Malware Analysis Report

2025-01-19 06:34

Sample ID 231223-t98rnshghl
Target 4eba266251e05b86382f2a7ca3309e67ba33250c2c4bc872abc40d2f68726b16
SHA256 4eba266251e05b86382f2a7ca3309e67ba33250c2c4bc872abc40d2f68726b16
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4eba266251e05b86382f2a7ca3309e67ba33250c2c4bc872abc40d2f68726b16

Threat Level: Known bad

The file 4eba266251e05b86382f2a7ca3309e67ba33250c2c4bc872abc40d2f68726b16 was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 16:46

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 16:46

Reported

2023-12-24 00:08

Platform

android-x86-arm-20231215-en

Max time kernel

2569348s

Max time network

130s

Command Line

ir.daryadar.deser

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

ir.daryadar.deser

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
FR 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
BE 64.233.167.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.4:443 tcp
GB 216.58.212.196:443 www.google.com tcp
US 1.1.1.1:53 bayan313.ir udp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.180.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 thnumtcdiyjs udp
US 1.1.1.1:53 xwyucbmbfdrz udp
US 1.1.1.1:53 fiwnfxrbype udp
US 162.243.147.245:80 ip.pushe.co tcp

Files

/data/data/ir.daryadar.deser/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.daryadar.deser/databases/evernote_jobs.db-journal

MD5 d5c4a2f4db7ba3983b6aec1e3a93af72
SHA1 9ba0f45802013cb50e6a83f2038b57db6f6276e9
SHA256 23dd3f22ab13bc581bb233257311879562cdc4a5c76edc9daf7d02a78fce2088
SHA512 a72a922ed22638e22e73de94751d6f95705758aa2cfdf42dcf469ea366534f0752563bac5b2c47c5d3a46293734a888cd6df6f34347466cd0053a3aa4f6ebe83

/data/data/ir.daryadar.deser/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.daryadar.deser/databases/evernote_jobs.db-wal

MD5 b34e7f8013786cbd8b3a4def4ac0f1f9
SHA1 4b58a5962f2552c4563946add128c4c4ffd81698
SHA256 b5cd0cff52099cd157f59b7d8271af537d54622923e236c54c4fa855d94d8f57
SHA512 080dc3864b5f9d9c36365742fa941e060df884d6dd8e5620635e28907a3fd2dd78584628c3d4d0dd119075f45f2eea7475e74331f50e753fd0e298607f35e0e6

/data/data/ir.daryadar.deser/databases/evernote_jobs.db-wal

MD5 07a1ddd596d06c7391e6676af8fb6ae6
SHA1 e7adb91f495c91ae086a5be21e5046fb3f2f3a16
SHA256 c77c762944a75dff926de70f1572422e1100529c6386445e315ad71e6a649061
SHA512 7547ae49cafe412d20d4ed1b155761379822fbfdb808dee57efb7fef51db679633ab6190d4424d1cd4cc1648acd8035654acfdeca8edf562927f6e47f2ec5e14

/data/data/ir.daryadar.deser/databases/evernote_jobs.db

MD5 ac8e6740e489d4391cb23c03358326aa
SHA1 67c63de0612066c0180b2d55666b640b6356e360
SHA256 91f1d1bce39e48fca015153ee157125755761b167b627229a625e273cc1351c8
SHA512 1cc8183a2cf915059e7707bfdabb819ca16019697e80fa1d80e48d1aabbc72f6a90bec174993eac5a62338b08429abf513aef13ae036c233b084084618b36fb9

/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-journal

MD5 45d99ae9f5063f473ca32edee93d6f00
SHA1 f65f37f344d04283404dd22e3a55be6ccc5c6d17
SHA256 38171ace81658d0b5a99cdb2b7da366ddc8a7152939ebdc6c2f7ef40df8f3d9e
SHA512 727f19227047d0827868557a3e261645d0f0b812f412ae7fb56e506e426eb423346b13e9f96468306b57d67fa9ecdc3cfa3987eb5192b50e20b5e9793c19cab3

/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-wal

MD5 2321185eccc83679938d321affc19c5f
SHA1 4e31ea6c929bd10e09878634d338a03dd223d099
SHA256 8a63367a49cdf07c3bfde1e5ba959523a7b280560d51779d2773b2b13c42319f
SHA512 d1230d71becdadadf9aec38e1db72dcb367c5ef57ba011ee7c687f6e17a04dbf0254461b3cff34bd8cab74fcc5c7b6b10f7eca6d54b57acd3427e0bf48849ce5

