Analysis

  • max time kernel
    2539231s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23-12-2023 15:20

General

  • Target

    3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a.apk

  • Size

    10.8MB

  • MD5

    5e78eff5e12f649924dcab285944ef7d

  • SHA1

    8e294379802f967dddaf35c8e104a8bcf44d8563

  • SHA256

    3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a

  • SHA512

    0f4a7e75153a5e39ef5d94e09fbc1686fb92875dbc219c7def89a20ad2e06c99580a14b5aeb4f04f67fb8622134819f862f0ef3119b0ca7c73ddd26f2ab6726a

  • SSDEEP

    196608:rpig0wdg7ievu+H0+YzgU3pAe8qXvh78oSE27Yw2adhiU1rrsOMgXjj:wFwdgmevuiOgU3pAe9v6owjdhtrsXW

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.zahuz.torshi
    1⤵
    • Requests cell location
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/59389f3a-873e-4309-86cd-d1a2ad726b44.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6ca2bcca-988b-40e2-bcb0-8dd702c69a11.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ac019b05-6913-46ce-bc2c-85f36d32ca8f.jobs

    Filesize

    278B

    MD5

    490f70dcf30e03ed01df79a9d9bf313d

    SHA1

    10d6092cb8ec898de4a9ada1ca944facf12be5cd

    SHA256

    3af61dc9d43b2e9c4c80db60de5a5ad6facb38bd1fe8c3c474c6afecdb720fe8

    SHA512

    a10e2f206df2412a171b2ab5c45257a6d5551984b73a0f0727ca7aabc542b780937c11ea8dda1d38916749deed1823b29715de37347a1d373acc6875d66f503b

  • /data/data/ir.zahuz.torshi/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/ir.zahuz.torshi/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    300bd1e3f0c74fcceba55347b0432286

    SHA1

    dff7f83a390ecbc69acbc7bfff6772be1f369ff4

    SHA256

    d4c7928d55f7766173230b34aebab534b9b9b9f11e32cfc628568ce5eb3bfb31

    SHA512

    2e2a73757faebd0c8ab386ce6557a5e564ff8082d08c616f6e2b4fd6d37f600af28aa6a3e550a930193a4aac5bae2d1b79abc0c497c68ae6474c01a5cd0f794f

  • /data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-wal

    Filesize

    16KB

    MD5

    f21564b4e4da0233893e04bf367e357f

    SHA1

    648c1b244f45dc2924d400e023538a73451bf7b9

    SHA256

    8414a24858c7e6add000e9d94c364c28e46317354887f6e5d4beef59150e913f

    SHA512

    49e77c8e817fb1a067f1bc872dfb7bf69c077c10d6366b48899ea9cf8fc4ca769a407c76a12d67db10eb3bee1cf8dc1ac3df4802e4eef804c7c4f167ae3a62fc

  • /data/data/ir.zahuz.torshi/databases/cheshdb

    Filesize

    20KB

    MD5

    1010b31809f0b818d176c2263e9bb02d

    SHA1

    369c55b19174ef0a472ebb8f91caa66d1668da6e

    SHA256

    fcf29e7a334af7b602f25ca0412be9d3c98d0cf218c90d510160574fd27cefa4

    SHA512

    5f47e2c4d8973c103186498a7896ed3f11a94cbe62506f76cff374e28151b76fd43d1faf4ec7422e0ed023fb505390d1aee90ba0a471ab4b688cfe84bea6f8b7

  • /data/data/ir.zahuz.torshi/databases/cheshdb

    Filesize

    24KB

    MD5

    1f347cea6a53594be878e35079bdabc4

    SHA1

    ae24631f83d3c875dd678040baafb5e64fc6ba6e

    SHA256

    46cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5

    SHA512

    6f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9

  • /data/data/ir.zahuz.torshi/databases/cheshdb-journal

    Filesize

    512B

    MD5

    556f7b663e326d3853f7fb5fbfd51655

    SHA1

    d5bab4853e000f7ccc190f8c72a90f16551dd643

    SHA256

    cb9548aa64df3c4633f944cadaa3d7f2d72f4362dbc8f8d5df22388af8feacf0

    SHA512

    06dde711e406539f544285538df47b62b924ea5445b2b6498037f9e066867bcf91624d98d7ceab8c6073898b32f65cb581e38dbff72279603a0ca281ce6ad9e8

