Analysis

  • max time kernel
    2561723s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23-12-2023 16:37

General

  • Target

    4cab76eca2421764732450a3d28c927865e63b1c1b0d099bbd6f6dc396c938a6.apk

  • Size

    9.0MB

  • MD5

    237edcb259907eadba2bf3e3367faaec

  • SHA1

    0500812154f98784d127f7fe4279e0f6a0afa1b2

  • SHA256

    4cab76eca2421764732450a3d28c927865e63b1c1b0d099bbd6f6dc396c938a6

  • SHA512

    1c27c5c305c9a9691b037fe4182d7c903c2afcc904a9b12a9a872617c9316a862d1a759cb6ffda347ecbc4ff82b5f4e9f07d4280b32c5cfeae55d10ef2b81488

  • SSDEEP

    196608:RSEwEmhf7vgcszqU3pAeGY1UBWzmlY1LasfMbT4O6dhiU1rrsOMgXj9:RX+ocSqU3pAeFEg8QfMsdhtrsXA

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Checks Android system properties for emulator presence. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.ziba.tazyinekeik
    1⤵
    • Requests cell location
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.ziba.tazyinekeik/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/5a78ad7d-4485-4e1e-8afc-650d49ecad12.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/ir.ziba.tazyinekeik/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/5bc55d90-fd91-4ef6-be19-6e42c84a85dc.jobs

    Filesize

    278B

    MD5

    ed97c95fd0ec4e280216ce3165d220bb

    SHA1

    5b97cfe5b7a2e1e0551743618e0d7f2341357840

    SHA256

    16656c5649fb8a644c9d7ef5d2c5237d1464e323b63aaaab1f3fc3e007322f8f

    SHA512

    037e6282656ec2864166e5d22769b879bcb8497524fc828eca4fc20f65064581b692cfbc748d750d08627f07dd7d1c4dce923aadded4e4b87c8da56ebfdce55e

  • /data/data/ir.ziba.tazyinekeik/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/c7c45598-32f5-4436-83c7-967386ca78db.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/ir.ziba.tazyinekeik/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/ir.ziba.tazyinekeik/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/data/ir.ziba.tazyinekeik/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    5595171c85dd4427ecb2ae2fa387414f

    SHA1

    9550ef36bc6ce8a7fb5e611640c1e0747ef53f6e

    SHA256

    435409c30370cee4113bb6dd0f23cbb76e52348c019030060e4e6293d8b3c081

    SHA512

    979d835f3925931293052b9822c178623e290c818590b7b317579ce999df1b442b4bb5ba844e6dcac3cf1546ba3bb398cf79280ddbabbd22e75b50732f3ee7b6

  • /data/data/ir.ziba.tazyinekeik/databases/__pushe_base_lib_db-wal

    Filesize

    36KB

    MD5

    333b9702bb276d037729fd424c9ccc14

    SHA1

    e5b75d378504ec1f409a4334ff1cfd6df1925078

    SHA256

    97d4ae6e06b82332da0b3e9cd84eb2d7d9aa0cd3de439b3bab2acb1014979489

    SHA512

    3f8205e57d146f100259f38eb9ce691348c0c4374ce056dfe1076abf322f38537820c81d0eab64f143c069e1d0c1d6a897ca790042d511532db1df3ff7b39293

  • /data/data/ir.ziba.tazyinekeik/databases/cheshdb

    Filesize

    20KB

    MD5

    c017eebb857433b00940e59685c1c19a

    SHA1

    5a309240351821c2bd9a2bcadb2c7814061feaaf

    SHA256

    3f12d5bf8c9c8cc10998362f83dea0c44caadac80f71097977726e18a219e6d9

    SHA512

    7d1d2670b90d8acf439a2625d8fc013d802eca7af8047ff31b0188f182d91e270433e77c70722be288841862547a5d97bb9a446262d077bab6a88212aec437cd

  • /data/data/ir.ziba.tazyinekeik/databases/cheshdb

    Filesize

    20KB

    MD5

    a5025b2ad59d3401c225635f5a61009b

    SHA1

    3a120e3cb7c9131e93af048c9beaef95a1b662d7

    SHA256

    048fe6c627a3a963509a726148e9c42d7225e1256ce86878084de02b7f9fd610

    SHA512

    d952dfd36df207c66b7590488711198f5c7e6112f69d5b47d1e3f071decd05150547b731db25dfbd3d5fad5dedfa1b9ac3dc758cc77ba12515166bac3db52243

