Analysis

  • max time kernel
    2566013s
  • max time network
    135s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23-12-2023 16:42

General

  • Target

    4e0503817c7455e6e69628add64862fc8a2c0c43ff78adbdb59ac151bb9a0b2b.apk

  • Size

    8.7MB

  • MD5

    ea4d865aa58070491fc68c69d33ee624

  • SHA1

    fcc569109747ec01c69351afaf0be08f0fa67f75

  • SHA256

    4e0503817c7455e6e69628add64862fc8a2c0c43ff78adbdb59ac151bb9a0b2b

  • SHA512

    dacbbe311d6655f401b4bc7715fe5616347280dd3d644498fe677d6e92be758eedd443bd1f7bd0b4f6d06cbc904b9dc3c799f7670fb5ad8e2cc24429ec3fe0f2

  • SSDEEP

    196608:q7Z7iUB3axSzvsg36Av6DrO8FNpU4gtqMdhiU1rrsOMgXjv:+RXvsg36Av63OYpdgAMdhtrsXA

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.sibsorkh.gazakodakk
    1⤵
    • Requests cell location
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.sibsorkh.gazakodakk/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/08bf5dee-fa90-41a1-9c68-d042e17eee38.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/ir.sibsorkh.gazakodakk/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/7e215f45-8c66-4dd4-a66d-1b86c88fc582.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/ir.sibsorkh.gazakodakk/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/99e8e56d-3af2-4dd4-9212-28e073951093.jobs

    Filesize

    278B

    MD5

    36f56df99be3af6f1d114d00614ef3aa

    SHA1

    ea54693310a0388fcd0bf11c3794b9744e17d1b8

    SHA256

    ac85010a3c1df7e3df34717557f5f14e889695478567d9aa8716a832e0351749

    SHA512

    d9273fb25fe531b46a8c8b3289a26bf70bde713782d301f4c235aa764ec9e6a001570dffe6a5029d78d46eb1dde30db3d9466c04d7448636462ce8cf03ed8850

  • /data/data/ir.sibsorkh.gazakodakk/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/ir.sibsorkh.gazakodakk/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/data/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    ee2c96112444ec1c141d653ff04d1f8c

    SHA1

    be0985dfc005c58b5cd5ce49104f5d36f02c6a01

    SHA256

    820f2a25d7b23a7c3a34c95b615c5782a654e7a4cde4f34aac1ca22bdca2e6b8

    SHA512

    b226f389bb4d24d215b5a8348e4588abcbb6aceed539ba47d1bc947af5badaa8c3bc666c7b111bf1fc9e9f0f3890f40ca03dc1f665666b81f0551afa54708aa9

  • /data/data/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-wal

    Filesize

    36KB

    MD5

    618bbc5473ecd79b4189a01be02df8d0

    SHA1

    088191366b8369a19507f487a718313c9cac7a9d

    SHA256

    77472c3211df9275fce349c4e4c6e4956b930c5ab7e7010450908df5f5ddc1ed

    SHA512

    580c9d77250e5070e122232bb52d607a7559e78c268e8aed42d604fba44cb4c1e5814cf87c304971ddf0f0bf27c29ad38a05a63a9fd96a9b7da748a79daf3272

  • /data/data/ir.sibsorkh.gazakodakk/databases/cheshdb

    Filesize

    20KB

    MD5

    19cf63590d08ca8c35c728d06bd5dc09

    SHA1

    6464074e8f286abb866ad248135deb22f623a9bf

    SHA256

    2264d4e561801540a60a967833ecbc757dafbfde94d4501bf20cfeb1998867ab

    SHA512

    185ba20d370fed9ebb745cd7f100b2a59970e1df766dfc2e807f21008c47704fbcfefe16625695ee2c07a831432b958f06d5fbf8e7f21622fe754b82845bfe77

  • /data/data/ir.sibsorkh.gazakodakk/databases/cheshdb

    Filesize

    20KB

    MD5

    69370c01bfd0e55481ac3213927c35ef

    SHA1

    e65405f3812cdc13c38e04271c7be7bdf7013048

    SHA256

    3edaf87cadcf6ac47dbf10a999d0a5b9962e07631776cdd08eb685bf30934f01

    SHA512

    5f96b138cf85089a8fd6c77d08f712e5b252db96ec260cde624e9526cce34d16a972e6c0cc760001760f7637aba7df46c3029ba76e2cb40ae9b4712f2ba0ffa9

