Analysis

  • max time kernel
    2549604s
  • max time network
    164s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    23-12-2023 16:37

General

  • Target

    4cab76eca2421764732450a3d28c927865e63b1c1b0d099bbd6f6dc396c938a6.apk

  • Size

    9.0MB

  • MD5

    237edcb259907eadba2bf3e3367faaec

  • SHA1

    0500812154f98784d127f7fe4279e0f6a0afa1b2

  • SHA256

    4cab76eca2421764732450a3d28c927865e63b1c1b0d099bbd6f6dc396c938a6

  • SHA512

    1c27c5c305c9a9691b037fe4182d7c903c2afcc904a9b12a9a872617c9316a862d1a759cb6ffda347ecbc4ff82b5f4e9f07d4280b32c5cfeae55d10ef2b81488

  • SSDEEP

    196608:RSEwEmhf7vgcszqU3pAeGY1UBWzmlY1LasfMbT4O6dhiU1rrsOMgXj9:RX+ocSqU3pAeFEg8QfMsdhtrsXA

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.ziba.tazyinekeik
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4958

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.ziba.tazyinekeik/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/1f1923d2-1152-491f-b7cb-e12c33090c6a.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/ir.ziba.tazyinekeik/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/da7b72c0-a528-4824-aa03-1d1adcfe793a.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/ir.ziba.tazyinekeik/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/ir.ziba.tazyinekeik/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/data/ir.ziba.tazyinekeik/databases/__pushe_base_lib_db

    Filesize

    24KB

    MD5

    abe9fa56c177c65db8c072e6d81fc41c

    SHA1

    abe9e9bb6f7294324f549af4435f58578ae69f2f

    SHA256

    53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a

    SHA512

    bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a

  • /data/data/ir.ziba.tazyinekeik/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    9a5be5e2ce75f953c110ce459d505f2b

    SHA1

    97238a9b9e75f127fa0890de52524bbf313c9f41

    SHA256

    2338da19d4e51006047851717d31093784895ff6ba22761541594dee9935186e

    SHA512

    92c4111b3ca633f18e516be7273785221615ec688cb7d8573d107a1f0f151e3f414b7dcd1ce4a4da1212960e87b86066a6fc9e8373688fac7b72e7a1cafa31d4

  • /data/data/ir.ziba.tazyinekeik/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    b593883a38b8ddb46ea6bd17be6bdaa5

    SHA1

    3d5d934c7cbb89fbe41df9cd092a28f3bd603175

    SHA256

    b286cd80e2a70ec0fb191232d671af4159be0d60ef793257ed138b69379dc8c1

    SHA512

    5f980831d640a118a798f766aa63c667ec9145b7c0984ecf5e1c20cb9994882a000f96f1e82a4092a5242a508bcbdb2a660e5e0da461319b11ba8bc710b398d7

  • /data/data/ir.ziba.tazyinekeik/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    8d53694c5c67a6bfde76656cd31178d5

    SHA1

    dd0836ae34ec2f444d8fa3d2c423005193a1a67c

    SHA256

    5c0065c8123b54ab6d284f795771e0fbafd0f5b59a513aeed776e5ec105066d3

    SHA512

    e79ca99190e735e031d751dc4b996b14edb98b9924a7faf6c7863b9e05cdb88d9d71182a958e32c4ed4d87857cfb1707966f8d9815eb5b79244008a5be493fa8

  • /data/data/ir.ziba.tazyinekeik/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    2b87024c384eeefb21c3f463f03459cd

    SHA1

    b4a6ba1be03fadcb2db20813b8bfd991d517d89d

    SHA256

    0805192787287e3417624430c1271a523057a635ac3ec9089ebd9fdefc87cc52

    SHA512

    a0f0c134a9981557f67a7a667e3bfe0256272588613c420e9ab62f205f502f752fad96ccd4e1bbfa2627bd87626e5282142abbd87e7a3a433c08afe7e0126a7c

  • /data/data/ir.ziba.tazyinekeik/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    9ce8721dd2f15c63e63f1333690b16a0

    SHA1

    0abb40d79c4caf4d467940b47168d0c42438ece2

    SHA256

    91b91baad077ea7136500c8d1a6f0f14e77a631fe210f4310ddacbb7dd40fd5e

    SHA512

    dadb0d298f83ea64253135e4f953e2de410f7c30489b91263881b20d9dafcfe3f4351bc4a441e778bf8a665a25540175ed3eebe3658cefbcddbedc86d166f5a9