/data/data/ir.daryadar.deser/files/4_5942895236148625435.db

MD5 774ee88c31c10b2c8e47b0c87f4fdf22
SHA1 bd63c607bc4bf84a345faf43da915d0e8d1f49f3
SHA256 d6255cc43ae120f8c3650bd158c9e4b8db6d4277d367eb82e5904cfd373bdb3d
SHA512 c15cba638260542dbe8f65911bf791b2d9d261dccc1f1e210a860fea586e442878888c9356b811b607c9c5cdf2eda5d0c95cd9373801876a1af1d26971332e1b

/data/data/ir.daryadar.deser/files/4_5942895236148625435.db-journal

MD5 98fc355469d4a4111f7b8f9b4d8949a2
SHA1 af40f3914e9b4adbb173c6996b4c6a0cf64ce0de
SHA256 fc7327c8a43d4b1b646cbf9099557608c2a12863461f389394b0e7bd46d1a731
SHA512 191d418d1d0ef3572275c9a97aae5fa15d521ec2843bc923c775d3beb6003cfa811f4c631cccacc404ffd6171572f947e04317c2a0b80fb08ffb7faadf4c5db0

/data/data/ir.daryadar.deser/files/4_5942895236148625435.db

MD5 cc029d8cd406a407077569594b3d716e
SHA1 ee3ac99934f1ddc1c07b3c4a1723a46b7490c075
SHA256 5d0fc01581b20eaab4f102eded27b354354167ba69d8482a9663d79c037a51c4
SHA512 27be93601877d7b9d9fdfd1215d0b43c8593e9c2cf62f42ccf8cfe48c4e4019dc12a73a248ecdbb8fb926bcfce42472ed4cddc5228a9804fb8ff2acdb263b5c3

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/1.jpg

MD5 b9310dd9c3bd1dbb0c25196413cd60de
SHA1 335605a01e8f7609da85c0a48b91c10ec1b4b8c9
SHA256 eaaa6b1c9bcd0266c606ea34b72b6d2114240941ffd79c65e762ce07e02f4faf
SHA512 01156a85be2e58131550c17cdfe7f277d2b0b68454fcca23bca7a87de8e2f9d7941a43ebf04cd69bfb7a6c91bcd9a5a15572fad975df35f714c76b407adcb636

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/2.jpg

MD5 c398390dbc1ecc0b02c153984a24f2ee
SHA1 f6ce7ccc1403e604cdc5471f1495e691bb55b441
SHA256 f25f1898aa509d2d8106b98ef9faa057542430b47babbce9c595a5f831acebbb
SHA512 a9e7df86dde51ef8ab0ccec86d4f04163ef90a91ec2b5d601de7d36dd8f2687e28d4899adc1f7523093ec80dfc28d29e50a909e9198da328f07be73550173557

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/3.jpg

MD5 cda7a9f4f2879b2c87e369938be87c8a
SHA1 752e944710ef1006b853c586b86acd708f01e155
SHA256 de930629d9518160132bd0438de77e826ccc604b763e9ae4a25bb235cfb7a360
SHA512 a9c441d7970d3ef0f392952350b4a1fafe6c3dce78d558f6d2d73503229f814d04fb51cee7dbffc7614dbacb7d8d59c5dc6a02d3d72a413bc7d216e8f198ec0f

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/4.jpg

MD5 66ed73c39e89035d675b2525b56f592c
SHA1 97bfb55c95b29e5b85d85be7212716d2de8fc1f3
SHA256 130f594574a49c2e9afb536f405a2c9762dada739cf422cbdc69d24ab0fe835e
SHA512 e806d849a6cbdc76a556a818f6d91de587bdeb3c6688f6fcbefa3143ab78a28605262ccd50bab36842dfb5f04e99a88790ea2a3c111662031917663acf77ed37

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/5.jpg

MD5 f9c44ed706ee23826a8de42c00d158b1
SHA1 f731d28e8edef0f662c65af7e75ce479ef68ed95
SHA256 fc49b69aa9ed63d49cdccfc6ae28cb4c8e38aa6de8827664d672abcf7773c3e1
SHA512 bb67bf576f5e1bf4a9a07d784a83291cd9a1aa0706c8a79996ecfe48442f14908f761c3db21346dc6540d49cac866c7336a27c9048d42052b6aea27b6854b68e

