Malware Analysis Report

2025-01-19 06:43

Sample ID 231223-sc3nqahae3
Target 37b40fb1490d0506634bf4a2938513f009a3bf59fecf492501b472671a5e81fa
SHA256 37b40fb1490d0506634bf4a2938513f009a3bf59fecf492501b472671a5e81fa
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

37b40fb1490d0506634bf4a2938513f009a3bf59fecf492501b472671a5e81fa

Threat Level: Known bad

The file 37b40fb1490d0506634bf4a2938513f009a3bf59fecf492501b472671a5e81fa was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Requests cell location

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 14:59

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 14:59

Reported

2023-12-27 10:08

Platform

android-x86-arm-20231215-en

Max time kernel

2864583s

Max time network

129s

Command Line

ir.amir.torshi

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.amir.torshi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 srv.magnetadservices.com udp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
US 1.1.1.1:53 server.magnet.ir udp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
FR 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 server.magnet.ir udp
US 1.1.1.1:53 server.magnet.ir udp
US 1.1.1.1:53 server.magnet.ir udp
US 1.1.1.1:53 server.magnet.ir udp
US 1.1.1.1:53 server.magnet.ir udp
US 1.1.1.1:53 server.magnet.ir udp
US 1.1.1.1:53 server.magnet.ir udp
US 1.1.1.1:53 server.magnet.ir udp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
BE 64.233.167.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.4:443 tcp
GB 142.250.178.4:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 1.1.1.1:53 bdjxnlpbrx udp
US 1.1.1.1:53 ixcfiitfp udp
US 1.1.1.1:53 zuikwgvqpcc udp
US 162.243.147.245:80 ip.pushe.co tcp

Files

/data/data/ir.amir.torshi/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.amir.torshi/databases/evernote_jobs.db-journal

MD5 bf8d242149aec7f5938df256cf65ce79
SHA1 726347642fca68a0f610f50d1cb870e7e06179e3
SHA256 0208c0308791fcef07f75e1039ebb4f93ee2b4542e84c94eabeb40dda178167f
SHA512 135a4d8dff5fdfa10afba9356d6c65302a82197f1342764653c9e91c08a02e94a3a73846e0e06fb2e13478e3c9b465cc434adbf7150348faa14d057a37d6ec84

/data/data/ir.amir.torshi/databases/evernote_jobs.db

MD5 978fdf85b8448e3a7c9015e51477eb49
SHA1 793bb88398dc9457935a4416638d5ed3974baf19
SHA256 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92
SHA512 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

/data/data/ir.amir.torshi/databases/evernote_jobs.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ir.amir.torshi/databases/evernote_jobs.db-wal

MD5 c21f81546a78d0bf02ae0e683273acde
SHA1 5d11c62274196c999147583685976fd81e5c4740
SHA256 ba9a28756bfd30acc02cd7100ecf25f53d3c1a02854ab20642e28b6d57523c81
SHA512 4663613bd7d22b1ed78c5db38e6131049bca88ef73ca3da1dcb09f129ea18b7c53e483041cb6e01b81aaaf3697363efec80bf1f616ee9471b678a748d9260b7c

/data/data/ir.amir.torshi/databases/evernote_jobs.db-wal

MD5 73555408c23237e4825c9d52577cede7
SHA1 9e32d550064c6108df251926821a628d9dec56b8
SHA256 e36c38ccd88474e0af620bdd7effc908543b5abd6ae1c070c4ab065e4727b03a
SHA512 5c286025004949639be92dfa3316751f0e2cde3b0b04078bf1fdaacc299d3a7d524568a8609f0c321bac78595514124896163473432131a4ea867c3b4bf05121

/data/data/ir.amir.torshi/databases/evernote_jobs.db

MD5 ea9758bb2b9c509432d920ca84e59616
SHA1 56b2c03baf9a7c7097a7bc6f99d2820477202887
SHA256 a9116ac8fcb3ac9a2bef3f5db08ed1faff97c2f0cc5979162d894b1520db007d
SHA512 42a4451d6971225ba6eae7667e51bbd441c40df017c5f8023cf4c3ca5473651c0ded22864700afa1c33e0cdb89c31bdf3efbc781147802309cd6d95e8ceb6449

