Analysis
-
max time kernel
2539231s -
max time network
156s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system -
submitted
23-12-2023 15:20
Behavioral task
behavioral1
Sample
3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a.apk
-
Size
10.8MB
-
MD5
5e78eff5e12f649924dcab285944ef7d
-
SHA1
8e294379802f967dddaf35c8e104a8bcf44d8563
-
SHA256
3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a
-
SHA512
0f4a7e75153a5e39ef5d94e09fbc1686fb92875dbc219c7def89a20ad2e06c99580a14b5aeb4f04f67fb8622134819f862f0ef3119b0ca7c73ddd26f2ab6726a
-
SSDEEP
196608:rpig0wdg7ievu+H0+YzgU3pAe8qXvh78oSE27Yw2adhiU1rrsOMgXjj:wFwdgmevuiOgU3pAe9v6owjdhtrsXW
Malware Config
Signatures
-
Requests cell location 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation ir.zahuz.torshi Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo ir.zahuz.torshi -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock ir.zahuz.torshi -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ir.zahuz.torshi
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/59389f3a-873e-4309-86cd-d1a2ad726b44.jobs
Filesize176B
MD5f56f328eea1d5c96a1b96dbbf59488df
SHA1440c784cacff61932e2f61580b7cfdc3a4943c95
SHA25690949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA51236e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb
-
/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6ca2bcca-988b-40e2-bcb0-8dd702c69a11.jobs
Filesize179B
MD5ac58f99a1b179d71e8621412ad31c6a1
SHA1b51fdad95876f5615735c2ab411031ff67d5e946
SHA2569537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b
-
/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ac019b05-6913-46ce-bc2c-85f36d32ca8f.jobs
Filesize278B
MD5490f70dcf30e03ed01df79a9d9bf313d
SHA110d6092cb8ec898de4a9ada1ca944facf12be5cd
SHA2563af61dc9d43b2e9c4c80db60de5a5ad6facb38bd1fe8c3c474c6afecdb720fe8
SHA512a10e2f206df2412a171b2ab5c45257a6d5551984b73a0f0727ca7aabc542b780937c11ea8dda1d38916749deed1823b29715de37347a1d373acc6875d66f503b
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
Filesize
512B
MD5300bd1e3f0c74fcceba55347b0432286
SHA1dff7f83a390ecbc69acbc7bfff6772be1f369ff4
SHA256d4c7928d55f7766173230b34aebab534b9b9b9f11e32cfc628568ce5eb3bfb31
SHA5122e2a73757faebd0c8ab386ce6557a5e564ff8082d08c616f6e2b4fd6d37f600af28aa6a3e550a930193a4aac5bae2d1b79abc0c497c68ae6474c01a5cd0f794f
-
Filesize
16KB
MD5f21564b4e4da0233893e04bf367e357f
SHA1648c1b244f45dc2924d400e023538a73451bf7b9
SHA2568414a24858c7e6add000e9d94c364c28e46317354887f6e5d4beef59150e913f
