Analysis Overview
SHA256
48e9454d4e2151340a0af9b9a88fc6a3ab0d73ff87820dbce3ca882b2102eee0
Threat Level: Known bad
The file 48e9454d4e2151340a0af9b9a88fc6a3ab0d73ff87820dbce3ca882b2102eee0 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Requests dangerous framework permissions
Acquires the wake lock
Reads information about phone network operator.
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-23 16:23
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 16:23
Reported
2023-12-23 17:35
Platform
android-x86-arm-20231215-en
Max time kernel
2545771s
Max time network
131s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.nahideh.lazaniya
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | ad-sdk.com | udp |
| US | 1.1.1.1:53 | da2ff831e2744cb6963708e0a1d994e1.s.adad.ir | udp |
| US | 1.1.1.1:53 | da2ff831e2744cb6963708e0a1d994e1.s.adad.ir | udp |
| US | 1.1.1.1:53 | da2ff831e2744cb6963708e0a1d994e1.s.adad.ir | udp |
| US | 1.1.1.1:53 | da2ff831e2744cb6963708e0a1d994e1.s.adad.ir | udp |
| US | 1.1.1.1:53 | da2ff831e2744cb6963708e0a1d994e1.s.adad.ir | udp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | da2ff831e2744cb6963708e0a1d994e1.s.adad.ir | udp |
| US | 1.1.1.1:53 | da2ff831e2744cb6963708e0a1d994e1.s.adad.ir | udp |
| US | 1.1.1.1:53 | da2ff831e2744cb6963708e0a1d994e1.s.adad.ir | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| BE | 64.233.184.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | haigfdaeo | udp |
| US | 1.1.1.1:53 | qzayhycl | udp |
| US | 1.1.1.1:53 | eqskukjypulp | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
Files
/data/data/ir.nahideh.lazaniya/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db-journal
| MD5 | a8ff92fb985562498916ab42dfa41c35 |
| SHA1 | 92fa8c38193598c2d69a35ca3249d19765507880 |
| SHA256 | e95f71721d7187f1ff1e8d3993ace0c9b6f521b50bdea058abdd6271aec16887 |
| SHA512 | a118c373369e40faec2f2eba8c8b4d7591c172e3df31851b10fae14e667f7d2a7ce004d1ad760f8d232da339f3d8c6ef127559019ced2c998257598afbedb731 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | 978fdf85b8448e3a7c9015e51477eb49 |
| SHA1 | 793bb88398dc9457935a4416638d5ed3974baf19 |
| SHA256 | 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92 |
| SHA512 | 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db-wal
| MD5 | 9eb7e8da8871a2591bd6ff977cbff558 |
| SHA1 | 2ff7c197367b99a973d218e322c74deeb436651a |
| SHA256 | a0fd95c917291c61a5c4727068d4863b30290374e5312d884f40533496486005 |
| SHA512 | 01eeb98dd705ddff86ce33a23687db31e866c921c6b165fb8307bdb27dda9bb27b25ce95061a727760409fb7a863a2f74234e5f1e7e16b8b4920b97bb114d247 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db-wal
| MD5 | c9ce979b5ac1d3cc32d3f3b987cf26f2 |
| SHA1 | 785ea1259dfc268a8945f31bd8059fa40d9e3efb |
| SHA256 | 9f7212266941dfef789b635d4445fada781e10efc91f73020eb9f567ce27c170 |
| SHA512 | ba402dd8e48f7bbcf13b66b344e2ed16f6dfd7a0d6fbaa58ad45d42b389398a92ed46fa208acb91035437a5424cea38142761e3e79a19ef00b7af4741e614c17 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | 1824724596d41aad37dd2aa6250d062e |