/data/data/ir.amir.torshi/databases/__pushe_base_lib_db-journal

MD5 bb835efb0711cff3fc99432ebffd67be
SHA1 8092b90594cdc394a649b6866b54bbfa47d4f55b
SHA256 4a6cdebca0d22922d7fd93c541bbdb83eb944994f55ff5df0974da6ba04b9441
SHA512 418102dd41ecf5499c35bce5b42ae205f00105164b47fa9d04daf8111f4272d316e96767dc378cb51bfabda28ef48cd372ac65c90b502b781978e114e189624e

/data/data/ir.amir.torshi/databases/__pushe_base_lib_db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.amir.torshi/databases/__pushe_base_lib_db-wal

MD5 3e1acc08e1165c02ab82bfe4ca7a3400
SHA1 29797742979f8dad4a4e7636c17a6d598aecd75e
SHA256 3aa4401ad1e2285aa34b4dc99b7ee05deff45dce88c2a479ac0bfaa2033648ef
SHA512 3ecbeab502f98b5f7ddb6b338d7a6b68a5c80b86a9812f831d26761739f25900e65fa96213b2117dd77ff3e9a12f30c809f3c7e88bf2a5139a4adc7eaf81e31d

/data/data/ir.amir.torshi/files/ashpazi.db

MD5 08acacfe0cf51723099c1b5ffd05345b
SHA1 3f5725fc1f92804309143491e7c54dbecb6e274f
SHA256 b199ef330ba45e58eb9819f5e9323295b126270ad8a58592d67e609318b1b258
SHA512 f3e55137f7be401baac9896dbc93aca8c9e65493b6b8bb63534e5be3bd27bd0adc1c5560e3e39c30fd08ad58933896d397a00be0adf91be0c4a4f4df14e48d5a

/data/data/ir.amir.torshi/files/ashpazi.db-journal

MD5 e04cfa7fd730875a21547736295e9b19
SHA1 3e753bbd1306428c81bd77fcf257afe1a0c5dc65
SHA256 da6115e6dd66ef01a1e2c4c581c2b6040f9654833cfa51435e9ee1f2a55ed1b8
SHA512 f373bb4e26e361b9d63bada2782655e0359d77472186437d569249f8cffd673740b3fce1d8bb98c90d2af4d74e520316aedcdcf4efe1422b864fea3eb1fa2b3d

/data/data/ir.amir.torshi/files/ashpazi.db

MD5 df8cef21b93ae07ba74876bc2b1daa06
SHA1 745e5ca19669c1133893685f644a34c3c309e817
SHA256 f28b69b394b12ea6e375caf67659b9bc54211152dbe80104a46e5c1bfe84cc4a
SHA512 2aac408db6ce68af1e63b6ec964297547670be6dfe121ab5f49a67850c8636e5c782df611575ad3d4e6bf4109ec448be99c7fc9e1a14286f30adefae9242aeea

/data/data/ir.amir.torshi/databases/evernote_jobs.db-wal

MD5 400bdb05a7d7a6be4bd891d21ddc05f5
SHA1 a913c6496d6111709dffd92ea1c110cbf7cdb121
SHA256 007c7981e07075c7a07203aa12fef051a5a61449159a12c5d5287857aeebc001
SHA512 fd5c501ea60c81e75e219819a223e519a3dea4b129617053d6a8b31380e5f40ad2c1e555159fe536bac9ca446930a14d427edabba6ba0a08988d73405b6663b9

/data/data/ir.amir.torshi/databases/evernote_jobs.db

MD5 57a1d18977ff8dd0443fb07f5f3ad923
SHA1 846d5142c1c72d347f1be8905633668d2f50cae1
SHA256 2792933ace0b80f932f8a6961fe85140795ab306e0d6b98a881af795424273d5
SHA512 a2d44e72ae6beb4056301cd0c458bef725296efceabb41b87a058f28618dcc8e33e25f78c00372f8962283aed39037aa07dd305a7df5034875f10c14030cfc94

/data/data/ir.amir.torshi/databases/evernote_jobs.db-wal

MD5 03964cbc758dd9629a27225690ef49f0
SHA1 032aa9289b62f4b375be8a4db66639a7524f5f80
SHA256 42044e2833e0b1d14eb9d68695b2cce6e85455cdceb2f475acb90d9ef4327c64
SHA512 a89f21469962696c0b6202a6437cbbd981b9682fca3bf176b5aa4b6380082c198847cedc93ec0ec68708cbca7cb0c59fd36dbe9074f7f539d656386c5acb911a