  • /data/data/ir.ziba.tazyinekeik/databases/cheshdb

    Filesize

    20KB

    MD5

    99c453a6ccc716bb9c62b604e09a9d51

    SHA1

    07894a4b5c57a6d104593e6d248752737d795ad4

    SHA256

    4612028ee90bbbbb7181a51a44f98acc338c3e49b8777dad89eccbdec9234e64

    SHA512

    e35d92d3bbfe3840723dfdf527dfa191f8e9d0d71faae4470e69a1d51308d9af246e28265fd18050f448b414d6ad90b17304e56540a0374102d08d4d80c3bde9

  • /data/data/ir.ziba.tazyinekeik/databases/cheshdb-journal

    Filesize

    512B

    MD5

    59dec22c3ce7fb9ab01a99a6458c1989

    SHA1

    249f585e2ab6d0f0a9815e10d22d0fdb78730c0c

    SHA256

    21f79cf621c4cd73f88090d32cd9fd90d28a1a9a5ceac27ec28c0383e618fda0

    SHA512

    817b54feda3556090520c0452621f1f5d23880d3ae6672c98a0109da55ea2cefbd6f7653b4c6d7d8bed70112c95c72ec3132a1373caf0a8b3cf4fc681fd58992

  • /data/data/ir.ziba.tazyinekeik/databases/cheshdb-wal

    Filesize

    36KB

    MD5

    2482d843523c3e0002622ee5612f59a0

    SHA1

    00162074166d7d755b190a37bc577f00d46c1a39

    SHA256

    d7b6d04824a5c73fe8ea3e4be9e8d347a04e144ca130708844082c3ef8dc8d21

    SHA512

    6346fea238a070d627f415a574228db0598dedd46086d9b674541520a62cd2cefb586e81fe62c5f7e044bb089f706ec021ecbaa286f883061955af84711867e6

  • /data/data/ir.ziba.tazyinekeik/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    67a7f46e45ac477a61b22cef19da13a2

    SHA1

    9a6151546fcbfc8b8d999c7d7ec98232db284c76

    SHA256

    d84537c4f1727378322d26326ec986764eb921bb39c37d4bc251082f1cc8a807

    SHA512

    353ff669c71e916b03a86f9d17d03de537318bb2fcbac9c1dd5652834f40531b1d8e73f0dfb1e81e800be7e127b0963316685f096f4fd81738508ed69184f282

  • /data/data/ir.ziba.tazyinekeik/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    ba530071f3799c80172af2224cb6bb17

    SHA1

    360652cb999a219a908d40b5b4bc9892ba9f3b9f

    SHA256

    2e8f190d972f70e7c4b13cb135ebeac8e5c36fad377cbe674dc9a6c707a1b5ef

    SHA512

    5f9bf95fdf814e0816324db3b11b63bf5c7fb8f96c8129647bb02b20063212617427d281206c382f3c781578e5d3b3a01d33ae8a2c1916c0bddc626925716bf4

  • /data/data/ir.ziba.tazyinekeik/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    5536913ed9605d70b12dc7f7c3edb48d

    SHA1

    003c422621fe20d398cb9b12d7c52032f3be6f8b

    SHA256

    73236e084647b7fc2dac534946658c9b8b3e7da65af14c6ea59cef47798cc478

    SHA512

    4bd2b739a73fb3017ca1b0846b562a1ebcc853f0dffeb693d7e0a7fad6f8e263c75299789c55a898923ee05698a2eafb64b3a7e15b0b293d1c5c5c6da8e7e2a2

  • /data/data/ir.ziba.tazyinekeik/databases/db_default_job_manager

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/ir.ziba.tazyinekeik/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    ee18b95584687983f48a103043f89af7

    SHA1

    0a60fd15dadd41e45798061e975e01d0dad69e24

    SHA256

    e8c8df4f2da3f4ecaebeaa84757810cb322032a69154df49f441da5e4303f364

    SHA512

    0a13f80d8614d4056c132119964320c3de55036e36f6e123b62b97b8ceef2959b816eb8016be671c88bba6f4dea50f67aa2b5c767aaf31183d5d8397b3cc8e21

  • /data/data/ir.ziba.tazyinekeik/databases/db_default_job_manager-shm

    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/ir.ziba.tazyinekeik/databases/db_default_job_manager-wal

