Analysis Overview
SHA256
3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a
Threat Level: Known bad
The file 3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Loads dropped Dex/Jar
Requests dangerous framework permissions
Acquires the wake lock
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-23 15:21
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 15:20
Reported
2023-12-23 15:46
Platform
android-x86-arm-20231215-en
Max time kernel
2539231s
Max time network
156s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.zahuz.torshi
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| FR | 216.58.201.110:443 | tcp | |
| FR | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | almabala.com | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | admob.mehranarzani.ir | udp |
| US | 1.1.1.1:53 | almabala.com | udp |
| BE | 64.233.184.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | tcp | |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 1.1.1.1:53 | qvzrfecujkwmr | udp |
| US | 1.1.1.1:53 | flftkcbetkygeu | udp |
| US | 1.1.1.1:53 | khaaydyle | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.169.78:443 | tcp | |
| GB | 172.217.16.226:443 | tcp |
Files
/data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal
| MD5 | 3c77bf02fbf239fe1c4507a641913121 |
| SHA1 | 721091e1e3beae386c29f13b6e9804fd40ca6d8f |
| SHA256 | 5913602432d1bf949eff8ea4b72a894520f7d0ae60a174b0abe273b80609e831 |
| SHA512 | 50d6beb894d0f94443ea94d43bdc3d6f0dcd6043082e71da8d32a51e4bf563b6177b7ac1e083b59299dae5f8777d31612250fc1674e4df7a132e8bec19d69ce0 |
/data/data/ir.zahuz.torshi/databases/db_default_job_manager
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.zahuz.torshi/databases/db_default_job_manager-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/ir.zahuz.torshi/databases/db_default_job_manager-wal
| MD5 | ff4f767ef751077faadb3ab77a16d317 |
| SHA1 | 6f820ef9815d77e246e799bba850969725537013 |
| SHA256 | a3a0ab09b0ee3734d5b2369bffff69330ab4f324f79fead3a9c522cecfef91bf |
| SHA512 | b8d194851ca8e3aa0e56a1726e7634429e7566b40942571fd2c7755422dbcbf2a53b8cc9043cf64fc13d566d954c764ac6736b32f7b90a711cdaf9173a5ca27e |
/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/59389f3a-873e-4309-86cd-d1a2ad726b44.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/ir.zahuz.torshi/databases/cheshdb-journal
| MD5 | 556f7b663e326d3853f7fb5fbfd51655 |
| SHA1 | d5bab4853e000f7ccc190f8c72a90f16551dd643 |
| SHA256 | cb9548aa64df3c4633f944cadaa3d7f2d72f4362dbc8f8d5df22388af8feacf0 |
| SHA512 | 06dde711e406539f544285538df47b62b924ea5445b2b6498037f9e066867bcf91624d98d7ceab8c6073898b32f65cb581e38dbff72279603a0ca281ce6ad9e8 |
/data/data/ir.zahuz.torshi/databases/cheshdb
| MD5 | 1f347cea6a53594be878e35079bdabc4 |
| SHA1 | ae24631f83d3c875dd678040baafb5e64fc6ba6e |
| SHA256 | 46cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5 |
| SHA512 | 6f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9 |
/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6ca2bcca-988b-40e2-bcb0-8dd702c69a11.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/ir.zahuz.torshi/databases/cheshdb-wal
| MD5 | 167562ac3bd5127b55dd2eed52b01683 |
| SHA1 | 94900afc6a402956d6234da31d26b82caff6ae82 |
| SHA256 | e63b0f145e0638767ff688b337b2e748c5f4e258b3b9b11ba68f5c9a33ebbf19 |
| SHA512 | a92ba947bf9986b92672b01cde5b68f9d85801507248b2b1576074f2495e583ebcda17ddbfb548888e8d554bdc10aaa8641498fe06be729c63c12122075aaf4c |
/data/data/ir.zahuz.torshi/no_backup/com.google.InstanceId.properties
| MD5 | 79ac2d8705be76011f2765ecb4170669 |
| SHA1 | 61e5b14a1b7072f48802690478aa9212f33fb10d |
| SHA256 | ba6ba9dabbc6e54020a923d4fd365b0ad15d90989092ed418c0e115160bf9255 |
| SHA512 | 997b6d80fff9ee5713bbbf136ccd327cf743cd07a345eec34399fc1c438eb93ccfb48233bdf58113cfce2056b6479566ac3ee0d7b52266e062645b74c96f76bc |
/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-journal
| MD5 | 890f2b16bfd4eed4c0a64df8be036c12 |
| SHA1 | 70cbcf406b44891cba578269d99469ccf603f8a8 |
| SHA256 | e8a4b1160b978e52c76b3fc8f0c6a0a3973e93653ebe8a1396734946c0a03b65 |
| SHA512 | 60635948e3c9c114e0be013a7d5c99e5f5b986748b99c2942959e5c2e65fac738705dd2ec60519eb57011d2104a92c327015fdd939f167b8f1d9ec7853e8ea9c |
/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal
| MD5 | 7c722ac9598a670e7c7748e4c3aaef48 |
| SHA1 | 8d6a9d4b3834fc3bb6ad3058882dac81b56000e9 |
| SHA256 | 04c7d0b87f3c2861aa55003fa5f193d776078e82e347793def93f54869cfeff6 |
| SHA512 | a82920ad1c88ee4c8e931ab9c06f40696101a4747df03e1a1d0cdd41e7ab2cf1fdc2163ad26f661fdf1abd2de060b21c06cdc5cd57ba45cf35a7c512a2078e2b |
