Analysis

  • max time kernel
    2538470s
  • max time network
    161s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    23-12-2023 15:20

General

  • Target

    3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a.apk

  • Size

    10.8MB

  • MD5

    5e78eff5e12f649924dcab285944ef7d

  • SHA1

    8e294379802f967dddaf35c8e104a8bcf44d8563

  • SHA256

    3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a

  • SHA512

    0f4a7e75153a5e39ef5d94e09fbc1686fb92875dbc219c7def89a20ad2e06c99580a14b5aeb4f04f67fb8622134819f862f0ef3119b0ca7c73ddd26f2ab6726a

  • SSDEEP

    196608:rpig0wdg7ievu+H0+YzgU3pAe8qXvh78oSE27Yw2adhiU1rrsOMgXjj:wFwdgmevuiOgU3pAe9v6owjdhtrsXW

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.zahuz.torshi
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/1cf829bd-af1f-4d0b-b543-07515c1f3049.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/user/0/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/93b4b01c-6c5e-4c55-97da-18f3485a8d10.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/user/0/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/958daf30-ba93-450f-80f0-7ffbf8207adc.jobs

    Filesize

    278B

    MD5

    19e017870d0b2c718fb63712318dbf24

    SHA1

    7e8de92ae4dc6d4b0ae2f1fc5516a8e19113318b

    SHA256

    ef926ec177d3468e846cbc7254ac7bd49f204b9a9209a3691b6f48290ae2722a

    SHA512

    c81587d67b48a313486616837c5ca2ab7c93e8e24e5e22ebabae2d65fc3f06170022cfe35cf2ca7e198b14b179dffe5fa9e5b2f301791e7d507ba201012d6273

  • /data/user/0/ir.zahuz.torshi/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/user/0/ir.zahuz.torshi/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

  • /data/user/0/ir.zahuz.torshi/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db

    Filesize

    24KB

    MD5

    2cdf77d5c14dd3f313b60c691579a0b9

    SHA1

    6a74a7a3170cabead82152871c90749afdd6f310

    SHA256

    55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0

    SHA512

    eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c

  • /data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    d1bdb310bd0d7eddaabf4aaee3d03541

    SHA1

    008deb95bb3e0e9f33c59882cca0b579742a5624

    SHA256

    2afcf1c285478470a09b0ec891771e44e8ac1d7dde627e2c8c03784c2ea5be6a

    SHA512

    483f6a59c5b05e06a5310269ff2984843c5a43ac4d1c7d92a6cf62759e84d3cd53e535970ad8899d79c22e7ef226354faa549a6a81dd2264722bd223e6ea609e

  • /data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    390ba66b707f0f8a312babc9e16d2770

    SHA1

    a1563407bbd237f45902e3608ba9fc2f791b65ce

    SHA256

    d0df4a595acf819654ae3a5f8791aa8177561b17894bf1feb5141757ba9ce7f3

    SHA512

    61a1cec245f0b214a3d007a132d576055259cbcf5f29119d9e7ff7539d9393fb78bdf45f352ad85b2617b78c195528b74fd894bae5181525ff349df3e121c58e

  • /data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    b7cab2f562696ddf4ac4e4309dc21386

    SHA1

    9ef5d0955de115329aed3aecf50b71572d8fa3e2

    SHA256

    f4a506d38bf7b5f974aa0ce74c0d9f296448f3b27f02bc84db33adee497f9384

    SHA512

    5f7ecede8b8331cc6d6e525a0d2275ca33db02bb77d2869d9f61f8765ca929fadc00f9b9f85cf330393cdbb715c06d5e2269a1be6c99f466711b29c15ff7a053

  • /data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    a37ee69ccacbdbb6dbc641c691982801

    SHA1

    3a556ac4350bf93f5078b28bc2cc6a2cb20a3f53

    SHA256

    ec053c2ccfe74849fe03de7f90234f72798be85f37be1979ed78bae02d52f88d

    SHA512

    d104b1126e2ae38e6dc207b0f3d05322abdb110052c6459aab7b9779d8721081c76421fc86022c56ac45c97bcc9e7235b82e19204809774c6083284ab03a6c93

  • /data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    b996bc0292915b3f94001444b973950f