SHA51249e77c8e817fb1a067f1bc872dfb7bf69c077c10d6366b48899ea9cf8fc4ca769a407c76a12d67db10eb3bee1cf8dc1ac3df4802e4eef804c7c4f167ae3a62fc
-
Filesize
20KB
MD51010b31809f0b818d176c2263e9bb02d
SHA1369c55b19174ef0a472ebb8f91caa66d1668da6e
SHA256fcf29e7a334af7b602f25ca0412be9d3c98d0cf218c90d510160574fd27cefa4
SHA5125f47e2c4d8973c103186498a7896ed3f11a94cbe62506f76cff374e28151b76fd43d1faf4ec7422e0ed023fb505390d1aee90ba0a471ab4b688cfe84bea6f8b7
-
Filesize
24KB
MD51f347cea6a53594be878e35079bdabc4
SHA1ae24631f83d3c875dd678040baafb5e64fc6ba6e
SHA25646cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5
SHA5126f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9
-
Filesize
512B
MD5556f7b663e326d3853f7fb5fbfd51655
SHA1d5bab4853e000f7ccc190f8c72a90f16551dd643
SHA256cb9548aa64df3c4633f944cadaa3d7f2d72f4362dbc8f8d5df22388af8feacf0
SHA51206dde711e406539f544285538df47b62b924ea5445b2b6498037f9e066867bcf91624d98d7ceab8c6073898b32f65cb581e38dbff72279603a0ca281ce6ad9e8
-
Filesize
40KB
MD5167562ac3bd5127b55dd2eed52b01683
SHA194900afc6a402956d6234da31d26b82caff6ae82
SHA256e63b0f145e0638767ff688b337b2e748c5f4e258b3b9b11ba68f5c9a33ebbf19
SHA512a92ba947bf9986b92672b01cde5b68f9d85801507248b2b1576074f2495e583ebcda17ddbfb548888e8d554bdc10aaa8641498fe06be729c63c12122075aaf4c
-
Filesize
8KB
MD5931cd318dc558048131792b837c594c7
SHA1c479c32feedf2fff80ce8b8c3c47e43223181fa2
SHA2560ada6d264dc6eb2444dffc5f4326c7987412ac87a767a191f0a6685a0fd0fc3a
SHA51227f2a98f2fda3cf30cd0d1e251495d9c928b105afe75d434a7d7bf8e1acffedab152a738ae2ca387fdf93af93f0906ecc33ac3ef89c92d70d6c8002645144fd8
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD53c77bf02fbf239fe1c4507a641913121
SHA1721091e1e3beae386c29f13b6e9804fd40ca6d8f
SHA2565913602432d1bf949eff8ea4b72a894520f7d0ae60a174b0abe273b80609e831
SHA51250d6beb894d0f94443ea94d43bdc3d6f0dcd6043082e71da8d32a51e4bf563b6177b7ac1e083b59299dae5f8777d31612250fc1674e4df7a132e8bec19d69ce0
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
96KB
MD5ff4f767ef751077faadb3ab77a16d317
SHA16f820ef9815d77e246e799bba850969725537013
SHA256a3a0ab09b0ee3734d5b2369bffff69330ab4f324f79fead3a9c522cecfef91bf
SHA512b8d194851ca8e3aa0e56a1726e7634429e7566b40942571fd2c7755422dbcbf2a53b8cc9043cf64fc13d566d954c764ac6736b32f7b90a711cdaf9173a5ca27e
-
Filesize
512B
MD558b7e07c3363feee2644290ffa1d7df4
SHA1fbd9362a772692d6432ca254a32ca3e78331dd4c
SHA256cf403f612d371800fde7fa2c090f4873abc40314aca3cc141c07df3ff479eb14
SHA512dfc61436ec5a640144b656bc852dc78b1c97fad18b7abcd73f405130ffedfe84398973ba63515c4b1bcc56e550d6de8e14566ab8fe1e2a49ff31d3894fa4a211
-
Filesize
28KB
MD5241b730d272eb145b35c2e233d54e15e