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/6.jpg

MD5 0fe75ba85cc9edad76e8f4067046cf37
SHA1 953f5a0100ce265d64b15a04b1b72d3defd69ca0
SHA256 69bc47af8382eb96621858a18d1e78d4a2edcbdcf8de4bb49b8b1898011e61a2
SHA512 73139c69d44d51fae9960a11f72415f1f5411b4b7a712cd89ac807ef6d5fdbaebea5e847255216683553368efcf9053082aeb5e48ccf7519f470993aab9c99a2

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/7.jpg

MD5 ce5a55b6f4fdae9ca0b0c66f4a5da19e
SHA1 7ec0a7ade99bc8657ebed442cd601d7b43b98b85
SHA256 c7af06bf4cbf7fea252ce6fb4ef506522bf7d467e98013c695aab90c4f4a87e4
SHA512 67f7a4e04134e28f20d8c32d516a91a36c49934ddc302fe16c2568781b40b7ad8e99884c4972f63b66b71ac986e8470d1a1cf9e6ee2f8ce9b078d58358546d3f

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/8.jpg

MD5 76d34375da29d086383a512a6ef9fcc5
SHA1 be8cd3e7faef265b5e5809aaddfba9a36894b6f6
SHA256 7a48a32bb8ae07b0e596a34f545eb01d62fa5cce91f4df2c08a2ad053c8fcd4f
SHA512 36cc434561e977fb3d904c8fd40942a86b5498f0fbf5d18680d51ad92e8cd04c66ce3522fb4ee013f9f47e00ea790939cdadf96d7f6b8954275c6505fc969280

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/9.jpg

MD5 daabbec79e31e972866baf20d6d005c6
SHA1 41a3775057cec3fc043532ef6a126bd0172efb2d
SHA256 cd370188667963c94de2cb760958a6ecf343b7de4e6ad69503bc0a0d2a7e5a1d
SHA512 ce3caa70c72f889938d90e8395bd2baff26715a3eea60c646e41295ecfa4903ca10a6cd09f1afab022d15193148298c4e737f4f657ff42c11024590aefee745a

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/10.jpg

MD5 4754c806f989aa8257f72e7d2f591089
SHA1 ef17742eb0ac34628ef00cf2e538986dd1f69d3a
SHA256 c934afaa049f78d39692ccee33331f0d99e2579e44f5bfb5b046fd9cc038a5a6
SHA512 aae9abc10833d2382edbcd8ca419df87064d47f26bc0252d6035a1fd475ce115a2fb36112e4e124b4cb4e8607535f3de0c0c73686c51f27f30da67c551fe87a1

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/11.jpg

MD5 fad6c50c8ee93c05b0c1f6d3e6cc7963
SHA1 d2a35859153e326bcefc246de1597554ff0cdb28
SHA256 2f4c1e2ca11e051cbb311b90b2e3cf9a0c79f478a3d1e5be9537312f2a5ef870
SHA512 a85aa97e4208aea53f1c69d29258cc5e28d44925c2c0c0657654f32b0507c75379eacca7de8c18c9f6a233c97c79543ad38510e94ea60005d3da809a0089f5d6

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/12.jpg

MD5 093fbb17c1eeccd09745cee4f1ff1e67
SHA1 66f5f712fc75414abbffd468cde50ea92b3e1ad6
SHA256 bd6aed34f7633cd40d71b186e4f687cb911f68d253f4a4a89deda5d1d73eb96e
SHA512 db721ac7a5f9318832dbd20c88c3d0eaa1e1635d40e3a0eacd4e07a5556d74bce9937aa9fb53a05e24f59869892d95103a6aa15677679a4e8f09f8e0bd8dc6a7

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/13.jpg

MD5 b90c8291e87d04d4b06034aeb02da348
SHA1 0acd7d1850ffd23cc7e0337ad4d868a7a25c53b7
SHA256 a11e2ca6eb01e0ffde640a3d5457c5c4db9ee75c90fba197ff54cd96c53fc89c
SHA512 47292d7fb1c03915e7f02ff16508780bd708c43eeaa648f5248e8074bf8270d4155efc9dc4f087a178d55ec405c31cb46ef0a1adc0f3ed0bfe5be18de9d233f8