  • /data/data/ir.sibsorkh.gazakodakk/databases/cheshdb

    Filesize

    20KB

    MD5

    87bd9d3cb4105fba015a75fdf9de298c

    SHA1

    5b29d0dcec4035baf1eb35caa719760346300ac0

    SHA256

    b5677bbd5d78dac80837f71c3c6d7e177ed60a5b3b8ad2e7e0f85f5fcb3e0e30

    SHA512

    9d07cb3cbc5a063371dee1a71e3e3e28e77bbfa56deee4344e4dc0f9fba07a612122514e2a60ac093c40521dc0547090c0608e14e8eeab65e54b048332f5ef29

  • /data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

    Filesize

    512B

    MD5

    08a3cc4187dd1344b740fcf3f741227a

    SHA1

    e884e595c795593d5b40019b6f711368da31d681

    SHA256

    9799b7599eabb9ddb76d5ba55fa75c704a1a398f93ac598b9ee1f02797da1219

    SHA512

    0a355cbcc53fe7a776ef4d065622d8c6de57351f0a6df4760074b4b50a3ff7df22104e8482851f84711b4c93f307357f34109409ce56ee821032ec66d1c1da7c

  • /data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-wal

    Filesize

    16KB

    MD5

    d87e5f703ab197bd96db03aaf0a9fedc

    SHA1

    e3cbfadcf9df79ae55febe977e70b78b3d2d7321

    SHA256

    061694fad78d7857853311d22ce4612c2af8495bd989ad957dacfc82c6cd7e69

    SHA512

    fc77023e5b6d0e23473a4bc78d1b20d97543d5be53a9446ff4420f3f435bc332924f08aabbd6f35666f423ba8c7643715373f12489f09abaeb81b197c9473963

  • /data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    c936f2dc0360121a9b2c31b7351a9552

    SHA1

    bf365a91f77cfb5157210c1464f07ecb32253d9a

    SHA256

    984f7ee63b0c005fe2b24b3eb14205bb66e15730657136e735021c7e4275a80d

    SHA512

    d0f924ed8343c7c218eb6559f1fc00acb1e293c0e9a2baada30f831f8ca9ea49fb7eeb815fc205d235e92472def11dff4ccb3b41e39452eb4d4a01a33c47003e

  • /data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    990cc502c304cfedcd47b6a8db7ff479

    SHA1

    6a4c379dadda35246fa1ebe08845822a1dd50185

    SHA256

    2eb1a066fba761d6b68611db55aab63f891fed14544dafa07775bcb39c916398

    SHA512

    36929eb660db9f66158b10cff8fe34170c9388bdeb2988bae5763321a779f6d57a1de3e56650141e264edca98fa5933aa85ada51259f9eae20e3902b03edebb8

  • /data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    b86fad7410aee8828de82c33a6bba85b

    SHA1

    95bb5faad49bc9754db4260206ca6fcced9a5cbf

    SHA256

    70e1eeebecccd31cd1455497ebe9f42492c4987d7be1acb34dc7745777e7aa84

    SHA512

    9adefb9e460ae6b7fecc97e24dd2c918e918b434c64cd7a9f522c97ee1cd200b899ece32e03929be2da5959dcd47f123e477a3984518909d2c36ba4ec9f6ce58

  • /data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    ff3ceda2f0dc741274bec3aad09da537

    SHA1

    f80b355fbed271829c02000444280ea00569848a

    SHA256

    1a3f3d495bf0def4399d872769ba49e548b8e302f22a8ac2f35e33872ef6301e

    SHA512

    5705ef20cf4f06e7eb818b9d63990c4c517cf83d8fa8019b27e6ee47203f396e5844dc39dcf307fd23e27a39a53e124866418b283681153692bba56b456baf79

  • /data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-shm

    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-wal

    Filesize

    68KB

    MD5

    2b535ac3a5f953c73f7892cb51ea58e5

    SHA1

    d6f1f315c378d5c4edf588f4273233ecdc7cb12b

    SHA256

    76fe77c4337faa7173699750a93960e27596e5e8cb90497a6b2d0f71d43ccbff

    SHA512

    971e7b9175ab34e50d26a7ce260f95d3229ee9922892812022d44ac16346a65bf9729301a4be615ecfdb4608f0938a930d0e9f1a8fb5d4221653d9e410b1e661

  • /data/data/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    19361aa3442ad47371375e1640360bc8

    SHA1

    949f61426f53bfc4fea71befa30a5d9b88906a1b

    SHA256

    fb204f441c78e14e4839a524f8db52edb28bb9ce4a9402da9c446cdf4461959b

    SHA512

    582150cb02b8d782f378ccc992a6e2da31996d3e0adbf6eedd1050ae089937971f47426ffa1327ab6c91b10fab8239c0a33545c40256cf16a2a4a4b3272394ef

