Analysis Overview
SHA256
4eba266251e05b86382f2a7ca3309e67ba33250c2c4bc872abc40d2f68726b16
Threat Level: Known bad
The file 4eba266251e05b86382f2a7ca3309e67ba33250c2c4bc872abc40d2f68726b16 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Requests dangerous framework permissions
Acquires the wake lock
Reads information about phone network operator.
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-23 16:46
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 16:46
Reported
2023-12-24 00:08
Platform
android-x86-arm-20231215-en
Max time kernel
2569348s
Max time network
130s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
ir.daryadar.deser
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| BE | 64.233.167.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.4:443 | tcp | |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | bayan313.ir | udp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 172.217.169.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.180.10:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | thnumtcdiyjs | udp |
| US | 1.1.1.1:53 | xwyucbmbfdrz | udp |
| US | 1.1.1.1:53 | fiwnfxrbype | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
Files
/data/data/ir.daryadar.deser/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db-journal
| MD5 | d5c4a2f4db7ba3983b6aec1e3a93af72 |
| SHA1 | 9ba0f45802013cb50e6a83f2038b57db6f6276e9 |
| SHA256 | 23dd3f22ab13bc581bb233257311879562cdc4a5c76edc9daf7d02a78fce2088 |
| SHA512 | a72a922ed22638e22e73de94751d6f95705758aa2cfdf42dcf469ea366534f0752563bac5b2c47c5d3a46293734a888cd6df6f34347466cd0053a3aa4f6ebe83 |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db-wal
| MD5 | b34e7f8013786cbd8b3a4def4ac0f1f9 |
| SHA1 | 4b58a5962f2552c4563946add128c4c4ffd81698 |
| SHA256 | b5cd0cff52099cd157f59b7d8271af537d54622923e236c54c4fa855d94d8f57 |
| SHA512 | 080dc3864b5f9d9c36365742fa941e060df884d6dd8e5620635e28907a3fd2dd78584628c3d4d0dd119075f45f2eea7475e74331f50e753fd0e298607f35e0e6 |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db-wal
| MD5 | 07a1ddd596d06c7391e6676af8fb6ae6 |
| SHA1 | e7adb91f495c91ae086a5be21e5046fb3f2f3a16 |
| SHA256 | c77c762944a75dff926de70f1572422e1100529c6386445e315ad71e6a649061 |
| SHA512 | 7547ae49cafe412d20d4ed1b155761379822fbfdb808dee57efb7fef51db679633ab6190d4424d1cd4cc1648acd8035654acfdeca8edf562927f6e47f2ec5e14 |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db
| MD5 | ac8e6740e489d4391cb23c03358326aa |
| SHA1 | 67c63de0612066c0180b2d55666b640b6356e360 |
| SHA256 | 91f1d1bce39e48fca015153ee157125755761b167b627229a625e273cc1351c8 |
| SHA512 | 1cc8183a2cf915059e7707bfdabb819ca16019697e80fa1d80e48d1aabbc72f6a90bec174993eac5a62338b08429abf513aef13ae036c233b084084618b36fb9 |
/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-journal
| MD5 | 45d99ae9f5063f473ca32edee93d6f00 |
| SHA1 | f65f37f344d04283404dd22e3a55be6ccc5c6d17 |
| SHA256 | 38171ace81658d0b5a99cdb2b7da366ddc8a7152939ebdc6c2f7ef40df8f3d9e |
| SHA512 | 727f19227047d0827868557a3e261645d0f0b812f412ae7fb56e506e426eb423346b13e9f96468306b57d67fa9ecdc3cfa3987eb5192b50e20b5e9793c19cab3 |
/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-wal