/data/data/ir.zahuz.torshi/databases/cheshdb-wal
| MD5 | 931cd318dc558048131792b837c594c7 |
| SHA1 | c479c32feedf2fff80ce8b8c3c47e43223181fa2 |
| SHA256 | 0ada6d264dc6eb2444dffc5f4326c7987412ac87a767a191f0a6685a0fd0fc3a |
| SHA512 | 27f2a98f2fda3cf30cd0d1e251495d9c928b105afe75d434a7d7bf8e1acffedab152a738ae2ca387fdf93af93f0906ecc33ac3ef89c92d70d6c8002645144fd8 |
/data/data/ir.zahuz.torshi/databases/cheshdb
| MD5 | 1010b31809f0b818d176c2263e9bb02d |
| SHA1 | 369c55b19174ef0a472ebb8f91caa66d1668da6e |
| SHA256 | fcf29e7a334af7b602f25ca0412be9d3c98d0cf218c90d510160574fd27cefa4 |
| SHA512 | 5f47e2c4d8973c103186498a7896ed3f11a94cbe62506f76cff374e28151b76fd43d1faf4ec7422e0ed023fb505390d1aee90ba0a471ab4b688cfe84bea6f8b7 |
/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal
| MD5 | 7713879b78aeb2694c6d1ea6656d3571 |
| SHA1 | bc8c322b10193e186fc580d5be5509a6905e83b3 |
| SHA256 | 521399e26f020dcc4992b7c6b81b283b27068ca6accd4bad5a9a7b660645b212 |
| SHA512 | 13b626e72272f6d843f40d72147c9506c3d5e645cd8d8de83b5165e2b77a711d66726eb3d172d17d3a7079af542693bd8911992690de66a5e22b6958d5b671f0 |
/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db
| MD5 | 9cc44b57785dfa1eb35b6025ed63df02 |
| SHA1 | e5b66ae5fb1d67862427c5dfdcc59fbf0c685c25 |
| SHA256 | 214ab4a349f7d0d24c382f1016ea894ae59746bbb24558ceceef1a55341759a3 |
| SHA512 | 511899c3d667d95a9efbe7ea3ff4c4bd6208c99429311df33b9c6e74aff2cc11b4581d3a22fe468d525437a8f6d638c614293b848641811016105a2141083737 |
/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ac019b05-6913-46ce-bc2c-85f36d32ca8f.jobs
| MD5 | 490f70dcf30e03ed01df79a9d9bf313d |
| SHA1 | 10d6092cb8ec898de4a9ada1ca944facf12be5cd |
| SHA256 | 3af61dc9d43b2e9c4c80db60de5a5ad6facb38bd1fe8c3c474c6afecdb720fe8 |
| SHA512 | a10e2f206df2412a171b2ab5c45257a6d5551984b73a0f0727ca7aabc542b780937c11ea8dda1d38916749deed1823b29715de37347a1d373acc6875d66f503b |
/data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal
| MD5 | 300bd1e3f0c74fcceba55347b0432286 |
| SHA1 | dff7f83a390ecbc69acbc7bfff6772be1f369ff4 |
| SHA256 | d4c7928d55f7766173230b34aebab534b9b9b9f11e32cfc628568ce5eb3bfb31 |
| SHA512 | 2e2a73757faebd0c8ab386ce6557a5e564ff8082d08c616f6e2b4fd6d37f600af28aa6a3e550a930193a4aac5bae2d1b79abc0c497c68ae6474c01a5cd0f794f |
/data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-wal
| MD5 | f21564b4e4da0233893e04bf367e357f |
| SHA1 | 648c1b244f45dc2924d400e023538a73451bf7b9 |
| SHA256 | 8414a24858c7e6add000e9d94c364c28e46317354887f6e5d4beef59150e913f |
| SHA512 | 49e77c8e817fb1a067f1bc872dfb7bf69c077c10d6366b48899ea9cf8fc4ca769a407c76a12d67db10eb3bee1cf8dc1ac3df4802e4eef804c7c4f167ae3a62fc |
/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal
| MD5 | 4886ba4bcb14d0ae2e54d784911e7530 |
| SHA1 | 674c8da5d374a2c9af7b7f19ae6a626a22957796 |
| SHA256 | 945533059de14b8b7bb4cc6dfc97a9cbc4d7bd982b5ddac2dc5414c28dcdaf77 |
| SHA512 | 71f873d4f06304fcb910c7543fbb5166ca3dea74599024f91db255d53a487b93da30ad832fce84db1518cdffe934e30cf543be01af5a16c053850b6a313d0877 |
/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db
| MD5 | a902d8a352ac98ef3604a5c2cc3f3dd5 |
| SHA1 | 2f9568ebd39811a82aa0cf3a5d048d7911570a44 |
| SHA256 | 07067a8973b6e90f91ed6a7a3ed90dc379d9c3e2640247b5c51fa9608d3c6fa7 |
| SHA512 | e94bdc0a2187847b424dd62420d7f5b31d6dc597afcf466ffdb10a40cc94b28d4aba30a9298dfdcf1ab94ce8956ddb412632957697326785b08fe4460221f13d |
/data/data/ir.zahuz.torshi/files/info.db
| MD5 | 513f102e2329feb8fb17eb76b08c28fa |
| SHA1 | 768f08745e5f69a7a94105de675e15693384ab89 |
| SHA256 | f1c435b6b483dc3775c5978e29bc49048498c82d542934a644ddee4d45726987 |
| SHA512 | d7942a9794f186733f3efc8eb21b764f619ebeab3ca96bd22fbae37c4c1b3846d907033a746f3a6dc2222e9380621b0c3f3ed79d6c36f603cfc0053654102b5e |
/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal
| MD5 | 786014bacac5191fd425edeba91ea00f |
| SHA1 | 9a3eed7872f980d91e8830c054cfedb55e4af59a |
| SHA256 | bb254dce7a99e382937f892e32a1a3f30abad60ff4f62a4be09ce39e0022b0f4 |
| SHA512 | 89dd3f96eb8e6f9a78d723dc6833785902952a8fed89829de55ea53d851689f37d3e0fff3e9e57514eb2a88354408bcb27451eef2d1aab30c778f5354c648bbe |
/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db
| MD5 | 5a464b5ca6bdacd644396fb49c2c0e38 |
| SHA1 | b50335d30ce20fb67ee7421ffb8129a2bc88c98e |
| SHA256 | 58ee17a213410875471bfa3c1bef0ae2eab0dbaad5ffc940910cf36eb615831d |
| SHA512 | 3a08ab302df72f680e4998c438612f9ea4a99a62427092014bc236b1861c6d72b5daa79a4056220e095b34606f1f29284a610dcc046afbf3705cdb988eff6c48 |