  • /data/data/ir.ziba.tazyinekeik/databases/cheshdb

    Filesize

    24KB

    MD5

    259a1e4e7ebc4b0d0341ffcf0c3bc2ea

    SHA1

    9b8da5a0b24833a3e84567d9d8ee0d2f54d7b48c

    SHA256

    4f4987ac3d84abad3490459fa7a32b7bfadaae5f329e15dcff36e07d34faaeb1

    SHA512

    dc1296e2b0b18dd83a3782acb700e155ea9a60ef193bfa8c98999e7cc3c5b73a97c20a974cc956ab438aeeba812ec2d2f401fb2e714bb9bb5fb421fa4b7a2313

  • /data/data/ir.ziba.tazyinekeik/databases/cheshdb-journal

    Filesize

    512B

    MD5

    98482ebe94fe4349934477b3325e7955

    SHA1

    7217a32b6172f47ebb2b6b4b447d3b96dfe7f9c6

    SHA256

    2c53ef8fac0e99c77b350256affb8b7d80388fcbd26911057157cfade60834e0

    SHA512

    c1e709ae09650579c914e9159ebb830ff0aa703859df363143e05cf93f6bf5ca523cd7c3d588887f7c7486bf38dbbb571e8dc03da4003cb4ec0ab6bb237cf51d

  • /data/data/ir.ziba.tazyinekeik/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    06e89ff7ae145acc4ff6f9fd86a867b8

    SHA1

    fd95be16caf2ab99599450c7787bdb26c007afbc

    SHA256

    64276bdf255e0ff5a70af8ca2276b2caffe96d86d1cb76ca5e73acdb75a71e20

    SHA512

    aa5e140239af5f8587e56fbf2c1727ad4b30dbfda7c6a69447011d92cf8126ae53ab29a1c039586187d3f6964c17bfded1102cd3881e8b562b2ccfae842282c7

  • /data/data/ir.ziba.tazyinekeik/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    ce6e3ac4aa887b2ea681c3e55e735849

    SHA1

    20c54bca337a63e24cda6ff8f9c1b6357a4c9751

    SHA256

    f4fa6605f5d5b53f97592962097571eab1952aaf87e90863582036009ef63458

    SHA512

    441946cd14481e9bc6c443cee6ba1ea10411e57d2333c1e28e90168074877524b08a2c2fcb78f02fbfebbbc644f66df8102938c2111f2182b9cee87626fecfe5

  • /data/data/ir.ziba.tazyinekeik/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    f9e4391e61df5d782f2a36edb3ab63b6

    SHA1

    dc970343ca69c2a193c55898346d12fbbd926d63

    SHA256

    faeeba264b47b2d0c1a7dbc5026ba1b1d11649a56da11e445b04df717f864336

    SHA512

    93f1ec462bf049489fb8865d7d1ed06210f3f06e938e1724957f13a57cfacb614f02fde4a61c8460b6dec9d454491e97782347e7890b01e84eb3326edae4342f

  • /data/data/ir.ziba.tazyinekeik/databases/db_default_job_manager

    Filesize

    28KB

    MD5

    34b48ef784c6d9d3c7d10336840754e1

    SHA1

    82f7faaf217b515fd98ea481aaf5c2bb451d0573

    SHA256

    344c731c20a2a54f371b714e96a983b6ca82df142a6c2d623c7f781cbbd14ba3

    SHA512

    9157ca3d54204e87a9ec24bd55205fb10712914cd4997959e98f04ceece124080a0cd1dc8041adf809d0cfa40a1a6dbc7b546af133aa72d2b138e8797adb6a80

  • /data/data/ir.ziba.tazyinekeik/databases/db_default_job_manager-journal

    Filesize

    20KB

    MD5

    76f00175d136ccb8adeeb334e557ce57

    SHA1

    14ad294e3141fc5686f7bd2c8c826d37868fa4ab

    SHA256

    0c785b0de31473b369217b75fd0bf95442df045221aa92b25eceb4a651d099ca

    SHA512

    449dcbe43f29de838baf870c6315151b481c581ada1f3011a3ec9934e3262377c89c3d0b90e79927cc35cef3e19c4b31badf96ac8bc5a7592e90fef37ce50ef2

  • /data/data/ir.ziba.tazyinekeik/databases/db_default_job_manager-journal

    Filesize

    12KB

    MD5

    11b81f32db68047c72327b60a74d1a47

    SHA1

    418484fcdcc85b5abafed6b86aefe19c6eae4623

    SHA256

    6a438fa58937d8f85240e05349eae78653269344985101b7586454e440568979

    SHA512

    1d6eb80a0311b212017010adf41af4ea56a57ff5706d7afe017d42851f5b08651b7aba349202a6b8388bd6dfeec22880800e52ee883b46c5069870ce8390e274