/data/data/ir.amir.torshi/databases/evernote_jobs.db

MD5 70f0f6eefe701aa9359d02ed844bd7f8
SHA1 0ebcbae0322ee0bebdbaf524db00325b50dadbcd
SHA256 9cf0a5853dd92428996ec33a797b7eee15d48145d5b55be64a729683fec594e1
SHA512 baee6339671f492fd8a33c541670c6abe5a92d65f5c5e568eaac760362c5e774b1357afb72a9753129f730e520548a0123ef476e2c6e767527a0d97327d1294d

/data/data/ir.amir.torshi/databases/evernote_jobs.db-wal

MD5 f37f2d34a276db940f3bb008c15eca33
SHA1 f1361962a46d2603a3632620e096a47a2fe18562
SHA256 53e856c619fc767d1a97750669f8346a1e7d24febf63e736dfb49e994184a651
SHA512 049168aec8a4f3b78b121cf4331f96fce0eb86172b0f27320677f8725de3e9b2391d501892e1ffcf590830b9741521c01318f92bbeb80f1b28b6d07acfb1c286

/data/data/ir.amir.torshi/databases/evernote_jobs.db

MD5 5b4ab5d7b59785aaa8d653d0cf30af49
SHA1 3db737e86419d26e861eda57807b18549537f5b5
SHA256 51bb07210b32b719617441f6f94e14e20d00457495cf738b6f71eef25472410a
SHA512 baa39f787661b229381a9cc6e4d46726b032ed4faef6a3b7193eae2bb3d4a734419b0389847f07e20b57ca3021e14f2f66550dc5b748a8c195cb84957892a931

/data/data/ir.amir.torshi/databases/evernote_jobs.db-wal

MD5 29da3902e4aeca1b2d087f7f9ffda4f4
SHA1 f0033b713825eaacd0097f85ae537cee6ef95fbe
SHA256 a45f2619f86731bbfc091bbc575b6f732a4f3a3b968441a76f3246ebbeca925b
SHA512 33611572eda80620587ef52b703a47857e1b2376e8af507848db88c13e422c45883a160a51b9d77d88427eed6e4a145bfeda079161f24a648a211f0aa7fce647

/data/data/ir.amir.torshi/databases/evernote_jobs.db

MD5 078fc83912b98f840ace4a8f0e5443d2
SHA1 915ef4d4b2b9a19769960e5fe65c90b75a2b25a8
SHA256 ad2cdd3490170a215dd17f6930d9ec3535a1737477fa13ae6ffff0a1228eb8c9
SHA512 b3fde6f5f88933c2fef3be5f3d2c6e19f5d5718817a3005723e80ec0c1fdde9a11b24113af2532f53011bdcd79f2e40a17397c8f911ec82ba95330525cefb703

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 14:59

Reported

2023-12-25 12:18

Platform

android-x64-20231215-en

Max time kernel

2699558s

Max time network

150s

Command Line

ir.amir.torshi

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.amir.torshi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 srv.magnetadservices.com udp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
US 1.1.1.1:53 server.magnet.ir udp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:80 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:80 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
GB 216.58.213.14:443 tcp
IR 178.216.250.25:443 server.magnet.ir tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
BE 108.177.15.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
IR 178.216.250.25:443 server.magnet.ir tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 172.217.169.4:443 tcp
GB 172.217.169.4:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.200.34:443 tcp

Files

/data/data/ir.amir.torshi/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.amir.torshi/databases/evernote_jobs.db-journal

MD5 963b37e950f7090c049c15d63ba0747d
SHA1 3febf46c226cb30ef8a44bd15e3a41f76fba6d42
SHA256 ace88947461d19e52eb42218697d6a1e0059d5c4659dcb6a619d6d4faab4b765
SHA512 f61e02d006bb5a8982ddd72ff80793f959728da202b68ec078b9e8990e5014a2172abf8292492b17cc113194508663c4ce83dbcfd7245b1f2596b1809d218b42