| SHA1 | fe4da04ef720bd54be03ecd089bb5d1d706a796b |
| SHA256 | 58116d0c8792e0e5df84e3cbc303d798250a17e39baa976fad5eea89c12eb279 |
| SHA512 | a354805c5792124665d600dff7b46a258d2ea2922fc7bbe2692ad821faad3f78d7df05e4dc26448a2c86bee62c3069dbf02fb93b9ca18fbeb87e7706d1c7873d |
/data/data/ir.nahideh.lazaniya/databases/__pushe_base_lib_db-journal
| MD5 | d1d6cb9c871e4556ca3bb1b99c10d9ae |
| SHA1 | 06046205020f92a72a0d2b64f12dfb551666ff53 |
| SHA256 | 2426d77998fc589ac9eede0e117472b2b355285ae488b68648bbb54f6ce9022e |
| SHA512 | b1136cc112d4796ad20d7e264bde7b2423f4b1ef6d4674a1461ee87ffc56b88d1a0cf5913394ea14083c97bf22c8f3276d1873f307965c70b875d259de0947bd |
/data/data/ir.nahideh.lazaniya/databases/__pushe_base_lib_db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.nahideh.lazaniya/databases/__pushe_base_lib_db-wal
| MD5 | ae2c3efbf1d9b027e9fdc6f9b8fb917a |
| SHA1 | 7d1029b925d8aeedad16d9af945889deec8bfc57 |
| SHA256 | 193fcb35ddd5d4447949651bacba258b1c1b91ddb6bf0aa8854011f8705040d6 |
| SHA512 | f8258974062d736dc81aaa0a704d4529013a6d4613b8113b6276e3695c726bafffa68fdbe5b37401b57be0f2ff7954bc41016706728f726c4b362b1c56f1c277 |
/data/data/ir.nahideh.lazaniya/files/info.db
| MD5 | b11b503ea552774cc364088f6acc31c8 |
| SHA1 | c821de0dac73d72fc0b166d74e09b318f7aebd00 |
| SHA256 | d2305d315f9fa6f891b79594d81181f4712985f02939e3441d7b8fc78c3795a1 |
| SHA512 | b5ecc6cf1d404542d3179cab4376e9389847b51f344fde9cf9a27eb1bd25aa5e9c6c8c13d14fcb65c40275399b45e3c38e8b7fe874edd72ceaf02a1440d9ad28 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db-wal
| MD5 | a21b9073fba9bb3f872c090da4bb95a5 |
| SHA1 | 21db220051ad3a7684bbc275640bcbb8a2a82e93 |
| SHA256 | a217770a62abc3e9236cb69b2fd5a07b7264b1b184d549053ee65726da498fe0 |
| SHA512 | 2e5036516376a9ab91864cd48a826498c58b52bd4099e1b1103fa8d6c32f255d03d6e17cac6b248aae44cb8a00c115007e2d95adddab9cec1247b8bdf09625bb |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | b72770f0883f1fb3aa781386ef1e0ce6 |
| SHA1 | 945cb0870af0666dd9f3eb67f8fe5b2f0c4e90a5 |
| SHA256 | 001ae23fe5cc6e0d09f4a47b1c2655fb7da532e3fd8afe76f7b15009fb90e3b6 |
| SHA512 | a7f41e5fb72d3daa0f12c05cb2566a78bd3b2543900619bf3be5c16e3620195b994608010cc41ccdb51d6ff41493f4056befa7d9f6a332f533f543388e97bcc4 |
/data/data/ir.nahideh.lazaniya/files/info.db-journal
| MD5 | 8ba88d5bce963c18a6399e454c1caaee |
| SHA1 | 8ac451263bcc4e4a4cca7b9693b4d2e69b786af0 |
| SHA256 | eba46cb0435175c2dd23fa726145fc0a21a4dc12e008bc0780224f66276d5a7f |
| SHA512 | 4bd8e8f635876382bcf91552140faee23a8e5efd7c3eddda58f186dfc5931e0af1dd0e822b3635d19e105a26efd698ade33a066f5cb610de09a2ec0c99ac2783 |
/data/data/ir.nahideh.lazaniya/files/info.db
| MD5 | 447167ac364f7c5408462d57f1e5b38b |
| SHA1 | c999091def3735a1765f993e46cc9b244742abc7 |
| SHA256 | 2d6ced53f21797881b5541dd3d03cd5536e996d7745cb3a3358da36795ad6200 |
| SHA512 | 6b95479ad54509936491bdb9f19ad8b9d9d23b18362a4f96bdf494f5065291e8213f37603bd8228888a3c45e03358e151f139ec5c72a389c3937b7174b58f7d2 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db-wal
