Analysis

  • max time kernel
    2551797s
  • max time network
    165s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    23-12-2023 16:42

General

  • Target

    4e0503817c7455e6e69628add64862fc8a2c0c43ff78adbdb59ac151bb9a0b2b.apk

  • Size

    8.7MB

  • MD5

    ea4d865aa58070491fc68c69d33ee624

  • SHA1

    fcc569109747ec01c69351afaf0be08f0fa67f75

  • SHA256

    4e0503817c7455e6e69628add64862fc8a2c0c43ff78adbdb59ac151bb9a0b2b

  • SHA512

    dacbbe311d6655f401b4bc7715fe5616347280dd3d644498fe677d6e92be758eedd443bd1f7bd0b4f6d06cbc904b9dc3c799f7670fb5ad8e2cc24429ec3fe0f2

  • SSDEEP

    196608:q7Z7iUB3axSzvsg36Av6DrO8FNpU4gtqMdhiU1rrsOMgXjv:+RXvsg36Av63OYpdgAMdhtrsXA

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.sibsorkh.gazakodakk
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5010

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.sibsorkh.gazakodakk/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/629b9f1d-726e-4be0-b2d5-8ea6fcc99cb3.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/ir.sibsorkh.gazakodakk/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f1af8ae5-c331-4938-81cb-50841d5da576.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/ir.sibsorkh.gazakodakk/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/ir.sibsorkh.gazakodakk/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/data/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db

    Filesize

    24KB

    MD5

    4c95d8bc291aad0748a30ab87299df88

    SHA1

    c1c4617278b99f54ff2f23d5839e6cc6ae0abc58

    SHA256

    8258bc89fba5f25b3ed0bd2abd9e5761d40d30fbf193f672900316b64b899a2b

    SHA512

    53c4d6df4331f07862bc2a3e79f1b0b2bef10c54ce5ce3c3e4a04b845dc0d04e694905eeb75e702a3c3894ffaab01720388f3b76d259d25a7eb9adb56ef20b25

  • /data/data/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    d03f93ff18da7cd85f08f765866b8356

    SHA1

    75045af7373f24f947bf8c881ae0c1f47482a129

    SHA256

    5735c933acc70703f9c938546dfd50bd7c27814154d845bc28c1d23daaaeb29a

    SHA512

    f72e6a9096529e29ae320fe745b7c286f936f501ec6031f9ab8f5edcc36bef428e645f0ff9f2a14a4f90a6644e32dd0d3bde7b3980d49020bf14aa0056cdaa2a

  • /data/data/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    445d31f80e3f4b187b86faae8008f209

    SHA1

    c65e7e327244cefb24b944475beaaedaa8dde000

    SHA256

    16e4bba135d543de6da38f8faac3deed7de7c90688063b2ea9e812f8b5e6a436

    SHA512

    4f34cc4b18c084415b965f90530ac85682310d2a50ecfad885d827c432c5856ac427fba5c60838eb147da05fec655b64286235cf80315f83d3056402c1da1178

  • /data/data/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    a74440d84d7990cda3d6904c13fac7ab

    SHA1

    c973b4a82d5569f671aee835a386856870c09d04

    SHA256

    d163897570307d819820e20b48858b560f78fdacf270745659caff9055fc42a0

    SHA512

    774f1b1f66cf5086cdc93a451ab5e5c81d17e2f8ebbc6f8fef5b981af178e6ea6e1bef79d61dcda0863c59256d315c270a0c1f3b7685825694c58dbdc158ffda

  • /data/data/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    8069d6af3eeb98380f86b5bf2a5dc0aa

    SHA1

    4de22bd0cd38759df753eb47857238aa6a7ef821

    SHA256

    64f81ff645987140149f3c53aacf5a567d4579bdc8ec149d94396c8f7798427d

    SHA512

    e998606451ddc8ce7faa3b5e436dcc43c6f3de9d70189847646a8c8f7c77194874562d434bb12f6832e9522fe8c9783690b3bac9c4bea233c08945169f84cef1

  • /data/data/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    4412ad756be165298c53a16d333fca03