  • /data/data/ir.zahuz.torshi/databases/cheshdb-wal

    Filesize

    40KB

    MD5

    167562ac3bd5127b55dd2eed52b01683

    SHA1

    94900afc6a402956d6234da31d26b82caff6ae82

    SHA256

    e63b0f145e0638767ff688b337b2e748c5f4e258b3b9b11ba68f5c9a33ebbf19

    SHA512

    a92ba947bf9986b92672b01cde5b68f9d85801507248b2b1576074f2495e583ebcda17ddbfb548888e8d554bdc10aaa8641498fe06be729c63c12122075aaf4c

  • /data/data/ir.zahuz.torshi/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    931cd318dc558048131792b837c594c7

    SHA1

    c479c32feedf2fff80ce8b8c3c47e43223181fa2

    SHA256

    0ada6d264dc6eb2444dffc5f4326c7987412ac87a767a191f0a6685a0fd0fc3a

    SHA512

    27f2a98f2fda3cf30cd0d1e251495d9c928b105afe75d434a7d7bf8e1acffedab152a738ae2ca387fdf93af93f0906ecc33ac3ef89c92d70d6c8002645144fd8

  • /data/data/ir.zahuz.torshi/databases/db_default_job_manager

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    3c77bf02fbf239fe1c4507a641913121

    SHA1

    721091e1e3beae386c29f13b6e9804fd40ca6d8f

    SHA256

    5913602432d1bf949eff8ea4b72a894520f7d0ae60a174b0abe273b80609e831

    SHA512

    50d6beb894d0f94443ea94d43bdc3d6f0dcd6043082e71da8d32a51e4bf563b6177b7ac1e083b59299dae5f8777d31612250fc1674e4df7a132e8bec19d69ce0

  • /data/data/ir.zahuz.torshi/databases/db_default_job_manager-shm

    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/ir.zahuz.torshi/databases/db_default_job_manager-wal

    Filesize

    96KB

    MD5

    ff4f767ef751077faadb3ab77a16d317

    SHA1

    6f820ef9815d77e246e799bba850969725537013

    SHA256

    a3a0ab09b0ee3734d5b2369bffff69330ab4f324f79fead3a9c522cecfef91bf

    SHA512

    b8d194851ca8e3aa0e56a1726e7634429e7566b40942571fd2c7755422dbcbf2a53b8cc9043cf64fc13d566d954c764ac6736b32f7b90a711cdaf9173a5ca27e

  • /data/data/ir.zahuz.torshi/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    58b7e07c3363feee2644290ffa1d7df4

    SHA1

    fbd9362a772692d6432ca254a32ca3e78331dd4c

    SHA256

    cf403f612d371800fde7fa2c090f4873abc40314aca3cc141c07df3ff479eb14

    SHA512

    dfc61436ec5a640144b656bc852dc78b1c97fad18b7abcd73f405130ffedfe84398973ba63515c4b1bcc56e550d6de8e14566ab8fe1e2a49ff31d3894fa4a211

  • /data/data/ir.zahuz.torshi/databases/evernote_jobs.db-wal

    Filesize

    28KB

    MD5

    241b730d272eb145b35c2e233d54e15e

    SHA1

    180f131db39585711309ec999df43f2f643c5409

    SHA256

    4913f7556f6ad06ce70d6c9f7766f8f0071b471cb6ba392bb7d7a150577ce651

    SHA512

    b680919dbc809fb7a8507197d7b84228087c736e896142fcb473ee264a919379dcb7b020ce8731ff8ab7d97dd1d0b536c2a725815513778ccd572659549c8a05

  • /data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    9cc44b57785dfa1eb35b6025ed63df02

    SHA1

    e5b66ae5fb1d67862427c5dfdcc59fbf0c685c25

    SHA256

    214ab4a349f7d0d24c382f1016ea894ae59746bbb24558ceceef1a55341759a3

    SHA512

    511899c3d667d95a9efbe7ea3ff4c4bd6208c99429311df33b9c6e74aff2cc11b4581d3a22fe468d525437a8f6d638c614293b848641811016105a2141083737