    SHA1

    6f20cebd64ef17cf7199df48d95297eb165b2df7

    SHA256

    db005ef0916116e0fe4730d76961b68bf4753fcb1b80f2c89ff139cfc6489c16

    SHA512

    e567a3594e59687663bd4aecf270bf5615a576b200d272acf60354bb63b8d1f0db88b288c6d72585e09e9f79a97e37d0be2ba7a13622e4c804b7290715e4b1b8

  • /data/user/0/ir.zahuz.torshi/databases/cheshdb

    Filesize

    12KB

    MD5

    171aedf968e17a2744d2585715606cb9

    SHA1

    bbeddeb3b89fcf809619c35b4a318a80e7d5b029

    SHA256

    d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

    SHA512

    78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

  • /data/user/0/ir.zahuz.torshi/databases/cheshdb

    Filesize

    20KB

    MD5

    07f168c5664578b696de8e1aaf600326

    SHA1

    0de11f8fedcb11a73c4aff5c7f24561a7c62758c

    SHA256

    5fb224485a9444307693c51b0b90890ef38ad2778596bf26d259e4828332afca

    SHA512

    9d0deda746f1b191c384d0efcf8f56ed9b0e52f7d1a653c660ad128fdcf82af70583d2aed81baaa2263c741bdf72177c63bd5fec3d8a9e463a5bf5a4d3ad4483

  • /data/user/0/ir.zahuz.torshi/databases/cheshdb-journal

    Filesize

    512B

    MD5

    8f539233b72dda9a4bd1c873758fcfe1

    SHA1

    c51841e533beee675cbeb8c4b9f2e7c36605d844

    SHA256

    0995f5d3b51f2a7411ce845b96596d2d634099ab2617fa4fc0e3df15b6957a4c

    SHA512

    251e96d3708dd99a1a7df5b9a1441c73ef5094455eeef6942bac9a6b622e21a701fde66a40e7099d26308be1a2a1a7451c6ff77a9f0ee83015b890bedeec5be6

  • /data/user/0/ir.zahuz.torshi/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    a26769d1a99af38e52058f9cdd725941

    SHA1

    3a98c5720d11fd5da22480917f54c12c0e6302b8

    SHA256

    f6821b0b864c8e302e330a4ab0640e21b56c7d79c52d1792b345b87e69ce4d52

    SHA512

    bccb9bb6c1d1b6462ad81aaa5af59c0f35d4fd9f72fefe3045bbcac8290e092415d20d0c4249c4669c131b4a30ab207922d179307dfa33bcd138954d0bed9249

  • /data/user/0/ir.zahuz.torshi/databases/cheshdb-journal

    Filesize

    12KB

    MD5

    8b87e76c7dbb0e1a8f8ac18f0a451cca

    SHA1

    5ebc7781acdda258ad36a348be608b1e4fbd6aab

    SHA256

    1da618866b058c37b1a76f40eeb9ef20c1fa6b4881d74bb7f235fd7a2d68341b

    SHA512

    3b6569368ca11ed881cfd29f0b152d52b7bd0360400e4712f47cca3f881714c3cd3c25d870f0aaa6d87f1907163c3e3fe0bc050d7306cc767a040729bdffcf74

  • /data/user/0/ir.zahuz.torshi/databases/db_default_job_manager

    Filesize

    28KB

    MD5

    c2383934c298f2125c1ab2c4681323bf

    SHA1

    fbdc62ec3dee4b2ae033ead2a191764f95e6815a

    SHA256

    4068ec2205b6f12c98c4e95dff339181e58a6875ef9dd5bac1ec155c7f0a0b15

    SHA512

    a2bcb9f2f4fda7cc0035d717465e598925c757d6311ed7725b92ca1ec5cb3005993dcb1993188a563aaf3fc920a0af1d41b62b858dc8041248ad41ea9d68ceb5

  • /data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal

    Filesize

    20KB

    MD5

    186046b2c07d9146cce69c6fa68f873d

    SHA1

    3fe1a36d9c23bd63ca1fc48a6d7475e7f9f2465d

    SHA256

    7fc53944ab472089f1087b400e52e30f7208361dab7492e526399890aeb5a0a4

    SHA512

    b7f175bc8142580991053b2de76e93118c7ee3da18baf71b583974d38074ef9fe03ca0e2fa30426c3e0d153300529a945e5859bce14c527fed3ad2e2c687fd38