    SHA1

    bc0b873c8a001ded23e40aa32d92556992279314

    SHA256

    65d38ff1e4bcaf8d81dc498ead2afc96aaf39d00a0997ef9e43b267d80e86b50

    SHA512

    db5a378f975982ee1b129e480c4519b2f41b3eb94b385b31b2530b0a84f79d7e47e6d6d2bbc25c9acc49ebc440b2b0a6aec127b94daa154359944405e5d84ff2

  • /data/data/ir.sibsorkh.gazakodakk/databases/cheshdb

    Filesize

    12KB

    MD5

    ea628e04765adaf4238a5dcdff4bbd51

    SHA1

    a801947619ea8c368efe9c006a324dc6339ac60b

    SHA256

    885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

    SHA512

    c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

  • /data/data/ir.sibsorkh.gazakodakk/databases/cheshdb

    Filesize

    20KB

    MD5

    a8af73805ef417f4ec2edb646b539c4b

    SHA1

    67a4dad6719c85e473aba0c8901b9d6afe8aad11

    SHA256

    62746f90711572861273a42a6e77c825088d8d1420f8ac0e59608adc984e54cf

    SHA512

    160f29b92209cad7e4bcccca9a7a58ca47a5e5bf03423df3da22370b47526d5efe432343e431692dd4d4a7761c0ba32e50f50dcdf2c69da7a8d2324057f3bb8d

  • /data/data/ir.sibsorkh.gazakodakk/databases/cheshdb

    Filesize

    20KB

    MD5

    955b1f2696dd164fa14c1e4f1e9047e7

    SHA1

    4e12a1f8512e4cb3abafdd20c7f186578c0dfc4a

    SHA256

    aa4c6ef6610a621b2507fa0d08a5ebe82c699f5cb04e8bd64c0f204a0a3b5873

    SHA512

    90831a9999708a3880d066fd48da40bf714ac5033545af5f7456a8ee6b4bca59e584f6c2dbaccec0c7436ce67f81a9b661a2900be79fa31b52c6432fdf3e3d45

  • /data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

    Filesize

    512B

    MD5

    4b3031ace5ea23c3103b871190b8798a

    SHA1

    40182327b33709fbe8f2988a25b74398508dcdf6

    SHA256

    d8df8fa3f9303b5d16cf035320a9b4630b2aa048a9eb93f8d8e9fb0261647052

    SHA512

    1e94e0bd2c06601c115d9547deb009a99380e7370d66cbe31005e6f8e0b08f08bec7d062ce41f339960033e7b8c6350b62efdf1cc1b270e75d04d2530a0df19b

  • /data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    bcbb5ae199b29d81b83873972756bdfc

    SHA1

    95aaba20f661f742dbea26f632454dc4fdbc97bd

    SHA256

    c707d28b00082107e4a311c560f7291bff3139b7490b54f64c1dca4d2aacf101

    SHA512

    0773bd8b96d371a45eeed06cadf5c6070c2f9183224650e5bc8ed5f521e3a09aa257678fb79ea740dc1f3fecbe5790087a33e9a8986188054675de874a6394cf

  • /data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    a6057411affff8346c181580bdbe9211

    SHA1

    dce63b79dd44fbc5b7ce54fdea73b70af84912b3

    SHA256

    7af1cdf1174ffd836fbdd2c9d4b3ece654e12f0c955fd1c92ffddf276d9740ae

    SHA512

    c8bab37de91876bf25152346455addaabc0375530ac4662a5183918ca20bcc242c4fd79e24afbdba0010b465b2184db147fe1fb75c11338e247711d3e83e2cd4

  • /data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    646363b6b7ead1686c132420c62c7a35

    SHA1

    246547ad160c770611e72b974ffc1a95accc9893

    SHA256

    2ce7742bd62ead968e163a7363a61a873940052ec035e16ba1b61203783a58e7

    SHA512

    f55aea2e481decc962964dea04cc75cc61079805bf54075edcc9d221d6edfcec48e61ad2aa8adebe2d07c8f98526e1859efcc3a9516a61b53ff9f05ae00f280a

  • /data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

    Filesize

    12KB

    MD5

    b917880df312eeb633c7cecc1a523618

    SHA1

    fab152263c6835c6daad3a49f6ec32469e7f0e65

    SHA256

    b209cfa45531d22f1ddf5866f6ed20becdc409e78354bc0f60e1f3d81e41bcdf

    SHA512

    839dae2b90836063ee2004ef9e14dce5e1b837e608235cdd3566ef8f61186a2837e23ddaaf1c4922954868eb0a7f48d33dd7225013ca476571236efd24faebc7