  • /data/data/ir.ziba.tazyinekeik/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    a6141a50c0577acae1001da29469d0f4

    SHA1

    7c7c9695c21356e278498e882253ef3b7a7cf68e

    SHA256

    b5a16c728be034fa1c24b52b2c78dbffa2b0c2f09c1a9dd26fcaedfae80028f1

    SHA512

    01b2954c00b981f705e60e885aa46881ee1b2b05aefd3a2d58e4c516833d4f94072597c1f54cccbbd7427be297935497653f788efa68ca148177d592c872152a

  • /data/data/ir.ziba.tazyinekeik/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    66b26cb1cdde4cd2a975d657ccdad08e

    SHA1

    74e32805b489f2e642c240c0e357c2259879f9cc

    SHA256

    882df2d52bba50957b9525292bbd0d64841e42ca1fc659ceb087abedeeceb145

    SHA512

    1aa9b2a659f96e6f4e75a9a8b3ac4997b991dadaab60fead6e2aa74d87ead1681d98aee234457665a7e03fbdfc8b12316519dbd981db550bd69a2da934aaf9c2

  • /data/data/ir.ziba.tazyinekeik/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    502c7722ca697f24abb8c00e5437ea12

    SHA1

    1979e8374de3fd43106055c9acca0be0d2153355

    SHA256

    356327af13b9f3b62b394851bd3c1aeb25b032ca725d9404aab3e56993799a00

    SHA512

    f0798407ec4b12d551e78d40a366006f1ced5bef2a18e6ac55e928d943fad7ed1cf9d3a41167e6d608155688d43543f08abb85f0e06b8e303eebccdfc37bb8c8

  • /data/data/ir.ziba.tazyinekeik/databases/db_default_job_manager-journal

    Filesize

    12KB

    MD5

    f40bbdfc4dea927f4c7429736603f2e9

    SHA1

    bbb80750c47f570a474f122812f45e741da50b21

    SHA256

    4b5aac2756fc86b89fc7f326d2b78c4920499a38b660e3f3f02456ea6f65c65f

    SHA512

    6551af272803761dd60192ada8ac4e2db33d00fd4baae9f13a41731a20cc85e4d9701cc9ad840126aa180941b66f1a90f077da33408d540733eba6ebee2936a5

  • /data/data/ir.ziba.tazyinekeik/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    379c8b06731a7fa1e6188cc87a4f624a

    SHA1

    c166899eb685ea1c6c22f1ddab11318b676eb471

    SHA256

    281bdbf3d63501bf454d5db411ac12467ecfcda6383412fa3c4c2382e32ce44d

    SHA512

    8812f4a3eacbeb99ca46332ba6ae96f7ab8111f5265ce91a9abf8a56371bf9d7470d5832a7bb2fca7fc06bfbc6943954ef23322b3d91418e6c9ccd9e1aebcd3d

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db

    Filesize

    12KB

    MD5

    ea628e04765adaf4238a5dcdff4bbd51

    SHA1

    a801947619ea8c368efe9c006a324dc6339ac60b

    SHA256

    885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

    SHA512

    c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    4e29636f779a4b904e580737d90ee68b

    SHA1

    e6374a8748bcff7c0411faa61cb5560e46448762

    SHA256

    4be74f890be75e6c9e7e6f8582469f995cee050378a4482b23442cf7f683b453

    SHA512

    a14f79c230bb8c53de45e1d3d1aa4e26261e35df01c2907fa6a0919519fdcbb9b62c4ef035b6ce623d25fb8a823982a00ebdbff549886600562fb6d9fdb37117

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f1a299f4769577b96c959eb5c0d382d6

    SHA1

    d01ce5258b4fe598b65bb05a02228f38171103a4

    SHA256

    7bfe58e0eeec7156e4a92cf5b92ebf22fbd216dc94566b2860d208fc604eba38

    SHA512

    bb88771832e91964e748f9df59df5123612cea088a7fcc521efb4efc8c8166b96ff0f985f25c443affcf80a9ab0a746d99dafbc5815cf7e63672320efdf5bcf6

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    e638ebaaf86c48cb2a458f600167582d

    SHA1

    a767bc5ca908c16603b02947a0933037b8340d0d

    SHA256

    2ce2c6d3d284c36eb588893de1b6ba297c9f24eae3aff04d3a61dd320d42104a

    SHA512

    d425a329b681fa54c9c65bce1e2345d1021f5139826436fd79fc5e6548653829776e3e5f4e92679055a0e377f36df017e6a1a1108a8c06b25be06b8a07c60139