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/14.jpg

MD5 1fec9be7f7372c8d0ab19fcf6c3a6af0
SHA1 8fb89c8b874a95cfe1a89c1edaa74311137a7748
SHA256 de3d089d5b3258a180e7b090ca5a4125887f18f0b344e2f8dc609e818e8df6f9
SHA512 1c495224840cc706e5968cdbaec61ffaa273ddcba478fef7c21b1854812bf0dcb028c5f8e64027eb545c78dfd84046d2a22afaa81a8394bf9e834d0d1853dab0

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/15.jpg

MD5 d1c8f061729375215cde6c05e6d73235
SHA1 20b0d62fdb790db9ac18bfac9536adebb2482bd1
SHA256 de2772fce0f06c1bcffe30cd6c278f6ebb5a2fcd16267885d59deef05302cd23
SHA512 8eba9636e98b716ba3be597c9b84904d52e8fdd09f5a73d5fed1225c598763cac921e04910b882ab1d16c2d46022d4e0ca8dbb563d394847e2f6c83cb7c1423d

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/16.jpg

MD5 b63d36a169152a0d3233bead12005d86
SHA1 9e8e15be0f203ffad511cefd93c40ca52b696362
SHA256 5518ab4a3b2ba2f165a36d1610e68fe7eb7c63e8ea8e5de3088748e1353f1ccd
SHA512 90e8eef93670c1504dc1f4c9f8c392163efef37a558b67b992b01da68edeb9589924f13eefdb9d18b0966ce55e2f48d40a7d631a060abdbd17ab0d6b1051f439

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/17.jpg

MD5 f84d94290e4f47c5e9aec3401d2e84db
SHA1 baa00cab27c8737b32ebdf9cb75379c1ff12f7f6
SHA256 c24a3df12d1f6b2d49a4d0031457b1dccd7a0b9c17cf4102ec126df41ccef912
SHA512 2db4d85e4ce2c6a3e04238fff9d7029622c82508b74daa44177b0275ab82645bb06cda95fe608fb6ce4eb530cb610a471a56bdfcaecadafbf88c9b9f1463183e

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/18.jpg

MD5 b5d113371e8ab7095a81661b2609183e
SHA1 d01c672815cbef4a46b3d40b8e91f96b701b78e4
SHA256 1979713249de5c626830bd2d9439d4643797e1c00d79b4e5d1eb65ab0a2187e7
SHA512 2ef3c3124edb844e0bf7cf266d5fb27e879ec1b27bdb4e10d88432af7dfd763ed83354b295c7b18a6a0aa6a00f289db122067710dd94a80323ccbef78a033884

/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/19.jpg

MD5 bd8cc2d52b1c0a74611886645d8546c6
SHA1 dc70889de0ba68aadf6acd4f3f37190b8de61a26
SHA256 50966af46bce5f0a91c5a7b3dd4eac17845174d0d3a565ed414c728ae1d27018
SHA512 6db67d91f1e8c333d7c19b16c4341fd9ac745029630ee63c2d4d6c2ba0c5b0f8bb2c4c1ee5e4b047b4237d515c6289023f1843ad7c99943d5349ec194c63bf7f

/data/data/ir.daryadar.deser/databases/evernote_jobs.db-wal

MD5 403483735b04a23f35f86e27b9393468
SHA1 21997ea8da1ec9e88e89dc40589bc76a39bb65b1
SHA256 e9176185876b25dfb5612186d0eb877602c9d0651253b557aa0deace9bd0bec8
SHA512 835c50dc9423f1a2e342c3f8fb0a013121d08c51188d010a8487c3aa55a8ba444c130202ee4645ea1a489c3cc055703338760be4818318ceb60e3734588ade4b

/data/data/ir.daryadar.deser/databases/evernote_jobs.db

MD5 bce7d46a126dcc668838fc5702c7d5fd
SHA1 3ef612c9c28b147e04b5dc0d84582167a50c7f8e
SHA256 d642e7b84e9fe87762d3049034a753f193a39cd7c8c5533f3838e1dcbe06a29f
SHA512 d3d69372b37b5bc08831a1c6b39f7e76d45ea25d7cb2278d15108ec911e9bb5ca7d0926f230c62cd4b083b0494d2007c12f9c3224de6fb15304c2174e2b448a8