  • /data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    5ae076c2c0f1c20529d48741ba9b76de

    SHA1

    8ae608ac580a558853a2e4588da19c4cd52f93f4

    SHA256

    be115965552b5603422601558d45a95c405c9541b8720409aa2c541bbb585954

    SHA512

    428aad557602b588c25f0b21188ae1ee375742695562ef4605a6f4c0f0a84d780999ea2d6c9a21c67ff50ca8b765f37c397ec2aad8add04bfc56c6f180985131

  • /data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    645ad40b5ee3b4035407091ec8cb77d6

    SHA1

    5b36b2bdb7d882cfa701ce33b02aa04482b21b4b

    SHA256

    ccfbb5259393f91fce347e8a8345cdaea70b205b10a1710d7250a040d234c3eb

    SHA512

    9fb529adec00b59e6dde81c8f95285b716c2d1b6eaf93f9f26761399bf25e9087727ce5a3bd493fd42eb6fc74d1e32b15e3495a0dd2aa9f59690d42c8ff0f245

  • /data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    d66e266f8d49ce4c732e74d267576f3c

    SHA1

    c16a3aea7c313e0a199752c34f936873e7f1e01f

    SHA256

    dd4eb275fb5fae17425b145d9b66a2604aef06de9f5c6136ddd355ece3c9f573

    SHA512

    3e2a6854020e9f6b95ca1d6446d684b528404cbdef515cc8e6c18894bbc85198a996ce915fafa4939d4669bf35e9db788db3d00719a583dcba351ac6c99abcc3

  • /data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    d6e417c57f9f03c65859a580f3c3d68e

    SHA1

    aa701018d4e1a6e73be48d44b61915e83bab9ba4

    SHA256

    07d169c9a432f35582a38e5dda81a80864bcf21207001bddf3b513687fa40539

    SHA512

    afdfe004477a009a0d0c1988019342577eebef7c7220d45c19f9e3f58c4b402034219e551792b4c3af292a4da45d4ccec2c0b0fc59eaad213ed4331570e12569

  • /data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal

    Filesize

    12KB

    MD5

    04aff16db9a25df26bd36e5b4c934bcb

    SHA1

    b22753541922c8bcf311a3e7498ce8f83990c1f7

    SHA256

    6debe9acd73645f56d3ec959ffaa6b7dc2281b2dfe45ab0520304e178ebe7c9f

    SHA512

    0e6182d664a3d1fc3351d8fda8e0fb1f9fd72abe046e6a06f8119456b224d1b21c4a67e90d0fb274ea4654c4e1f4ca016c86534cd65f4cda66ef0a358f0f0046

  • /data/user/0/ir.zahuz.torshi/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    e471c3de8ee773dc56895615a150d8f6

    SHA1

    e16c0716b24dcb02291510af925198839d4284f6

    SHA256

    15d53a469058e0e5de8d3572b5b651a8921fabd2f87e8e5d3bba8e0fc24bd2f6

    SHA512

    e6d34c306ca5389db025fb33e8be81e27ce5255446c585f9dc018859ccf9ed6d327d6017b39c22e92cab98fb8f022cb0051e7a0ef630045af4bfa8c8f4ed3a63

  • /data/user/0/ir.zahuz.torshi/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    0563d7c955d191803131125da49f8f7d

    SHA1

    56dc561e2b4bddae4c2d823da25ad8fbc653471d

    SHA256

    30049f6d9fc0cbb25cbc1e4986bcbc03ead61113713088f48027a014ddd3dce9

    SHA512

    b8a64fbc18befd52eef55233e8379be9eaa38d470652ffb007f4116207659cc03720522723f98fdba13a9aef92742b0be8305bceaaa83ee3e97ef613e909e20a

  • /data/user/0/ir.zahuz.torshi/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    ae1759d5f2bca78d941a1cf2138316b0