  • /data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager

    Filesize

    12KB

    MD5

    163b0e3f017becbc89b9d7f330b78f09

    SHA1

    1ef9cd8ac8655190468d0ccece0a4738634ab0f9

    SHA256

    cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36

    SHA512

    6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

  • /data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

    Filesize

    20KB

    MD5

    a295789741dd62ea364559a66df7cfb4

    SHA1

    229f5645dd56169dca7ab0ea78b518cfd1add46a

    SHA256

    d34ce72b2219f1f773b3cd94396a533b7fd1a353cac1060ee889370feda4d8c3

    SHA512

    c6653f009606988d52e28175da82cd0c2de2ae35ef63794785c1b70fec4537590b0955b8e8d1a88f83b27e9bf096181d9d54a42dc87efdb7662c139f22227391

  • /data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

    Filesize

    12KB

    MD5

    ef87b87814c6b0c42a5f0ab62009ede8

    SHA1

    52bc00179c13945b4708c45a5f7ab3cfef08bcc0

    SHA256

    6354ee702cedad0c95ce5d1bee99f630ff586597f701736006acc1c47ab53d50

    SHA512

    611a90d89e25fd66487f0f9c7eb7a4fcaf7fb2beeee32a4608d8f3f9822e2ea31091f534ee12260251a2b10c2a8b5523608c694a3228a16c134bc49cb2b4e7cf

  • /data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    c491d92b7283d65b68f50e357304b07e

    SHA1

    f6adc244f49e9cc36ce2f32b234ec1d4488d08c2

    SHA256

    ec221a9bc0272ed93e071d34ee6773025c8ba8c04e5404a700a4750f90d540ab

    SHA512

    fa373ca2709371149e6a97cced7e88a1b19a19a3538c9e523db91e6dc1929554013ada06d39a3b85dd5b1f002dc9295e5710fa92fb99cd9d036c58cbf270c74d

  • /data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    5134dcd3dce370519dee69b1f9bdd7ef

    SHA1

    ce268f18e3af2d9f3c3933cbb428275f3eeb9994

    SHA256

    6615611037aa906bc9d4b06760e8d1e8b6e856c83de3f5facfacf14c760187dc

    SHA512

    f17521064cd930ab7988f112a4c6ec6d0832a3c0d4484bccfd74d70f7ce3abc644856e15242f44413ce6a962a9bbc15f15a1866e1f47136879f633fd839b9f4a

  • /data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    48d4d77df02991ec8dfca35b45fd1384

    SHA1

    52eab4beaee678380ccf86ad390747d41d59e4e2

    SHA256

    e9337310ef05e4a15d8cfe4862513a6dc07938dc745f0704a253d691952cdfe9

    SHA512

    5e65ac6eb8a45d78bf47dd7e4a218d8d1c69cd8ef8f462ad68d21d1d579dcfecc72be36f71eddfa77a7213b1513f04d2974c11114b8ff9b26ffc2769f3e4bfd0

  • /data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

    Filesize

    12KB

    MD5

    0f08baf594b474fd1aaef977643393d2

    SHA1

    d8aff5963f57dbebdfd8327d8587386c58ae0a31

    SHA256

    9874fe9a930b2635a8d9af9e00c89d1c968e4687697f64cab4a3d866dbe9136e

    SHA512

    92792018e970c822576609323d234c5b4724492154199da9fef258848fd61f4e2edd417473efc38ba3843fcf23e391b2731cc568e5886942ad04edc73b013308

  • /data/data/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    2e60e62ac085f0c67451bf51e7fdbad8

    SHA1

    ea98a205cab4d8f25f5dbde6002f32afc6aa5d3b

    SHA256

    e22c26506c2521e47dd6d6cbc43662aad30dff9f89f782ee3e92165c8eaf51f3

    SHA512

    989f53619635d70500503404c059a686cb4e0dc91775d0f5cb06a41faef8d9cea386111ef9411424d4fc974daf076d47c8f50ce932bd96035a762114707de4be

  • /data/data/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    ab6b197a03e5f433c2beb76189776e28

