Analysis
-
max time kernel
2538470s -
max time network
161s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system -
submitted
23-12-2023 15:20
Behavioral task
behavioral1
Sample
3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a.apk
-
Size
10.8MB
-
MD5
5e78eff5e12f649924dcab285944ef7d
-
SHA1
8e294379802f967dddaf35c8e104a8bcf44d8563
-
SHA256
3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a
-
SHA512
0f4a7e75153a5e39ef5d94e09fbc1686fb92875dbc219c7def89a20ad2e06c99580a14b5aeb4f04f67fb8622134819f862f0ef3119b0ca7c73ddd26f2ab6726a
-
SSDEEP
196608:rpig0wdg7ievu+H0+YzgU3pAe8qXvh78oSE27Yw2adhiU1rrsOMgXjj:wFwdgmevuiOgU3pAe9v6owjdhtrsXW
Malware Config
Signatures
-
Requests cell location 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation ir.zahuz.torshi Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo ir.zahuz.torshi -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/ir.zahuz.torshi/cache/1582435991586.jar 4640 ir.zahuz.torshi -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock ir.zahuz.torshi -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ir.zahuz.torshi
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/1cf829bd-af1f-4d0b-b543-07515c1f3049.jobs
Filesize176B
MD5f56f328eea1d5c96a1b96dbbf59488df
SHA1440c784cacff61932e2f61580b7cfdc3a4943c95
SHA25690949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA51236e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb
-
/data/user/0/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/93b4b01c-6c5e-4c55-97da-18f3485a8d10.jobs
Filesize179B
MD5ac58f99a1b179d71e8621412ad31c6a1
SHA1b51fdad95876f5615735c2ab411031ff67d5e946
SHA2569537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b
-
/data/user/0/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/958daf30-ba93-450f-80f0-7ffbf8207adc.jobs
Filesize278B
MD519e017870d0b2c718fb63712318dbf24
SHA17e8de92ae4dc6d4b0ae2f1fc5516a8e19113318b
SHA256ef926ec177d3468e846cbc7254ac7bd49f204b9a9209a3691b6f48290ae2722a
SHA512c81587d67b48a313486616837c5ca2ab7c93e8e24e5e22ebabae2d65fc3f06170022cfe35cf2ca7e198b14b179dffe5fa9e5b2f301791e7d507ba201012d6273
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56
-
Filesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
Filesize
24KB
MD52cdf77d5c14dd3f313b60c691579a0b9
SHA16a74a7a3170cabead82152871c90749afdd6f310
SHA25655ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0
SHA512eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c
-
Filesize
512B
MD5d1bdb310bd0d7eddaabf4aaee3d03541
SHA1008deb95bb3e0e9f33c59882cca0b579742a5624
SHA2562afcf1c285478470a09b0ec891771e44e8ac1d7dde627e2c8c03784c2ea5be6a