| MD5 | 4cd64b9420fafaaca44028b84ac68ac6 |
| SHA1 | e8b1e45fb245e19864ede77631b337e7a681fb61 |
| SHA256 | b785049553b4056555c13ce8640609441a6f528545aa366baaa4170e6a7fbfc5 |
| SHA512 | c68e29ded7210539214216eaf0593f145a87024c8ee839b4a7c3fe15c215c5f196697bea03e6787b2ec99e0182aa71043aadce9864e9daa8176feb35176d4865 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | 431a1ef5e7c73a10321f012744eb67d3 |
| SHA1 | cbe03195e67cd2fb18410fe5915cf5d288432bfc |
| SHA256 | fd158dee1c6080dbf405e36a255fe132d557241802bc13e2b5479e2108fd1a79 |
| SHA512 | 32778949b555b49a23037d87bbcf495c9b8389a5d45eafcf0c23976074439b5b4b225fe78bf6edb7b40ec3664487cff2aea535c8333ff1a9072be73a6aa87552 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db-wal
| MD5 | 3633545979e268846889bb343e39b4b4 |
| SHA1 | 7a938532dcf22c4ef1e55619a81471a3b9614264 |
| SHA256 | 6d98a28a83a8564f19a99c1ffdccbadc4a0b645292cc0f93a975cd74fee26b98 |
| SHA512 | bbabd4731ef972718fcdc3042876671b7fcb8dbec770f3ea2d90ba2e46b64702596083c4f95f0e7164a57acfe7e94f0e7334c3c58e33912264a92d3d80f33c25 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | 2bcfdaf52724e032ab3e00e73e793094 |
| SHA1 | 6787be8c7a1c0d6b240470cc0de2db512064a7e6 |
| SHA256 | 493c38d49244c0255419332477604eed776c9f1282ad9d4c150ee023e434f769 |
| SHA512 | d83140147ac25a04ab74400fe100be9518e6db45bcbbc78d0ebccada58f2a5cf8ee295789d0d119bcd4985e6f3d26678aa97f82e25e4f4ef3bcfef903e5b0f64 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db-wal
| MD5 | 838a50f6e2398f6d4a9ff66a46eeea23 |
| SHA1 | 5b07c0fde06e5050620b08fde951d54c93a8a9d9 |
| SHA256 | 364566578c52146d582468b6cc11c381aac56cfe2daa15883ebea7f351218bab |
| SHA512 | 7499da9421cab1cbfac28d37745ac8dedad9b3cd19d4a8d49aeb48d8f3915a6871f588947c0fd69bbc79996ec6ccce5a937b52b97c1fe1bd07cc02792fd914b2 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | bf11724cccf2a08a4948e3195933cd0d |
| SHA1 | ce84cb7f345b166c316d17d7bbdbcf30164dcd8a |
| SHA256 | ecb8601dbf70a356f7b5cc65636b768b40cd63d83e5511b0fb095b26e0d295bf |
| SHA512 | f09b23c5ab022730b32544a0dcfd316eefe5e983d917b4b117559df0a23d2d46144e90fcb6726f7c901ea720e6dc8a7213e0a61910fde118fe7f02218b676796 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 16:23
Reported
2023-12-23 17:02
Platform
android-x64-20231215-en
Max time kernel
2543793s
Max time network
146s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.nahideh.lazaniya
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | ad-sdk.com | udp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | da2ff831e2744cb6963708e0a1d994e1.s.adad.ir | udp |
| BE | 142.250.110.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | da2ff831e2744cb6963708e0a1d994e1.s.adad.ir | udp |
| US | 1.1.1.1:53 | da2ff831e2744cb6963708e0a1d994e1.s.adad.ir | udp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| FR | 216.58.201.98:443 | tcp |
Files
/data/data/ir.nahideh.lazaniya/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db-journal
| MD5 | 9ac0841afbf57444173735f19992b627 |
| SHA1 | b6a2db474e5892783c386d0952638491cb6b8bdf |