    SHA1

    fc59c366103e73cbcb89b132bd4169910e8a17d2

    SHA256

    582d19cf6a9072a6addf6212b3172223cafcb190da7e1f392c1cdba2fa44ebbc

    SHA512

    caa8df45bfca3403e9d61a8b1df3503571e03d6f4f300f22e2fc6677fd1a2f28261e0f6cee589abbae4b3b6e8a86aba65c7b737ba1fcbffb6544ac8046ac7eb4

  • /data/data/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    377fd73bec847780510e2b59a554bff3

    SHA1

    749f5e157dca3be171d3e03458ae36c231c25e6b

    SHA256

    5a8090bd1191958118035cef7483e4399839b4e9f5ef199252215dba5610d298

    SHA512

    f4e303504e52df65e6bb4c633b33c57808f728fd238dff9703239f65b6ee8b3b6cca3c6cf1d6e4d019a0a41da7056e427418a3a6dacfafababa4df24922353e7

  • /data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    ad24d9f81dfe2a6cc33c73f30ba3c8fe

    SHA1

    ff722909bf33d6ae3f9ced889d60c59aea2d2492

    SHA256

    7860f160c88d4e5a7ac9d5e2a0b91f5beae8d1af1ddb17e515f35b30b1ef79ca

    SHA512

    fcc26d605a898539f0586cf9ecac812b18f25b70ca85e434f4b163060498c5c2cc6af57c5f428eef13b0aef0435b30e507be656bc2ca0867d779f0a569bf75fc

  • /data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    3fec799f60c5d4d0c8bc95063cb539b5

    SHA1

    1e0a74401e4697cd725b3589261ea24e0eebc25b

    SHA256

    6881e7cdd686f1620e9c38f257b8139b406e363731d641ac7222049866af8aba

    SHA512

    1329b782ba84740708b1e30f2499911ce9d0ed119f61486b02372c94a73ac8aea08d304b1c93439593d32aa50152d20e2519b3953b72f6faf4bb80c7e6c6c396

  • /data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    e2905ef69e6cf2659974dce7294861ab

    SHA1

    74adcafb162b84f39c72220725c4c1cb89343508

    SHA256

    e52f4a2221929feb797505441594ce64526234bbbb2cb23a23f3668ed8ab7c59

    SHA512

    4b9ace7ac89ed632c28df23cc292256242db83d6ba0c7c494c46f1b5e5e3d837fda598364b4c70724ac51a22dd4ed2b73616d3795cd4739d1ade0e63b39dfc26

  • /data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    3c912335e763d213603b4f78bbea0404

    SHA1

    d5093556e05de83ce922cbbd2017828f7125e8ca

    SHA256

    15317e3c6471a4e6ff1d403361ecdc02355359d62f8ea236931da67b78fe7fc0

    SHA512

    5525b6f91fad0c97048cf9c89bcfd28c88a47fc06154e137ca811d38679d781ba2abc6645a886c67e2e65512a0df99503bacce71a378e379611622143f0b90fe

  • /data/data/ir.sibsorkh.gazakodakk/files/info.db

    Filesize

    11.0MB

    MD5

    61b3b6bf7ce36c506752f50124166436

    SHA1

    72867a3fc180185f5a664bf7ca574f40e723b8f3

    SHA256

    da124754ab43b99882dfa15688f23395e1f5e8c51814ae0cd42a733c17b89e6c

    SHA512

    49954191311eb5b8c56eaad1a5ebce73a9b57a4af30a6b3db55737c78fe2d76108e8ef700f2dfb15d79d8d43162fc06ebf9be60df43058fa806e516b6be8acd3

  • /data/data/ir.sibsorkh.gazakodakk/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    a9322d60651f88aea2d336fad1c5b737

    SHA1

    6c67d18aaa36fef4a2158c75f494b53c1def7ead

    SHA256

    76bbf9f5f528d99cc0312e55ae3ba49dc0ce2b0be9baf8bd74b76e94646f371e

    SHA512

    13cc90c381065c977b4f40cdb2bb14a09233f1514ead5af29b6ea175979b7f0a18e52c0f14e0c1ab491eae2bbe5d81de7b14f135149a85492c88b4bba6b4ef3b

  • /data/user/0/ir.sibsorkh.gazakodakk/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56