SHA512483f6a59c5b05e06a5310269ff2984843c5a43ac4d1c7d92a6cf62759e84d3cd53e535970ad8899d79c22e7ef226354faa549a6a81dd2264722bd223e6ea609e
-
Filesize
8KB
MD5390ba66b707f0f8a312babc9e16d2770
SHA1a1563407bbd237f45902e3608ba9fc2f791b65ce
SHA256d0df4a595acf819654ae3a5f8791aa8177561b17894bf1feb5141757ba9ce7f3
SHA51261a1cec245f0b214a3d007a132d576055259cbcf5f29119d9e7ff7539d9393fb78bdf45f352ad85b2617b78c195528b74fd894bae5181525ff349df3e121c58e
-
Filesize
8KB
MD5b7cab2f562696ddf4ac4e4309dc21386
SHA19ef5d0955de115329aed3aecf50b71572d8fa3e2
SHA256f4a506d38bf7b5f974aa0ce74c0d9f296448f3b27f02bc84db33adee497f9384
SHA5125f7ecede8b8331cc6d6e525a0d2275ca33db02bb77d2869d9f61f8765ca929fadc00f9b9f85cf330393cdbb715c06d5e2269a1be6c99f466711b29c15ff7a053
-
Filesize
8KB
MD5a37ee69ccacbdbb6dbc641c691982801
SHA13a556ac4350bf93f5078b28bc2cc6a2cb20a3f53
SHA256ec053c2ccfe74849fe03de7f90234f72798be85f37be1979ed78bae02d52f88d
SHA512d104b1126e2ae38e6dc207b0f3d05322abdb110052c6459aab7b9779d8721081c76421fc86022c56ac45c97bcc9e7235b82e19204809774c6083284ab03a6c93
-
Filesize
8KB
MD5b996bc0292915b3f94001444b973950f
SHA16f20cebd64ef17cf7199df48d95297eb165b2df7
SHA256db005ef0916116e0fe4730d76961b68bf4753fcb1b80f2c89ff139cfc6489c16
SHA512e567a3594e59687663bd4aecf270bf5615a576b200d272acf60354bb63b8d1f0db88b288c6d72585e09e9f79a97e37d0be2ba7a13622e4c804b7290715e4b1b8
-
Filesize
12KB
MD5171aedf968e17a2744d2585715606cb9
SHA1bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA51278a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b
-
Filesize
20KB
MD507f168c5664578b696de8e1aaf600326
SHA10de11f8fedcb11a73c4aff5c7f24561a7c62758c
SHA2565fb224485a9444307693c51b0b90890ef38ad2778596bf26d259e4828332afca
SHA5129d0deda746f1b191c384d0efcf8f56ed9b0e52f7d1a653c660ad128fdcf82af70583d2aed81baaa2263c741bdf72177c63bd5fec3d8a9e463a5bf5a4d3ad4483
-
Filesize
512B
MD58f539233b72dda9a4bd1c873758fcfe1
SHA1c51841e533beee675cbeb8c4b9f2e7c36605d844
SHA2560995f5d3b51f2a7411ce845b96596d2d634099ab2617fa4fc0e3df15b6957a4c
SHA512251e96d3708dd99a1a7df5b9a1441c73ef5094455eeef6942bac9a6b622e21a701fde66a40e7099d26308be1a2a1a7451c6ff77a9f0ee83015b890bedeec5be6
-
Filesize
8KB
MD5a26769d1a99af38e52058f9cdd725941
SHA13a98c5720d11fd5da22480917f54c12c0e6302b8
SHA256f6821b0b864c8e302e330a4ab0640e21b56c7d79c52d1792b345b87e69ce4d52
SHA512bccb9bb6c1d1b6462ad81aaa5af59c0f35d4fd9f72fefe3045bbcac8290e092415d20d0c4249c4669c131b4a30ab207922d179307dfa33bcd138954d0bed9249
-
Filesize
12KB
MD58b87e76c7dbb0e1a8f8ac18f0a451cca
SHA15ebc7781acdda258ad36a348be608b1e4fbd6aab
SHA2561da618866b058c37b1a76f40eeb9ef20c1fa6b4881d74bb7f235fd7a2d68341b
