Analysis Overview
SHA256
37b40fb1490d0506634bf4a2938513f009a3bf59fecf492501b472671a5e81fa
Threat Level: Known bad
The file 37b40fb1490d0506634bf4a2938513f009a3bf59fecf492501b472671a5e81fa was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Requests cell location
Requests dangerous framework permissions
Acquires the wake lock
Reads information about phone network operator.
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-23 14:59
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 14:59
Reported
2023-12-27 10:08
Platform
android-x86-arm-20231215-en
Max time kernel
2864583s
Max time network
129s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.amir.torshi
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| FR | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| BE | 64.233.167.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.4:443 | tcp | |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | bdjxnlpbrx | udp |
| US | 1.1.1.1:53 | ixcfiitfp | udp |
| US | 1.1.1.1:53 | zuikwgvqpcc | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
Files
/data/data/ir.amir.torshi/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db-journal
| MD5 | bf8d242149aec7f5938df256cf65ce79 |
| SHA1 | 726347642fca68a0f610f50d1cb870e7e06179e3 |
| SHA256 | 0208c0308791fcef07f75e1039ebb4f93ee2b4542e84c94eabeb40dda178167f |
| SHA512 | 135a4d8dff5fdfa10afba9356d6c65302a82197f1342764653c9e91c08a02e94a3a73846e0e06fb2e13478e3c9b465cc434adbf7150348faa14d057a37d6ec84 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | 978fdf85b8448e3a7c9015e51477eb49 |
| SHA1 | 793bb88398dc9457935a4416638d5ed3974baf19 |
| SHA256 | 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92 |
| SHA512 | 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db-wal
| MD5 | c21f81546a78d0bf02ae0e683273acde |
| SHA1 | 5d11c62274196c999147583685976fd81e5c4740 |
| SHA256 | ba9a28756bfd30acc02cd7100ecf25f53d3c1a02854ab20642e28b6d57523c81 |
| SHA512 | 4663613bd7d22b1ed78c5db38e6131049bca88ef73ca3da1dcb09f129ea18b7c53e483041cb6e01b81aaaf3697363efec80bf1f616ee9471b678a748d9260b7c |
/data/data/ir.amir.torshi/databases/evernote_jobs.db-wal
| MD5 | 73555408c23237e4825c9d52577cede7 |
| SHA1 | 9e32d550064c6108df251926821a628d9dec56b8 |
| SHA256 | e36c38ccd88474e0af620bdd7effc908543b5abd6ae1c070c4ab065e4727b03a |
| SHA512 | 5c286025004949639be92dfa3316751f0e2cde3b0b04078bf1fdaacc299d3a7d524568a8609f0c321bac78595514124896163473432131a4ea867c3b4bf05121 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | ea9758bb2b9c509432d920ca84e59616 |
| SHA1 | 56b2c03baf9a7c7097a7bc6f99d2820477202887 |
| SHA256 | a9116ac8fcb3ac9a2bef3f5db08ed1faff97c2f0cc5979162d894b1520db007d |
| SHA512 | 42a4451d6971225ba6eae7667e51bbd441c40df017c5f8023cf4c3ca5473651c0ded22864700afa1c33e0cdb89c31bdf3efbc781147802309cd6d95e8ceb6449 |
/data/data/ir.amir.torshi/databases/__pushe_base_lib_db-journal