| SHA256 | 59255e5ce14aea7fc914fe8332e7c6df48034dd9b0e161187a93981fa7a493ea |
| SHA512 | 7c8f7d401cb00595f8ce7013fcd0afc2ad1186682662c862d600e21ec1114183c1fdff823c149ae023dd353d810eac24eb8a2eb2c1514fd2b5dfe5d341f55de8 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | 00e829076f54c72b50b63fd6de296a03 |
| SHA1 | fbeb1b8be863931f98a7c29224a03b89f9616ab2 |
| SHA256 | c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df |
| SHA512 | 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db-journal
| MD5 | a72b00744d3435b06d8fb1315768095b |
| SHA1 | 82baf045f1bc23e48750b5ed00195980bbe3654c |
| SHA256 | 45ced0c6a8e19476994ceda5c66311ff8af8a379a17c5770b4ab96ef944cd107 |
| SHA512 | 6144b0eba44d2c3f60d7ba5752a6ed2a0bf5e72f7636c8aa511d7dfe4e8720b9385f86c29e2cef0a203af8fe38cf25ea0806765f2cbfb5a2525868f8266681ba |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db-journal
| MD5 | 433c6d411fc9c5255d588d87e8cfcf48 |
| SHA1 | 289ea123ec3cd4deb1cb5272e47e8b59dcff036c |
| SHA256 | f37fc5b99ebb900cb874a9fc04cad36c290443e35bb296e5cf3910fccf4c55ff |
| SHA512 | 4b8ac76569bdc6f7a03c9481632e4f46f6d9263b97e3198d52ede1fde140c8499bf460c5d6c8020b5fe7eba0c13d177b2eb675389983d82c76be4b59f1b50991 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db-journal
| MD5 | b523232182ae6fc984fe3e7654f6daec |
| SHA1 | 06a0f94b2f08c5e6470f35a726706c207b5ceea7 |
| SHA256 | 8ef34dc4fd3adcaaa332260fcaf38e6d53861034cfa2aa5997e3b65f4d35cdab |
| SHA512 | 0cfa839311dcaa08715e6d762311616117ea721f96d92d7d448e0a3bb1d3c23ffe2d1150a39ebf49f447d22059f7b38d3cc39f9069978a62452dbae7e78b9f17 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | edeb17f515be6417eded08c1d4adccd5 |
| SHA1 | b8305ef0b438829a40923e622b7f2d27d9a56253 |
| SHA256 | 62357c1207e05cab16381d1b2367e8e9f571200957a69ccc9ea355e2f2b0eca8 |
| SHA512 | 8dba31d23cd04e6388eaa0136891c1d7d97a7661f1ab3ca6b37733ada2ce9723649c9fd35e90fbff2269b7743a47bca3e577d37f0164392bcd387e721586ddd1 |
/data/data/ir.nahideh.lazaniya/databases/__pushe_base_lib_db-journal
| MD5 | 7fe1a21a6a67f2002bcdcd358af474d8 |
| SHA1 | 440ee99b0d69fa28092de224a9843b67458650b3 |
| SHA256 | 4ed558dff4dc85e6e3a1e77ee94dd742f05f51ce6c607998443a58e60a819f36 |
| SHA512 | db32587087af75db46de47cd5d2fd12eefd199067415f375f062057385c723d5be6ddfaa8cc9b9d6f728fd0974ca2c705adc37aa0dbc17745c792e33aa6e6380 |
/data/data/ir.nahideh.lazaniya/databases/__pushe_base_lib_db
| MD5 | abe9fa56c177c65db8c072e6d81fc41c |
| SHA1 | abe9e9bb6f7294324f549af4435f58578ae69f2f |
| SHA256 | 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a |
| SHA512 | bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a |
/data/data/ir.nahideh.lazaniya/databases/__pushe_base_lib_db-journal
| MD5 | 69b167556f73ce722bb11741a4099631 |
| SHA1 | 339a6e514b34d829116e0553a362a265039eb4f3 |
| SHA256 | 5732b0764d25de03d17a802cc2006d2dd75a77513d0cd1e638febc9e8a1eb442 |
| SHA512 | b267718c40daee48de1e0976fb1bb4df314b52fee645409c85c9f53c7e643a6b7a6f926b267fd6346ac0836c3eb2defa0fc732a72d88703bf0f668b840b5270f |