/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal
| MD5 | a293c723f582c9f09484be83ecfd2f9d |
| SHA1 | e09c7fe318f7ad508cfc0d6835cfc87a48149eae |
| SHA256 | 10d03305780f9ef47a8df3ac7cdf1ea77f6714e71bb1dc33c9e976f4b290a44a |
| SHA512 | f8311cf7b0bd5b793ab00a57028205c7d042713ceebc23b00ef0a4c2021123dc60e06a74b8639cc7cb10ed3d3e1eae7aa7b726d2ea4cd7782b8ed8c872ca7457 |
/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db
| MD5 | b2f9707085e816b48cfd894680c3851b |
| SHA1 | 486c3cdcca63705ed121579c11e74cdd78ab6633 |
| SHA256 | 5313c695aed426486e1f0166d9bbffb0aa33b11a6d25ac73c939a292a25c366c |
| SHA512 | 44fea627a4abe4fb6fd04faa9c5d46f41a49f832ce6fa9543b9fc4f47a94afd10d757f1247fbfb8d0ba637556d2850bb36aba80c3be4cbdf993a862efb9b8a7f |
/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal
| MD5 | 662903cef02bcef250ff58eeb0fabd11 |
| SHA1 | 554df5723dc50e64a95f5fd1726763f4147fc9a4 |
| SHA256 | effd2cb5fdfc44f5d701e4d00b54b628c69e42d24a267606bc4a248d8f04ead6 |
| SHA512 | 35f11fff558a6c5355bd34d0fa007cbe775682a9fddfb88af90218be1d8980d70f6b79416fa11c4670196bda605bad13e0ba52a92992952ec84ff214f9d16df7 |
/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db
| MD5 | 720589f0f2f8201900329edafc42a113 |
| SHA1 | 3dfa3a3e1bc6f006b0488abc3a0143af6abc1c27 |
| SHA256 | 543aea7cbf3be4c12119572af98ea6fda72e8cf886edd19a6ba8a80263e16c59 |
| SHA512 | bc4da98c2bc11dacf7e5b8edf23ba5a123faadb5a02cbdc4f082109619ca956c93b3f2d1a5b44aa039ccb0e0915ecddbfb2bd71307df7fd4fba6d38ee9cb63ea |
/data/data/ir.zahuz.torshi/databases/evernote_jobs.db-journal
| MD5 | 58b7e07c3363feee2644290ffa1d7df4 |
| SHA1 | fbd9362a772692d6432ca254a32ca3e78331dd4c |
| SHA256 | cf403f612d371800fde7fa2c090f4873abc40314aca3cc141c07df3ff479eb14 |
| SHA512 | dfc61436ec5a640144b656bc852dc78b1c97fad18b7abcd73f405130ffedfe84398973ba63515c4b1bcc56e550d6de8e14566ab8fe1e2a49ff31d3894fa4a211 |
/data/data/ir.zahuz.torshi/databases/evernote_jobs.db-wal
| MD5 | 241b730d272eb145b35c2e233d54e15e |
| SHA1 | 180f131db39585711309ec999df43f2f643c5409 |
| SHA256 | 4913f7556f6ad06ce70d6c9f7766f8f0071b471cb6ba392bb7d7a150577ce651 |
| SHA512 | b680919dbc809fb7a8507197d7b84228087c736e896142fcb473ee264a919379dcb7b020ce8731ff8ab7d97dd1d0b536c2a725815513778ccd572659549c8a05 |
/data/data/ir.zahuz.torshi/files/info.db-journal
| MD5 | c4e79a8c07a7d1cb8dc7660cdb0fee87 |
| SHA1 | 32fb892f13148980e25d1168a2a3f1764ce47197 |
| SHA256 | 92ce8daecab6dfb12688278627405357e48a946cb316d511b870ea8bccc1071f |
| SHA512 | e47bdbc0bb1a3e76e73b6d26913bdfa9f376981055536b811d1bb00d41fa83d5631964c68d98bd34e62428b3aaba1cbf584336a23174949e2e5aacb40899e638 |
/data/data/ir.zahuz.torshi/files/info.db
| MD5 | 1729686a0bfd9eb4ad1f004c8eee39ce |
| SHA1 | 9d6705e744cec3b885525759dbc49383d532003f |
| SHA256 | 83b58bcff7ce9b62084efd4bc0b13dd6818990db6b35a0a253709bd8ec9282fd |
| SHA512 | 36d4daf372c04eb0f37ca266620b8e4e9be102d8db52731d4d81d6ca089ba8de3ab8a82e7255c6d243842622e4588c9e47fe766e963352e39b99f47685c4f25e |
/data/data/ir.zahuz.torshi/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/data/ir.zahuz.torshi/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 15:20
Reported
2023-12-23 15:33
Platform
android-x64-20231215-en
Max time kernel
2538467s
Max time network
149s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ir.zahuz.torshi/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.zahuz.torshi
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.213.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | almabala.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | admob.mehranarzani.ir | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| BE | 108.177.15.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 1.1.1.1:53 | admob.mehranarzani.ir | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.169.4:443 | tcp | |
| GB | 172.217.169.4:443 | tcp | |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.200.34:443 | tcp |
Files
/data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal
| MD5 | 5e4bf033af30bb13be16787cfd3d244e |
| SHA1 | daa3806ba6f76175e28552bec1394e11dc0ef2c9 |
| SHA256 | 81f8f94ab92250d374422f02df7e94cd3c059fedce6ebdfc885ab722ef2c4bad |
| SHA512 | a77a635adb92230972ea1d8f6eba9406e0caf0d706f5ccca26b325fa3bb84d2fd5dbab4721f6f8c61a93c0fbb129e0320eda570b8b6df3ff7aab1a557e5de14d |
/data/data/ir.zahuz.torshi/databases/db_default_job_manager
| MD5 | e2356cbae488b0366e59857e59c46f87 |
| SHA1 | f7db8fdc324335ba1bd4f6b80c36b67c771d485b |
| SHA256 | e7b39b394fa4d986e114064f7615f1e13f4e10562633dc8c9ca80677a045d8e9 |