| MD5 | 2321185eccc83679938d321affc19c5f |
| SHA1 | 4e31ea6c929bd10e09878634d338a03dd223d099 |
| SHA256 | 8a63367a49cdf07c3bfde1e5ba959523a7b280560d51779d2773b2b13c42319f |
| SHA512 | d1230d71becdadadf9aec38e1db72dcb367c5ef57ba011ee7c687f6e17a04dbf0254461b3cff34bd8cab74fcc5c7b6b10f7eca6d54b57acd3427e0bf48849ce5 |
/data/data/ir.daryadar.deser/files/4_5942895236148625435.db
| MD5 | 774ee88c31c10b2c8e47b0c87f4fdf22 |
| SHA1 | bd63c607bc4bf84a345faf43da915d0e8d1f49f3 |
| SHA256 | d6255cc43ae120f8c3650bd158c9e4b8db6d4277d367eb82e5904cfd373bdb3d |
| SHA512 | c15cba638260542dbe8f65911bf791b2d9d261dccc1f1e210a860fea586e442878888c9356b811b607c9c5cdf2eda5d0c95cd9373801876a1af1d26971332e1b |
/data/data/ir.daryadar.deser/files/4_5942895236148625435.db-journal
| MD5 | 98fc355469d4a4111f7b8f9b4d8949a2 |
| SHA1 | af40f3914e9b4adbb173c6996b4c6a0cf64ce0de |
| SHA256 | fc7327c8a43d4b1b646cbf9099557608c2a12863461f389394b0e7bd46d1a731 |
| SHA512 | 191d418d1d0ef3572275c9a97aae5fa15d521ec2843bc923c775d3beb6003cfa811f4c631cccacc404ffd6171572f947e04317c2a0b80fb08ffb7faadf4c5db0 |
/data/data/ir.daryadar.deser/files/4_5942895236148625435.db
| MD5 | cc029d8cd406a407077569594b3d716e |
| SHA1 | ee3ac99934f1ddc1c07b3c4a1723a46b7490c075 |
| SHA256 | 5d0fc01581b20eaab4f102eded27b354354167ba69d8482a9663d79c037a51c4 |
| SHA512 | 27be93601877d7b9d9fdfd1215d0b43c8593e9c2cf62f42ccf8cfe48c4e4019dc12a73a248ecdbb8fb926bcfce42472ed4cddc5228a9804fb8ff2acdb263b5c3 |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/1.jpg
| MD5 | b9310dd9c3bd1dbb0c25196413cd60de |
| SHA1 | 335605a01e8f7609da85c0a48b91c10ec1b4b8c9 |
| SHA256 | eaaa6b1c9bcd0266c606ea34b72b6d2114240941ffd79c65e762ce07e02f4faf |
| SHA512 | 01156a85be2e58131550c17cdfe7f277d2b0b68454fcca23bca7a87de8e2f9d7941a43ebf04cd69bfb7a6c91bcd9a5a15572fad975df35f714c76b407adcb636 |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/2.jpg
| MD5 | c398390dbc1ecc0b02c153984a24f2ee |
| SHA1 | f6ce7ccc1403e604cdc5471f1495e691bb55b441 |
| SHA256 | f25f1898aa509d2d8106b98ef9faa057542430b47babbce9c595a5f831acebbb |
| SHA512 | a9e7df86dde51ef8ab0ccec86d4f04163ef90a91ec2b5d601de7d36dd8f2687e28d4899adc1f7523093ec80dfc28d29e50a909e9198da328f07be73550173557 |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/3.jpg
| MD5 | cda7a9f4f2879b2c87e369938be87c8a |
| SHA1 | 752e944710ef1006b853c586b86acd708f01e155 |
| SHA256 | de930629d9518160132bd0438de77e826ccc604b763e9ae4a25bb235cfb7a360 |
| SHA512 | a9c441d7970d3ef0f392952350b4a1fafe6c3dce78d558f6d2d73503229f814d04fb51cee7dbffc7614dbacb7d8d59c5dc6a02d3d72a413bc7d216e8f198ec0f |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/4.jpg
| MD5 | 66ed73c39e89035d675b2525b56f592c |
| SHA1 | 97bfb55c95b29e5b85d85be7212716d2de8fc1f3 |
| SHA256 | 130f594574a49c2e9afb536f405a2c9762dada739cf422cbdc69d24ab0fe835e |
| SHA512 | e806d849a6cbdc76a556a818f6d91de587bdeb3c6688f6fcbefa3143ab78a28605262ccd50bab36842dfb5f04e99a88790ea2a3c111662031917663acf77ed37 |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/5.jpg
| MD5 | f9c44ed706ee23826a8de42c00d158b1 |
| SHA1 | f731d28e8edef0f662c65af7e75ce479ef68ed95 |
| SHA256 | fc49b69aa9ed63d49cdccfc6ae28cb4c8e38aa6de8827664d672abcf7773c3e1 |
