Analysis

  • max time kernel
    2538467s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    23-12-2023 15:20

General

  • Target

    3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a.apk

  • Size

    10.8MB

  • MD5

    5e78eff5e12f649924dcab285944ef7d

  • SHA1

    8e294379802f967dddaf35c8e104a8bcf44d8563

  • SHA256

    3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a

  • SHA512

    0f4a7e75153a5e39ef5d94e09fbc1686fb92875dbc219c7def89a20ad2e06c99580a14b5aeb4f04f67fb8622134819f862f0ef3119b0ca7c73ddd26f2ab6726a

  • SSDEEP

    196608:rpig0wdg7ievu+H0+YzgU3pAe8qXvh78oSE27Yw2adhiU1rrsOMgXjj:wFwdgmevuiOgU3pAe9v6owjdhtrsXW

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.zahuz.torshi
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4982

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0844218d-7a6e-439b-adde-84101e180fea.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/21e90c2e-e598-419b-ab70-d91a37b315c3.jobs

    Filesize

    278B

    MD5

    e681721febf0099b6353d0ccff634b3b

    SHA1

    2c5a49542a740ffdf4380540fa7fafc207aad49a

    SHA256

    1e80efbab73ea8177e4afaae6cd6215e619aef22d59e1627aab3f63bd90b7b0b

    SHA512

    ede45155178a42b973e1f0eaf80d15159d35e6282d5890792c6a5696790a052e4e0c177dd2b023ff7efea915e1e7c7e2977d1a679e26e3e6fe36aaddc75744ce

  • /data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f353d52a-2472-49da-a88e-72d9c86ffc64.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/ir.zahuz.torshi/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/ir.zahuz.torshi/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db

    Filesize

    24KB

    MD5

    abe9fa56c177c65db8c072e6d81fc41c

    SHA1

    abe9e9bb6f7294324f549af4435f58578ae69f2f

    SHA256

    53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a

    SHA512

    bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a

  • /data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    ec2935cef0c9682457142522db6773dc

    SHA1

    57b4c47b41407254698a6aff6f36f0f9e9fe031f

    SHA256

    41768df5345ca5b709c76d04874f035e2cf0da88746a691dbeea48eb575e253d

    SHA512

    d1cfc5962f78fa8339fff049771fbfcecb7d0e9f8dd2a0739aa48e4473088b855494b9f0e4d9912afa3b8e1885ecbc70aa239f03559739cb3b1643af780c4db7

  • /data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    d13ecb03d785ba039d02e996ae25f010

    SHA1

    971fa6a45dbb75034a322f678cd175173c80aa4e

    SHA256

    2ed3f90278b098b924b62df850ccc912b9e822ed79caf60e24f87a0b32e78855

    SHA512

    847dc799cc3772522d80d16e221d32d5f38f077e4022c96490f601363c1810e73d1691dcb7115131eff2a2daab498d0186fb00c00f4ddba2a46746ffcfcb88d2

  • /data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    a4cf3f951fc9ad6c96eb40a85e091366

    SHA1

    aa67d0cb5d3bab6581d3e60055fef68477cc50d5

    SHA256

    c5e7a7d885c38670d6760f9da908f9f5c6e7816c4b8ba6bee7cfbf9f3010746d

    SHA512

    7cecf43edc73b3ded30880461f20abe20901e6a4af6b2677983c3d5c987f6318cb2f656b26235fac03da446f98c848c987eb7adb11b543c941fca86f8ba95dfa

  • /data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    c109e76c01e4f465c9035d0fc3cd0bb5

    SHA1

    d55d9d1754d882efc145c82550787e1d6a75ad08

    SHA256

    91870193aebd164a90c4cf9a3d699f53e2f5b56fd7b445bed32f7e785d8df592

    SHA512

    65b8732ea9be64c97e3d7bad89181fe8a3c5690466dd53daaa95a77a0d4003f1ff4767adb2a651cd6da1c1b3a470a85dd12865199c32384283f65fb509f559ce

  • /data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    196b14b541b1bbf796b7931057b73226

    SHA1

    00b4ddd2e83d913a788f60b50d6cbd084d2c3113

    SHA256

    33eb8a63510e661db47c94e0c63277dca519d731552848c6c95b9db09c99d20e

    SHA512

    e72fd0376137117cb2cb9a3a4b684cb7b24922e33d77cda48ce991e47aed08b71acc778f0a5facd156c4af5178dbe9069644fa8e6e97fac88b685c9d728cfe77