/data/data/ir.daryadar.deser/databases/evernote_jobs.db-wal

MD5 d564c884e286be4d9fd60d1c59bb36f8
SHA1 3569f8fa4c2fcdd2dd60e3e8abcb333ccee1f792
SHA256 51e405df6905139b2f06688fd5743105321df8e16770f9c6829cc04bcb0b4846
SHA512 aa4f3bd124e122d317afb08d0a2ff232231ca3ef9d538b6f37e667d7745184001803d1a69807fc2872bc736cdde26c7d10da93fc5868eed4a173dc27015e3c7c

/data/data/ir.daryadar.deser/databases/evernote_jobs.db

MD5 5a58a0df5c9501dcab878c2f3d7cdbd2
SHA1 365766086a268095fe14172477885e1e9e0fd211
SHA256 8fff8a46b0ee7c92b8f3e05a387f544c6f6a19fc9cfa32791f9ea441ef8dbf5c
SHA512 793ece8e94a0b70c217f2ca045da5b78ba3aed01b2d983a09c2c9e53e5d83d753d544b9af7b06976bc33a6355902a2529ae4c622b2bd322262e368823626cec2

/data/data/ir.daryadar.deser/databases/evernote_jobs.db-wal

MD5 ae60027db5178ec5fe14a9cd7fb1ce32
SHA1 5869f0b5a23a529af0fe71102dda7e9f83cc6a3a
SHA256 624e0b251f1c564fb5d1300b90c89420c8295afa8fca7a5f35b2aaa292063b18
SHA512 c5e7dbd978d5f1a8c257a4368c62a8d585ee5ce8cca1cd752e43719f6d5f083b512227fdfb26e5631a9242db600cf8ec86b278a4bfe40d7e60bbf2b8d0a6e9cb

/data/data/ir.daryadar.deser/databases/evernote_jobs.db

MD5 d98c17b284ecd9b6012b6cbff23096bf
SHA1 8b612b99bb12a4687dc3dcb31df6884fa4146593
SHA256 d621a4f3626732424816ca3d802338857b7c7a5466551b7911e786b753f1d58b
SHA512 26c353cddbeef3d3e940653f9fab4f7882217136a5d25489b4895428617260487a3c7154372ffe1977b31f7fcab33666abf8cc9e0a76107a4500261c8afca6f4

/data/data/ir.daryadar.deser/databases/evernote_jobs.db-wal

MD5 19d6e3fb5aa56f000453395c36fbcbae
SHA1 730d8c7524ae147933b6335e89d63f1f6ee12ba7
SHA256 b0a424fe72cd14296b88772c2edc5f008a9955e4be049c42a4af23993f10ef3e
SHA512 662b8d57fca4ec1d111fba731e897dd9fa458da06bb72428ebc1dd1269c9eb9eb8838b2ec3d5fc4acd11369ca84ffd7abf92f46b122a941d51dd9c29923e0fba

/data/data/ir.daryadar.deser/databases/evernote_jobs.db

MD5 35dbfb9e03aaaa2d6751869523141d5a
SHA1 bf6a103756c50115c37b84b5ebbe680091dd88b2
SHA256 f191f5f7507a13a9901dfc597701c9bc3f84a20d3d47035351777a96a393ad23
SHA512 b245a29af9877f3b66ba644192efb3f4e2fcd73044a3279f8038e9f7d9a46acf30f955c8f011ad70efed92e5c0913d031ce94c9147715bae7345bae96f557277

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 16:46

Reported

2023-12-23 19:38

Platform

android-x64-20231215-en

Max time kernel

2553253s

Max time network

173s

Command Line

ir.daryadar.deser

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.daryadar.deser

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
FR 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
BE 142.250.110.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 bayan313.ir udp
US 162.243.147.245:80 ip.pushe.co tcp
GB 172.217.169.36:443 tcp
GB 172.217.169.36:443 tcp
GB 142.250.179.228:443 www.google.com tcp
FR 216.58.201.98:443 tcp
GB 142.250.179.238:443 tcp

Files

/data/data/ir.daryadar.deser/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.daryadar.deser/databases/evernote_jobs.db-journal

MD5 5de572413cc71c0a04fb0b2f37fadaaa
SHA1 c9f66ec71f01b3af9e8cbe21e85ef14b70e2bf52
SHA256 2a3d328caab6b8b01540e05a8090b4ed1076fd9280ae226939217cebac065a95
SHA512 b702b5c319789cd015756dc14921a6ee44197933ee5e0b5275890931ddff4a4f2ad966e0fa65aa15d8c69e42ae636e048d819d07b261f9da3e6adc7428d53613