/data/data/ir.amir.torshi/databases/evernote_jobs.db

MD5 ee2bdf49e44588e4361fd619eb0496b6
SHA1 8e8c2c04d4d425dee11e7d257a69515b90918b42
SHA256 051ed4dbf349e03f3b97cbd5062e84e21abfb14398bdfcdfaa50cc2718bdbdd1
SHA512 a7c90a19d94c3981a2ee4e02d37e2982d99feab423b0158c75f582018cb0d0910321bad71f30c009b163b80ee03f8055347e22c25ae5eb24aa2089de1d0723d3

/data/data/ir.amir.torshi/databases/evernote_jobs.db-journal

MD5 a64084e5821a2ec34fc9ecf3b76c2589
SHA1 29aa9fbbdc24d79cf2da4d4c3d635c5993455689
SHA256 be941713362c3e300e3e6140c4754b24cbfeeaad849bc4b3a9b4432f4902c2f7
SHA512 6ba7d4f99bcf636137a440f8e88974aa9267e1d67ddcce315b93feb0e744e964c80a5210f785a3f7b4ee62ddc9ee9a472a561996fb990076953c4dfc10d83dc3

/data/data/ir.amir.torshi/databases/evernote_jobs.db-journal

MD5 45bfafcf4b75e554dba0248cf58b4e0b
SHA1 bc812a1086442e050e9d788c85e1b290346f0f2c
SHA256 0f3bc5b2a939b96bb3b5835b1dfd6cb46efc194ef579fffd196eedfd1597a19c
SHA512 e898854cecd5e17516146a44bd404b47ba63fd7895cdd6d60368eee5af78e51b9cd53b8f432ac1b4b8768c955acf6cee1f65d29ce865ab5ec70b29955ac9ac22

/data/data/ir.amir.torshi/databases/evernote_jobs.db-journal

MD5 6509d6474f8c74314cdbd94d2d582a99
SHA1 5bd7e00ca7b4dc883eca59838c88c9a66c0b1208
SHA256 9e2be04c964f27ca06649f9f95d4652f9c939835135d5caa590c0028cbcfca57
SHA512 30c0fece59521a5944c19a453f8b517f6435af80fce68366fed4639de4ad4fcf227b67f30c84eb97d96a09281751215b23cf18ebd9b76efce7c320cb828c881e

/data/data/ir.amir.torshi/databases/evernote_jobs.db

MD5 d59c1489766426ff759af13b688311d0
SHA1 1220db7d19214c56c7f3a07dcccc4c73c941303c
SHA256 6fe82c8addef21ab799ff2574544d285e02bcefdab052bb663ed2009c70fed88
SHA512 35f5137ce93c7ce6e94cc6be6821f957a7e40f4da7a7a891e7247913e1ceaa8b5fc0d1d4773834d95e80ff56e412652e1fe8a732a2159e09a5611659fdcba220

/data/data/ir.amir.torshi/databases/__pushe_base_lib_db-journal

MD5 08b77927e898f272779313f26e055597
SHA1 c09b40cc84ee6ced82ae6d1ecb09d659b3579fe7
SHA256 9c62666a0d24338770666d0fa4912fab88655e4d35fb80be856a37fb3a8fcad1
SHA512 ac0a239bb1a2c04c21c79bebd854a0066d7dc2b40b25e413bb70d3ef8102c51df2fc83cf6621081e3309fc5c26e052ce0d726fe9e3dc9f7dc52b8e8a46a948f9

/data/data/ir.amir.torshi/databases/__pushe_base_lib_db

MD5 abe9fa56c177c65db8c072e6d81fc41c
SHA1 abe9e9bb6f7294324f549af4435f58578ae69f2f
SHA256 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a
SHA512 bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a

/data/data/ir.amir.torshi/databases/__pushe_base_lib_db-journal

MD5 9d8eaa3ad58321fb6450e6a9c397ba06
SHA1 894f6505625035fd6162a3fae9f9a1cf8f01b377
SHA256 8eb29e8e6fcd7a66eeca7bc41102e4865d2322e11bf5173d1dd98e0bc777ebf8
SHA512 ed4db943c45f56651323b4f58fe738f3a04eeb03d8210218f0d46bb11a2f04322b55ffbe6d9138a8dbfa377053e17434eb1e83f74d55ff7d4f037bab0538bbd8