| MD5 | bb835efb0711cff3fc99432ebffd67be |
| SHA1 | 8092b90594cdc394a649b6866b54bbfa47d4f55b |
| SHA256 | 4a6cdebca0d22922d7fd93c541bbdb83eb944994f55ff5df0974da6ba04b9441 |
| SHA512 | 418102dd41ecf5499c35bce5b42ae205f00105164b47fa9d04daf8111f4272d316e96767dc378cb51bfabda28ef48cd372ac65c90b502b781978e114e189624e |
/data/data/ir.amir.torshi/databases/__pushe_base_lib_db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.amir.torshi/databases/__pushe_base_lib_db-wal
| MD5 | 3e1acc08e1165c02ab82bfe4ca7a3400 |
| SHA1 | 29797742979f8dad4a4e7636c17a6d598aecd75e |
| SHA256 | 3aa4401ad1e2285aa34b4dc99b7ee05deff45dce88c2a479ac0bfaa2033648ef |
| SHA512 | 3ecbeab502f98b5f7ddb6b338d7a6b68a5c80b86a9812f831d26761739f25900e65fa96213b2117dd77ff3e9a12f30c809f3c7e88bf2a5139a4adc7eaf81e31d |
/data/data/ir.amir.torshi/files/ashpazi.db
| MD5 | 08acacfe0cf51723099c1b5ffd05345b |
| SHA1 | 3f5725fc1f92804309143491e7c54dbecb6e274f |
| SHA256 | b199ef330ba45e58eb9819f5e9323295b126270ad8a58592d67e609318b1b258 |
| SHA512 | f3e55137f7be401baac9896dbc93aca8c9e65493b6b8bb63534e5be3bd27bd0adc1c5560e3e39c30fd08ad58933896d397a00be0adf91be0c4a4f4df14e48d5a |
/data/data/ir.amir.torshi/files/ashpazi.db-journal
| MD5 | e04cfa7fd730875a21547736295e9b19 |
| SHA1 | 3e753bbd1306428c81bd77fcf257afe1a0c5dc65 |
| SHA256 | da6115e6dd66ef01a1e2c4c581c2b6040f9654833cfa51435e9ee1f2a55ed1b8 |
| SHA512 | f373bb4e26e361b9d63bada2782655e0359d77472186437d569249f8cffd673740b3fce1d8bb98c90d2af4d74e520316aedcdcf4efe1422b864fea3eb1fa2b3d |
/data/data/ir.amir.torshi/files/ashpazi.db
| MD5 | df8cef21b93ae07ba74876bc2b1daa06 |
| SHA1 | 745e5ca19669c1133893685f644a34c3c309e817 |
| SHA256 | f28b69b394b12ea6e375caf67659b9bc54211152dbe80104a46e5c1bfe84cc4a |
| SHA512 | 2aac408db6ce68af1e63b6ec964297547670be6dfe121ab5f49a67850c8636e5c782df611575ad3d4e6bf4109ec448be99c7fc9e1a14286f30adefae9242aeea |
/data/data/ir.amir.torshi/databases/evernote_jobs.db-wal
| MD5 | 400bdb05a7d7a6be4bd891d21ddc05f5 |
| SHA1 | a913c6496d6111709dffd92ea1c110cbf7cdb121 |
| SHA256 | 007c7981e07075c7a07203aa12fef051a5a61449159a12c5d5287857aeebc001 |
| SHA512 | fd5c501ea60c81e75e219819a223e519a3dea4b129617053d6a8b31380e5f40ad2c1e555159fe536bac9ca446930a14d427edabba6ba0a08988d73405b6663b9 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | 57a1d18977ff8dd0443fb07f5f3ad923 |
| SHA1 | 846d5142c1c72d347f1be8905633668d2f50cae1 |
| SHA256 | 2792933ace0b80f932f8a6961fe85140795ab306e0d6b98a881af795424273d5 |
| SHA512 | a2d44e72ae6beb4056301cd0c458bef725296efceabb41b87a058f28618dcc8e33e25f78c00372f8962283aed39037aa07dd305a7df5034875f10c14030cfc94 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db-wal
| MD5 | 03964cbc758dd9629a27225690ef49f0 |
| SHA1 | 032aa9289b62f4b375be8a4db66639a7524f5f80 |
| SHA256 | 42044e2833e0b1d14eb9d68695b2cce6e85455cdceb2f475acb90d9ef4327c64 |
| SHA512 | a89f21469962696c0b6202a6437cbbd981b9682fca3bf176b5aa4b6380082c198847cedc93ec0ec68708cbca7cb0c59fd36dbe9074f7f539d656386c5acb911a |