/data/data/ir.daryadar.deser/databases/evernote_jobs.db

MD5 00e829076f54c72b50b63fd6de296a03
SHA1 fbeb1b8be863931f98a7c29224a03b89f9616ab2
SHA256 c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df
SHA512 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc

/data/data/ir.daryadar.deser/databases/evernote_jobs.db-journal

MD5 cb0c7b8762f3a20f6a6d63df642dc5a5
SHA1 c74139b9d69d48f2fdb05b87119fae6930195c3d
SHA256 e6eb2c3c7e7cb2556e0f72553e1281a38c3ea61f93c93759dd358b7a2daa8dac
SHA512 c93a2cc1167804903da2b6d520bdc691a23cbcba770861c4b7e8785f3f9779dcfca2631ae45586cd2e0c66a1efdc15593bd1c28fcde17558dd63de1424c49ea6

/data/data/ir.daryadar.deser/databases/evernote_jobs.db-journal

MD5 a038aa722eacd94df4aa300d22d9c771
SHA1 04999350a8696a0289380c0bc829995057b81175
SHA256 35aa23f11e0c5bb6fc1a2aa59b4316e2adc84ff1a2bfbac08b353a484934e288
SHA512 efe04ad0387ed17ee1ab36797ecd0bbe7fa440414eade1668ac9ba6da972be0e4ce81b621df504f74289168c5eb5acf9560e92f4041a8f73978225f52d0659cc

/data/data/ir.daryadar.deser/databases/evernote_jobs.db-journal

MD5 a51cf474759d918627f5db12276bccbe
SHA1 fd685cb00de608295030004067ae7b622fbee4b5
SHA256 32887e890fae2021ac7e94b9b24b64bf925450ec2270de9aa81cea55d234fc23
SHA512 4a05e595556a5bca04408e664ff6b1fd250c2665c67c5f844ea03a2e60d6a8fb492c7063ee31b1fb6a03ae8a7575d650a95c43afb79f41cb06082620964dff31

/data/data/ir.daryadar.deser/databases/evernote_jobs.db

MD5 54d785e6a2de5777bc7f45a3d56bd850
SHA1 9e1fea1be522104ea00856037a0f8f69cf46e66b
SHA256 a5283a41cb1d1fc11e934b4734371b6c4dc164d3eb18a45a11c97408acad6217
SHA512 c7b0c097afd175894ba298824efae5023787fdd18b5a4bedb4e724abf0f5ef471884efae36c7bb927f0d73dd711f78fb9201f674301a436b29918e51c109b2a4

/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-journal

MD5 d4bfa1f8210bd465ac1f59d2cd81ecd1
SHA1 e1768b94aab96e920c4e3e6c2cbb800a938e3b9c
SHA256 cab7397f67561173b321859aa5f5f07bd1e7294eef56847cd8701cc10a0dfde7
SHA512 30af1cefc6bfac33c5e1dd4b102bac65a755b05b680b118c096c2157cfcdcc4ad54b8d3e81b2f400a3733a40d2d2089053b0e881289c74c21d443bf778c86b3d

/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-journal

MD5 b653cf2fbf56a8203012664f6b6ad5db
SHA1 d608eaad8fdd696bc2fde9dae9bf4f47bd00b13f
SHA256 888b6cc66b3e04e81cfaa8dbb5a90aaa058b0d0eb118db27b5f49c6dee7a39e5
SHA512 b364036f02b388ec270da13c3ef1c8f9aea78b8bfcec4e267fd03494ffcc5ead46dcad5ec954a855aca48e612431aa583711a275135dd911b57aa3f94086ffe3

/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-journal

MD5 b66132a2dfc817968a854cda6ec57988
SHA1 b023c1c8515c9d664ccdf0a8be902fd180e48330
SHA256 de8d3d7d1d16e50fdf8fa574468641c82cbec17cf7fa0832ee206bb455ca4258
SHA512 d0d2ec857c17672e5cb1ab711f8d29dcdb1704de9ae92a576fa640542881a699c489f8dff551326b2e783683fe9f01ecd07157263ba16cc88078226b0ac18706