/data/data/ir.amir.torshi/databases/__pushe_base_lib_db-journal

MD5 601b40a0a7cd41456ca59ef6d3e69514
SHA1 9973b52fc5bc2a41699812738faabc0c1c1e0af4
SHA256 d58043d6c67e2b5f78fa698e9cf896d91aa627d0f0af7d57004f217f4bcd6efb
SHA512 32ee2a9830dd9065172f9eb52b7e571a2df1508bb3ee1f785c6d752d88f4dde4b4aa5b48511fad636284efecd98ee5d33e1aba0dc7d3da21678b8026444ea614

/data/data/ir.amir.torshi/files/ashpazi.db

MD5 08acacfe0cf51723099c1b5ffd05345b
SHA1 3f5725fc1f92804309143491e7c54dbecb6e274f
SHA256 b199ef330ba45e58eb9819f5e9323295b126270ad8a58592d67e609318b1b258
SHA512 f3e55137f7be401baac9896dbc93aca8c9e65493b6b8bb63534e5be3bd27bd0adc1c5560e3e39c30fd08ad58933896d397a00be0adf91be0c4a4f4df14e48d5a

/data/data/ir.amir.torshi/databases/evernote_jobs.db-journal

MD5 025e7e557725dfb2f19087b0c775ce52
SHA1 7250ec6834f101cc15cc65f62ae1ffe2f8f61f86
SHA256 85905a0c2dc829938c676b7f5ce80a79e5c30184c46f129294f52662e5ce73f8
SHA512 4fe4a704fa0d81e8bb9ead422d0a13b23d3d3f35ab8b5b519094147a4dd1263efda00c5dece11c075b6f4c8404e7b1f5a1338fa37fd9f44c90d1ef266bd5d482

/data/data/ir.amir.torshi/databases/evernote_jobs.db

MD5 a9abca5636104370ef07d852bc95ccce
SHA1 d5c72b83543e80d0d894ab10dc6d833cbfc2def8
SHA256 76c1ece602ecdeae80a25a269344bd2be4d14f72096454da59e311920ac34188
SHA512 3a26216b9e6eac62a9b429d797047896086d93aaa40abe6b124f6496d788f6ddf5649954d9ec91b3f80a323dd62c343cfdd3858cae6b3ff7eea91137adfb9136

/data/data/ir.amir.torshi/databases/evernote_jobs.db-journal

MD5 bce0838d2a0c6706111d2b271e221073
SHA1 b4baabfd622a15550419135684bc9ac5d356d1ae
SHA256 09afaaf471b6e0e5cfaf6d0a0523980e1e6096e60f19bac6bb955c927888de07
SHA512 1e36f850d6fc23a2beca9aff5536a5d9feb6e3aa998de181871f3441cd007e1d0cc59bef3bb72b16231dad6cdbbb03f427727abe2f036752667f438a20c3dec6

/data/data/ir.amir.torshi/databases/evernote_jobs.db

MD5 7f4b623b0e6a419ecf51a564609ff257
SHA1 ffd3cf65395952b3d51d9dd2cad960c0a766eb1b
SHA256 3fab38d2aef4b1dd82723af6ea284c2b52f178a8e78ee7500b72a4b46079c9d8
SHA512 6c635c8abd4d1f130276f0f8ae46e4f80564bce51b69c16bdac2194668265c885af1929bc43fb7297e18f4e6d28d1036ddc53839dc26679bb03326bcec63dc25

/data/data/ir.amir.torshi/databases/evernote_jobs.db

MD5 1cc9e04100e23085e4435330688251a9
SHA1 833afb3eb6a9814ae639632b9667522914973d90
SHA256 8ec3c6936d7d6621a39531a90d80e4513e858465bb9af37c3c706faf69c2ca3a
SHA512 f9803deb184765089199fb84ad5310e0df5904b335096c23184e1b0535345b4c1018d4a7c3bd80bc79484b3b0e8e797cd1904e3aa9f0122e164cabe4648dedc5