/data/data/ir.nahideh.lazaniya/databases/__pushe_base_lib_db-journal
| MD5 | 16034cff665fa602995e5cc055b27fea |
| SHA1 | fbdb4afba592ef9110328dfe49b02ef8fc642c97 |
| SHA256 | 952c348145212e354c578569f704c33c382d9dd0f8f02653106fd10fe82d19b7 |
| SHA512 | d858782f57dc65908106f73f61f0ea35cf6983e9c35a903790800eb204f13650fe15394866f58399909b7816019b5ce166b8bec64bdfeb8691dc03e0b54798cf |
/data/data/ir.nahideh.lazaniya/files/info.db
| MD5 | b11b503ea552774cc364088f6acc31c8 |
| SHA1 | c821de0dac73d72fc0b166d74e09b318f7aebd00 |
| SHA256 | d2305d315f9fa6f891b79594d81181f4712985f02939e3441d7b8fc78c3795a1 |
| SHA512 | b5ecc6cf1d404542d3179cab4376e9389847b51f344fde9cf9a27eb1bd25aa5e9c6c8c13d14fcb65c40275399b45e3c38e8b7fe874edd72ceaf02a1440d9ad28 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db-journal
| MD5 | 9f0c9d1bba11fa40e2b87a9e4a914016 |
| SHA1 | 8be8596992ec7ec4c710cfae89367210982b490e |
| SHA256 | 22100f57dc09956cc62127989eb5df3b4bf7e4be4e86b58cf57b011868f3ae59 |
| SHA512 | a0b7dd77fb862c3e86beb25f2d32a911c300a23c843caea4c7668e502f785b919bca08f2d14d56c09a3cb6372602beba6e96922e0710102c449d28d7bf23295f |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | 613652bde97cebe8823d54c2e1fce754 |
| SHA1 | 59d14b56e8b39a17f10a0b48eac8325a8548c618 |
| SHA256 | 9298f04ce80f18ea4563962a854541792b89221e109dbc322f98fca660aec04e |
| SHA512 | 240b36c027dbb86db52fcf01345a75164ba883ee70e710b8b8936f338514510cb191b53139450314414b7478f047464255653768f31213094571ac5b74bdbee8 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db-journal
| MD5 | 714e0e36465d28cf7e9d981be2a4d835 |
| SHA1 | 4f11d98d1a219127fd8fc8843d07b8d1ae9cc5b0 |
| SHA256 | faa58d25dc2c789f71e5d3e0b97a3f4a051a9bcb642c9beb0b05539e15b009b1 |
| SHA512 | 5ca1100bb015d8950aecf6205a42764ee5c62e2d4b920c5d8442fff1f9f0748b9f31cd6bf64fe5396764ca4f6b3acc068e0ff2ce8e5b40c3b00f8ad09f75542d |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | 7cf84fb62fb781997fdc44abc761324e |
| SHA1 | c497d47a9e729ca4897e03ea627b1c064582ee7c |
| SHA256 | 111869454578709184fbc6aaae49e6e21a93790669fd0681832c7c56a0ed5951 |
| SHA512 | 62254ad1073f8c082fad1bcb72afded45e33e8225fb7693cbaea9f0bc88ca775c1e715ecfa6ba746b87a80d6073967b6359bbb38c9e00adaf6b40bfb85289199 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | 32d43819ad679ec4eeda8fde0c372ee5 |
| SHA1 | 8b0d4806b651e96daa2e9654ad11c8fc7e2d8e98 |
| SHA256 | 744a063556272e778453651a45c3f41c9f12c7117da645a0b1a3debdbb0f30c8 |
| SHA512 | 649c237511c179bd329944cf8ecaf3348db3c8ddaf7897503bca712593f0db3f851cf399354782f65e3b63bf140f7c38d9a4ebd9713eaab04a182b456d22b420 |
/data/data/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | 830b2ca1308243e39896d6169a7b0842 |
| SHA1 | f46be748b639637197d59b6ca2574dcc82f1db6b |
| SHA256 | f38e7dcbe2af53a358abb9753a6cdd5d1f85936c989e38f6e512a665b0ebb3ff |
| SHA512 | 400a7052f0a3ad58f57353718266054e73449af38dcbf781658d10b33382b76a4a8acf78670cd9427d480884047a6c40cc1560b67985ea3dae1cf6cee06b00b3 |
/data/data/ir.nahideh.lazaniya/databases/__pushe_base_lib_db-journal
| MD5 | 7f521114ee014ebfd45b4db872e2717b |