  • /data/data/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db-wal

    Filesize

    28KB

    MD5

    9536dd0efa36ee05184eaf0a888f8ff2

    SHA1

    0711cead772479f9eb9ccbea4b3e1804895972d5

    SHA256

    0ddf3144a1cab541b49ab926376bcac683414a08249402da2c5716200e337bd3

    SHA512

    0606d951e75b3cad5ca6da37e3b06a1822424aa8397b08e1374d9f5c353d3fdee063fb494a902a61a9326e099c0665fe5ab83e7281b819483a1ceca017a89456

  • /data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    1eccb39db1d796e642b434a8f3f64862

    SHA1

    2175bae7a807d782ae87db8d0a1c32a3a65c42ec

    SHA256

    411f56952967202404fd2721dbd6e3e5a7f6d61c3001692a8f4432f647ef02b1

    SHA512

    901e37038d86cd0d180d92cb4fa9b4abbdf21b53b986aee813ad807634d90726d5162fb685dc8bee2e2264572ff8f7182288419b2eaa8bc389d1bbdb24700ae7

  • /data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7bbc64ba3c42ac5c9e7d4a66745071eb

    SHA1

    d7643dc7e90e6a94646bf11a13eb9f0ffc1b5401

    SHA256

    548a9c87ec5c5ea213ce1b79f07c6d8cb5e4e95cfb1aa81680ce01373f6de56c

    SHA512

    3ec09aab01e536cf23a027651864d89be6f1d9ac1bd6a92a5603fd7a3dce9c6520d4dd91f153db0b073cdb6ba16d68f29ba5444695fccbaa1684daf25997eee8

  • /data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    067e33eb374d8918268c078f5f4708d8

    SHA1

    ccd0709f63ac166bfb1c6b47cd0068e600277116

    SHA256

    67fa2c3354fb7884369ad6a573111525160c0f32676dfeb8d7f30b93055d4e1b

    SHA512

    d610eed8c9c117816855406304fe9ab79f1e9e195e300500073bf2132e1c5b6a75e60a9142145bf293cd69635f4b5474f1cf90066261974143b1c0cee80a7d6c

  • /data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    62f3b0e89343e7bb1134320763fa4068

    SHA1

    7f76edb8c5c6d45f62a085013a43aa14d2e1d225

    SHA256

    2ecba1af70896b428680828507b78929a4f50df603279b1fde366b9535718e23

    SHA512

    afbbf2ec31e1f4483934acc68fc30c7afc717160851b34e7b169d7527bff3ac8b2ff064903a0b6fe7b956cb5b23d1b48d46c49e084ee1e5af16bb10207338800

  • /data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    720589f0f2f8201900329edafc42a113

    SHA1

    3dfa3a3e1bc6f006b0488abc3a0143af6abc1c27

    SHA256

    543aea7cbf3be4c12119572af98ea6fda72e8cf886edd19a6ba8a80263e16c59

    SHA512

    bc4da98c2bc11dacf7e5b8edf23ba5a123faadb5a02cbdc4f082109619ca956c93b3f2d1a5b44aa039ccb0e0915ecddbfb2bd71307df7fd4fba6d38ee9cb63ea

  • /data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    ec5a4f186572954e120726cfe385b8c2

    SHA1

    2a030c9ee0ebd20124240570353f1bc62e4e333d

    SHA256

    4ee407bf9429f37ce7e79ddd7a3f70d591f20b11065333a8ca9563a0fcfd53ac

    SHA512

    5cf82d308b82012d43c24b85231e871dac2abd9b9ef5129a92db92ba4a12734e056cd7bd6ea72584bc3aff0703db4a36904121138abef8d27eeca5361354c090

  • /data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    372ce557e932236728de86787516cc3c

    SHA1

    a9baf61bc077b7cc2e7edfecc6ca0b739dbc069f

    SHA256

    15cc499990de846a58b9bd0b947c8c0f43262f941317f25d7f659afa4b68577f

    SHA512

    f7810756a447581b86dc66ee1d3906343dc718d1693efd802aa57e90020aad620822e5a2ec452462e6b8dfadd43cb6d2183a8ebd74b00b1d2178423904b34258

  • /data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    e48e76a0eeb90ceaa9aa28231c58fe70

    SHA1

    09bb5079ebe022e495b2f73d5212a3ccf29ce7b9

    SHA256

    b03591b2f3514ccfa3b0233cff92529a224d14c1757b83d15b5e11c9e63b4e8b

    SHA512

    c8f3467a0589e8911a90fa1dd168e795a3a98bb9c192419dcfd1cdc13ac85ef66530cdcc4f16bd5e8b78af5a60d7093241c29858fd17491148783561b3ffd3c8