| SHA512 | 56bfabf6ba9096d06fb5bc835dd4ea2d8a89293c340cfbcced532e019e60eef9938ab1d4555b20fbac1b5ed778b0e0a52429af17750a07ed817a29d013a18b07 |
/data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal
| MD5 | cbc611645226cdac86a0f18a352353f3 |
| SHA1 | fa75b4bdb18865c70e42dae97120e9629347be7d |
| SHA256 | 9b67cf8625839863a67cdb7b9951e5fcf8f9c6bb1855f6f00dfda35c4c539006 |
| SHA512 | 5a6b515cdcfbad2458ed0facb87ef2fed7f6afb4a32b4253e4d2e0228086068b6fcf084e1a9cdce115b723abfd075b26418bab87b70d9d806389cebb17aadd49 |
/data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal
| MD5 | 5c5ac82b71dcf45c051da1574ca6b43e |
| SHA1 | 901a1585dc851db127febf4e1ba0b9a9889395b0 |
| SHA256 | 6decbd5f947b3291edb975af073ddce1cefb2efa6b060b5e14fe410569306707 |
| SHA512 | 7c8903265a27c86b47098fa802d0dfd203c38373558b298b00ff9ccb3488cec18ef3dc2179254fb7ff091bfb2031aa064796075c1f2e80d5c4a155dda3975511 |
/data/data/ir.zahuz.torshi/no_backup/com.google.InstanceId.properties
| MD5 | 6eb9c969e0f3bb50aa4f7f94a3a74f5b |
| SHA1 | e8bf92426bc8c7297155e3b85302755043d2ef5d |
| SHA256 | a188eb416b9cf0e103a4369eecf2feec2671b46e10c987a7302305c5dea535bf |
| SHA512 | 283bee65e017c7efb18631553221fe7c055ff8e174830d36bb9d5f5a0f04d967dc7e2f32991b73b63a68a6d87ce69195c229a7754a4a872039062ca70ade0b6b |
/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f353d52a-2472-49da-a88e-72d9c86ffc64.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal
| MD5 | 9490e4cb2415827aa05e70c19b40d177 |
| SHA1 | 45afd569efc2e914368551a5f5fb43cb32ea631c |
| SHA256 | 70e9d79784ab45994feb22719a7deb483e6986024426c7fcb03843f8caf65be2 |
| SHA512 | f05661e5c73b60a5729cdd857b954ecc55d5689f9003982c342e508010142613549741d65c69eb9703a55c8d513aa4fde0d8f857c95b9fdc3b2a225337d13af3 |
/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0844218d-7a6e-439b-adde-84101e180fea.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal
| MD5 | 49fa91627e5a181d3ac24a3a6e6e8ae8 |
| SHA1 | f0f456c662ecc8d4eafcabb4b5f4f175eb27414e |
| SHA256 | e697ba9e6f45b1de3fc61c2ea94e407f45afe1250856a5700fd58d4de89030b7 |
| SHA512 | 5548e3c562e9e6cf3cce44f04e72d9c2e5adf53745d663098a4ea13f507ff8d0d5fd4669d422b04f08fccd354709ecfc94678fdc62563025dfdeb98d222da0bf |
/data/data/ir.zahuz.torshi/databases/cheshdb-journal
| MD5 | 60d77843f35aaa530427fa606a2a9461 |
| SHA1 | d3f6abec1704942bc16137b41db2102d96932c37 |
| SHA256 | 99a6de5480cc4b8c240dbf827dba34cde9bc55d8d6562724abe66ab1ab25f10b |
| SHA512 | 60c52dde3c61deccd6fa6c95be951bbf83714385378c1bd343c3182536615296a4bf81b53c27c638a92b431cc9e3317fddb0aab350c94b4d9a5580839c850e66 |
/data/data/ir.zahuz.torshi/databases/cheshdb
| MD5 | 259a1e4e7ebc4b0d0341ffcf0c3bc2ea |
| SHA1 | 9b8da5a0b24833a3e84567d9d8ee0d2f54d7b48c |
| SHA256 | 4f4987ac3d84abad3490459fa7a32b7bfadaae5f329e15dcff36e07d34faaeb1 |
| SHA512 | dc1296e2b0b18dd83a3782acb700e155ea9a60ef193bfa8c98999e7cc3c5b73a97c20a974cc956ab438aeeba812ec2d2f401fb2e714bb9bb5fb421fa4b7a2313 |
/data/data/ir.zahuz.torshi/databases/cheshdb-journal
| MD5 | 0fd61099ef4186e631652f58c86bd92e |
| SHA1 | 13de8c818751ce3325463d4bf8f74ef52f7a117d |
| SHA256 | 3d2ede96fd7febe2ff563b78e215c2eea45f6aeb7a7ed58c44a9fdf83d01d1a3 |
| SHA512 | ffbd24d18e9ee0abb16188dac59bcf16f2de5d4316bae57e315c38e31b40de86c79f025f2c99d22d07670ad5ff5a53dd706899aed2ac06b4b3e2762defca3b42 |
/data/data/ir.zahuz.torshi/databases/cheshdb-journal
| MD5 | e0f9c8e0fa390ae018328eb087e35ae6 |
| SHA1 | ba5a6d878f9d6dd6d6d13e6ad4b75cccd2c5dec4 |
| SHA256 | 24a03fb52fe91bdb13dba620c4009183e794811e16af71d94f78254070cf3791 |
| SHA512 | 5ec27e7fe1979a9c0a3127fbe10e375a8b6d366fc8315a0f024dd61440a55283bccc3c69465dd5ff2f28def4ac67d84aa095406839f8358faa2396bb031d55ed |
/data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal
| MD5 | 7b38926f9b07a8cbb509baa64e18381f |
| SHA1 | 2298792c0ba2124f6c78ede10a55d26660c68d8d |
| SHA256 | 7014b68c85b10cb4d9554698ec1d6d6d00af76cd246dc3f077be42dd35b690f0 |
| SHA512 | fef7ecc389b576024cba91d13daaaedc799d2967fc1214a6c6d495ba50e2dc0d8a06c3fa895237da39802f5cc09f2ff4ead522711ddbe9ae90e17d520714c776 |
/data/data/ir.zahuz.torshi/databases/cheshdb-journal
| MD5 | 61e81c4e9f8b22fa2b9b819302010bb3 |
| SHA1 | 7765a9ab0c0de33e7f4d8abdc7ca360ec7348511 |
| SHA256 | 98890a008f8a2066e135901567a8665f90448400b93161b5fcd6b15d95d153d4 |
| SHA512 | 424662e1303f4ac79fd37c31f5d46db8e2b7a9aeb33d6d826976002f4b6ad51c86a27e1557f4721c31764166d1cb09da765b66626eca6ebbea934eb76cd5246c |
/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-journal
| MD5 | 672407be85d48193479f2e9188f05a65 |
| SHA1 | 21de7e694feeeb070ac70e3f84f276f91e6e197e |