/data/data/ir.daryadar.deser/databases/evernote_jobs.db-journal

MD5 11ac216d3e41d8408669cd5bea115eaa
SHA1 76321f9038f2235026164a32a94019f27664684b
SHA256 46237208130c3f760259cc55c9cdab6a41232a5d55f750a75625812c72b2ba13
SHA512 3e52df8321c648fb93d93c525cbc45967a768e4393f77a83b6b8a790d9f28a7969d22de449b0695159385dad0a1c6a013d69b964ac6148c6f3cd7082494397f5

/data/data/ir.daryadar.deser/databases/evernote_jobs.db

MD5 85b53764e7e5b2d35675a052e1208276
SHA1 f5ead8780bc36d60d508741b12909a12b246a100
SHA256 946e3e9f8234d17528f67d497141d45309ca1d13830374249aa2ebba0f0c3c45
SHA512 3bebdec88879b1cabb7e97f44cb566e90e8de249d4f9c73a2bdbda94ad5e424e88ca6b2f59f6b7145347671a80f996851a8758b9843708019328b5544af1ab44

/data/data/ir.daryadar.deser/databases/evernote_jobs.db

MD5 0b89d3994b77a674a095207c22dc8fb0
SHA1 c95a7ebd1e825996c251f89daec759147c28ed12
SHA256 fc8fadf2ce04fad4995ca627166305a404c85ebf7db276fc79bf649c81986e57
SHA512 9da47720883592f365217149c50bc28c5e6730055a2ca6e7b5d4e457c21ed8477b01c4529a1807c63d8e65bef668d8a52c62f099e8cafb6b4e87f281503bd23b

/data/data/ir.daryadar.deser/databases/evernote_jobs.db

MD5 27ae934e42bfe8e177dffb6bb4efde95
SHA1 11955f435daf8c8fb7295668bb116ef8af1232ec
SHA256 760f62ff46717b56da5006c27ebe6daff383c75334310cbc04a895159ce7d8c6
SHA512 4ec7e707b0f5e88d0c3b3e677453d159a40f60b8b3bbd03e8c0b02f89cca88eb9728ae081090a3485ccf760a2da4e352fe0857a9fe56e7b2daf08da8f1907dd1

/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-journal

MD5 bc94881c46aaf8393c19b7721386a04a
SHA1 4b3ce899e687eb036675b61a2319a2404c4b445d
SHA256 cd12bce5ff6b134cdb7912102db3306a54ec6e7918dad7d44c42b19685063afd
SHA512 d401f6acb3d00af838588fbcbcaf2a62b8c1aab9ffe72fb9f9656fd99dacdb458d17c5f170c1de6485ec8bb7a8c1de8a7815c62c513474eb04be1172334c0b25

/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-journal

MD5 168fe4c41a40d93a66a022630fef3009
SHA1 509885127d0128aac397a270db895bc419d14b00
SHA256 1c0a441ac05e9ddda5ef946cf995661c9bb5adf8055a9ebf70d29a2af31ba946
SHA512 be57fcf1cdc7fbb8eb896717ba68141bc97be79941262b308f962e796cc1bf9472d14e7ba8695471260b8602e18a708c11425cd941e557356ee44249e2cf2037

/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-journal

MD5 64cc6faad19ef4645cbaf3b6030c818b
SHA1 611570d2a374f584239bed03e200a2819c417495
SHA256 c8bd459a6a6620b7de186cd50e3d91b657f6c19c42c8b5e8e5cf0d0113ccbec2
SHA512 6b22c6236f816a89e4adac43ad9214bbf8cc726c33e3fbdde5d2a1c764c3e344bb19c97160ca4050b7e5bfd197ef0f844b70cd17f96e7d34e2893063d47c1e0d

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 16:46

Reported

2023-12-23 19:38

Platform

android-x64-arm64-20231215-en

Max time kernel

2553098s

Max time network

150s

Command Line

ir.daryadar.deser

Signatures

N/A

Processes

ir.daryadar.deser

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
FR 216.58.204.74:443 udp
GB 142.250.200.14:443 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 ca.pushe.ir udp
BE 66.102.1.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp

Files

/data/user/0/ir.daryadar.deser/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/ir.daryadar.deser/databases/evernote_jobs.db-journal