  • /data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    d378b9dd52dd7d4ab3d09c928a7183a9

    SHA1

    fc8c996dd6c49d4ec58ddc705eac6f95ddfdf2dc

    SHA256

    a2635b2677baa597d4f1812a520a4b2942596171ff2627bbe58fa691a11f5992

    SHA512

    fad916c99cd16675f5b266e48d4dff138ed79c0dfe11cb9d6a5f616bbf06c9294ee5643b014a8654f3d35bdbd5299bdf8b01f0dc4cd82b432b3ed91625fd153b

  • /data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    4d6a6418193be40859a25bdfdf35dd4c

    SHA1

    01376a889cee57ac26064ccc08ecd4bb775a7702

    SHA256

    d2295bdf38d16b4011b5081fead9937f68565a18f6c86f6d17c94832dc3ab682

    SHA512

    3877d04f1f8daa5d85116b7cb127e7856beed379cdddf189590325641039675b861e38adc241bc4bb905c2b07252298537e670fb32fd119430d1c49e798fa594

  • /data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    1bd6383cb2f791a63b9e387bb3a48c95

    SHA1

    170c9989f432f26259e6f21288b4191511b64458

    SHA256

    b61fac0243a6df3ef4163f7a32ecbd072bf497cd913a761c851ad9e7e6705a40

    SHA512

    d151a9e4d40e5fbd5f65aeafd6cda7b95a27bca020c6e58890a2c9c2516f4f8cbf7b8e818089f11ee875291f410e210b5b058948961fd24338448c0728118145

  • /data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    140b9d4f687b9734967375d2fa148790

    SHA1

    25de6d36354c10f54c0572f3ecb34a1246f98ee9

    SHA256

    9f1664572f2147ad4c2b3f5c14a933ad338346ca534141a2fa07a3845f3fa56b

    SHA512

    55ed57a85d112d65f6bcce46fbce68e88f374d79a59fa19ae97918c2cc30bd26f495b78e6efdf0e3cd5ab8d620f33d6aca2ebf603519fd7f9cca868f1501d183

  • /data/data/ir.sibsorkh.gazakodakk/files/info.db

    Filesize

    11.0MB

    MD5

    61b3b6bf7ce36c506752f50124166436

    SHA1

    72867a3fc180185f5a664bf7ca574f40e723b8f3

    SHA256

    da124754ab43b99882dfa15688f23395e1f5e8c51814ae0cd42a733c17b89e6c

    SHA512

    49954191311eb5b8c56eaad1a5ebce73a9b57a4af30a6b3db55737c78fe2d76108e8ef700f2dfb15d79d8d43162fc06ebf9be60df43058fa806e516b6be8acd3

  • /data/data/ir.sibsorkh.gazakodakk/files/info.db

    Filesize

    1024B

    MD5

    d8e64b140c3b26d4add360e91237da3a

    SHA1

    7718629d6b481be31feec795afe3f81ca9104a6c

    SHA256

    0170fa325e4cd2b762d095f4b72b8ba922b93034d10bc3619ba456b1cc7384b7

    SHA512

    aa78c3f99af92abb84839c33d00b56b61e61d54115837b7312f9d509ca03557db805e1cdc800080ce897e1483997cea2e01d3caaff403bb6aaebc6282cb52341

  • /data/data/ir.sibsorkh.gazakodakk/files/info.db-journal

    Filesize

    1KB

    MD5

    f8bb728cded70465ca86633a3eed4b11

    SHA1

    84237debc1b23384e268eeca07ece5149476a85a

    SHA256

    2d66a80812f3b48c1237ecef4b1cf5d2c2b31bb3de71cf71ba99159007474ddd

    SHA512

    28e44671a78ad6dfebc38830401f55e325a51ba1285a61e7455d6f84d78718c52e43df8235e2c7ca493fb91c7bb26a22e3431334c2e44179ecb7ccc97c2312e5

  • /data/data/ir.sibsorkh.gazakodakk/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    74f7eed03435ffd3b120ed74233baa16

    SHA1

    54becd0e7ff20f70731c4b95f570c63bd0f1b913

    SHA256

    0f71080b1ee5a04f8d42007fed7e390155c10dbadf62a3207b03b5f6360ca66b

    SHA512

    b4f5d9578ae03783a73cc49110da040a5961a16d480815c28e5be7dc17b5cdf34dd4339836892701f8eb22710805a593eff53c5bbdac89032bfd1b7b30483cd9