| SHA1 | 3f20fa4bdded19b6823731f41b043470e532a1fa |
| SHA256 | 54dca45553404c81f7bdfd27775f6c23eb029f620b69f11a45e217e560b63e1f |
| SHA512 | 7a4d513570aae6c5dd7ed52ed59e390dfb125dd05c819b3fb2285ce10b7b863f6d3b2106d444e88c82d144335e0dbc4698ee7b02437763bf90e99fa6507f87a5 |
/data/data/ir.nahideh.lazaniya/databases/__pushe_base_lib_db-journal
| MD5 | 1b24cd07d68aaf3d5e5735b2a5c1043e |
| SHA1 | 5bf096ffee4ce3626b5339235367ed05ecd28976 |
| SHA256 | 3e021cf920da233176e512a3f469b33eb315cf08912acc648f8e7b8ddbe45dd8 |
| SHA512 | bc68a9a9c24e895d586eea680bf1520b460a2e42ab7392905cc1f1c9fb89db9102166e36f59726cae469ae0149f4e7be202392e33d8f34faed3561c746081ed7 |
/data/data/ir.nahideh.lazaniya/databases/__pushe_base_lib_db-journal
| MD5 | 042085a9a51d57f1221f59524d5616b4 |
| SHA1 | fefa2d584c1a578213caa5e45821afeb1ea78741 |
| SHA256 | ce77cd418b6b26b77da32501c16607614be52f1c490c8d4503f67ae9a8d1c504 |
| SHA512 | a5892b88b4ea73d68d731aebc2bda6bd1d0bf441a822684fe28b02b7e56af0c2a71d82faeccfcaa32f9bd2d9cfa6d9105e6019d259f501525d13562694b31197 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 16:23
Reported
2023-12-23 17:02
Platform
android-x64-arm64-20231215-en
Max time kernel
2543805s
Max time network
144s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.nahideh.lazaniya
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.10:443 | udp | |
| GB | 142.250.178.14:443 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | ad-sdk.com | udp |
| US | 1.1.1.1:53 | da2ff831e2744cb6963708e0a1d994e1.s.adad.ir | udp |
| US | 1.1.1.1:53 | da2ff831e2744cb6963708e0a1d994e1.s.adad.ir | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| BE | 142.251.5.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp |
Files
/data/user/0/ir.nahideh.lazaniya/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/ir.nahideh.lazaniya/databases/evernote_jobs.db-journal
| MD5 | 05df5a7fd175cfe76b43d98dd14dc22f |
| SHA1 | 66bab1338be36d215ebfc211380b6bd9d0dd44fd |
| SHA256 | 6bfe1a8661c61830185b0be15d77b56eef4109d7905430c694c0ebcd60348382 |
| SHA512 | 1a08eb1ac15474ff355216b1d4a92f05a7312782b215eebf06aad133e579f6bb3357dbd55f481e02361925a748aa581facd2d781379bb08b31dc27c45167162d |
/data/user/0/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | 47080e3bfcf2db9b8620f2faf6c5857a |
| SHA1 | 6f63c1851255e0fa99567f047382074b086d38bc |
| SHA256 | dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb |
| SHA512 | e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473 |
/data/user/0/ir.nahideh.lazaniya/databases/evernote_jobs.db-journal
| MD5 | 3013e1baf2a1d5c2f1ab68c3916961e5 |
| SHA1 | 7adfc75bee558e24ee4d13c1a4e9e98ce467fb03 |
| SHA256 | 19eff938700d898d9f4ff278e27c46bd35182e3936851bcd73519006103d01d0 |
| SHA512 | f01300190547e73b576157956b150260ea8008a7879c674fd53320b4fc3e53bfa98ff54b1a259ca7c1d001cfc7be49b043eb25e3749e4e27f0ff7617947221f3 |
/data/user/0/ir.nahideh.lazaniya/databases/evernote_jobs.db-journal
| MD5 | f5b1fea712e74c4a828c27c545abe673 |
| SHA1 | 85c6e301203bf62a714421ef637cfdfe99f72f67 |