SHA5123b6569368ca11ed881cfd29f0b152d52b7bd0360400e4712f47cca3f881714c3cd3c25d870f0aaa6d87f1907163c3e3fe0bc050d7306cc767a040729bdffcf74
-
Filesize
28KB
MD5c2383934c298f2125c1ab2c4681323bf
SHA1fbdc62ec3dee4b2ae033ead2a191764f95e6815a
SHA2564068ec2205b6f12c98c4e95dff339181e58a6875ef9dd5bac1ec155c7f0a0b15
SHA512a2bcb9f2f4fda7cc0035d717465e598925c757d6311ed7725b92ca1ec5cb3005993dcb1993188a563aaf3fc920a0af1d41b62b858dc8041248ad41ea9d68ceb5
-
Filesize
20KB
MD5186046b2c07d9146cce69c6fa68f873d
SHA13fe1a36d9c23bd63ca1fc48a6d7475e7f9f2465d
SHA2567fc53944ab472089f1087b400e52e30f7208361dab7492e526399890aeb5a0a4
SHA512b7f175bc8142580991053b2de76e93118c7ee3da18baf71b583974d38074ef9fe03ca0e2fa30426c3e0d153300529a945e5859bce14c527fed3ad2e2c687fd38
-
Filesize
8KB
MD55ae076c2c0f1c20529d48741ba9b76de
SHA18ae608ac580a558853a2e4588da19c4cd52f93f4
SHA256be115965552b5603422601558d45a95c405c9541b8720409aa2c541bbb585954
SHA512428aad557602b588c25f0b21188ae1ee375742695562ef4605a6f4c0f0a84d780999ea2d6c9a21c67ff50ca8b765f37c397ec2aad8add04bfc56c6f180985131
-
Filesize
512B
MD5645ad40b5ee3b4035407091ec8cb77d6
SHA15b36b2bdb7d882cfa701ce33b02aa04482b21b4b
SHA256ccfbb5259393f91fce347e8a8345cdaea70b205b10a1710d7250a040d234c3eb
SHA5129fb529adec00b59e6dde81c8f95285b716c2d1b6eaf93f9f26761399bf25e9087727ce5a3bd493fd42eb6fc74d1e32b15e3495a0dd2aa9f59690d42c8ff0f245
-
Filesize
8KB
MD5d66e266f8d49ce4c732e74d267576f3c
SHA1c16a3aea7c313e0a199752c34f936873e7f1e01f
SHA256dd4eb275fb5fae17425b145d9b66a2604aef06de9f5c6136ddd355ece3c9f573
SHA5123e2a6854020e9f6b95ca1d6446d684b528404cbdef515cc8e6c18894bbc85198a996ce915fafa4939d4669bf35e9db788db3d00719a583dcba351ac6c99abcc3
-
Filesize
8KB
MD5d6e417c57f9f03c65859a580f3c3d68e
SHA1aa701018d4e1a6e73be48d44b61915e83bab9ba4
SHA25607d169c9a432f35582a38e5dda81a80864bcf21207001bddf3b513687fa40539
SHA512afdfe004477a009a0d0c1988019342577eebef7c7220d45c19f9e3f58c4b402034219e551792b4c3af292a4da45d4ccec2c0b0fc59eaad213ed4331570e12569
-
Filesize
12KB
MD504aff16db9a25df26bd36e5b4c934bcb
SHA1b22753541922c8bcf311a3e7498ce8f83990c1f7
SHA2566debe9acd73645f56d3ec959ffaa6b7dc2281b2dfe45ab0520304e178ebe7c9f
SHA5120e6182d664a3d1fc3351d8fda8e0fb1f9fd72abe046e6a06f8119456b224d1b21c4a67e90d0fb274ea4654c4e1f4ca016c86534cd65f4cda66ef0a358f0f0046
-
Filesize
8KB
MD5e471c3de8ee773dc56895615a150d8f6
SHA1e16c0716b24dcb02291510af925198839d4284f6
SHA25615d53a469058e0e5de8d3572b5b651a8921fabd2f87e8e5d3bba8e0fc24bd2f6
SHA512e6d34c306ca5389db025fb33e8be81e27ce5255446c585f9dc018859ccf9ed6d327d6017b39c22e92cab98fb8f022cb0051e7a0ef630045af4bfa8c8f4ed3a63
-
Filesize
8KB
MD50563d7c955d191803131125da49f8f7d
SHA156dc561e2b4bddae4c2d823da25ad8fbc653471d