/data/data/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | 70f0f6eefe701aa9359d02ed844bd7f8 |
| SHA1 | 0ebcbae0322ee0bebdbaf524db00325b50dadbcd |
| SHA256 | 9cf0a5853dd92428996ec33a797b7eee15d48145d5b55be64a729683fec594e1 |
| SHA512 | baee6339671f492fd8a33c541670c6abe5a92d65f5c5e568eaac760362c5e774b1357afb72a9753129f730e520548a0123ef476e2c6e767527a0d97327d1294d |
/data/data/ir.amir.torshi/databases/evernote_jobs.db-wal
| MD5 | f37f2d34a276db940f3bb008c15eca33 |
| SHA1 | f1361962a46d2603a3632620e096a47a2fe18562 |
| SHA256 | 53e856c619fc767d1a97750669f8346a1e7d24febf63e736dfb49e994184a651 |
| SHA512 | 049168aec8a4f3b78b121cf4331f96fce0eb86172b0f27320677f8725de3e9b2391d501892e1ffcf590830b9741521c01318f92bbeb80f1b28b6d07acfb1c286 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | 5b4ab5d7b59785aaa8d653d0cf30af49 |
| SHA1 | 3db737e86419d26e861eda57807b18549537f5b5 |
| SHA256 | 51bb07210b32b719617441f6f94e14e20d00457495cf738b6f71eef25472410a |
| SHA512 | baa39f787661b229381a9cc6e4d46726b032ed4faef6a3b7193eae2bb3d4a734419b0389847f07e20b57ca3021e14f2f66550dc5b748a8c195cb84957892a931 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db-wal
| MD5 | 29da3902e4aeca1b2d087f7f9ffda4f4 |
| SHA1 | f0033b713825eaacd0097f85ae537cee6ef95fbe |
| SHA256 | a45f2619f86731bbfc091bbc575b6f732a4f3a3b968441a76f3246ebbeca925b |
| SHA512 | 33611572eda80620587ef52b703a47857e1b2376e8af507848db88c13e422c45883a160a51b9d77d88427eed6e4a145bfeda079161f24a648a211f0aa7fce647 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | 078fc83912b98f840ace4a8f0e5443d2 |
| SHA1 | 915ef4d4b2b9a19769960e5fe65c90b75a2b25a8 |
| SHA256 | ad2cdd3490170a215dd17f6930d9ec3535a1737477fa13ae6ffff0a1228eb8c9 |
| SHA512 | b3fde6f5f88933c2fef3be5f3d2c6e19f5d5718817a3005723e80ec0c1fdde9a11b24113af2532f53011bdcd79f2e40a17397c8f911ec82ba95330525cefb703 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 14:59
Reported
2023-12-25 12:18
Platform
android-x64-20231215-en
Max time kernel
2699558s
Max time network
150s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.amir.torshi
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| GB | 216.58.213.14:443 | tcp | |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| BE | 108.177.15.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 172.217.169.4:443 | tcp | |
| GB | 172.217.169.4:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.200.34:443 | tcp |
Files
/data/data/ir.amir.torshi/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db-journal
| MD5 | 963b37e950f7090c049c15d63ba0747d |
| SHA1 | 3febf46c226cb30ef8a44bd15e3a41f76fba6d42 |
| SHA256 | ace88947461d19e52eb42218697d6a1e0059d5c4659dcb6a619d6d4faab4b765 |
| SHA512 | f61e02d006bb5a8982ddd72ff80793f959728da202b68ec078b9e8990e5014a2172abf8292492b17cc113194508663c4ce83dbcfd7245b1f2596b1809d218b42 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | ee2bdf49e44588e4361fd619eb0496b6 |
| SHA1 | 8e8c2c04d4d425dee11e7d257a69515b90918b42 |
| SHA256 | 051ed4dbf349e03f3b97cbd5062e84e21abfb14398bdfcdfaa50cc2718bdbdd1 |
| SHA512 | a7c90a19d94c3981a2ee4e02d37e2982d99feab423b0158c75f582018cb0d0910321bad71f30c009b163b80ee03f8055347e22c25ae5eb24aa2089de1d0723d3 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db-journal
| MD5 | a64084e5821a2ec34fc9ecf3b76c2589 |
| SHA1 | 29aa9fbbdc24d79cf2da4d4c3d635c5993455689 |
| SHA256 | be941713362c3e300e3e6140c4754b24cbfeeaad849bc4b3a9b4432f4902c2f7 |
| SHA512 | 6ba7d4f99bcf636137a440f8e88974aa9267e1d67ddcce315b93feb0e744e964c80a5210f785a3f7b4ee62ddc9ee9a472a561996fb990076953c4dfc10d83dc3 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db-journal
| MD5 | 45bfafcf4b75e554dba0248cf58b4e0b |
| SHA1 | bc812a1086442e050e9d788c85e1b290346f0f2c |
| SHA256 | 0f3bc5b2a939b96bb3b5835b1dfd6cb46efc194ef579fffd196eedfd1597a19c |
| SHA512 | e898854cecd5e17516146a44bd404b47ba63fd7895cdd6d60368eee5af78e51b9cd53b8f432ac1b4b8768c955acf6cee1f65d29ce865ab5ec70b29955ac9ac22 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db-journal
| MD5 | 6509d6474f8c74314cdbd94d2d582a99 |
| SHA1 | 5bd7e00ca7b4dc883eca59838c88c9a66c0b1208 |
| SHA256 | 9e2be04c964f27ca06649f9f95d4652f9c939835135d5caa590c0028cbcfca57 |
| SHA512 | 30c0fece59521a5944c19a453f8b517f6435af80fce68366fed4639de4ad4fcf227b67f30c84eb97d96a09281751215b23cf18ebd9b76efce7c320cb828c881e |
/data/data/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | d59c1489766426ff759af13b688311d0 |
| SHA1 | 1220db7d19214c56c7f3a07dcccc4c73c941303c |
| SHA256 | 6fe82c8addef21ab799ff2574544d285e02bcefdab052bb663ed2009c70fed88 |
| SHA512 | 35f5137ce93c7ce6e94cc6be6821f957a7e40f4da7a7a891e7247913e1ceaa8b5fc0d1d4773834d95e80ff56e412652e1fe8a732a2159e09a5611659fdcba220 |
/data/data/ir.amir.torshi/databases/__pushe_base_lib_db-journal
| MD5 | 08b77927e898f272779313f26e055597 |
| SHA1 | c09b40cc84ee6ced82ae6d1ecb09d659b3579fe7 |
| SHA256 | 9c62666a0d24338770666d0fa4912fab88655e4d35fb80be856a37fb3a8fcad1 |
| SHA512 | ac0a239bb1a2c04c21c79bebd854a0066d7dc2b40b25e413bb70d3ef8102c51df2fc83cf6621081e3309fc5c26e052ce0d726fe9e3dc9f7dc52b8e8a46a948f9 |
/data/data/ir.amir.torshi/databases/__pushe_base_lib_db
| MD5 | abe9fa56c177c65db8c072e6d81fc41c |
| SHA1 | abe9e9bb6f7294324f549af4435f58578ae69f2f |
| SHA256 | 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a |
| SHA512 | bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a |
/data/data/ir.amir.torshi/databases/__pushe_base_lib_db-journal
| MD5 | 9d8eaa3ad58321fb6450e6a9c397ba06 |
| SHA1 | 894f6505625035fd6162a3fae9f9a1cf8f01b377 |
| SHA256 | 8eb29e8e6fcd7a66eeca7bc41102e4865d2322e11bf5173d1dd98e0bc777ebf8 |
| SHA512 | ed4db943c45f56651323b4f58fe738f3a04eeb03d8210218f0d46bb11a2f04322b55ffbe6d9138a8dbfa377053e17434eb1e83f74d55ff7d4f037bab0538bbd8 |
/data/data/ir.amir.torshi/databases/__pushe_base_lib_db-journal
| MD5 | 601b40a0a7cd41456ca59ef6d3e69514 |
| SHA1 | 9973b52fc5bc2a41699812738faabc0c1c1e0af4 |
| SHA256 | d58043d6c67e2b5f78fa698e9cf896d91aa627d0f0af7d57004f217f4bcd6efb |
| SHA512 | 32ee2a9830dd9065172f9eb52b7e571a2df1508bb3ee1f785c6d752d88f4dde4b4aa5b48511fad636284efecd98ee5d33e1aba0dc7d3da21678b8026444ea614 |
/data/data/ir.amir.torshi/files/ashpazi.db
| MD5 | 08acacfe0cf51723099c1b5ffd05345b |
| SHA1 | 3f5725fc1f92804309143491e7c54dbecb6e274f |
| SHA256 | b199ef330ba45e58eb9819f5e9323295b126270ad8a58592d67e609318b1b258 |
| SHA512 | f3e55137f7be401baac9896dbc93aca8c9e65493b6b8bb63534e5be3bd27bd0adc1c5560e3e39c30fd08ad58933896d397a00be0adf91be0c4a4f4df14e48d5a |
/data/data/ir.amir.torshi/databases/evernote_jobs.db-journal
| MD5 | 025e7e557725dfb2f19087b0c775ce52 |
| SHA1 | 7250ec6834f101cc15cc65f62ae1ffe2f8f61f86 |
| SHA256 | 85905a0c2dc829938c676b7f5ce80a79e5c30184c46f129294f52662e5ce73f8 |
| SHA512 | 4fe4a704fa0d81e8bb9ead422d0a13b23d3d3f35ab8b5b519094147a4dd1263efda00c5dece11c075b6f4c8404e7b1f5a1338fa37fd9f44c90d1ef266bd5d482 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | a9abca5636104370ef07d852bc95ccce |
| SHA1 | d5c72b83543e80d0d894ab10dc6d833cbfc2def8 |
| SHA256 | 76c1ece602ecdeae80a25a269344bd2be4d14f72096454da59e311920ac34188 |
| SHA512 | 3a26216b9e6eac62a9b429d797047896086d93aaa40abe6b124f6496d788f6ddf5649954d9ec91b3f80a323dd62c343cfdd3858cae6b3ff7eea91137adfb9136 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db-journal
| MD5 | bce0838d2a0c6706111d2b271e221073 |
| SHA1 | b4baabfd622a15550419135684bc9ac5d356d1ae |
| SHA256 | 09afaaf471b6e0e5cfaf6d0a0523980e1e6096e60f19bac6bb955c927888de07 |
| SHA512 | 1e36f850d6fc23a2beca9aff5536a5d9feb6e3aa998de181871f3441cd007e1d0cc59bef3bb72b16231dad6cdbbb03f427727abe2f036752667f438a20c3dec6 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | 7f4b623b0e6a419ecf51a564609ff257 |
| SHA1 | ffd3cf65395952b3d51d9dd2cad960c0a766eb1b |
| SHA256 | 3fab38d2aef4b1dd82723af6ea284c2b52f178a8e78ee7500b72a4b46079c9d8 |
| SHA512 | 6c635c8abd4d1f130276f0f8ae46e4f80564bce51b69c16bdac2194668265c885af1929bc43fb7297e18f4e6d28d1036ddc53839dc26679bb03326bcec63dc25 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | 1cc9e04100e23085e4435330688251a9 |
| SHA1 | 833afb3eb6a9814ae639632b9667522914973d90 |
| SHA256 | 8ec3c6936d7d6621a39531a90d80e4513e858465bb9af37c3c706faf69c2ca3a |
| SHA512 | f9803deb184765089199fb84ad5310e0df5904b335096c23184e1b0535345b4c1018d4a7c3bd80bc79484b3b0e8e797cd1904e3aa9f0122e164cabe4648dedc5 |
/data/data/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | 5a3a19f0ef9110d4fb1a10ecbccc2c5c |
| SHA1 | 7bc3df427ca46617939cff058af375d45ac52579 |
| SHA256 | 52172d46e5ef0012d50955a3dcdc1edd13fcaaf8ffc4723c01a01201983a8e5f |
| SHA512 | 35370431b4a9166daa78d1adb0a7d65aa4e86b3f703650013d0f3d6d37b5b8d6d548884664bf4afb58985dc405fc20f037c8a3239aa2cf09ef398c481de658c4 |