| SHA256 | 93f883c2d9adf83bd2a0cc0e2dde696fc7ef94b18a3a218951dce9aff12e0d50 |
| SHA512 | 625a22ca425ae66cdb1a42cbcbe48088a37325896f1f55dd1efed00f47174e3967ccd639d88e7f1461b8f358fad9ac781ff6812d0d4d1bbdeb447ca41266fd6e |
/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-journal
| MD5 | 8aba2316d9d36e30c9c3915b59107a12 |
| SHA1 | 3835b058091dd5dc0b85d24e37d8e4f76640c239 |
| SHA256 | 0e2d858d6a07044f89db1d181065b29d696ccc5215e5674c1a72f903f08aa5ad |
| SHA512 | 2a40edf403ef3491da8d9a22d71b34acb58c4875a64060c2c5f2da899d4da0c488e400bcf05a1ed36b1a846837feb4b4f29e2fe04c316a4e2b8fae00a95c0e1a |
/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db
| MD5 | e84446b822bf12f6f61a60859dd89d2b |
| SHA1 | 39378c675b53e085c6f037274ab03015687d1d04 |
| SHA256 | 14637806b4f31b33b39b5618a6b6a68c8d1e5f007348855e16e388faef753d46 |
| SHA512 | 3b8b9e86de0e1bfe4030fc0f49dbfba976e766444e75d9fa53c6e570208128ea25c175506c15df39510331bc6a50d2f12ce08a64fdaa248ad227eeaefb6e60b2 |
/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/21e90c2e-e598-419b-ab70-d91a37b315c3.jobs
| MD5 | e681721febf0099b6353d0ccff634b3b |
| SHA1 | 2c5a49542a740ffdf4380540fa7fafc207aad49a |
| SHA256 | 1e80efbab73ea8177e4afaae6cd6215e619aef22d59e1627aab3f63bd90b7b0b |
| SHA512 | ede45155178a42b973e1f0eaf80d15159d35e6282d5890792c6a5696790a052e4e0c177dd2b023ff7efea915e1e7c7e2977d1a679e26e3e6fe36aaddc75744ce |
/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db
| MD5 | df94bfa81df2ea7b2ad240754a220132 |
| SHA1 | 7338b238dec5ab68424b47db77c8fb8fbe598f7d |
| SHA256 | 82b3b9027915c9f4e3afd1f5f127d888feb624a088307ad5c444292b852b64cb |
| SHA512 | 24dab0d999767fb799f73c219d5aeaf59d04eca0ad40c0ac065fa636447e5c4aa410e39f9f57b535d617b1185c8e348e16ea21253c43760b96eaf04e110e3ec6 |
/data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal
| MD5 | ec2935cef0c9682457142522db6773dc |
| SHA1 | 57b4c47b41407254698a6aff6f36f0f9e9fe031f |
| SHA256 | 41768df5345ca5b709c76d04874f035e2cf0da88746a691dbeea48eb575e253d |
| SHA512 | d1cfc5962f78fa8339fff049771fbfcecb7d0e9f8dd2a0739aa48e4473088b855494b9f0e4d9912afa3b8e1885ecbc70aa239f03559739cb3b1643af780c4db7 |
/data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db
| MD5 | abe9fa56c177c65db8c072e6d81fc41c |
| SHA1 | abe9e9bb6f7294324f549af4435f58578ae69f2f |
| SHA256 | 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a |
| SHA512 | bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a |
/data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal
| MD5 | d13ecb03d785ba039d02e996ae25f010 |
| SHA1 | 971fa6a45dbb75034a322f678cd175173c80aa4e |
| SHA256 | 2ed3f90278b098b924b62df850ccc912b9e822ed79caf60e24f87a0b32e78855 |
| SHA512 | 847dc799cc3772522d80d16e221d32d5f38f077e4022c96490f601363c1810e73d1691dcb7115131eff2a2daab498d0186fb00c00f4ddba2a46746ffcfcb88d2 |
/data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal
| MD5 | a4cf3f951fc9ad6c96eb40a85e091366 |
| SHA1 | aa67d0cb5d3bab6581d3e60055fef68477cc50d5 |
| SHA256 | c5e7a7d885c38670d6760f9da908f9f5c6e7816c4b8ba6bee7cfbf9f3010746d |
| SHA512 | 7cecf43edc73b3ded30880461f20abe20901e6a4af6b2677983c3d5c987f6318cb2f656b26235fac03da446f98c848c987eb7adb11b543c941fca86f8ba95dfa |
/data/data/ir.zahuz.torshi/files/info.db
| MD5 | a10e5d2745d8f7b3e2573f29fcce4712 |
| SHA1 | ef97ba81cf8d6b5bea5e8dd927b330d481831711 |
| SHA256 | d7d4067c10227f8cea3a647c55645cf900bb24a3162b9a336c8efd406249ac1a |
| SHA512 | 45f25e8fe40e32c9da1d5e765bef4a95e532be6ca87b5ad62ade5380019a4e0a037d9e510b3f735044ce3e101335e84afd10318c6aaad00315291987402babac |
/data/data/ir.zahuz.torshi/databases/evernote_jobs.db-journal
| MD5 | 0e297a687d28ded4ce790861c5d687a4 |
| SHA1 | 3a1123daf8b27ea6a88b11cc3f8e6228b3838894 |
| SHA256 | 8fdc5b6f2fe6eac9d1809a0d56218a12d9525213da793c37b774d560b557cc15 |
| SHA512 | ab42dd94ff9e2aa965c7aa20bd9aeba475a4b5ade5e202516f6ec5bcb5bf1f66f00b5eda777acb6bf529ebf662a244b58a026aae58669c5eedf0eb8c703faff2 |
/data/data/ir.zahuz.torshi/databases/evernote_jobs.db-journal
| MD5 | 60c8d55b14dbff7c2e1fcdd0758a9c34 |
| SHA1 | 55494b995ac104ec159122abd8ba1ed862383004 |
| SHA256 | c4919419addf70518348398f7c7a19ba63ff566353199da2079cd2a9d2d195de |
| SHA512 | f2de709955da9e99a900f9e954d6dc2b794dcc9cea003761ef0f078c224a9644bef330cfb78487481b185bf79879ba3358ae5ace54fcfc4811a15fdf63b4cecd |
/data/data/ir.zahuz.torshi/databases/evernote_jobs.db-journal
| MD5 | 1815f023766a1dc1c528b4b7d2e28b1b |
| SHA1 | 79a0514402f3f22b70bbbd70bfef6f55d935e684 |
| SHA256 | 19fc48bf0e82816093f289a13f9f71b77a21fa6db212558894770270c59d0746 |