MD5 ddf3f8ac8eac7d098bb59c1bdaf02be4
SHA1 9503bfce4429955c7240a071c2cc528e85c6bb3b
SHA256 69c5c49e5a6551475335105a3c50d3c8b6ac712ef1d99cfc7e20d270095b1627
SHA512 fa033bb9e62f888ca06e295126d4202de01854db67490553d22d0db7133a369e40e4b8e1c7e912ac40085eaf343d3de0589b31ddfc9283429e9008a870e2d7a0

/data/user/0/ir.daryadar.deser/databases/evernote_jobs.db

MD5 47080e3bfcf2db9b8620f2faf6c5857a
SHA1 6f63c1851255e0fa99567f047382074b086d38bc
SHA256 dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb
SHA512 e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

/data/user/0/ir.daryadar.deser/databases/evernote_jobs.db-journal

MD5 966ef25fa7da95a603c057837094e8d0
SHA1 bdb3bb1378eafdece946e4991643b5ecd73249c4
SHA256 254b37c5b94ae812819c67f1717256619b31952bc79d64f27c9cdc1e92b4a855
SHA512 17e20c6bddd1a7b25f95126cc906f0cbedfe9314841ded4d1952810c745576b3550b0ef0617a1a009d77911d96c190247327d1385ab8ae3bd037148c81386e8d

/data/user/0/ir.daryadar.deser/databases/evernote_jobs.db-journal

MD5 9fa94358a28a7e944b2300cd136fdfe0
SHA1 06299cd9e9f0874fd7db4038fe92d70737e770c3
SHA256 2211b7df35bb21a8081f5b38386eadf276c0bfc5593a7e33aa6b40bd35d3c5df
SHA512 f1bcd0ced05ca410ad03d65607bda34c4f5c73218680780d1a4b1009cb3be8e574e1e8cb85f851dd71195ffa58d0185ffbdda85286429e5e62a20a94c5afce07

/data/user/0/ir.daryadar.deser/databases/__pushe_base_lib_db-journal

MD5 e9f55cec22554597f2ac4f100a7d9a30
SHA1 ab1499c45c84adc11832b810cba7c20b6ba1bead
SHA256 6f24cb1462a2223c85b7fabd733d0b3fd6d3cd5395b62c1111f2ecff45f2e713
SHA512 b79c2e8405d91645561d1ba00fd9ffd8fd329dc101a4f1db6550f727c2077133e5481cc0d2271a1eb20d122ecdddc170a89acff2c8e2e6588ab662efcf2cf15c

/data/user/0/ir.daryadar.deser/databases/__pushe_base_lib_db

MD5 2cdf77d5c14dd3f313b60c691579a0b9
SHA1 6a74a7a3170cabead82152871c90749afdd6f310
SHA256 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0
SHA512 eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c

/data/user/0/ir.daryadar.deser/databases/__pushe_base_lib_db-journal

MD5 d70556f1a8cd7f79fc05c0e4d94a832b
SHA1 7d46dcb3b6659a85f3294ab30d92c69efa849203
SHA256 49d59868fa134e7eb73d9d5981120f275e84db0cb4fab1f211caa4cd5931b2ce
SHA512 2ff9abb595d68d134a5ac93cbacbd36f631cb36559a8d49de583b86da4eea32ba6c57ba840e3622f09bb8d3048e36d87be52942338a7e8bb2ba6ae4766f8fc0c

/data/user/0/ir.daryadar.deser/databases/__pushe_base_lib_db-journal

MD5 aee75354d13ae7b05d05a4d98ac881ee
SHA1 2ea4e6c5e3f54e9752b3d96d03bac6c0a8d0bf65
SHA256 ff5c9b548669322b750ec6a40bd96aed4a8888b731f23089dc436c7bafd051bd
SHA512 9f461b7cfae9d076573a97382e0cb1b23d579f0735d60bf35b9b1b0d55b40ad48571606ccd52f526f6e97c7076463b8954419b6146a1e2679920bddae2b9571a

/data/user/0/ir.daryadar.deser/files/4_5942895236148625435.db

MD5 774ee88c31c10b2c8e47b0c87f4fdf22
SHA1 bd63c607bc4bf84a345faf43da915d0e8d1f49f3
SHA256 d6255cc43ae120f8c3650bd158c9e4b8db6d4277d367eb82e5904cfd373bdb3d
SHA512 c15cba638260542dbe8f65911bf791b2d9d261dccc1f1e210a860fea586e442878888c9356b811b607c9c5cdf2eda5d0c95cd9373801876a1af1d26971332e1b