/data/data/ir.amir.torshi/databases/__pushe_base_lib_db-journal
| MD5 | d932e16c7c457afd90a6685a50472875 |
| SHA1 | 5c819688d5d981117b92684668b3fc29cd0f50cb |
| SHA256 | 471712b6c083999b2821d4bbdd05e3a3b996ef11d4aa73b56cd2c14e431b46b4 |
| SHA512 | f9aed2562037654cfaef6a1da8665129dde4ab2cdecae69572e10d197742c7a4de3138e5659097990729792609a4415caec4e3ae3c90c958aa01bb47862dfe48 |
/data/data/ir.amir.torshi/databases/__pushe_base_lib_db-journal
| MD5 | bfe80e4c3968f0612d36e7dc84dc25cf |
| SHA1 | e8ff70b4979bda5a7c7ddfa2774e43c07e2c9c4c |
| SHA256 | 6a5cd2845fb7a623041abafe6bdc044547157106d358fa5c67886d28ab40d232 |
| SHA512 | b4542f8471120126fb65c0ad8996dd08dbb1534eb7c045e5e3ad9a0896cd5e1ddc93dcdcdcd2de9dc1bdcae534c079ce55eee62217fa6ab65901bbbf03d5c954 |
/data/data/ir.amir.torshi/databases/__pushe_base_lib_db-journal
| MD5 | 45071b7b612cef3d76bd7210576050d7 |
| SHA1 | bbe67bffb9a4eea1b7406fac39b5617afbcf0a87 |
| SHA256 | 1655753f6f39b1597d101e66b428a0663b622ccba3c0f90e015a6a44155a9e89 |
| SHA512 | 7e083828e842993ec4064ee8ab2bf479ae7fcf710017106a85b10657869cdbacc1056b5608abb40de08b1763368c4e6b447b8474f35a3228a997f391353469bf |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 14:59
Reported
2023-12-25 12:21
Platform
android-x64-arm64-20231215-en
Max time kernel
2699692s
Max time network
139s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.amir.torshi
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| BE | 74.125.206.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:80 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
Files
/data/user/0/ir.amir.torshi/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/ir.amir.torshi/databases/evernote_jobs.db-journal
| MD5 | 5569cfbef2245b87a2d0d3be50955461 |
| SHA1 | 83c0b19f2c960892087cd9f3c6d61a567799a34e |
| SHA256 | e36a9c11f8cafab2a8341bc43222d93d7d7cfab6b01dcb5f172f2f6c724ac25d |
| SHA512 | 6264e2474212fedff00152c817dd45348f7348e1cf2d60af31a0e37812903f96e3178e50171bf9fc8b424efa06d6095ffd5687be400e307c1c6339839ab7da77 |
/data/user/0/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | 171aedf968e17a2744d2585715606cb9 |
| SHA1 | bbeddeb3b89fcf809619c35b4a318a80e7d5b029 |
| SHA256 | d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e |
| SHA512 | 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b |
/data/user/0/ir.amir.torshi/databases/evernote_jobs.db-journal
| MD5 | 0ac43eb6714f14a7d522f30b01e44cae |
| SHA1 | 268dd35fa6dec9aa6ae556f766bacd646d47c2c6 |
| SHA256 | 2016b00ede5a63a8b21cd1c4c0feff2a29a4934f7d59ef52a32c538f506932d2 |
| SHA512 | 09bc9c1dea6cbeed3bc8c772a36b366e386a74b7345e29852acac361ec96d59d72c5743e25e722332f4b78aaea3d172f9113c312f45bf86a36d759609c6b3ef5 |
/data/user/0/ir.amir.torshi/databases/evernote_jobs.db-journal
| MD5 | fcb04ad907cb10f6550a9ae4968143b0 |
| SHA1 | 7fd05c1cfd5ce8d2987948def4fc98ce49c4e606 |