SHA1180f131db39585711309ec999df43f2f643c5409
SHA2564913f7556f6ad06ce70d6c9f7766f8f0071b471cb6ba392bb7d7a150577ce651
SHA512b680919dbc809fb7a8507197d7b84228087c736e896142fcb473ee264a919379dcb7b020ce8731ff8ab7d97dd1d0b536c2a725815513778ccd572659549c8a05
-
Filesize
16KB
MD59cc44b57785dfa1eb35b6025ed63df02
SHA1e5b66ae5fb1d67862427c5dfdcc59fbf0c685c25
SHA256214ab4a349f7d0d24c382f1016ea894ae59746bbb24558ceceef1a55341759a3
SHA512511899c3d667d95a9efbe7ea3ff4c4bd6208c99429311df33b9c6e74aff2cc11b4581d3a22fe468d525437a8f6d638c614293b848641811016105a2141083737
-
Filesize
16KB
MD5a902d8a352ac98ef3604a5c2cc3f3dd5
SHA12f9568ebd39811a82aa0cf3a5d048d7911570a44
SHA25607067a8973b6e90f91ed6a7a3ed90dc379d9c3e2640247b5c51fa9608d3c6fa7
SHA512e94bdc0a2187847b424dd62420d7f5b31d6dc597afcf466ffdb10a40cc94b28d4aba30a9298dfdcf1ab94ce8956ddb412632957697326785b08fe4460221f13d
-
Filesize
16KB
MD55a464b5ca6bdacd644396fb49c2c0e38
SHA1b50335d30ce20fb67ee7421ffb8129a2bc88c98e
SHA25658ee17a213410875471bfa3c1bef0ae2eab0dbaad5ffc940910cf36eb615831d
SHA5123a08ab302df72f680e4998c438612f9ea4a99a62427092014bc236b1861c6d72b5daa79a4056220e095b34606f1f29284a610dcc046afbf3705cdb988eff6c48
-
Filesize
16KB
MD5b2f9707085e816b48cfd894680c3851b
SHA1486c3cdcca63705ed121579c11e74cdd78ab6633
SHA2565313c695aed426486e1f0166d9bbffb0aa33b11a6d25ac73c939a292a25c366c
SHA51244fea627a4abe4fb6fd04faa9c5d46f41a49f832ce6fa9543b9fc4f47a94afd10d757f1247fbfb8d0ba637556d2850bb36aba80c3be4cbdf993a862efb9b8a7f
-
Filesize
16KB
MD5720589f0f2f8201900329edafc42a113
SHA13dfa3a3e1bc6f006b0488abc3a0143af6abc1c27
SHA256543aea7cbf3be4c12119572af98ea6fda72e8cf886edd19a6ba8a80263e16c59
SHA512bc4da98c2bc11dacf7e5b8edf23ba5a123faadb5a02cbdc4f082109619ca956c93b3f2d1a5b44aa039ccb0e0915ecddbfb2bd71307df7fd4fba6d38ee9cb63ea
-
Filesize
512B
MD5890f2b16bfd4eed4c0a64df8be036c12
SHA170cbcf406b44891cba578269d99469ccf603f8a8
SHA256e8a4b1160b978e52c76b3fc8f0c6a0a3973e93653ebe8a1396734946c0a03b65
SHA51260635948e3c9c114e0be013a7d5c99e5f5b986748b99c2942959e5c2e65fac738705dd2ec60519eb57011d2104a92c327015fdd939f167b8f1d9ec7853e8ea9c
-
Filesize
16KB
MD57c722ac9598a670e7c7748e4c3aaef48
SHA18d6a9d4b3834fc3bb6ad3058882dac81b56000e9
SHA25604c7d0b87f3c2861aa55003fa5f193d776078e82e347793def93f54869cfeff6
SHA512a82920ad1c88ee4c8e931ab9c06f40696101a4747df03e1a1d0cdd41e7ab2cf1fdc2163ad26f661fdf1abd2de060b21c06cdc5cd57ba45cf35a7c512a2078e2b
-
Filesize
4KB
MD57713879b78aeb2694c6d1ea6656d3571
SHA1bc8c322b10193e186fc580d5be5509a6905e83b3
SHA256521399e26f020dcc4992b7c6b81b283b27068ca6accd4bad5a9a7b660645b212