    Filesize

    76KB

    MD5

    77c48d1639e33292fc9e35babb0bae5a

    SHA1

    00fcabbf4715f7e8e46ce1bb6caf4d8ac842d021

    SHA256

    ba0fd6deac816c5b43317fdd9cd0315e55d7a9ac9a6b4530ef17b4a68af4c1d1

    SHA512

    0f1157047395c742d6e599399437efd5eb410acc23de55ed85d27a19d433c6b49ef3611e26929a612f881151bbe456f5756735f430f5acc132043a11b685d794

  • /data/data/ir.ziba.tazyinekeik/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    39782db4458965733ef525cf2e5c7efe

    SHA1

    925f14f21b569594622f9f949c723e60394ca380

    SHA256

    1e86886c830bafa193a83b1fb3231d16e90341f69c6f2031838a667ca200c5aa

    SHA512

    3a22262fb4709364a1ea9d07f75e84ee68649edc37a0e8b340be7b7f5573f388727d90d2d520c226256ac8ea2e91c30800d1a1f6874b5e0fc08292faf20b1fa8

  • /data/data/ir.ziba.tazyinekeik/databases/evernote_jobs.db-wal

    Filesize

    28KB

    MD5

    a3c3b67385ce09172617424025f3beab

    SHA1

    f845a08e9ee1312642f21165e6a194ecc0781aca

    SHA256

    acc22c83f2c153f785fd8b51dacef63764044a7dea00a1db833bd65e4947f3c6

    SHA512

    0ed8565792567e701e111bdc7aac9b0ed731085e0935e656e0554a7d1b7fd36c68614aabe4a707846b2d151948502933649c94bca01bef8b765cd36db7d4d8b5

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7e423ad500f819d00a2e29f8c64d8452

    SHA1

    763c312a5a293aaaaa70d5db60a0d572654a7b91

    SHA256

    fa7d1fa1f2f01fe19fbce92f8e1aefb0f907d494e94221ec7d98e279c08fe03a

    SHA512

    dbfd72a5312228f82afd918e1c876213dea33fba712723541c543b74598e5c3065a6f36baaf12be054f762c3dcf077a82076cf840b86903bb282f126b9572035

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    2e9fd6bd2f240f766511989b9fa40081

    SHA1

    dc4314c1bb5679aa0b73b75a3fbb09b9056420d9

    SHA256

    985ca6247162dac16a1ff677576c119a5872199957a7cb550f317dffb6dd7bee

    SHA512

    408bea326245aa7cb652cf1102fc3d54f444684a94ebae29c42f7be1fdc8b54e1a4e67c901357a58ab61feb154131858a6b77087b717e3e4a043052aad52a1c7

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    2f88d8c4da4a4d45e76a2842c024683e

    SHA1

    367b436d473fda9cafb314b1e22318ebe4fa5f83

    SHA256

    053cea9ff03878de923d75174169657dd13f175306ffdb19228fc40380ae62a9

    SHA512

    23feec082dc3f72366bb60e99e7387f94e19a62825dba1c3f4814b6ecd53ae46cd98bc35739c470bcf09355ffb898443a6a0f7d6d5638f36a3536efd333d8042

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f5aa5d097808e00332382c5665dc832a

    SHA1

    cf734f884be8a061079f796de22b8b5cbd982764

    SHA256

    c4f4c0624aa4e0cdd03352d0bf07ac7cc550efa98238ec3e8d0dffebd5cb253b

    SHA512

    f2374c0bc00e19040ef55cf358e697681dd838dc037e53b30bc35df89caf14eda712e95ab2f99f9ce8289ca45570471ec96872d530f68e0a34ba2acad3d1aa6b

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    720589f0f2f8201900329edafc42a113

    SHA1

    3dfa3a3e1bc6f006b0488abc3a0143af6abc1c27

    SHA256

    543aea7cbf3be4c12119572af98ea6fda72e8cf886edd19a6ba8a80263e16c59

    SHA512

    bc4da98c2bc11dacf7e5b8edf23ba5a123faadb5a02cbdc4f082109619ca956c93b3f2d1a5b44aa039ccb0e0915ecddbfb2bd71307df7fd4fba6d38ee9cb63ea

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    5d00eb1df1130da78778442f79646c68