  • /data/data/ir.zahuz.torshi/databases/cheshdb

    Filesize

    24KB

    MD5

    259a1e4e7ebc4b0d0341ffcf0c3bc2ea

    SHA1

    9b8da5a0b24833a3e84567d9d8ee0d2f54d7b48c

    SHA256

    4f4987ac3d84abad3490459fa7a32b7bfadaae5f329e15dcff36e07d34faaeb1

    SHA512

    dc1296e2b0b18dd83a3782acb700e155ea9a60ef193bfa8c98999e7cc3c5b73a97c20a974cc956ab438aeeba812ec2d2f401fb2e714bb9bb5fb421fa4b7a2313

  • /data/data/ir.zahuz.torshi/databases/cheshdb

    Filesize

    20KB

    MD5

    83b95931306f1b460a1127c8b96f7cfc

    SHA1

    730fb47f2e1a5a1ea2499b6957e6545102ada61e

    SHA256

    852ba2e18236ff3994c5c98016ef957a4eeb9aa20734bb85f8112e8aa5724d7d

    SHA512

    3854e30b0974a62726559ef31f957d06dc6cee69647b26ed4c83e53f345793678b5bfebf1b0816332ffba927fa739aa52ee970aec61c1aee8a362c06d5a58e76

  • /data/data/ir.zahuz.torshi/databases/cheshdb-journal

    Filesize

    512B

    MD5

    60d77843f35aaa530427fa606a2a9461

    SHA1

    d3f6abec1704942bc16137b41db2102d96932c37

    SHA256

    99a6de5480cc4b8c240dbf827dba34cde9bc55d8d6562724abe66ab1ab25f10b

    SHA512

    60c52dde3c61deccd6fa6c95be951bbf83714385378c1bd343c3182536615296a4bf81b53c27c638a92b431cc9e3317fddb0aab350c94b4d9a5580839c850e66

  • /data/data/ir.zahuz.torshi/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    0fd61099ef4186e631652f58c86bd92e

    SHA1

    13de8c818751ce3325463d4bf8f74ef52f7a117d

    SHA256

    3d2ede96fd7febe2ff563b78e215c2eea45f6aeb7a7ed58c44a9fdf83d01d1a3

    SHA512

    ffbd24d18e9ee0abb16188dac59bcf16f2de5d4316bae57e315c38e31b40de86c79f025f2c99d22d07670ad5ff5a53dd706899aed2ac06b4b3e2762defca3b42

  • /data/data/ir.zahuz.torshi/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    e0f9c8e0fa390ae018328eb087e35ae6

    SHA1

    ba5a6d878f9d6dd6d6d13e6ad4b75cccd2c5dec4

    SHA256

    24a03fb52fe91bdb13dba620c4009183e794811e16af71d94f78254070cf3791

    SHA512

    5ec27e7fe1979a9c0a3127fbe10e375a8b6d366fc8315a0f024dd61440a55283bccc3c69465dd5ff2f28def4ac67d84aa095406839f8358faa2396bb031d55ed

  • /data/data/ir.zahuz.torshi/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    61e81c4e9f8b22fa2b9b819302010bb3

    SHA1

    7765a9ab0c0de33e7f4d8abdc7ca360ec7348511

    SHA256

    98890a008f8a2066e135901567a8665f90448400b93161b5fcd6b15d95d153d4

    SHA512

    424662e1303f4ac79fd37c31f5d46db8e2b7a9aeb33d6d826976002f4b6ad51c86a27e1557f4721c31764166d1cb09da765b66626eca6ebbea934eb76cd5246c

  • /data/data/ir.zahuz.torshi/databases/cheshdb-journal

    Filesize

    12KB

    MD5

    7e50722a22007f59149da39039538cfa

    SHA1

    b061babbae454a7baccd0ce5b6bff6a0ad19556a

    SHA256

    23fad31e7363499757eaccd2707b3bc95e69ccc55c0e815e3c5c7d86cca745d7

    SHA512

    e687e54f067ad3d070c61354f552ebbe5cc9a8e96ec11d3ea5e4c71bfdd923bd9a21eddc0270818b9cb51a68f91fed27e7eaf717a5ce8b360155674413d76822

  • /data/data/ir.zahuz.torshi/databases/db_default_job_manager

    Filesize

    28KB

    MD5

    e2356cbae488b0366e59857e59c46f87

    SHA1

    f7db8fdc324335ba1bd4f6b80c36b67c771d485b

    SHA256

    e7b39b394fa4d986e114064f7615f1e13f4e10562633dc8c9ca80677a045d8e9

    SHA512

    56bfabf6ba9096d06fb5bc835dd4ea2d8a89293c340cfbcced532e019e60eef9938ab1d4555b20fbac1b5ed778b0e0a52429af17750a07ed817a29d013a18b07

  • /data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal

    Filesize

    20KB

    MD5

    49fa91627e5a181d3ac24a3a6e6e8ae8

    SHA1

    f0f456c662ecc8d4eafcabb4b5f4f175eb27414e

    SHA256

    e697ba9e6f45b1de3fc61c2ea94e407f45afe1250856a5700fd58d4de89030b7

    SHA512

    5548e3c562e9e6cf3cce44f04e72d9c2e5adf53745d663098a4ea13f507ff8d0d5fd4669d422b04f08fccd354709ecfc94678fdc62563025dfdeb98d222da0bf

  • /data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal

    Filesize

    12KB

    MD5

    7b38926f9b07a8cbb509baa64e18381f

    SHA1

    2298792c0ba2124f6c78ede10a55d26660c68d8d

    SHA256

    7014b68c85b10cb4d9554698ec1d6d6d00af76cd246dc3f077be42dd35b690f0

    SHA512

    fef7ecc389b576024cba91d13daaaedc799d2967fc1214a6c6d495ba50e2dc0d8a06c3fa895237da39802f5cc09f2ff4ead522711ddbe9ae90e17d520714c776

  • /data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    5e4bf033af30bb13be16787cfd3d244e

    SHA1

    daa3806ba6f76175e28552bec1394e11dc0ef2c9

    SHA256

    81f8f94ab92250d374422f02df7e94cd3c059fedce6ebdfc885ab722ef2c4bad

    SHA512

    a77a635adb92230972ea1d8f6eba9406e0caf0d706f5ccca26b325fa3bb84d2fd5dbab4721f6f8c61a93c0fbb129e0320eda570b8b6df3ff7aab1a557e5de14d

  • /data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    cbc611645226cdac86a0f18a352353f3

    SHA1

    fa75b4bdb18865c70e42dae97120e9629347be7d

    SHA256

    9b67cf8625839863a67cdb7b9951e5fcf8f9c6bb1855f6f00dfda35c4c539006

    SHA512

    5a6b515cdcfbad2458ed0facb87ef2fed7f6afb4a32b4253e4d2e0228086068b6fcf084e1a9cdce115b723abfd075b26418bab87b70d9d806389cebb17aadd49

  • /data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    5c5ac82b71dcf45c051da1574ca6b43e

    SHA1

    901a1585dc851db127febf4e1ba0b9a9889395b0

    SHA256

    6decbd5f947b3291edb975af073ddce1cefb2efa6b060b5e14fe410569306707

    SHA512

    7c8903265a27c86b47098fa802d0dfd203c38373558b298b00ff9ccb3488cec18ef3dc2179254fb7ff091bfb2031aa064796075c1f2e80d5c4a155dda3975511

  • /data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal

    Filesize

    12KB

    MD5

    9490e4cb2415827aa05e70c19b40d177

    SHA1

    45afd569efc2e914368551a5f5fb43cb32ea631c

    SHA256

    70e9d79784ab45994feb22719a7deb483e6986024426c7fcb03843f8caf65be2

    SHA512

    f05661e5c73b60a5729cdd857b954ecc55d5689f9003982c342e508010142613549741d65c69eb9703a55c8d513aa4fde0d8f857c95b9fdc3b2a225337d13af3

  • /data/data/ir.zahuz.torshi/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    0e297a687d28ded4ce790861c5d687a4

    SHA1

    3a1123daf8b27ea6a88b11cc3f8e6228b3838894

    SHA256

    8fdc5b6f2fe6eac9d1809a0d56218a12d9525213da793c37b774d560b557cc15

    SHA512

    ab42dd94ff9e2aa965c7aa20bd9aeba475a4b5ade5e202516f6ec5bcb5bf1f66f00b5eda777acb6bf529ebf662a244b58a026aae58669c5eedf0eb8c703faff2

  • /data/data/ir.zahuz.torshi/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    60c8d55b14dbff7c2e1fcdd0758a9c34

    SHA1

    55494b995ac104ec159122abd8ba1ed862383004

    SHA256

    c4919419addf70518348398f7c7a19ba63ff566353199da2079cd2a9d2d195de

    SHA512

    f2de709955da9e99a900f9e954d6dc2b794dcc9cea003761ef0f078c224a9644bef330cfb78487481b185bf79879ba3358ae5ace54fcfc4811a15fdf63b4cecd

  • /data/data/ir.zahuz.torshi/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    1815f023766a1dc1c528b4b7d2e28b1b

    SHA1

    79a0514402f3f22b70bbbd70bfef6f55d935e684

    SHA256

    19fc48bf0e82816093f289a13f9f71b77a21fa6db212558894770270c59d0746

    SHA512

    c397ee87232a35033918c050b3a5831877ce597cc7ac4168b43c593c19c1f98fd1b59df7f5318faa6f5f54e32cc14adf40244edb34eff3abbbf622224a3978b1

  • /data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    e84446b822bf12f6f61a60859dd89d2b

    SHA1

    39378c675b53e085c6f037274ab03015687d1d04

    SHA256

    14637806b4f31b33b39b5618a6b6a68c8d1e5f007348855e16e388faef753d46

    SHA512

    3b8b9e86de0e1bfe4030fc0f49dbfba976e766444e75d9fa53c6e570208128ea25c175506c15df39510331bc6a50d2f12ce08a64fdaa248ad227eeaefb6e60b2

  • /data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    df94bfa81df2ea7b2ad240754a220132

    SHA1

    7338b238dec5ab68424b47db77c8fb8fbe598f7d

    SHA256

    82b3b9027915c9f4e3afd1f5f127d888feb624a088307ad5c444292b852b64cb

    SHA512

    24dab0d999767fb799f73c219d5aeaf59d04eca0ad40c0ac065fa636447e5c4aa410e39f9f57b535d617b1185c8e348e16ea21253c43760b96eaf04e110e3ec6

  • /data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    672407be85d48193479f2e9188f05a65

    SHA1

    21de7e694feeeb070ac70e3f84f276f91e6e197e

    SHA256

    93f883c2d9adf83bd2a0cc0e2dde696fc7ef94b18a3a218951dce9aff12e0d50

    SHA512

    625a22ca425ae66cdb1a42cbcbe48088a37325896f1f55dd1efed00f47174e3967ccd639d88e7f1461b8f358fad9ac781ff6812d0d4d1bbdeb447ca41266fd6e

  • /data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    8aba2316d9d36e30c9c3915b59107a12

    SHA1

    3835b058091dd5dc0b85d24e37d8e4f76640c239

    SHA256

    0e2d858d6a07044f89db1d181065b29d696ccc5215e5674c1a72f903f08aa5ad

    SHA512

    2a40edf403ef3491da8d9a22d71b34acb58c4875a64060c2c5f2da899d4da0c488e400bcf05a1ed36b1a846837feb4b4f29e2fe04c316a4e2b8fae00a95c0e1a

  • /data/data/ir.zahuz.torshi/files/info.db

    Filesize

    136KB

    MD5

    a10e5d2745d8f7b3e2573f29fcce4712

    SHA1

    ef97ba81cf8d6b5bea5e8dd927b330d481831711

    SHA256

    d7d4067c10227f8cea3a647c55645cf900bb24a3162b9a336c8efd406249ac1a

    SHA512

    45f25e8fe40e32c9da1d5e765bef4a95e532be6ca87b5ad62ade5380019a4e0a037d9e510b3f735044ce3e101335e84afd10318c6aaad00315291987402babac

  • /data/data/ir.zahuz.torshi/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    6eb9c969e0f3bb50aa4f7f94a3a74f5b

    SHA1

    e8bf92426bc8c7297155e3b85302755043d2ef5d

    SHA256

    a188eb416b9cf0e103a4369eecf2feec2671b46e10c987a7302305c5dea535bf

    SHA512

    283bee65e017c7efb18631553221fe7c055ff8e174830d36bb9d5f5a0f04d967dc7e2f32991b73b63a68a6d87ce69195c229a7754a4a872039062ca70ade0b6b

  • /data/user/0/ir.zahuz.torshi/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56