/data/data/ir.amir.torshi/databases/evernote_jobs.db

MD5 5a3a19f0ef9110d4fb1a10ecbccc2c5c
SHA1 7bc3df427ca46617939cff058af375d45ac52579
SHA256 52172d46e5ef0012d50955a3dcdc1edd13fcaaf8ffc4723c01a01201983a8e5f
SHA512 35370431b4a9166daa78d1adb0a7d65aa4e86b3f703650013d0f3d6d37b5b8d6d548884664bf4afb58985dc405fc20f037c8a3239aa2cf09ef398c481de658c4

/data/data/ir.amir.torshi/databases/__pushe_base_lib_db-journal

MD5 d932e16c7c457afd90a6685a50472875
SHA1 5c819688d5d981117b92684668b3fc29cd0f50cb
SHA256 471712b6c083999b2821d4bbdd05e3a3b996ef11d4aa73b56cd2c14e431b46b4
SHA512 f9aed2562037654cfaef6a1da8665129dde4ab2cdecae69572e10d197742c7a4de3138e5659097990729792609a4415caec4e3ae3c90c958aa01bb47862dfe48

/data/data/ir.amir.torshi/databases/__pushe_base_lib_db-journal

MD5 bfe80e4c3968f0612d36e7dc84dc25cf
SHA1 e8ff70b4979bda5a7c7ddfa2774e43c07e2c9c4c
SHA256 6a5cd2845fb7a623041abafe6bdc044547157106d358fa5c67886d28ab40d232
SHA512 b4542f8471120126fb65c0ad8996dd08dbb1534eb7c045e5e3ad9a0896cd5e1ddc93dcdcdcd2de9dc1bdcae534c079ce55eee62217fa6ab65901bbbf03d5c954

/data/data/ir.amir.torshi/databases/__pushe_base_lib_db-journal

MD5 45071b7b612cef3d76bd7210576050d7
SHA1 bbe67bffb9a4eea1b7406fac39b5617afbcf0a87
SHA256 1655753f6f39b1597d101e66b428a0663b622ccba3c0f90e015a6a44155a9e89
SHA512 7e083828e842993ec4064ee8ab2bf479ae7fcf710017106a85b10657869cdbacc1056b5608abb40de08b1763368c4e6b447b8474f35a3228a997f391353469bf

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 14:59

Reported

2023-12-25 12:21

Platform

android-x64-arm64-20231215-en

Max time kernel

2699692s

Max time network

139s

Command Line

ir.amir.torshi

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.amir.torshi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 udp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 srv.magnetadservices.com udp
BE 74.125.206.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
IR 178.216.250.25:80 srv.magnetadservices.com tcp
US 1.1.1.1:53 server.magnet.ir udp
IR 178.216.250.25:80 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:80 server.magnet.ir tcp
IR 178.216.250.25:80 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
IR 178.216.250.25:443 server.magnet.ir tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp

Files

/data/user/0/ir.amir.torshi/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/ir.amir.torshi/databases/evernote_jobs.db-journal

MD5 5569cfbef2245b87a2d0d3be50955461
SHA1 83c0b19f2c960892087cd9f3c6d61a567799a34e
SHA256 e36a9c11f8cafab2a8341bc43222d93d7d7cfab6b01dcb5f172f2f6c724ac25d
SHA512 6264e2474212fedff00152c817dd45348f7348e1cf2d60af31a0e37812903f96e3178e50171bf9fc8b424efa06d6095ffd5687be400e307c1c6339839ab7da77

/data/user/0/ir.amir.torshi/databases/evernote_jobs.db

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/ir.amir.torshi/databases/evernote_jobs.db-journal

MD5 0ac43eb6714f14a7d522f30b01e44cae
SHA1 268dd35fa6dec9aa6ae556f766bacd646d47c2c6
SHA256 2016b00ede5a63a8b21cd1c4c0feff2a29a4934f7d59ef52a32c538f506932d2
SHA512 09bc9c1dea6cbeed3bc8c772a36b366e386a74b7345e29852acac361ec96d59d72c5743e25e722332f4b78aaea3d172f9113c312f45bf86a36d759609c6b3ef5

/data/user/0/ir.amir.torshi/databases/evernote_jobs.db-journal

MD5 fcb04ad907cb10f6550a9ae4968143b0
SHA1 7fd05c1cfd5ce8d2987948def4fc98ce49c4e606
SHA256 a08308e41b186b531b7d8eaf2ffeba4cac8cf07d3fd0dc5c5a348f2b8c85f1eb
SHA512 2c62c78dd1cfc8fb3502c19ea88d86d737143c797c1c79eee84cb55db444404b849bf0ff48f4227b6706f521c7499fc095a711ab2dff50d80cd3521574ea506b