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    0e7261129632f194584f57d97caa7088

    SHA1

    bff4b0fe3d6c83acc9dcc1eddd4a12fa5a79f26d

    SHA256

    f95fde9d39c488a5c4ebbd1c045a5a5f66c95260fab265003a59fc5de3ee0d0a

    SHA512

    2c1ec1bdd3f03d30c50ad9623f43fc4c84b942dc14c8da420466e6c8b045d88bcc0079b8003c54663d46031157810a8aefe7e82d99458a6d9d350a03784325f5

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    16d25bafaad6d158417c16a475df3342

    SHA1

    19f5f3ca61d8e6187df7e380d2101d29617b6096

    SHA256

    fdf55fb5d0d0c487f44f35136c21584ba466445659653dccbf647d68b789d051

    SHA512

    f197c7ab1d5fbe0baa123a69dc07daa3b1f5e083993745fa190547601ef4109853f6476efc9ce00cb6d5ee60f1a204157be5081cd312b93caef3dc97574fbadd

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    3b1c9b45033afaec33e463f25e5b57a6

    SHA1

    29627235abe4539da159b93bdd2bf2db9d2e4e1f

    SHA256

    f92392ddeb0830eb6b4ea0f4f3cb52b286104a4e309e028a7f87d9d9f91114cc

    SHA512

    c80d9344108f25dd14dccb0a3acb17d6751893c40374e3c0d3d7cab8f9aa8a5174bfa82d58a572ca5eb685865a3ad9603a033ddb404cd701111c33939851384b

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    f8e417f4968bc76b2f07d0a8acd5de33

    SHA1

    20ffe5040de831fa609c0a1bd752766e799d0206

    SHA256

    e7ffec367c802bc3c483a370c75976fe6bbebbec6d07ee30d45cad45ef285fcd

    SHA512

    2aee00687b65b9472d741c87febaaf9260a9894135a8f1dd675b7c4b16aa32cd42915e1771d59c85030e03b440c4b08539a9d200c9a3a77079f3fdd8ddacff8a

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    c5381e3f039985715f60cfc3f61cb504

    SHA1

    1db6d433c69939f4f6b1e103f2c92c98daa87c15

    SHA256

    fde750c57223918efe688a214e0bcb27f5fe44f06323ec26f0c445e845939083

    SHA512

    e972c032332b6909fc6f627fdc41f93b6ff1e820083e5d470cc066d7391bf06979df54e8c0a8ff0d27e74e36dc07fd3de03cb4bbefd8a61ed555df74cdeb6271

  • /data/data/ir.ziba.tazyinekeik/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    00971f30880618267dffc3c748169fac

    SHA1

    d24d0e21ed8a7d9205424b4febfa3ba0cc0610db

    SHA256

    58847d4d2bea18acca63b2327265016a7d13c05edc9b80f676915f5268060f97

    SHA512

    38e022bb409225e694dc0e3c20411bedfbc9eb13911e55d42ac32040f9a3246f4dd978efd49a3311af15388e8f1ebd127094740ee4dd1bc6a90c277085255bbd

  • /data/data/ir.ziba.tazyinekeik/files/info.db

    Filesize

    11.0MB

    MD5

    15ab3f45e1e77608cf4864e629731005

    SHA1

    16fbb984cb68aa76f711eeeb32e322ecdce1bd3f

    SHA256

    69c091e8114ad50df9b677c6f539687783601e42a4c8f1e6609c1a7e257bd5ad

    SHA512

    62ca6243e638003f9f5e4f4800dff047db25160ebed2c36bc8a2b3e0e53361cffaf2ac70fdec3dfd10d668b03b51852b7dbb672015a7ac1ce6c310d61ff58540

  • /data/data/ir.ziba.tazyinekeik/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    20d3e9753cfc4cbcf60acf1790a71802

    SHA1

    3a2099281a52af4d8542d065c958e1ad2f4e71f5

    SHA256

    cb2f1baa6e436e93202287910b3bc692e80a72b747bc63b17e6ccb8127c42dd3

    SHA512

    d8586ca3dca1f8a157f3f1ef7aaf45d22b97234bd70b50c91c5dc2c26a0b2087ad4713695382b78a236f7af131a8c62637f5e285b47860ab4dd8cb19c36c0c4a

  • /data/user/0/ir.ziba.tazyinekeik/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56