| SHA256 | a08308e41b186b531b7d8eaf2ffeba4cac8cf07d3fd0dc5c5a348f2b8c85f1eb |
| SHA512 | 2c62c78dd1cfc8fb3502c19ea88d86d737143c797c1c79eee84cb55db444404b849bf0ff48f4227b6706f521c7499fc095a711ab2dff50d80cd3521574ea506b |
/data/user/0/ir.amir.torshi/databases/evernote_jobs.db-journal
| MD5 | 35006fc6fed24e2fd0a94180684d24f7 |
| SHA1 | 13a98e102659fe2f52cb06f55ac27d8cf60d8643 |
| SHA256 | 3ce2a38e434c66567fa5ef96bc3d718c1d18ffd90545c8bb498907ec55c0145b |
| SHA512 | 83a5c2cc482131d13b2edb96553f4069ba58c66ab83027c0e438889b1acd285fc31f27c41fba3a7ae9fab3e9abc822dff948e89d2c2296bd9a26fe7418bd5507 |
/data/user/0/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | 96babf16ac384045d4de0ece6ff5bf40 |
| SHA1 | fcac340916fe101bc85ccf9cafe8537fa6499dcd |
| SHA256 | c1ea0008f8ff5fca7d71521cdc79d23eae1563632bf04d5880d758020d4494a7 |
| SHA512 | f208c8f032dd54455dec9a35f4f87f6dd26f8ca79a3f5e7458fb0df10060ef394e51df4118f8aaf1853467c6f04a61e7cdffa5daead309747534ff5df3a2fcc1 |
/data/user/0/ir.amir.torshi/databases/__pushe_base_lib_db-journal
| MD5 | fd6c6bed927504b1c754572e703405e1 |
| SHA1 | bab008d832425ec94cccb773fe0d6588ea2baac8 |
| SHA256 | d301cd444f9665bf7f500c9aa54a356634b290076b64cff78f1713f27678183f |
| SHA512 | 81a16fb069d505661366c3c19d107765d234b3c0cfb2af41140119b268f085116f02aba7c8d34222e7833272bce570a3b5a47af30ecd46711ccf29b1ebd34881 |
/data/user/0/ir.amir.torshi/databases/__pushe_base_lib_db
| MD5 | 2cdf77d5c14dd3f313b60c691579a0b9 |
| SHA1 | 6a74a7a3170cabead82152871c90749afdd6f310 |
| SHA256 | 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0 |
| SHA512 | eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c |
/data/user/0/ir.amir.torshi/databases/__pushe_base_lib_db-journal
| MD5 | 984f07a4d73d05ed6593d8f9d74d0613 |
| SHA1 | 9c3ac2b9517ee15952560e6d7dfd1921c1dcd59c |
| SHA256 | 50be096c6fcfc744dcfd71f7570f9d9ffb47784fa92df50bfd63518e1eaef756 |
| SHA512 | d0ca1e82673ff2e43ddd53dff95093171cf2471e83f481e75d67d295b3e076067dc4260970405f05a5f528dcdc5f645a43e4f8f00cb28491578a36801ac02431 |
/data/user/0/ir.amir.torshi/databases/__pushe_base_lib_db-journal
| MD5 | 726878bae21dbf7a3fa15516f04b2535 |
| SHA1 | 4b8b7253087ec5f865463612393506474844bbe0 |
| SHA256 | 8a9a0346b281cab8a0c8385a10082aaa0d0a75d4980611e29ba5859608adfa82 |
| SHA512 | 91e002adfe2c38975da83f80f61f08e49df998999f831068790419dc8926dfd7d925bf7a36db89c8ab74235f7a5d3d8d08510048bb60fa5db850cd4060e1c933 |
/data/user/0/ir.amir.torshi/files/ashpazi.db
| MD5 | 08acacfe0cf51723099c1b5ffd05345b |
| SHA1 | 3f5725fc1f92804309143491e7c54dbecb6e274f |
| SHA256 | b199ef330ba45e58eb9819f5e9323295b126270ad8a58592d67e609318b1b258 |
| SHA512 | f3e55137f7be401baac9896dbc93aca8c9e65493b6b8bb63534e5be3bd27bd0adc1c5560e3e39c30fd08ad58933896d397a00be0adf91be0c4a4f4df14e48d5a |
/data/user/0/ir.amir.torshi/databases/evernote_jobs.db-journal
| MD5 | 504079d8553d8795a92856e35547a4e5 |