    SHA1

    6679acf0973fa4ee95bba1f267c8e191ad53a40d

    SHA256

    7c200ed5a2bfa5f1fb1da9f8040c59bc162c52aea20902c7d239184834c29e93

    SHA512

    681655ad1418d66ca69470a52c8821dacf618ebe33022719cf9fddebd10146c78669efea5ba1529722f29c340407113dbdeab7cd6ba564bab90f2e380968d655

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    a352699aa81434f32881c756d3fe8b44

    SHA1

    b05e40c4640e3b7932f6236d340f23d158375633

    SHA256

    3cf0df6fcbb25cbeafd66db1835abc56b23aaf59b418bed57840ec91626168ee

    SHA512

    0b673b23199e1c4f3ed5898b1cc58964d9468dff0c9d27f189605f4c17c06060071a7b943445caf0001e7c3d897d0f50ddcd1dddefbc8a9baa4ffa8ae84366b6

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    5ad92207a6679fe36388c18919414382

    SHA1

    e6f9c4111c64dbd0fdc0b4352eb7b7637ac4c6a3

    SHA256

    bb3d1c9cdb6fc8d42079b0da395b84025332e8735acb247767a7fa8c1068f71d

    SHA512

    d15db1cd548a4e17fa4e2c70987649386a9aa6cac764a8b59f233fd2a7e7b6113c207577c0989e00ec0365b9267f45ef71d41a5d6d438b2041643e0587e97391

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    e9ac8a730d77506e4f4b7c180a7fc293

    SHA1

    5b679e754d437532b65dde8eb2c084cf7d49a3b3

    SHA256

    c15534ac219326c6e37aeb0593edaaf6d3c66bdf64a36400675a3eb77af63dec

    SHA512

    a0d61292f6410b525c94c39576c2ca585108b1403ee91e8665678131792b9ef49ac784e72641b271bd55ed8b8abc1bcbcec44e5f07378f5055405729b2a6218e

  • /data/data/ir.ziba.tazyinekeik/files/info.db

    Filesize

    11.0MB

    MD5

    15ab3f45e1e77608cf4864e629731005

    SHA1

    16fbb984cb68aa76f711eeeb32e322ecdce1bd3f

    SHA256

    69c091e8114ad50df9b677c6f539687783601e42a4c8f1e6609c1a7e257bd5ad

    SHA512

    62ca6243e638003f9f5e4f4800dff047db25160ebed2c36bc8a2b3e0e53361cffaf2ac70fdec3dfd10d668b03b51852b7dbb672015a7ac1ce6c310d61ff58540

  • /data/data/ir.ziba.tazyinekeik/files/info.db

    Filesize

    1024B

    MD5

    b7e7f73b312ef5559993d3be7354dad7

    SHA1

    44d37729feeba9cd8f1fef480426d8eb5c39e7f9

    SHA256

    e7183fe9a94c426919cc31c1099e80e762e21305dd257edd942f4f9aeb7a9f02

    SHA512

    bdf7b45145b76d011c953a7430b7dc42ae5361cb92595059b5058fce79849898e57f1fc7c5eda1f60130d0cce9b67941243d8577c30aa3d773f700787e2b0afa

  • /data/data/ir.ziba.tazyinekeik/files/info.db-journal

    Filesize

    1KB

    MD5

    a6ce1fc9f6cad258acaa20c85698cdd4

    SHA1

    4c9bdefd83049d6ed92ad25f83b01ed245a22920

    SHA256

    7b198afa5e56e624677ea2387b620d5649f9ec093fb5e6bf06e152a158083d85

    SHA512

    00b1616963b5ced96747a7c1a9d0e34212119214655d36cf4f11120e320e5940515a89a007a4b5937dc6783f5b0ca613ca2c6a9cf0713f481b1da37a95cda06a

  • /data/data/ir.ziba.tazyinekeik/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    b3ee133392df515b5b67da540f687e23

    SHA1

    453690f35d1d15caff8b4b43e8534ac356153942

    SHA256

    365e375073ce492d908ab48c66e0a3492221bf3c3f316ff160a223968d4ab61e

    SHA512

    c7d422e1af4e09161c2cd0c91500f8bf87514a478d3125b124e3f9ff6cf51cfae86b5ff7c90ee39a7421bd1da03d0a8cfbd5f25a310972f124f83963856e7c82

  • /data/user/0/ir.ziba.tazyinekeik/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56