SHA51213b626e72272f6d843f40d72147c9506c3d5e645cd8d8de83b5165e2b77a711d66726eb3d172d17d3a7079af542693bd8911992690de66a5e22b6958d5b671f0
-
Filesize
4KB
MD54886ba4bcb14d0ae2e54d784911e7530
SHA1674c8da5d374a2c9af7b7f19ae6a626a22957796
SHA256945533059de14b8b7bb4cc6dfc97a9cbc4d7bd982b5ddac2dc5414c28dcdaf77
SHA51271f873d4f06304fcb910c7543fbb5166ca3dea74599024f91db255d53a487b93da30ad832fce84db1518cdffe934e30cf543be01af5a16c053850b6a313d0877
-
Filesize
4KB
MD5786014bacac5191fd425edeba91ea00f
SHA19a3eed7872f980d91e8830c054cfedb55e4af59a
SHA256bb254dce7a99e382937f892e32a1a3f30abad60ff4f62a4be09ce39e0022b0f4
SHA51289dd3f96eb8e6f9a78d723dc6833785902952a8fed89829de55ea53d851689f37d3e0fff3e9e57514eb2a88354408bcb27451eef2d1aab30c778f5354c648bbe
-
Filesize
4KB
MD5a293c723f582c9f09484be83ecfd2f9d
SHA1e09c7fe318f7ad508cfc0d6835cfc87a48149eae
SHA25610d03305780f9ef47a8df3ac7cdf1ea77f6714e71bb1dc33c9e976f4b290a44a
SHA512f8311cf7b0bd5b793ab00a57028205c7d042713ceebc23b00ef0a4c2021123dc60e06a74b8639cc7cb10ed3d3e1eae7aa7b726d2ea4cd7782b8ed8c872ca7457
-
Filesize
4KB
MD5662903cef02bcef250ff58eeb0fabd11
SHA1554df5723dc50e64a95f5fd1726763f4147fc9a4
SHA256effd2cb5fdfc44f5d701e4d00b54b628c69e42d24a267606bc4a248d8f04ead6
SHA51235f11fff558a6c5355bd34d0fa007cbe775682a9fddfb88af90218be1d8980d70f6b79416fa11c4670196bda605bad13e0ba52a92992952ec84ff214f9d16df7
-
Filesize
11.0MB
MD5513f102e2329feb8fb17eb76b08c28fa
SHA1768f08745e5f69a7a94105de675e15693384ab89
SHA256f1c435b6b483dc3775c5978e29bc49048498c82d542934a644ddee4d45726987
SHA512d7942a9794f186733f3efc8eb21b764f619ebeab3ca96bd22fbae37c4c1b3846d907033a746f3a6dc2222e9380621b0c3f3ed79d6c36f603cfc0053654102b5e
-
Filesize
1024B
MD51729686a0bfd9eb4ad1f004c8eee39ce
SHA19d6705e744cec3b885525759dbc49383d532003f
SHA25683b58bcff7ce9b62084efd4bc0b13dd6818990db6b35a0a253709bd8ec9282fd
SHA51236d4daf372c04eb0f37ca266620b8e4e9be102d8db52731d4d81d6ca089ba8de3ab8a82e7255c6d243842622e4588c9e47fe766e963352e39b99f47685c4f25e
-
Filesize
1KB
MD5c4e79a8c07a7d1cb8dc7660cdb0fee87
SHA132fb892f13148980e25d1168a2a3f1764ce47197
SHA25692ce8daecab6dfb12688278627405357e48a946cb316d511b870ea8bccc1071f
SHA512e47bdbc0bb1a3e76e73b6d26913bdfa9f376981055536b811d1bb00d41fa83d5631964c68d98bd34e62428b3aaba1cbf584336a23174949e2e5aacb40899e638
-
Filesize
2KB
MD579ac2d8705be76011f2765ecb4170669
SHA161e5b14a1b7072f48802690478aa9212f33fb10d
SHA256ba6ba9dabbc6e54020a923d4fd365b0ad15d90989092ed418c0e115160bf9255
SHA512997b6d80fff9ee5713bbbf136ccd327cf743cd07a345eec34399fc1c438eb93ccfb48233bdf58113cfce2056b6479566ac3ee0d7b52266e062645b74c96f76bc