| SHA512 | c397ee87232a35033918c050b3a5831877ce597cc7ac4168b43c593c19c1f98fd1b59df7f5318faa6f5f54e32cc14adf40244edb34eff3abbbf622224a3978b1 |
/data/data/ir.zahuz.torshi/databases/cheshdb-journal
| MD5 | 7e50722a22007f59149da39039538cfa |
| SHA1 | b061babbae454a7baccd0ce5b6bff6a0ad19556a |
| SHA256 | 23fad31e7363499757eaccd2707b3bc95e69ccc55c0e815e3c5c7d86cca745d7 |
| SHA512 | e687e54f067ad3d070c61354f552ebbe5cc9a8e96ec11d3ea5e4c71bfdd923bd9a21eddc0270818b9cb51a68f91fed27e7eaf717a5ce8b360155674413d76822 |
/data/data/ir.zahuz.torshi/databases/cheshdb
| MD5 | 83b95931306f1b460a1127c8b96f7cfc |
| SHA1 | 730fb47f2e1a5a1ea2499b6957e6545102ada61e |
| SHA256 | 852ba2e18236ff3994c5c98016ef957a4eeb9aa20734bb85f8112e8aa5724d7d |
| SHA512 | 3854e30b0974a62726559ef31f957d06dc6cee69647b26ed4c83e53f345793678b5bfebf1b0816332ffba927fa739aa52ee970aec61c1aee8a362c06d5a58e76 |
/data/data/ir.zahuz.torshi/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/ir.zahuz.torshi/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal
| MD5 | c109e76c01e4f465c9035d0fc3cd0bb5 |
| SHA1 | d55d9d1754d882efc145c82550787e1d6a75ad08 |
| SHA256 | 91870193aebd164a90c4cf9a3d699f53e2f5b56fd7b445bed32f7e785d8df592 |
| SHA512 | 65b8732ea9be64c97e3d7bad89181fe8a3c5690466dd53daaa95a77a0d4003f1ff4767adb2a651cd6da1c1b3a470a85dd12865199c32384283f65fb509f559ce |
/data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal
| MD5 | 196b14b541b1bbf796b7931057b73226 |
| SHA1 | 00b4ddd2e83d913a788f60b50d6cbd084d2c3113 |
| SHA256 | 33eb8a63510e661db47c94e0c63277dca519d731552848c6c95b9db09c99d20e |
| SHA512 | e72fd0376137117cb2cb9a3a4b684cb7b24922e33d77cda48ce991e47aed08b71acc778f0a5facd156c4af5178dbe9069644fa8e6e97fac88b685c9d728cfe77 |
/data/data/ir.zahuz.torshi/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 15:20
Reported
2023-12-23 15:33
Platform
android-x64-arm64-20231215-en
Max time kernel
2538470s
Max time network
161s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ir.zahuz.torshi/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.zahuz.torshi
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.10:443 | udp | |
| FR | 216.58.201.110:443 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| FR | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | almabala.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | admob.mehranarzani.ir | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
Files
/data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal
| MD5 | 645ad40b5ee3b4035407091ec8cb77d6 |
| SHA1 | 5b36b2bdb7d882cfa701ce33b02aa04482b21b4b |
| SHA256 | ccfbb5259393f91fce347e8a8345cdaea70b205b10a1710d7250a040d234c3eb |
| SHA512 | 9fb529adec00b59e6dde81c8f95285b716c2d1b6eaf93f9f26761399bf25e9087727ce5a3bd493fd42eb6fc74d1e32b15e3495a0dd2aa9f59690d42c8ff0f245 |
/data/user/0/ir.zahuz.torshi/databases/db_default_job_manager
| MD5 | c2383934c298f2125c1ab2c4681323bf |
| SHA1 | fbdc62ec3dee4b2ae033ead2a191764f95e6815a |
| SHA256 | 4068ec2205b6f12c98c4e95dff339181e58a6875ef9dd5bac1ec155c7f0a0b15 |
| SHA512 | a2bcb9f2f4fda7cc0035d717465e598925c757d6311ed7725b92ca1ec5cb3005993dcb1993188a563aaf3fc920a0af1d41b62b858dc8041248ad41ea9d68ceb5 |
/data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal
| MD5 | d66e266f8d49ce4c732e74d267576f3c |
| SHA1 | c16a3aea7c313e0a199752c34f936873e7f1e01f |
| SHA256 | dd4eb275fb5fae17425b145d9b66a2604aef06de9f5c6136ddd355ece3c9f573 |
| SHA512 | 3e2a6854020e9f6b95ca1d6446d684b528404cbdef515cc8e6c18894bbc85198a996ce915fafa4939d4669bf35e9db788db3d00719a583dcba351ac6c99abcc3 |
/data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal
| MD5 | d6e417c57f9f03c65859a580f3c3d68e |
| SHA1 | aa701018d4e1a6e73be48d44b61915e83bab9ba4 |
| SHA256 | 07d169c9a432f35582a38e5dda81a80864bcf21207001bddf3b513687fa40539 |
| SHA512 | afdfe004477a009a0d0c1988019342577eebef7c7220d45c19f9e3f58c4b402034219e551792b4c3af292a4da45d4ccec2c0b0fc59eaad213ed4331570e12569 |
/data/user/0/ir.zahuz.torshi/no_backup/com.google.InstanceId.properties
| MD5 | f4c71f383607a76a215bf30064eac0a0 |
| SHA1 | e7fef1ec5bff22130ae5bc10056e90c5b757d2cb |
| SHA256 | bd3f5b6a5483e6db597aa6f2a96250585507cf4b295744f8aa658b75979ff8c7 |
| SHA512 | 504acd7bb2e8239b405376a6416ae38b30711201969c1aab79b8031aea61a4f3aad6883ec6cfdaff7fd85e481cb138726d522478964578e26491c3dc77bfdfa9 |
/data/user/0/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/1cf829bd-af1f-4d0b-b543-07515c1f3049.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal
| MD5 | 04aff16db9a25df26bd36e5b4c934bcb |
| SHA1 | b22753541922c8bcf311a3e7498ce8f83990c1f7 |