| SHA1 | 3bcba0286ac56abacfa5204785eb9f94488626c1 |
| SHA256 | 5067ce1a6f2580f746222aeb86d831842b04e58662b986042a9f9b84e224eb03 |
| SHA512 | 11f9cd5ea1479f5ec9b10296004c8001a0e9887f9547096a51f65f8c3142ea3278cbe42aa3057d9951156ce29185a042693571c6637feecd4594c0d1e4521078 |
/data/user/0/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | b625642f0ab0f5024f785d64055bdb77 |
| SHA1 | 2d259de743a5430defe9ad95dd452de2f68162e6 |
| SHA256 | fbf9fbd5e645e18c0edab3ea3f36350c573772f94d26d78d80a4adc0dd7e39c4 |
| SHA512 | 07384f5b7a24a23e0e3883e2e6fae661ad15ac4506efae8a76a7255fb42a94cf8e1e5820e947c6bfd02d1de27aa93d9dd0d269e00bae2592cebe387db0f30716 |
/data/user/0/ir.amir.torshi/databases/evernote_jobs.db-journal
| MD5 | 628fe2ea8d937e301c7ec03661c9d072 |
| SHA1 | 143d63b5d9cbbdeafb3e8085b96554d3c2b6f95b |
| SHA256 | 39fa6b09013aa6d82117a86361e866efb60fe073aef4733a803653787d84f7a5 |
| SHA512 | 9f795467bd42128dfe9884ef210b8087098ad78c73dc5ab39fa3c208af02d990e56d198af355d43675ebe79cdab334cc9582ad19846ee6054fa30fe3fabbd98a |
/data/user/0/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | 5aad6ad93ec1c3a6dffd88184d39c5ab |
| SHA1 | 69b904d52537b57d4a49272d07626f46a737ac48 |
| SHA256 | d0d659a23d3f018488118804dfb218599a2b8de3a921c11f10d2049c05c9fc4d |
| SHA512 | 1d8a300e553378a25cb479d45c64fddf182cde68f44e6a8300a981a477e9121ad2d685477bc81ac73b11ec93543ee3cdf789d7fed2af80881a0cd0319ea8c9b1 |
/data/user/0/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | 1a54ad96fddf43775ca996c23455d66c |
| SHA1 | f6358fbafea043eaa0f22ddc0257c38848f7f16b |
| SHA256 | cca1a51eb370d188eac7657fb1341379a54f50b7228423dcf2f6ac67448d68e2 |
| SHA512 | f4274076e0cd867334c83095c99f703d2deaaff358c44a5194f44230fd003d51bf19350b48d7cfb7b5016c5b2c644aeaa157c8892695b0de3d2a0e86fe65f718 |
/data/user/0/ir.amir.torshi/databases/evernote_jobs.db
| MD5 | ef94bc2ffb12129fb614c279903951be |
| SHA1 | b2b4e6e1a56e214998aae1ec2d9de460f1e19567 |
| SHA256 | 8fd2b0dc4d31e1ea55a278aac782eefa8c492529a61e8c358637d09d034a36b2 |
| SHA512 | f81b1368a56da1a9998a16877232ed3f5196fd34a50ca0c70865eebf611428bd65844534b382a6a4a85a4c631b849b2c0f892b45eaadfd4075f6cb2c919c602c |
/data/user/0/ir.amir.torshi/databases/__pushe_base_lib_db-journal
| MD5 | df9ff93bd3180d721710536fd6e32d88 |
| SHA1 | b5b20bd34d4bcebd57bb5e666a152f6af6563a4f |
| SHA256 | 457c031b9df78e65c1ab60f97b93d418de8aca69f0e21660276c66c148ad48dd |
| SHA512 | 2e9e96900bdcaae673bc6c07139d76c9c1631468cbb33e8ffeadbf3fe4b48990801938c5e2842db1f5359dd0f7ded2336913e4431b564cc767fafed082607d61 |
/data/user/0/ir.amir.torshi/databases/__pushe_base_lib_db-journal
| MD5 | 57ec281096f3e9b1a2dbc4c0e2752c21 |
| SHA1 | 936fa898a1d2b7b890a2dc9b4f8a33cc4f5703c4 |
| SHA256 | 8fc0aa4dbf6e51c5d82ca24bec60768a941fe4c0debfaa5c26a789f67183feb7 |
| SHA512 | 081e4126bc6bb0d1bc489be2b7bf788b5ff12d319ff2c4c2fea0d62f4a00517d777431d8d625a4a01e6fb4cba544e109ffd9df8bd7f3c50c1d7e60ab0d6f4cf4 |