| SHA512 | bb67bf576f5e1bf4a9a07d784a83291cd9a1aa0706c8a79996ecfe48442f14908f761c3db21346dc6540d49cac866c7336a27c9048d42052b6aea27b6854b68e |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/6.jpg
| MD5 | 0fe75ba85cc9edad76e8f4067046cf37 |
| SHA1 | 953f5a0100ce265d64b15a04b1b72d3defd69ca0 |
| SHA256 | 69bc47af8382eb96621858a18d1e78d4a2edcbdcf8de4bb49b8b1898011e61a2 |
| SHA512 | 73139c69d44d51fae9960a11f72415f1f5411b4b7a712cd89ac807ef6d5fdbaebea5e847255216683553368efcf9053082aeb5e48ccf7519f470993aab9c99a2 |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/7.jpg
| MD5 | ce5a55b6f4fdae9ca0b0c66f4a5da19e |
| SHA1 | 7ec0a7ade99bc8657ebed442cd601d7b43b98b85 |
| SHA256 | c7af06bf4cbf7fea252ce6fb4ef506522bf7d467e98013c695aab90c4f4a87e4 |
| SHA512 | 67f7a4e04134e28f20d8c32d516a91a36c49934ddc302fe16c2568781b40b7ad8e99884c4972f63b66b71ac986e8470d1a1cf9e6ee2f8ce9b078d58358546d3f |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/8.jpg
| MD5 | 76d34375da29d086383a512a6ef9fcc5 |
| SHA1 | be8cd3e7faef265b5e5809aaddfba9a36894b6f6 |
| SHA256 | 7a48a32bb8ae07b0e596a34f545eb01d62fa5cce91f4df2c08a2ad053c8fcd4f |
| SHA512 | 36cc434561e977fb3d904c8fd40942a86b5498f0fbf5d18680d51ad92e8cd04c66ce3522fb4ee013f9f47e00ea790939cdadf96d7f6b8954275c6505fc969280 |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/9.jpg
| MD5 | daabbec79e31e972866baf20d6d005c6 |
| SHA1 | 41a3775057cec3fc043532ef6a126bd0172efb2d |
| SHA256 | cd370188667963c94de2cb760958a6ecf343b7de4e6ad69503bc0a0d2a7e5a1d |
| SHA512 | ce3caa70c72f889938d90e8395bd2baff26715a3eea60c646e41295ecfa4903ca10a6cd09f1afab022d15193148298c4e737f4f657ff42c11024590aefee745a |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/10.jpg
| MD5 | 4754c806f989aa8257f72e7d2f591089 |
| SHA1 | ef17742eb0ac34628ef00cf2e538986dd1f69d3a |
| SHA256 | c934afaa049f78d39692ccee33331f0d99e2579e44f5bfb5b046fd9cc038a5a6 |
| SHA512 | aae9abc10833d2382edbcd8ca419df87064d47f26bc0252d6035a1fd475ce115a2fb36112e4e124b4cb4e8607535f3de0c0c73686c51f27f30da67c551fe87a1 |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/11.jpg
| MD5 | fad6c50c8ee93c05b0c1f6d3e6cc7963 |
| SHA1 | d2a35859153e326bcefc246de1597554ff0cdb28 |
| SHA256 | 2f4c1e2ca11e051cbb311b90b2e3cf9a0c79f478a3d1e5be9537312f2a5ef870 |
| SHA512 | a85aa97e4208aea53f1c69d29258cc5e28d44925c2c0c0657654f32b0507c75379eacca7de8c18c9f6a233c97c79543ad38510e94ea60005d3da809a0089f5d6 |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/12.jpg
| MD5 | 093fbb17c1eeccd09745cee4f1ff1e67 |
| SHA1 | 66f5f712fc75414abbffd468cde50ea92b3e1ad6 |
| SHA256 | bd6aed34f7633cd40d71b186e4f687cb911f68d253f4a4a89deda5d1d73eb96e |
| SHA512 | db721ac7a5f9318832dbd20c88c3d0eaa1e1635d40e3a0eacd4e07a5556d74bce9937aa9fb53a05e24f59869892d95103a6aa15677679a4e8f09f8e0bd8dc6a7 |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/13.jpg
| MD5 | b90c8291e87d04d4b06034aeb02da348 |
| SHA1 | 0acd7d1850ffd23cc7e0337ad4d868a7a25c53b7 |
| SHA256 | a11e2ca6eb01e0ffde640a3d5457c5c4db9ee75c90fba197ff54cd96c53fc89c |
| SHA512 | 47292d7fb1c03915e7f02ff16508780bd708c43eeaa648f5248e8074bf8270d4155efc9dc4f087a178d55ec405c31cb46ef0a1adc0f3ed0bfe5be18de9d233f8 |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/14.jpg
| MD5 | 1fec9be7f7372c8d0ab19fcf6c3a6af0 |
| SHA1 | 8fb89c8b874a95cfe1a89c1edaa74311137a7748 |
| SHA256 | de3d089d5b3258a180e7b090ca5a4125887f18f0b344e2f8dc609e818e8df6f9 |
| SHA512 | 1c495224840cc706e5968cdbaec61ffaa273ddcba478fef7c21b1854812bf0dcb028c5f8e64027eb545c78dfd84046d2a22afaa81a8394bf9e834d0d1853dab0 |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/15.jpg
| MD5 | d1c8f061729375215cde6c05e6d73235 |
| SHA1 | 20b0d62fdb790db9ac18bfac9536adebb2482bd1 |
| SHA256 | de2772fce0f06c1bcffe30cd6c278f6ebb5a2fcd16267885d59deef05302cd23 |
| SHA512 | 8eba9636e98b716ba3be597c9b84904d52e8fdd09f5a73d5fed1225c598763cac921e04910b882ab1d16c2d46022d4e0ca8dbb563d394847e2f6c83cb7c1423d |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/16.jpg
| MD5 | b63d36a169152a0d3233bead12005d86 |
| SHA1 | 9e8e15be0f203ffad511cefd93c40ca52b696362 |
| SHA256 | 5518ab4a3b2ba2f165a36d1610e68fe7eb7c63e8ea8e5de3088748e1353f1ccd |
| SHA512 | 90e8eef93670c1504dc1f4c9f8c392163efef37a558b67b992b01da68edeb9589924f13eefdb9d18b0966ce55e2f48d40a7d631a060abdbd17ab0d6b1051f439 |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/17.jpg
| MD5 | f84d94290e4f47c5e9aec3401d2e84db |
| SHA1 | baa00cab27c8737b32ebdf9cb75379c1ff12f7f6 |
| SHA256 | c24a3df12d1f6b2d49a4d0031457b1dccd7a0b9c17cf4102ec126df41ccef912 |
| SHA512 | 2db4d85e4ce2c6a3e04238fff9d7029622c82508b74daa44177b0275ab82645bb06cda95fe608fb6ce4eb530cb610a471a56bdfcaecadafbf88c9b9f1463183e |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/18.jpg
| MD5 | b5d113371e8ab7095a81661b2609183e |
| SHA1 | d01c672815cbef4a46b3d40b8e91f96b701b78e4 |
| SHA256 | 1979713249de5c626830bd2d9439d4643797e1c00d79b4e5d1eb65ab0a2187e7 |
| SHA512 | 2ef3c3124edb844e0bf7cf266d5fb27e879ec1b27bdb4e10d88432af7dfd763ed83354b295c7b18a6a0aa6a00f289db122067710dd94a80323ccbef78a033884 |
/storage/emulated/0/Android/data/ir.daryadar.deser/files/Ashpazi-Rejimi/19.jpg
| MD5 | bd8cc2d52b1c0a74611886645d8546c6 |
| SHA1 | dc70889de0ba68aadf6acd4f3f37190b8de61a26 |
| SHA256 | 50966af46bce5f0a91c5a7b3dd4eac17845174d0d3a565ed414c728ae1d27018 |
| SHA512 | 6db67d91f1e8c333d7c19b16c4341fd9ac745029630ee63c2d4d6c2ba0c5b0f8bb2c4c1ee5e4b047b4237d515c6289023f1843ad7c99943d5349ec194c63bf7f |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db-wal
| MD5 | 403483735b04a23f35f86e27b9393468 |
| SHA1 | 21997ea8da1ec9e88e89dc40589bc76a39bb65b1 |
| SHA256 | e9176185876b25dfb5612186d0eb877602c9d0651253b557aa0deace9bd0bec8 |
| SHA512 | 835c50dc9423f1a2e342c3f8fb0a013121d08c51188d010a8487c3aa55a8ba444c130202ee4645ea1a489c3cc055703338760be4818318ceb60e3734588ade4b |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db
| MD5 | bce7d46a126dcc668838fc5702c7d5fd |
| SHA1 | 3ef612c9c28b147e04b5dc0d84582167a50c7f8e |
| SHA256 | d642e7b84e9fe87762d3049034a753f193a39cd7c8c5533f3838e1dcbe06a29f |
| SHA512 | d3d69372b37b5bc08831a1c6b39f7e76d45ea25d7cb2278d15108ec911e9bb5ca7d0926f230c62cd4b083b0494d2007c12f9c3224de6fb15304c2174e2b448a8 |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db-wal
| MD5 | d564c884e286be4d9fd60d1c59bb36f8 |
| SHA1 | 3569f8fa4c2fcdd2dd60e3e8abcb333ccee1f792 |
| SHA256 | 51e405df6905139b2f06688fd5743105321df8e16770f9c6829cc04bcb0b4846 |
| SHA512 | aa4f3bd124e122d317afb08d0a2ff232231ca3ef9d538b6f37e667d7745184001803d1a69807fc2872bc736cdde26c7d10da93fc5868eed4a173dc27015e3c7c |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db
| MD5 | 5a58a0df5c9501dcab878c2f3d7cdbd2 |
| SHA1 | 365766086a268095fe14172477885e1e9e0fd211 |
| SHA256 | 8fff8a46b0ee7c92b8f3e05a387f544c6f6a19fc9cfa32791f9ea441ef8dbf5c |
| SHA512 | 793ece8e94a0b70c217f2ca045da5b78ba3aed01b2d983a09c2c9e53e5d83d753d544b9af7b06976bc33a6355902a2529ae4c622b2bd322262e368823626cec2 |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db-wal
| MD5 | ae60027db5178ec5fe14a9cd7fb1ce32 |
| SHA1 | 5869f0b5a23a529af0fe71102dda7e9f83cc6a3a |
| SHA256 | 624e0b251f1c564fb5d1300b90c89420c8295afa8fca7a5f35b2aaa292063b18 |
| SHA512 | c5e7dbd978d5f1a8c257a4368c62a8d585ee5ce8cca1cd752e43719f6d5f083b512227fdfb26e5631a9242db600cf8ec86b278a4bfe40d7e60bbf2b8d0a6e9cb |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db
| MD5 | d98c17b284ecd9b6012b6cbff23096bf |
| SHA1 | 8b612b99bb12a4687dc3dcb31df6884fa4146593 |
| SHA256 | d621a4f3626732424816ca3d802338857b7c7a5466551b7911e786b753f1d58b |
| SHA512 | 26c353cddbeef3d3e940653f9fab4f7882217136a5d25489b4895428617260487a3c7154372ffe1977b31f7fcab33666abf8cc9e0a76107a4500261c8afca6f4 |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db-wal
| MD5 | 19d6e3fb5aa56f000453395c36fbcbae |
| SHA1 | 730d8c7524ae147933b6335e89d63f1f6ee12ba7 |
| SHA256 | b0a424fe72cd14296b88772c2edc5f008a9955e4be049c42a4af23993f10ef3e |
| SHA512 | 662b8d57fca4ec1d111fba731e897dd9fa458da06bb72428ebc1dd1269c9eb9eb8838b2ec3d5fc4acd11369ca84ffd7abf92f46b122a941d51dd9c29923e0fba |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db
| MD5 | 35dbfb9e03aaaa2d6751869523141d5a |
| SHA1 | bf6a103756c50115c37b84b5ebbe680091dd88b2 |
| SHA256 | f191f5f7507a13a9901dfc597701c9bc3f84a20d3d47035351777a96a393ad23 |
| SHA512 | b245a29af9877f3b66ba644192efb3f4e2fcd73044a3279f8038e9f7d9a46acf30f955c8f011ad70efed92e5c0913d031ce94c9147715bae7345bae96f557277 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 16:46
Reported
2023-12-23 19:38
Platform
android-x64-20231215-en
Max time kernel
2553253s
Max time network
173s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.daryadar.deser
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| FR | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| BE | 142.250.110.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 1.1.1.1:53 | bayan313.ir | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 172.217.169.36:443 | tcp | |
| GB | 172.217.169.36:443 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| FR | 216.58.201.98:443 | tcp | |
| GB | 142.250.179.238:443 | tcp |
Files
/data/data/ir.daryadar.deser/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db-journal
| MD5 | 5de572413cc71c0a04fb0b2f37fadaaa |
| SHA1 | c9f66ec71f01b3af9e8cbe21e85ef14b70e2bf52 |
| SHA256 | 2a3d328caab6b8b01540e05a8090b4ed1076fd9280ae226939217cebac065a95 |
| SHA512 | b702b5c319789cd015756dc14921a6ee44197933ee5e0b5275890931ddff4a4f2ad966e0fa65aa15d8c69e42ae636e048d819d07b261f9da3e6adc7428d53613 |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db
| MD5 | 00e829076f54c72b50b63fd6de296a03 |
| SHA1 | fbeb1b8be863931f98a7c29224a03b89f9616ab2 |
| SHA256 | c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df |
| SHA512 | 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db-journal
| MD5 | cb0c7b8762f3a20f6a6d63df642dc5a5 |
| SHA1 | c74139b9d69d48f2fdb05b87119fae6930195c3d |
| SHA256 | e6eb2c3c7e7cb2556e0f72553e1281a38c3ea61f93c93759dd358b7a2daa8dac |
| SHA512 | c93a2cc1167804903da2b6d520bdc691a23cbcba770861c4b7e8785f3f9779dcfca2631ae45586cd2e0c66a1efdc15593bd1c28fcde17558dd63de1424c49ea6 |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db-journal
| MD5 | a038aa722eacd94df4aa300d22d9c771 |
| SHA1 | 04999350a8696a0289380c0bc829995057b81175 |
| SHA256 | 35aa23f11e0c5bb6fc1a2aa59b4316e2adc84ff1a2bfbac08b353a484934e288 |
| SHA512 | efe04ad0387ed17ee1ab36797ecd0bbe7fa440414eade1668ac9ba6da972be0e4ce81b621df504f74289168c5eb5acf9560e92f4041a8f73978225f52d0659cc |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db-journal
| MD5 | a51cf474759d918627f5db12276bccbe |
| SHA1 | fd685cb00de608295030004067ae7b622fbee4b5 |
| SHA256 | 32887e890fae2021ac7e94b9b24b64bf925450ec2270de9aa81cea55d234fc23 |
| SHA512 | 4a05e595556a5bca04408e664ff6b1fd250c2665c67c5f844ea03a2e60d6a8fb492c7063ee31b1fb6a03ae8a7575d650a95c43afb79f41cb06082620964dff31 |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db
| MD5 | 54d785e6a2de5777bc7f45a3d56bd850 |
| SHA1 | 9e1fea1be522104ea00856037a0f8f69cf46e66b |
| SHA256 | a5283a41cb1d1fc11e934b4734371b6c4dc164d3eb18a45a11c97408acad6217 |
| SHA512 | c7b0c097afd175894ba298824efae5023787fdd18b5a4bedb4e724abf0f5ef471884efae36c7bb927f0d73dd711f78fb9201f674301a436b29918e51c109b2a4 |
/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-journal
| MD5 | d4bfa1f8210bd465ac1f59d2cd81ecd1 |
| SHA1 | e1768b94aab96e920c4e3e6c2cbb800a938e3b9c |
| SHA256 | cab7397f67561173b321859aa5f5f07bd1e7294eef56847cd8701cc10a0dfde7 |
| SHA512 | 30af1cefc6bfac33c5e1dd4b102bac65a755b05b680b118c096c2157cfcdcc4ad54b8d3e81b2f400a3733a40d2d2089053b0e881289c74c21d443bf778c86b3d |
/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db
| MD5 | ea628e04765adaf4238a5dcdff4bbd51 |
| SHA1 | a801947619ea8c368efe9c006a324dc6339ac60b |
| SHA256 | 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4 |
| SHA512 | c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe |
/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-journal
| MD5 | b653cf2fbf56a8203012664f6b6ad5db |
| SHA1 | d608eaad8fdd696bc2fde9dae9bf4f47bd00b13f |
| SHA256 | 888b6cc66b3e04e81cfaa8dbb5a90aaa058b0d0eb118db27b5f49c6dee7a39e5 |
| SHA512 | b364036f02b388ec270da13c3ef1c8f9aea78b8bfcec4e267fd03494ffcc5ead46dcad5ec954a855aca48e612431aa583711a275135dd911b57aa3f94086ffe3 |
/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-journal
| MD5 | b66132a2dfc817968a854cda6ec57988 |
| SHA1 | b023c1c8515c9d664ccdf0a8be902fd180e48330 |
| SHA256 | de8d3d7d1d16e50fdf8fa574468641c82cbec17cf7fa0832ee206bb455ca4258 |
| SHA512 | d0d2ec857c17672e5cb1ab711f8d29dcdb1704de9ae92a576fa640542881a699c489f8dff551326b2e783683fe9f01ecd07157263ba16cc88078226b0ac18706 |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db-journal
| MD5 | 11ac216d3e41d8408669cd5bea115eaa |
| SHA1 | 76321f9038f2235026164a32a94019f27664684b |
| SHA256 | 46237208130c3f760259cc55c9cdab6a41232a5d55f750a75625812c72b2ba13 |
| SHA512 | 3e52df8321c648fb93d93c525cbc45967a768e4393f77a83b6b8a790d9f28a7969d22de449b0695159385dad0a1c6a013d69b964ac6148c6f3cd7082494397f5 |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db
| MD5 | 85b53764e7e5b2d35675a052e1208276 |
| SHA1 | f5ead8780bc36d60d508741b12909a12b246a100 |
| SHA256 | 946e3e9f8234d17528f67d497141d45309ca1d13830374249aa2ebba0f0c3c45 |
| SHA512 | 3bebdec88879b1cabb7e97f44cb566e90e8de249d4f9c73a2bdbda94ad5e424e88ca6b2f59f6b7145347671a80f996851a8758b9843708019328b5544af1ab44 |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db
| MD5 | 0b89d3994b77a674a095207c22dc8fb0 |
| SHA1 | c95a7ebd1e825996c251f89daec759147c28ed12 |
| SHA256 | fc8fadf2ce04fad4995ca627166305a404c85ebf7db276fc79bf649c81986e57 |
| SHA512 | 9da47720883592f365217149c50bc28c5e6730055a2ca6e7b5d4e457c21ed8477b01c4529a1807c63d8e65bef668d8a52c62f099e8cafb6b4e87f281503bd23b |
/data/data/ir.daryadar.deser/databases/evernote_jobs.db
| MD5 | 27ae934e42bfe8e177dffb6bb4efde95 |
| SHA1 | 11955f435daf8c8fb7295668bb116ef8af1232ec |
| SHA256 | 760f62ff46717b56da5006c27ebe6daff383c75334310cbc04a895159ce7d8c6 |
| SHA512 | 4ec7e707b0f5e88d0c3b3e677453d159a40f60b8b3bbd03e8c0b02f89cca88eb9728ae081090a3485ccf760a2da4e352fe0857a9fe56e7b2daf08da8f1907dd1 |
/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-journal
| MD5 | bc94881c46aaf8393c19b7721386a04a |
| SHA1 | 4b3ce899e687eb036675b61a2319a2404c4b445d |
| SHA256 | cd12bce5ff6b134cdb7912102db3306a54ec6e7918dad7d44c42b19685063afd |
| SHA512 | d401f6acb3d00af838588fbcbcaf2a62b8c1aab9ffe72fb9f9656fd99dacdb458d17c5f170c1de6485ec8bb7a8c1de8a7815c62c513474eb04be1172334c0b25 |
/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-journal
| MD5 | 168fe4c41a40d93a66a022630fef3009 |
| SHA1 | 509885127d0128aac397a270db895bc419d14b00 |
| SHA256 | 1c0a441ac05e9ddda5ef946cf995661c9bb5adf8055a9ebf70d29a2af31ba946 |
| SHA512 | be57fcf1cdc7fbb8eb896717ba68141bc97be79941262b308f962e796cc1bf9472d14e7ba8695471260b8602e18a708c11425cd941e557356ee44249e2cf2037 |
/data/data/ir.daryadar.deser/databases/__pushe_base_lib_db-journal
| MD5 | 64cc6faad19ef4645cbaf3b6030c818b |
| SHA1 | 611570d2a374f584239bed03e200a2819c417495 |
| SHA256 | c8bd459a6a6620b7de186cd50e3d91b657f6c19c42c8b5e8e5cf0d0113ccbec2 |
| SHA512 | 6b22c6236f816a89e4adac43ad9214bbf8cc726c33e3fbdde5d2a1c764c3e344bb19c97160ca4050b7e5bfd197ef0f844b70cd17f96e7d34e2893063d47c1e0d |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 16:46
Reported
2023-12-23 19:38
Platform
android-x64-arm64-20231215-en
Max time kernel
2553098s
Max time network
150s
Command Line
Signatures
Processes
ir.daryadar.deser
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 216.58.204.74:443 | udp | |
| GB | 142.250.200.14:443 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | ca.pushe.ir | udp |
| BE | 66.102.1.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
Files
/data/user/0/ir.daryadar.deser/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/ir.daryadar.deser/databases/evernote_jobs.db-journal
| MD5 | ddf3f8ac8eac7d098bb59c1bdaf02be4 |
| SHA1 | 9503bfce4429955c7240a071c2cc528e85c6bb3b |
| SHA256 | 69c5c49e5a6551475335105a3c50d3c8b6ac712ef1d99cfc7e20d270095b1627 |
| SHA512 | fa033bb9e62f888ca06e295126d4202de01854db67490553d22d0db7133a369e40e4b8e1c7e912ac40085eaf343d3de0589b31ddfc9283429e9008a870e2d7a0 |
/data/user/0/ir.daryadar.deser/databases/evernote_jobs.db
| MD5 | 47080e3bfcf2db9b8620f2faf6c5857a |
| SHA1 | 6f63c1851255e0fa99567f047382074b086d38bc |
| SHA256 | dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb |
| SHA512 | e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473 |
/data/user/0/ir.daryadar.deser/databases/evernote_jobs.db-journal
| MD5 | 966ef25fa7da95a603c057837094e8d0 |
| SHA1 | bdb3bb1378eafdece946e4991643b5ecd73249c4 |
| SHA256 | 254b37c5b94ae812819c67f1717256619b31952bc79d64f27c9cdc1e92b4a855 |
| SHA512 | 17e20c6bddd1a7b25f95126cc906f0cbedfe9314841ded4d1952810c745576b3550b0ef0617a1a009d77911d96c190247327d1385ab8ae3bd037148c81386e8d |
/data/user/0/ir.daryadar.deser/databases/evernote_jobs.db-journal
| MD5 | 9fa94358a28a7e944b2300cd136fdfe0 |
| SHA1 | 06299cd9e9f0874fd7db4038fe92d70737e770c3 |
| SHA256 | 2211b7df35bb21a8081f5b38386eadf276c0bfc5593a7e33aa6b40bd35d3c5df |
| SHA512 | f1bcd0ced05ca410ad03d65607bda34c4f5c73218680780d1a4b1009cb3be8e574e1e8cb85f851dd71195ffa58d0185ffbdda85286429e5e62a20a94c5afce07 |
/data/user/0/ir.daryadar.deser/databases/__pushe_base_lib_db-journal
| MD5 | e9f55cec22554597f2ac4f100a7d9a30 |
| SHA1 | ab1499c45c84adc11832b810cba7c20b6ba1bead |
| SHA256 | 6f24cb1462a2223c85b7fabd733d0b3fd6d3cd5395b62c1111f2ecff45f2e713 |
| SHA512 | b79c2e8405d91645561d1ba00fd9ffd8fd329dc101a4f1db6550f727c2077133e5481cc0d2271a1eb20d122ecdddc170a89acff2c8e2e6588ab662efcf2cf15c |
/data/user/0/ir.daryadar.deser/databases/__pushe_base_lib_db
| MD5 | 2cdf77d5c14dd3f313b60c691579a0b9 |
| SHA1 | 6a74a7a3170cabead82152871c90749afdd6f310 |
| SHA256 | 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0 |
| SHA512 | eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c |
/data/user/0/ir.daryadar.deser/databases/__pushe_base_lib_db-journal
| MD5 | d70556f1a8cd7f79fc05c0e4d94a832b |
| SHA1 | 7d46dcb3b6659a85f3294ab30d92c69efa849203 |
| SHA256 | 49d59868fa134e7eb73d9d5981120f275e84db0cb4fab1f211caa4cd5931b2ce |
| SHA512 | 2ff9abb595d68d134a5ac93cbacbd36f631cb36559a8d49de583b86da4eea32ba6c57ba840e3622f09bb8d3048e36d87be52942338a7e8bb2ba6ae4766f8fc0c |
/data/user/0/ir.daryadar.deser/databases/__pushe_base_lib_db-journal
| MD5 | aee75354d13ae7b05d05a4d98ac881ee |
| SHA1 | 2ea4e6c5e3f54e9752b3d96d03bac6c0a8d0bf65 |
| SHA256 | ff5c9b548669322b750ec6a40bd96aed4a8888b731f23089dc436c7bafd051bd |
| SHA512 | 9f461b7cfae9d076573a97382e0cb1b23d579f0735d60bf35b9b1b0d55b40ad48571606ccd52f526f6e97c7076463b8954419b6146a1e2679920bddae2b9571a |
/data/user/0/ir.daryadar.deser/files/4_5942895236148625435.db
| MD5 | 774ee88c31c10b2c8e47b0c87f4fdf22 |
| SHA1 | bd63c607bc4bf84a345faf43da915d0e8d1f49f3 |
| SHA256 | d6255cc43ae120f8c3650bd158c9e4b8db6d4277d367eb82e5904cfd373bdb3d |
| SHA512 | c15cba638260542dbe8f65911bf791b2d9d261dccc1f1e210a860fea586e442878888c9356b811b607c9c5cdf2eda5d0c95cd9373801876a1af1d26971332e1b |