/data/user/0/ir.amir.torshi/databases/evernote_jobs.db-journal

MD5 35006fc6fed24e2fd0a94180684d24f7
SHA1 13a98e102659fe2f52cb06f55ac27d8cf60d8643
SHA256 3ce2a38e434c66567fa5ef96bc3d718c1d18ffd90545c8bb498907ec55c0145b
SHA512 83a5c2cc482131d13b2edb96553f4069ba58c66ab83027c0e438889b1acd285fc31f27c41fba3a7ae9fab3e9abc822dff948e89d2c2296bd9a26fe7418bd5507

/data/user/0/ir.amir.torshi/databases/evernote_jobs.db

MD5 96babf16ac384045d4de0ece6ff5bf40
SHA1 fcac340916fe101bc85ccf9cafe8537fa6499dcd
SHA256 c1ea0008f8ff5fca7d71521cdc79d23eae1563632bf04d5880d758020d4494a7
SHA512 f208c8f032dd54455dec9a35f4f87f6dd26f8ca79a3f5e7458fb0df10060ef394e51df4118f8aaf1853467c6f04a61e7cdffa5daead309747534ff5df3a2fcc1

/data/user/0/ir.amir.torshi/databases/__pushe_base_lib_db-journal

MD5 fd6c6bed927504b1c754572e703405e1
SHA1 bab008d832425ec94cccb773fe0d6588ea2baac8
SHA256 d301cd444f9665bf7f500c9aa54a356634b290076b64cff78f1713f27678183f
SHA512 81a16fb069d505661366c3c19d107765d234b3c0cfb2af41140119b268f085116f02aba7c8d34222e7833272bce570a3b5a47af30ecd46711ccf29b1ebd34881

/data/user/0/ir.amir.torshi/databases/__pushe_base_lib_db

MD5 2cdf77d5c14dd3f313b60c691579a0b9
SHA1 6a74a7a3170cabead82152871c90749afdd6f310
SHA256 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0
SHA512 eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c

/data/user/0/ir.amir.torshi/databases/__pushe_base_lib_db-journal

MD5 984f07a4d73d05ed6593d8f9d74d0613
SHA1 9c3ac2b9517ee15952560e6d7dfd1921c1dcd59c
SHA256 50be096c6fcfc744dcfd71f7570f9d9ffb47784fa92df50bfd63518e1eaef756
SHA512 d0ca1e82673ff2e43ddd53dff95093171cf2471e83f481e75d67d295b3e076067dc4260970405f05a5f528dcdc5f645a43e4f8f00cb28491578a36801ac02431

/data/user/0/ir.amir.torshi/databases/__pushe_base_lib_db-journal

MD5 726878bae21dbf7a3fa15516f04b2535
SHA1 4b8b7253087ec5f865463612393506474844bbe0
SHA256 8a9a0346b281cab8a0c8385a10082aaa0d0a75d4980611e29ba5859608adfa82
SHA512 91e002adfe2c38975da83f80f61f08e49df998999f831068790419dc8926dfd7d925bf7a36db89c8ab74235f7a5d3d8d08510048bb60fa5db850cd4060e1c933

/data/user/0/ir.amir.torshi/files/ashpazi.db

MD5 08acacfe0cf51723099c1b5ffd05345b
SHA1 3f5725fc1f92804309143491e7c54dbecb6e274f
SHA256 b199ef330ba45e58eb9819f5e9323295b126270ad8a58592d67e609318b1b258
SHA512 f3e55137f7be401baac9896dbc93aca8c9e65493b6b8bb63534e5be3bd27bd0adc1c5560e3e39c30fd08ad58933896d397a00be0adf91be0c4a4f4df14e48d5a

/data/user/0/ir.amir.torshi/databases/evernote_jobs.db-journal

MD5 504079d8553d8795a92856e35547a4e5
SHA1 3bcba0286ac56abacfa5204785eb9f94488626c1
SHA256 5067ce1a6f2580f746222aeb86d831842b04e58662b986042a9f9b84e224eb03
SHA512 11f9cd5ea1479f5ec9b10296004c8001a0e9887f9547096a51f65f8c3142ea3278cbe42aa3057d9951156ce29185a042693571c6637feecd4594c0d1e4521078