| SHA256 | 6debe9acd73645f56d3ec959ffaa6b7dc2281b2dfe45ab0520304e178ebe7c9f |
| SHA512 | 0e6182d664a3d1fc3351d8fda8e0fb1f9fd72abe046e6a06f8119456b224d1b21c4a67e90d0fb274ea4654c4e1f4ca016c86534cd65f4cda66ef0a358f0f0046 |
/data/user/0/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/93b4b01c-6c5e-4c55-97da-18f3485a8d10.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal
| MD5 | 186046b2c07d9146cce69c6fa68f873d |
| SHA1 | 3fe1a36d9c23bd63ca1fc48a6d7475e7f9f2465d |
| SHA256 | 7fc53944ab472089f1087b400e52e30f7208361dab7492e526399890aeb5a0a4 |
| SHA512 | b7f175bc8142580991053b2de76e93118c7ee3da18baf71b583974d38074ef9fe03ca0e2fa30426c3e0d153300529a945e5859bce14c527fed3ad2e2c687fd38 |
/data/user/0/ir.zahuz.torshi/databases/cheshdb-journal
| MD5 | 8f539233b72dda9a4bd1c873758fcfe1 |
| SHA1 | c51841e533beee675cbeb8c4b9f2e7c36605d844 |
| SHA256 | 0995f5d3b51f2a7411ce845b96596d2d634099ab2617fa4fc0e3df15b6957a4c |
| SHA512 | 251e96d3708dd99a1a7df5b9a1441c73ef5094455eeef6942bac9a6b622e21a701fde66a40e7099d26308be1a2a1a7451c6ff77a9f0ee83015b890bedeec5be6 |
/data/user/0/ir.zahuz.torshi/databases/cheshdb
| MD5 | 171aedf968e17a2744d2585715606cb9 |
| SHA1 | bbeddeb3b89fcf809619c35b4a318a80e7d5b029 |
| SHA256 | d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e |
| SHA512 | 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b |
/data/user/0/ir.zahuz.torshi/databases/cheshdb-journal
| MD5 | a26769d1a99af38e52058f9cdd725941 |
| SHA1 | 3a98c5720d11fd5da22480917f54c12c0e6302b8 |
| SHA256 | f6821b0b864c8e302e330a4ab0640e21b56c7d79c52d1792b345b87e69ce4d52 |
| SHA512 | bccb9bb6c1d1b6462ad81aaa5af59c0f35d4fd9f72fefe3045bbcac8290e092415d20d0c4249c4669c131b4a30ab207922d179307dfa33bcd138954d0bed9249 |
/data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal
| MD5 | 5ae076c2c0f1c20529d48741ba9b76de |
| SHA1 | 8ae608ac580a558853a2e4588da19c4cd52f93f4 |
| SHA256 | be115965552b5603422601558d45a95c405c9541b8720409aa2c541bbb585954 |
| SHA512 | 428aad557602b588c25f0b21188ae1ee375742695562ef4605a6f4c0f0a84d780999ea2d6c9a21c67ff50ca8b765f37c397ec2aad8add04bfc56c6f180985131 |
/data/user/0/ir.zahuz.torshi/databases/google_app_measurement_local.db-journal
| MD5 | c6530a9221cae9ca260b092a793d0205 |
| SHA1 | 061c4d275647cb1899231942a4d4a4c80cc9ccb8 |
| SHA256 | 81852b2048f1c391d33b3f0b6877901e6d94548c39e20214a7af71c4b1f367d3 |
| SHA512 | 1e64b1e8e8dd817135b0aee8864d7b4f4b548f246fb5853db27b78183865cbefd58238dac75ab4e3e16e3a13efde0839a40883ff61261ec9275775988b65a8b6 |
/data/user/0/ir.zahuz.torshi/databases/google_app_measurement_local.db-journal
| MD5 | 64c01b5837328ae022453d9992f9d470 |
| SHA1 | d2e8df2bf124ae03c1bdbecd3630f8a55a722031 |
| SHA256 | 26fa8cf17f4adf319ade2e94bfd40997ab753d798fe2fc8b0f54653348422b9d |
| SHA512 | fe7e1b0971e41a6889e09684f99f3d62cb65674de2ec7fb4b104069e4d1efd4cb818afd2a98e549740f672b0d71a57931392f71ae4eb5a63612274f3b6adaa32 |
/data/user/0/ir.zahuz.torshi/databases/google_app_measurement_local.db
| MD5 | 09439539ed8801f46a8bb4afeaccd4ad |
| SHA1 | 02f0676f04f3295c6882e2c62571122bd73335f6 |
| SHA256 | 39a75f896eaf97e0623d901fa1e8e75a6921cdbb5b2772340c29cee22944e2cf |
| SHA512 | 573eb22caf94352bb017c5f286369c9f284c9d1dfcce97d0f8566cdf7b1b9a7dfed2facaafa254687f69d494d87fcac4d9f4fccd79d05685c376fa320e91a9f3 |
/data/user/0/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/958daf30-ba93-450f-80f0-7ffbf8207adc.jobs
| MD5 | 19e017870d0b2c718fb63712318dbf24 |
| SHA1 | 7e8de92ae4dc6d4b0ae2f1fc5516a8e19113318b |
| SHA256 | ef926ec177d3468e846cbc7254ac7bd49f204b9a9209a3691b6f48290ae2722a |
| SHA512 | c81587d67b48a313486616837c5ca2ab7c93e8e24e5e22ebabae2d65fc3f06170022cfe35cf2ca7e198b14b179dffe5fa9e5b2f301791e7d507ba201012d6273 |
/data/user/0/ir.zahuz.torshi/databases/google_app_measurement_local.db
| MD5 | 159e47315c76f24b29a1231e576a277a |
| SHA1 | e930833cbe25b94a703d263011ef28c9a3783feb |
| SHA256 | 8e098dfdf78db7b31c913162cc28090985cb24a8f5ce455c47c36e7b64bf3717 |
| SHA512 | 2d76c54f5e8849145936d89a5a7c345ee941626d1e3a8dc6527b5c844653648dcfe1f7659cca089b8a3150bff01a7fdde6fd484936082ef78b45c659f64f12d7 |
/data/user/0/ir.zahuz.torshi/databases/google_app_measurement_local.db
| MD5 | 7e3598e046e655ff805eedc6aeb3399b |
| SHA1 | 917586dc77f17dcd59fd2bdc576baae0551cbd2f |
| SHA256 | 227a83dec060aee14a1be59f16c4ed9d054dc00cf494cf59f792dc92d07d87c6 |
| SHA512 | e18d2c96d21408ea0c9c1671cd1c95943d2ecd27c3b6565f0050149967dd9f8b01a89c12b7524abaa97b063ebb346ef476d2413ee70727d0de9423196612e01c |
/data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal
| MD5 | d1bdb310bd0d7eddaabf4aaee3d03541 |
| SHA1 | 008deb95bb3e0e9f33c59882cca0b579742a5624 |
| SHA256 | 2afcf1c285478470a09b0ec891771e44e8ac1d7dde627e2c8c03784c2ea5be6a |
| SHA512 | 483f6a59c5b05e06a5310269ff2984843c5a43ac4d1c7d92a6cf62759e84d3cd53e535970ad8899d79c22e7ef226354faa549a6a81dd2264722bd223e6ea609e |
/data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db
| MD5 | 2cdf77d5c14dd3f313b60c691579a0b9 |
| SHA1 | 6a74a7a3170cabead82152871c90749afdd6f310 |
| SHA256 | 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0 |
| SHA512 | eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c |
/data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal
| MD5 | 390ba66b707f0f8a312babc9e16d2770 |
| SHA1 | a1563407bbd237f45902e3608ba9fc2f791b65ce |
| SHA256 | d0df4a595acf819654ae3a5f8791aa8177561b17894bf1feb5141757ba9ce7f3 |
| SHA512 | 61a1cec245f0b214a3d007a132d576055259cbcf5f29119d9e7ff7539d9393fb78bdf45f352ad85b2617b78c195528b74fd894bae5181525ff349df3e121c58e |
/data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal
| MD5 | b7cab2f562696ddf4ac4e4309dc21386 |
| SHA1 | 9ef5d0955de115329aed3aecf50b71572d8fa3e2 |
| SHA256 | f4a506d38bf7b5f974aa0ce74c0d9f296448f3b27f02bc84db33adee497f9384 |
| SHA512 | 5f7ecede8b8331cc6d6e525a0d2275ca33db02bb77d2869d9f61f8765ca929fadc00f9b9f85cf330393cdbb715c06d5e2269a1be6c99f466711b29c15ff7a053 |
/data/user/0/ir.zahuz.torshi/files/info.db
| MD5 | 513f102e2329feb8fb17eb76b08c28fa |
| SHA1 | 768f08745e5f69a7a94105de675e15693384ab89 |
| SHA256 | f1c435b6b483dc3775c5978e29bc49048498c82d542934a644ddee4d45726987 |
| SHA512 | d7942a9794f186733f3efc8eb21b764f619ebeab3ca96bd22fbae37c4c1b3846d907033a746f3a6dc2222e9380621b0c3f3ed79d6c36f603cfc0053654102b5e |
/data/user/0/ir.zahuz.torshi/databases/evernote_jobs.db-journal
| MD5 | e471c3de8ee773dc56895615a150d8f6 |
| SHA1 | e16c0716b24dcb02291510af925198839d4284f6 |
| SHA256 | 15d53a469058e0e5de8d3572b5b651a8921fabd2f87e8e5d3bba8e0fc24bd2f6 |
| SHA512 | e6d34c306ca5389db025fb33e8be81e27ce5255446c585f9dc018859ccf9ed6d327d6017b39c22e92cab98fb8f022cb0051e7a0ef630045af4bfa8c8f4ed3a63 |
/data/user/0/ir.zahuz.torshi/databases/evernote_jobs.db-journal
| MD5 | 0563d7c955d191803131125da49f8f7d |
| SHA1 | 56dc561e2b4bddae4c2d823da25ad8fbc653471d |
| SHA256 | 30049f6d9fc0cbb25cbc1e4986bcbc03ead61113713088f48027a014ddd3dce9 |
| SHA512 | b8a64fbc18befd52eef55233e8379be9eaa38d470652ffb007f4116207659cc03720522723f98fdba13a9aef92742b0be8305bceaaa83ee3e97ef613e909e20a |
/data/user/0/ir.zahuz.torshi/databases/evernote_jobs.db-journal
| MD5 | ae1759d5f2bca78d941a1cf2138316b0 |
| SHA1 | 926d1f491dc7558249e097cc8831416d22bd49d4 |
| SHA256 | a2a3717eedf5396ae4d301503254e9eb156270143855abeeff048c147d8c556f |
| SHA512 | d07c4922d05878ee4217d500e670e9313bd1cf7607f55f1cf368e88f609d234604d8244e71f09d455a934247d01ffa921bf4ef852fb0190715356d51973ed6f7 |
/data/user/0/ir.zahuz.torshi/databases/cheshdb-journal
| MD5 | 8b87e76c7dbb0e1a8f8ac18f0a451cca |
| SHA1 | 5ebc7781acdda258ad36a348be608b1e4fbd6aab |
| SHA256 | 1da618866b058c37b1a76f40eeb9ef20c1fa6b4881d74bb7f235fd7a2d68341b |
| SHA512 | 3b6569368ca11ed881cfd29f0b152d52b7bd0360400e4712f47cca3f881714c3cd3c25d870f0aaa6d87f1907163c3e3fe0bc050d7306cc767a040729bdffcf74 |
/data/user/0/ir.zahuz.torshi/databases/cheshdb
| MD5 | 07f168c5664578b696de8e1aaf600326 |
| SHA1 | 0de11f8fedcb11a73c4aff5c7f24561a7c62758c |
| SHA256 | 5fb224485a9444307693c51b0b90890ef38ad2778596bf26d259e4828332afca |
| SHA512 | 9d0deda746f1b191c384d0efcf8f56ed9b0e52f7d1a653c660ad128fdcf82af70583d2aed81baaa2263c741bdf72177c63bd5fec3d8a9e463a5bf5a4d3ad4483 |
/data/user/0/ir.zahuz.torshi/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/ir.zahuz.torshi/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal
| MD5 | a37ee69ccacbdbb6dbc641c691982801 |
| SHA1 | 3a556ac4350bf93f5078b28bc2cc6a2cb20a3f53 |
| SHA256 | ec053c2ccfe74849fe03de7f90234f72798be85f37be1979ed78bae02d52f88d |
| SHA512 | d104b1126e2ae38e6dc207b0f3d05322abdb110052c6459aab7b9779d8721081c76421fc86022c56ac45c97bcc9e7235b82e19204809774c6083284ab03a6c93 |
/data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal
| MD5 | b996bc0292915b3f94001444b973950f |
| SHA1 | 6f20cebd64ef17cf7199df48d95297eb165b2df7 |
| SHA256 | db005ef0916116e0fe4730d76961b68bf4753fcb1b80f2c89ff139cfc6489c16 |
| SHA512 | e567a3594e59687663bd4aecf270bf5615a576b200d272acf60354bb63b8d1f0db88b288c6d72585e09e9f79a97e37d0be2ba7a13622e4c804b7290715e4b1b8 |
/data/user/0/ir.zahuz.torshi/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |