Analysis
-
max time kernel
2538467s -
max time network
149s -
platform
android_x64 -
resource
android-x64-20231215-en -
resource tags
androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system -
submitted
23-12-2023 15:20
Behavioral task
behavioral1
Sample
3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a.apk
-
Size
10.8MB
-
MD5
5e78eff5e12f649924dcab285944ef7d
-
SHA1
8e294379802f967dddaf35c8e104a8bcf44d8563
-
SHA256
3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a
-
SHA512
0f4a7e75153a5e39ef5d94e09fbc1686fb92875dbc219c7def89a20ad2e06c99580a14b5aeb4f04f67fb8622134819f862f0ef3119b0ca7c73ddd26f2ab6726a
-
SSDEEP
196608:rpig0wdg7ievu+H0+YzgU3pAe8qXvh78oSE27Yw2adhiU1rrsOMgXjj:wFwdgmevuiOgU3pAe9v6owjdhtrsXW
Malware Config
Signatures
-
Requests cell location 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation ir.zahuz.torshi Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo ir.zahuz.torshi -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/ir.zahuz.torshi/cache/1582435991586.jar 4982 ir.zahuz.torshi -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock ir.zahuz.torshi -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ir.zahuz.torshi
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0844218d-7a6e-439b-adde-84101e180fea.jobs
Filesize179B
MD5ac58f99a1b179d71e8621412ad31c6a1
SHA1b51fdad95876f5615735c2ab411031ff67d5e946
SHA2569537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b
-
/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/21e90c2e-e598-419b-ab70-d91a37b315c3.jobs
Filesize278B
MD5e681721febf0099b6353d0ccff634b3b
SHA12c5a49542a740ffdf4380540fa7fafc207aad49a
SHA2561e80efbab73ea8177e4afaae6cd6215e619aef22d59e1627aab3f63bd90b7b0b
SHA512ede45155178a42b973e1f0eaf80d15159d35e6282d5890792c6a5696790a052e4e0c177dd2b023ff7efea915e1e7c7e2977d1a679e26e3e6fe36aaddc75744ce
-
/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f353d52a-2472-49da-a88e-72d9c86ffc64.jobs
Filesize176B
MD5f56f328eea1d5c96a1b96dbbf59488df
SHA1440c784cacff61932e2f61580b7cfdc3a4943c95
SHA25690949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA51236e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
Filesize
24KB
MD5abe9fa56c177c65db8c072e6d81fc41c
SHA1abe9e9bb6f7294324f549af4435f58578ae69f2f
SHA25653f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a
SHA512bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a
-
Filesize
512B
MD5ec2935cef0c9682457142522db6773dc
SHA157b4c47b41407254698a6aff6f36f0f9e9fe031f
SHA25641768df5345ca5b709c76d04874f035e2cf0da88746a691dbeea48eb575e253d
SHA512d1cfc5962f78fa8339fff049771fbfcecb7d0e9f8dd2a0739aa48e4473088b855494b9f0e4d9912afa3b8e1885ecbc70aa239f03559739cb3b1643af780c4db7
-
Filesize
8KB
MD5d13ecb03d785ba039d02e996ae25f010
SHA1971fa6a45dbb75034a322f678cd175173c80aa4e
SHA2562ed3f90278b098b924b62df850ccc912b9e822ed79caf60e24f87a0b32e78855
SHA512847dc799cc3772522d80d16e221d32d5f38f077e4022c96490f601363c1810e73d1691dcb7115131eff2a2daab498d0186fb00c00f4ddba2a46746ffcfcb88d2
-
Filesize
8KB
MD5a4cf3f951fc9ad6c96eb40a85e091366
SHA1aa67d0cb5d3bab6581d3e60055fef68477cc50d5
SHA256c5e7a7d885c38670d6760f9da908f9f5c6e7816c4b8ba6bee7cfbf9f3010746d
SHA5127cecf43edc73b3ded30880461f20abe20901e6a4af6b2677983c3d5c987f6318cb2f656b26235fac03da446f98c848c987eb7adb11b543c941fca86f8ba95dfa
-
Filesize
8KB
MD5c109e76c01e4f465c9035d0fc3cd0bb5
SHA1d55d9d1754d882efc145c82550787e1d6a75ad08
SHA25691870193aebd164a90c4cf9a3d699f53e2f5b56fd7b445bed32f7e785d8df592
SHA51265b8732ea9be64c97e3d7bad89181fe8a3c5690466dd53daaa95a77a0d4003f1ff4767adb2a651cd6da1c1b3a470a85dd12865199c32384283f65fb509f559ce
-
Filesize
8KB
MD5196b14b541b1bbf796b7931057b73226
SHA100b4ddd2e83d913a788f60b50d6cbd084d2c3113
SHA25633eb8a63510e661db47c94e0c63277dca519d731552848c6c95b9db09c99d20e
SHA512e72fd0376137117cb2cb9a3a4b684cb7b24922e33d77cda48ce991e47aed08b71acc778f0a5facd156c4af5178dbe9069644fa8e6e97fac88b685c9d728cfe77
-
Filesize
24KB
MD5259a1e4e7ebc4b0d0341ffcf0c3bc2ea
SHA19b8da5a0b24833a3e84567d9d8ee0d2f54d7b48c
SHA2564f4987ac3d84abad3490459fa7a32b7bfadaae5f329e15dcff36e07d34faaeb1
SHA512dc1296e2b0b18dd83a3782acb700e155ea9a60ef193bfa8c98999e7cc3c5b73a97c20a974cc956ab438aeeba812ec2d2f401fb2e714bb9bb5fb421fa4b7a2313
-
Filesize
20KB
MD583b95931306f1b460a1127c8b96f7cfc
SHA1730fb47f2e1a5a1ea2499b6957e6545102ada61e
SHA256852ba2e18236ff3994c5c98016ef957a4eeb9aa20734bb85f8112e8aa5724d7d
SHA5123854e30b0974a62726559ef31f957d06dc6cee69647b26ed4c83e53f345793678b5bfebf1b0816332ffba927fa739aa52ee970aec61c1aee8a362c06d5a58e76
-
Filesize
512B
MD560d77843f35aaa530427fa606a2a9461
SHA1d3f6abec1704942bc16137b41db2102d96932c37
SHA25699a6de5480cc4b8c240dbf827dba34cde9bc55d8d6562724abe66ab1ab25f10b
SHA51260c52dde3c61deccd6fa6c95be951bbf83714385378c1bd343c3182536615296a4bf81b53c27c638a92b431cc9e3317fddb0aab350c94b4d9a5580839c850e66
-
Filesize
8KB
MD50fd61099ef4186e631652f58c86bd92e
SHA113de8c818751ce3325463d4bf8f74ef52f7a117d
SHA2563d2ede96fd7febe2ff563b78e215c2eea45f6aeb7a7ed58c44a9fdf83d01d1a3
SHA512ffbd24d18e9ee0abb16188dac59bcf16f2de5d4316bae57e315c38e31b40de86c79f025f2c99d22d07670ad5ff5a53dd706899aed2ac06b4b3e2762defca3b42
-
Filesize
8KB
MD5e0f9c8e0fa390ae018328eb087e35ae6
SHA1ba5a6d878f9d6dd6d6d13e6ad4b75cccd2c5dec4
SHA25624a03fb52fe91bdb13dba620c4009183e794811e16af71d94f78254070cf3791
SHA5125ec27e7fe1979a9c0a3127fbe10e375a8b6d366fc8315a0f024dd61440a55283bccc3c69465dd5ff2f28def4ac67d84aa095406839f8358faa2396bb031d55ed
-
Filesize
8KB
MD561e81c4e9f8b22fa2b9b819302010bb3
SHA17765a9ab0c0de33e7f4d8abdc7ca360ec7348511
SHA25698890a008f8a2066e135901567a8665f90448400b93161b5fcd6b15d95d153d4
SHA512424662e1303f4ac79fd37c31f5d46db8e2b7a9aeb33d6d826976002f4b6ad51c86a27e1557f4721c31764166d1cb09da765b66626eca6ebbea934eb76cd5246c
-
Filesize
12KB
MD57e50722a22007f59149da39039538cfa
SHA1b061babbae454a7baccd0ce5b6bff6a0ad19556a
SHA25623fad31e7363499757eaccd2707b3bc95e69ccc55c0e815e3c5c7d86cca745d7
SHA512e687e54f067ad3d070c61354f552ebbe5cc9a8e96ec11d3ea5e4c71bfdd923bd9a21eddc0270818b9cb51a68f91fed27e7eaf717a5ce8b360155674413d76822
-
Filesize
28KB
MD5e2356cbae488b0366e59857e59c46f87
SHA1f7db8fdc324335ba1bd4f6b80c36b67c771d485b
SHA256e7b39b394fa4d986e114064f7615f1e13f4e10562633dc8c9ca80677a045d8e9
SHA51256bfabf6ba9096d06fb5bc835dd4ea2d8a89293c340cfbcced532e019e60eef9938ab1d4555b20fbac1b5ed778b0e0a52429af17750a07ed817a29d013a18b07
-
Filesize
20KB
MD549fa91627e5a181d3ac24a3a6e6e8ae8
SHA1f0f456c662ecc8d4eafcabb4b5f4f175eb27414e
SHA256e697ba9e6f45b1de3fc61c2ea94e407f45afe1250856a5700fd58d4de89030b7
SHA5125548e3c562e9e6cf3cce44f04e72d9c2e5adf53745d663098a4ea13f507ff8d0d5fd4669d422b04f08fccd354709ecfc94678fdc62563025dfdeb98d222da0bf
-
Filesize
12KB
MD57b38926f9b07a8cbb509baa64e18381f
SHA12298792c0ba2124f6c78ede10a55d26660c68d8d
SHA2567014b68c85b10cb4d9554698ec1d6d6d00af76cd246dc3f077be42dd35b690f0
SHA512fef7ecc389b576024cba91d13daaaedc799d2967fc1214a6c6d495ba50e2dc0d8a06c3fa895237da39802f5cc09f2ff4ead522711ddbe9ae90e17d520714c776
-
Filesize
512B
MD55e4bf033af30bb13be16787cfd3d244e
SHA1daa3806ba6f76175e28552bec1394e11dc0ef2c9
SHA25681f8f94ab92250d374422f02df7e94cd3c059fedce6ebdfc885ab722ef2c4bad
SHA512a77a635adb92230972ea1d8f6eba9406e0caf0d706f5ccca26b325fa3bb84d2fd5dbab4721f6f8c61a93c0fbb129e0320eda570b8b6df3ff7aab1a557e5de14d
-
Filesize
8KB
MD5cbc611645226cdac86a0f18a352353f3
SHA1fa75b4bdb18865c70e42dae97120e9629347be7d
SHA2569b67cf8625839863a67cdb7b9951e5fcf8f9c6bb1855f6f00dfda35c4c539006
SHA5125a6b515cdcfbad2458ed0facb87ef2fed7f6afb4a32b4253e4d2e0228086068b6fcf084e1a9cdce115b723abfd075b26418bab87b70d9d806389cebb17aadd49
-
Filesize
8KB
MD55c5ac82b71dcf45c051da1574ca6b43e
SHA1901a1585dc851db127febf4e1ba0b9a9889395b0
SHA2566decbd5f947b3291edb975af073ddce1cefb2efa6b060b5e14fe410569306707
SHA5127c8903265a27c86b47098fa802d0dfd203c38373558b298b00ff9ccb3488cec18ef3dc2179254fb7ff091bfb2031aa064796075c1f2e80d5c4a155dda3975511
-
Filesize
12KB
MD59490e4cb2415827aa05e70c19b40d177
SHA145afd569efc2e914368551a5f5fb43cb32ea631c
SHA25670e9d79784ab45994feb22719a7deb483e6986024426c7fcb03843f8caf65be2
SHA512f05661e5c73b60a5729cdd857b954ecc55d5689f9003982c342e508010142613549741d65c69eb9703a55c8d513aa4fde0d8f857c95b9fdc3b2a225337d13af3
-
Filesize
8KB
MD50e297a687d28ded4ce790861c5d687a4
SHA13a1123daf8b27ea6a88b11cc3f8e6228b3838894
SHA2568fdc5b6f2fe6eac9d1809a0d56218a12d9525213da793c37b774d560b557cc15
SHA512ab42dd94ff9e2aa965c7aa20bd9aeba475a4b5ade5e202516f6ec5bcb5bf1f66f00b5eda777acb6bf529ebf662a244b58a026aae58669c5eedf0eb8c703faff2
-
Filesize
8KB
MD560c8d55b14dbff7c2e1fcdd0758a9c34
SHA155494b995ac104ec159122abd8ba1ed862383004
SHA256c4919419addf70518348398f7c7a19ba63ff566353199da2079cd2a9d2d195de
SHA512f2de709955da9e99a900f9e954d6dc2b794dcc9cea003761ef0f078c224a9644bef330cfb78487481b185bf79879ba3358ae5ace54fcfc4811a15fdf63b4cecd
-
Filesize
8KB
MD51815f023766a1dc1c528b4b7d2e28b1b
SHA179a0514402f3f22b70bbbd70bfef6f55d935e684
SHA25619fc48bf0e82816093f289a13f9f71b77a21fa6db212558894770270c59d0746
SHA512c397ee87232a35033918c050b3a5831877ce597cc7ac4168b43c593c19c1f98fd1b59df7f5318faa6f5f54e32cc14adf40244edb34eff3abbbf622224a3978b1
-
Filesize
16KB
MD5e84446b822bf12f6f61a60859dd89d2b
SHA139378c675b53e085c6f037274ab03015687d1d04
SHA25614637806b4f31b33b39b5618a6b6a68c8d1e5f007348855e16e388faef753d46
SHA5123b8b9e86de0e1bfe4030fc0f49dbfba976e766444e75d9fa53c6e570208128ea25c175506c15df39510331bc6a50d2f12ce08a64fdaa248ad227eeaefb6e60b2
-
Filesize
16KB
MD5df94bfa81df2ea7b2ad240754a220132
SHA17338b238dec5ab68424b47db77c8fb8fbe598f7d
SHA25682b3b9027915c9f4e3afd1f5f127d888feb624a088307ad5c444292b852b64cb
SHA51224dab0d999767fb799f73c219d5aeaf59d04eca0ad40c0ac065fa636447e5c4aa410e39f9f57b535d617b1185c8e348e16ea21253c43760b96eaf04e110e3ec6
-
Filesize
512B
MD5672407be85d48193479f2e9188f05a65
SHA121de7e694feeeb070ac70e3f84f276f91e6e197e
SHA25693f883c2d9adf83bd2a0cc0e2dde696fc7ef94b18a3a218951dce9aff12e0d50
SHA512625a22ca425ae66cdb1a42cbcbe48088a37325896f1f55dd1efed00f47174e3967ccd639d88e7f1461b8f358fad9ac781ff6812d0d4d1bbdeb447ca41266fd6e
-
Filesize
8KB
MD58aba2316d9d36e30c9c3915b59107a12
SHA13835b058091dd5dc0b85d24e37d8e4f76640c239
SHA2560e2d858d6a07044f89db1d181065b29d696ccc5215e5674c1a72f903f08aa5ad
SHA5122a40edf403ef3491da8d9a22d71b34acb58c4875a64060c2c5f2da899d4da0c488e400bcf05a1ed36b1a846837feb4b4f29e2fe04c316a4e2b8fae00a95c0e1a
-
Filesize
136KB
MD5a10e5d2745d8f7b3e2573f29fcce4712
SHA1ef97ba81cf8d6b5bea5e8dd927b330d481831711
SHA256d7d4067c10227f8cea3a647c55645cf900bb24a3162b9a336c8efd406249ac1a
SHA51245f25e8fe40e32c9da1d5e765bef4a95e532be6ca87b5ad62ade5380019a4e0a037d9e510b3f735044ce3e101335e84afd10318c6aaad00315291987402babac
-
Filesize
2KB
MD56eb9c969e0f3bb50aa4f7f94a3a74f5b
SHA1e8bf92426bc8c7297155e3b85302755043d2ef5d
SHA256a188eb416b9cf0e103a4369eecf2feec2671b46e10c987a7302305c5dea535bf
SHA512283bee65e017c7efb18631553221fe7c055ff8e174830d36bb9d5f5a0f04d967dc7e2f32991b73b63a68a6d87ce69195c229a7754a4a872039062ca70ade0b6b
-
Filesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56