  • /data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    a902d8a352ac98ef3604a5c2cc3f3dd5

    SHA1

    2f9568ebd39811a82aa0cf3a5d048d7911570a44

    SHA256

    07067a8973b6e90f91ed6a7a3ed90dc379d9c3e2640247b5c51fa9608d3c6fa7

    SHA512

    e94bdc0a2187847b424dd62420d7f5b31d6dc597afcf466ffdb10a40cc94b28d4aba30a9298dfdcf1ab94ce8956ddb412632957697326785b08fe4460221f13d

  • /data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    5a464b5ca6bdacd644396fb49c2c0e38

    SHA1

    b50335d30ce20fb67ee7421ffb8129a2bc88c98e

    SHA256

    58ee17a213410875471bfa3c1bef0ae2eab0dbaad5ffc940910cf36eb615831d

    SHA512

    3a08ab302df72f680e4998c438612f9ea4a99a62427092014bc236b1861c6d72b5daa79a4056220e095b34606f1f29284a610dcc046afbf3705cdb988eff6c48

  • /data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    b2f9707085e816b48cfd894680c3851b

    SHA1

    486c3cdcca63705ed121579c11e74cdd78ab6633

    SHA256

    5313c695aed426486e1f0166d9bbffb0aa33b11a6d25ac73c939a292a25c366c

    SHA512

    44fea627a4abe4fb6fd04faa9c5d46f41a49f832ce6fa9543b9fc4f47a94afd10d757f1247fbfb8d0ba637556d2850bb36aba80c3be4cbdf993a862efb9b8a7f

  • /data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    720589f0f2f8201900329edafc42a113

    SHA1

    3dfa3a3e1bc6f006b0488abc3a0143af6abc1c27

    SHA256

    543aea7cbf3be4c12119572af98ea6fda72e8cf886edd19a6ba8a80263e16c59

    SHA512

    bc4da98c2bc11dacf7e5b8edf23ba5a123faadb5a02cbdc4f082109619ca956c93b3f2d1a5b44aa039ccb0e0915ecddbfb2bd71307df7fd4fba6d38ee9cb63ea

  • /data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    890f2b16bfd4eed4c0a64df8be036c12

    SHA1

    70cbcf406b44891cba578269d99469ccf603f8a8

    SHA256

    e8a4b1160b978e52c76b3fc8f0c6a0a3973e93653ebe8a1396734946c0a03b65

    SHA512

    60635948e3c9c114e0be013a7d5c99e5f5b986748b99c2942959e5c2e65fac738705dd2ec60519eb57011d2104a92c327015fdd939f167b8f1d9ec7853e8ea9c

  • /data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal

    Filesize

    16KB

    MD5

    7c722ac9598a670e7c7748e4c3aaef48

    SHA1

    8d6a9d4b3834fc3bb6ad3058882dac81b56000e9

    SHA256

    04c7d0b87f3c2861aa55003fa5f193d776078e82e347793def93f54869cfeff6

    SHA512

    a82920ad1c88ee4c8e931ab9c06f40696101a4747df03e1a1d0cdd41e7ab2cf1fdc2163ad26f661fdf1abd2de060b21c06cdc5cd57ba45cf35a7c512a2078e2b

  • /data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    7713879b78aeb2694c6d1ea6656d3571

    SHA1

    bc8c322b10193e186fc580d5be5509a6905e83b3

    SHA256

    521399e26f020dcc4992b7c6b81b283b27068ca6accd4bad5a9a7b660645b212

    SHA512

    13b626e72272f6d843f40d72147c9506c3d5e645cd8d8de83b5165e2b77a711d66726eb3d172d17d3a7079af542693bd8911992690de66a5e22b6958d5b671f0

  • /data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    4886ba4bcb14d0ae2e54d784911e7530

