eae8c6d8c337e38 |
/data/data/ir.alghameh.mahali/no_backup/com.google.InstanceId.properties
| MD5 | deaa48c2ce539e67647745a3f3bac72b |
| SHA1 | 5886edb3e35fc67de8e25da326f08adc77a1f453 |
| SHA256 | 20bbdb99073dd473229bb870c6972ccdf8977f4a36b150628c52d5317d812808 |
| SHA512 | 646242ced1e183210983d9e7ec02fd0f5c915e097d29ac76aec963aa1ea0df3b18ee18b7c3c03b4629d2a7617beb687465ceca97b14cad52235697fe470c472a |