SHA25630049f6d9fc0cbb25cbc1e4986bcbc03ead61113713088f48027a014ddd3dce9
SHA512b8a64fbc18befd52eef55233e8379be9eaa38d470652ffb007f4116207659cc03720522723f98fdba13a9aef92742b0be8305bceaaa83ee3e97ef613e909e20a
-
Filesize
8KB
MD5ae1759d5f2bca78d941a1cf2138316b0
SHA1926d1f491dc7558249e097cc8831416d22bd49d4
SHA256a2a3717eedf5396ae4d301503254e9eb156270143855abeeff048c147d8c556f
SHA512d07c4922d05878ee4217d500e670e9313bd1cf7607f55f1cf368e88f609d234604d8244e71f09d455a934247d01ffa921bf4ef852fb0190715356d51973ed6f7
-
Filesize
16KB
MD509439539ed8801f46a8bb4afeaccd4ad
SHA102f0676f04f3295c6882e2c62571122bd73335f6
SHA25639a75f896eaf97e0623d901fa1e8e75a6921cdbb5b2772340c29cee22944e2cf
SHA512573eb22caf94352bb017c5f286369c9f284c9d1dfcce97d0f8566cdf7b1b9a7dfed2facaafa254687f69d494d87fcac4d9f4fccd79d05685c376fa320e91a9f3
-
Filesize
16KB
MD5159e47315c76f24b29a1231e576a277a
SHA1e930833cbe25b94a703d263011ef28c9a3783feb
SHA2568e098dfdf78db7b31c913162cc28090985cb24a8f5ce455c47c36e7b64bf3717
SHA5122d76c54f5e8849145936d89a5a7c345ee941626d1e3a8dc6527b5c844653648dcfe1f7659cca089b8a3150bff01a7fdde6fd484936082ef78b45c659f64f12d7
-
Filesize
16KB
MD57e3598e046e655ff805eedc6aeb3399b
SHA1917586dc77f17dcd59fd2bdc576baae0551cbd2f
SHA256227a83dec060aee14a1be59f16c4ed9d054dc00cf494cf59f792dc92d07d87c6
SHA512e18d2c96d21408ea0c9c1671cd1c95943d2ecd27c3b6565f0050149967dd9f8b01a89c12b7524abaa97b063ebb346ef476d2413ee70727d0de9423196612e01c
-
Filesize
4KB
MD5c6530a9221cae9ca260b092a793d0205
SHA1061c4d275647cb1899231942a4d4a4c80cc9ccb8
SHA25681852b2048f1c391d33b3f0b6877901e6d94548c39e20214a7af71c4b1f367d3
SHA5121e64b1e8e8dd817135b0aee8864d7b4f4b548f246fb5853db27b78183865cbefd58238dac75ab4e3e16e3a13efde0839a40883ff61261ec9275775988b65a8b6
-
Filesize
8KB
MD564c01b5837328ae022453d9992f9d470
SHA1d2e8df2bf124ae03c1bdbecd3630f8a55a722031
SHA25626fa8cf17f4adf319ade2e94bfd40997ab753d798fe2fc8b0f54653348422b9d
SHA512fe7e1b0971e41a6889e09684f99f3d62cb65674de2ec7fb4b104069e4d1efd4cb818afd2a98e549740f672b0d71a57931392f71ae4eb5a63612274f3b6adaa32
-
Filesize
11.0MB
MD5513f102e2329feb8fb17eb76b08c28fa
SHA1768f08745e5f69a7a94105de675e15693384ab89
SHA256f1c435b6b483dc3775c5978e29bc49048498c82d542934a644ddee4d45726987
SHA512d7942a9794f186733f3efc8eb21b764f619ebeab3ca96bd22fbae37c4c1b3846d907033a746f3a6dc2222e9380621b0c3f3ed79d6c36f603cfc0053654102b5e
-
Filesize
2KB
MD5f4c71f383607a76a215bf30064eac0a0
SHA1e7fef1ec5bff22130ae5bc10056e90c5b757d2cb
SHA256bd3f5b6a5483e6db597aa6f2a96250585507cf4b295744f8aa658b75979ff8c7
SHA512504acd7bb2e8239b405376a6416ae38b30711201969c1aab79b8031aea61a4f3aad6883ec6cfdaff7fd85e481cb138726d522478964578e26491c3dc77bfdfa9