    SHA1

    926d1f491dc7558249e097cc8831416d22bd49d4

    SHA256

    a2a3717eedf5396ae4d301503254e9eb156270143855abeeff048c147d8c556f

    SHA512

    d07c4922d05878ee4217d500e670e9313bd1cf7607f55f1cf368e88f609d234604d8244e71f09d455a934247d01ffa921bf4ef852fb0190715356d51973ed6f7

  • /data/user/0/ir.zahuz.torshi/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    09439539ed8801f46a8bb4afeaccd4ad

    SHA1

    02f0676f04f3295c6882e2c62571122bd73335f6

    SHA256

    39a75f896eaf97e0623d901fa1e8e75a6921cdbb5b2772340c29cee22944e2cf

    SHA512

    573eb22caf94352bb017c5f286369c9f284c9d1dfcce97d0f8566cdf7b1b9a7dfed2facaafa254687f69d494d87fcac4d9f4fccd79d05685c376fa320e91a9f3

  • /data/user/0/ir.zahuz.torshi/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    159e47315c76f24b29a1231e576a277a

    SHA1

    e930833cbe25b94a703d263011ef28c9a3783feb

    SHA256

    8e098dfdf78db7b31c913162cc28090985cb24a8f5ce455c47c36e7b64bf3717

    SHA512

    2d76c54f5e8849145936d89a5a7c345ee941626d1e3a8dc6527b5c844653648dcfe1f7659cca089b8a3150bff01a7fdde6fd484936082ef78b45c659f64f12d7

  • /data/user/0/ir.zahuz.torshi/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7e3598e046e655ff805eedc6aeb3399b

    SHA1

    917586dc77f17dcd59fd2bdc576baae0551cbd2f

    SHA256

    227a83dec060aee14a1be59f16c4ed9d054dc00cf494cf59f792dc92d07d87c6

    SHA512

    e18d2c96d21408ea0c9c1671cd1c95943d2ecd27c3b6565f0050149967dd9f8b01a89c12b7524abaa97b063ebb346ef476d2413ee70727d0de9423196612e01c

  • /data/user/0/ir.zahuz.torshi/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    c6530a9221cae9ca260b092a793d0205

    SHA1

    061c4d275647cb1899231942a4d4a4c80cc9ccb8

    SHA256

    81852b2048f1c391d33b3f0b6877901e6d94548c39e20214a7af71c4b1f367d3

    SHA512

    1e64b1e8e8dd817135b0aee8864d7b4f4b548f246fb5853db27b78183865cbefd58238dac75ab4e3e16e3a13efde0839a40883ff61261ec9275775988b65a8b6

  • /data/user/0/ir.zahuz.torshi/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    64c01b5837328ae022453d9992f9d470

    SHA1

    d2e8df2bf124ae03c1bdbecd3630f8a55a722031

    SHA256

    26fa8cf17f4adf319ade2e94bfd40997ab753d798fe2fc8b0f54653348422b9d

    SHA512

    fe7e1b0971e41a6889e09684f99f3d62cb65674de2ec7fb4b104069e4d1efd4cb818afd2a98e549740f672b0d71a57931392f71ae4eb5a63612274f3b6adaa32

  • /data/user/0/ir.zahuz.torshi/files/info.db

    Filesize

    11.0MB

    MD5

    513f102e2329feb8fb17eb76b08c28fa

    SHA1

    768f08745e5f69a7a94105de675e15693384ab89

    SHA256

    f1c435b6b483dc3775c5978e29bc49048498c82d542934a644ddee4d45726987

    SHA512

    d7942a9794f186733f3efc8eb21b764f619ebeab3ca96bd22fbae37c4c1b3846d907033a746f3a6dc2222e9380621b0c3f3ed79d6c36f603cfc0053654102b5e

  • /data/user/0/ir.zahuz.torshi/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    f4c71f383607a76a215bf30064eac0a0

    SHA1

    e7fef1ec5bff22130ae5bc10056e90c5b757d2cb

    SHA256

    bd3f5b6a5483e6db597aa6f2a96250585507cf4b295744f8aa658b75979ff8c7

    SHA512

    504acd7bb2e8239b405376a6416ae38b30711201969c1aab79b8031aea61a4f3aad6883ec6cfdaff7fd85e481cb138726d522478964578e26491c3dc77bfdfa9