    SHA1

    674c8da5d374a2c9af7b7f19ae6a626a22957796

    SHA256

    945533059de14b8b7bb4cc6dfc97a9cbc4d7bd982b5ddac2dc5414c28dcdaf77

    SHA512

    71f873d4f06304fcb910c7543fbb5166ca3dea74599024f91db255d53a487b93da30ad832fce84db1518cdffe934e30cf543be01af5a16c053850b6a313d0877

  • /data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    786014bacac5191fd425edeba91ea00f

    SHA1

    9a3eed7872f980d91e8830c054cfedb55e4af59a

    SHA256

    bb254dce7a99e382937f892e32a1a3f30abad60ff4f62a4be09ce39e0022b0f4

    SHA512

    89dd3f96eb8e6f9a78d723dc6833785902952a8fed89829de55ea53d851689f37d3e0fff3e9e57514eb2a88354408bcb27451eef2d1aab30c778f5354c648bbe

  • /data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    a293c723f582c9f09484be83ecfd2f9d

    SHA1

    e09c7fe318f7ad508cfc0d6835cfc87a48149eae

    SHA256

    10d03305780f9ef47a8df3ac7cdf1ea77f6714e71bb1dc33c9e976f4b290a44a

    SHA512

    f8311cf7b0bd5b793ab00a57028205c7d042713ceebc23b00ef0a4c2021123dc60e06a74b8639cc7cb10ed3d3e1eae7aa7b726d2ea4cd7782b8ed8c872ca7457

  • /data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    662903cef02bcef250ff58eeb0fabd11

    SHA1

    554df5723dc50e64a95f5fd1726763f4147fc9a4

    SHA256

    effd2cb5fdfc44f5d701e4d00b54b628c69e42d24a267606bc4a248d8f04ead6

    SHA512

    35f11fff558a6c5355bd34d0fa007cbe775682a9fddfb88af90218be1d8980d70f6b79416fa11c4670196bda605bad13e0ba52a92992952ec84ff214f9d16df7

  • /data/data/ir.zahuz.torshi/files/info.db

    Filesize

    11.0MB

    MD5

    513f102e2329feb8fb17eb76b08c28fa

    SHA1

    768f08745e5f69a7a94105de675e15693384ab89

    SHA256

    f1c435b6b483dc3775c5978e29bc49048498c82d542934a644ddee4d45726987

    SHA512

    d7942a9794f186733f3efc8eb21b764f619ebeab3ca96bd22fbae37c4c1b3846d907033a746f3a6dc2222e9380621b0c3f3ed79d6c36f603cfc0053654102b5e

  • /data/data/ir.zahuz.torshi/files/info.db

    Filesize

    1024B

    MD5

    1729686a0bfd9eb4ad1f004c8eee39ce

    SHA1

    9d6705e744cec3b885525759dbc49383d532003f

    SHA256

    83b58bcff7ce9b62084efd4bc0b13dd6818990db6b35a0a253709bd8ec9282fd

    SHA512

    36d4daf372c04eb0f37ca266620b8e4e9be102d8db52731d4d81d6ca089ba8de3ab8a82e7255c6d243842622e4588c9e47fe766e963352e39b99f47685c4f25e

  • /data/data/ir.zahuz.torshi/files/info.db-journal

    Filesize

    1KB

    MD5

    c4e79a8c07a7d1cb8dc7660cdb0fee87

    SHA1

    32fb892f13148980e25d1168a2a3f1764ce47197

    SHA256

    92ce8daecab6dfb12688278627405357e48a946cb316d511b870ea8bccc1071f

    SHA512

    e47bdbc0bb1a3e76e73b6d26913bdfa9f376981055536b811d1bb00d41fa83d5631964c68d98bd34e62428b3aaba1cbf584336a23174949e2e5aacb40899e638

  • /data/data/ir.zahuz.torshi/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    79ac2d8705be76011f2765ecb4170669

    SHA1

    61e5b14a1b7072f48802690478aa9212f33fb10d

    SHA256

    ba6ba9dabbc6e54020a923d4fd365b0ad15d90989092ed418c0e115160bf9255

    SHA512

    997b6d80fff9ee5713bbbf136ccd327cf743cd07a345eec34399fc1c438eb93ccfb48233bdf58113cfce2056b6479566ac3ee0d7b52266e062645b74c96f76bc