/data/user/0/ir.amir.torshi/databases/evernote_jobs.db

MD5 b625642f0ab0f5024f785d64055bdb77
SHA1 2d259de743a5430defe9ad95dd452de2f68162e6
SHA256 fbf9fbd5e645e18c0edab3ea3f36350c573772f94d26d78d80a4adc0dd7e39c4
SHA512 07384f5b7a24a23e0e3883e2e6fae661ad15ac4506efae8a76a7255fb42a94cf8e1e5820e947c6bfd02d1de27aa93d9dd0d269e00bae2592cebe387db0f30716

/data/user/0/ir.amir.torshi/databases/evernote_jobs.db-journal

MD5 628fe2ea8d937e301c7ec03661c9d072
SHA1 143d63b5d9cbbdeafb3e8085b96554d3c2b6f95b
SHA256 39fa6b09013aa6d82117a86361e866efb60fe073aef4733a803653787d84f7a5
SHA512 9f795467bd42128dfe9884ef210b8087098ad78c73dc5ab39fa3c208af02d990e56d198af355d43675ebe79cdab334cc9582ad19846ee6054fa30fe3fabbd98a

/data/user/0/ir.amir.torshi/databases/evernote_jobs.db

MD5 5aad6ad93ec1c3a6dffd88184d39c5ab
SHA1 69b904d52537b57d4a49272d07626f46a737ac48
SHA256 d0d659a23d3f018488118804dfb218599a2b8de3a921c11f10d2049c05c9fc4d
SHA512 1d8a300e553378a25cb479d45c64fddf182cde68f44e6a8300a981a477e9121ad2d685477bc81ac73b11ec93543ee3cdf789d7fed2af80881a0cd0319ea8c9b1

/data/user/0/ir.amir.torshi/databases/evernote_jobs.db

MD5 1a54ad96fddf43775ca996c23455d66c
SHA1 f6358fbafea043eaa0f22ddc0257c38848f7f16b
SHA256 cca1a51eb370d188eac7657fb1341379a54f50b7228423dcf2f6ac67448d68e2
SHA512 f4274076e0cd867334c83095c99f703d2deaaff358c44a5194f44230fd003d51bf19350b48d7cfb7b5016c5b2c644aeaa157c8892695b0de3d2a0e86fe65f718

/data/user/0/ir.amir.torshi/databases/evernote_jobs.db

MD5 ef94bc2ffb12129fb614c279903951be
SHA1 b2b4e6e1a56e214998aae1ec2d9de460f1e19567
SHA256 8fd2b0dc4d31e1ea55a278aac782eefa8c492529a61e8c358637d09d034a36b2
SHA512 f81b1368a56da1a9998a16877232ed3f5196fd34a50ca0c70865eebf611428bd65844534b382a6a4a85a4c631b849b2c0f892b45eaadfd4075f6cb2c919c602c

/data/user/0/ir.amir.torshi/databases/__pushe_base_lib_db-journal

MD5 df9ff93bd3180d721710536fd6e32d88
SHA1 b5b20bd34d4bcebd57bb5e666a152f6af6563a4f
SHA256 457c031b9df78e65c1ab60f97b93d418de8aca69f0e21660276c66c148ad48dd
SHA512 2e9e96900bdcaae673bc6c07139d76c9c1631468cbb33e8ffeadbf3fe4b48990801938c5e2842db1f5359dd0f7ded2336913e4431b564cc767fafed082607d61

/data/user/0/ir.amir.torshi/databases/__pushe_base_lib_db-journal

MD5 57ec281096f3e9b1a2dbc4c0e2752c21
SHA1 936fa898a1d2b7b890a2dc9b4f8a33cc4f5703c4
SHA256 8fc0aa4dbf6e51c5d82ca24bec60768a941fe4c0debfaa5c26a789f67183feb7
SHA512 081e4126bc6bb0d1bc489be2b7bf788b5ff12d319ff2c4c2fea0d62f4a00517d777431d8d625a4a01e6fb4cba544e109ffd9df8bd7f3c50c1d7e60ab0d6f4cf4