| SHA256 | 254b3cd87ed4cf16e0825d9052a7970b3b3ff90baf7cfbc78c5ef24b3e0031f5 |
| SHA512 | 83f6529a90de76fbfa4291eaf06e6e2ee4e5d0430fea7624f8b24815ecc72a3775920ee82e135cb9f829fb1f35358416cb5ba87dd08fc6bb4db5a807cdd42346 |
/data/user/0/ir.nahideh.lazaniya/databases/evernote_jobs.db-journal
| MD5 | 200aa7498243f7b0913fdf4a51a7bdfb |
| SHA1 | 2aaf6a11f6af6b2ab3a8fd7bdd4f25cd4d86628f |
| SHA256 | b6bc4cb17508dc75d1622a52157ab59772b1ecd37fd1172fd3ce0f05432b97cb |
| SHA512 | 9604dddd626add349bc03e25b163894c8b87a2ea240dba3c5f470000b86a27a3b0d30720bb16b58b2a5e45911ba9e92d81a7aaf7d655da495756c8409060757f |
/data/user/0/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | 545cd091014e3b805e687c82f200c97a |
| SHA1 | f7d542679f432a7718f6674d9c08450c1611fadc |
| SHA256 | 3a61f4eac0dff8f9e6c288283d47b33a695936e953f50c22fdec32ada6dc0f2b |
| SHA512 | 4350a107303675447f4df8f157f163b3bcbc85b1b196feb00e757b0ea69b712f12f28c6cf97d92ca14ce0ff1625e2d7580fe1b66722cb8d2837f52e0ad47562d |
/data/user/0/ir.nahideh.lazaniya/databases/__pushe_base_lib_db-journal
| MD5 | e97e0edb5a31627ed7e5b30b73297b61 |
| SHA1 | 4dce453f61a1bcb138aa611f22afc415bae7990a |
| SHA256 | 6768a3e2756af3e7cf879061a15117f4b9e9d16c6e2c25eadcbbd8c2c7ea7294 |
| SHA512 | 0b82adf62a4c7dac4c419af7e0f0cc51dac3e40769eb3c5d72c5e043c14ff7660a138db2240054cd635d98042f7acf6c600646713eefc0cd007b725d70172b51 |
/data/user/0/ir.nahideh.lazaniya/databases/__pushe_base_lib_db
| MD5 | 2cdf77d5c14dd3f313b60c691579a0b9 |
| SHA1 | 6a74a7a3170cabead82152871c90749afdd6f310 |
| SHA256 | 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0 |
| SHA512 | eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c |
/data/user/0/ir.nahideh.lazaniya/databases/__pushe_base_lib_db-journal
| MD5 | 36dd4e2dd30b7fadac29a7af08777417 |
| SHA1 | 1e81a4682c1cbe606b7fc91fcb11554199d97983 |
| SHA256 | 065db0d136751caf6d40b6b3049c3f4da35a93be21c63853f9217b099c3c1b63 |
| SHA512 | 75ecaf948002ae49ac349205131b5545f823530dbf2809d298210613826bc81218ae8b5e2f2c841de0d469f40f1411c871057028ddbd08009994756a18622354 |
/data/user/0/ir.nahideh.lazaniya/databases/__pushe_base_lib_db-journal
| MD5 | b235fbabbe380de26b8f925e9499affa |
| SHA1 | e13c3e57440cf93a45d5892b9ceaec4b9837ee56 |
| SHA256 | d685ba5c33e4b2e3b8228ec9a7690bed4c6c95ec9a7e7bc9d5c49b3c95f568d3 |
| SHA512 | 9dc3d1b07523d6836cca379d96c940bffebe057315bd2cc8908c03d057c845eb3f739e86af3fe8ca5a66d9483f89eb503c2b2e0782e9a9265c7a2f3fba557116 |
/data/user/0/ir.nahideh.lazaniya/files/info.db
| MD5 | e8ab9ae7d09dc321be16917792535fd0 |
| SHA1 | c4859bcfd02c3e8c868747320d78a6c3d5bf4fef |
| SHA256 | 7035e2261cceace80c9c4f8a03517fd64129372d8540d03af02954bc2aee6665 |
| SHA512 | c8a64af73c5c903e29170f0b839e5138548a802807008d618cc9f0b0b30347cd6780a39efff1c22e5decabf49190413d4a8b9b48e260b1ec3524d2b67175e5be |
/data/user/0/ir.nahideh.lazaniya/databases/evernote_jobs.db-journal
| MD5 | 92e471a1c06cefa6b922de5358b24e40 |
| SHA1 | c289dec1c1cdd8df792d3a674f602342c67d70ac |
| SHA256 | fac8059fee0e38d0ec4b308592136b4b5c4ab177f2ed43023d663a5596570206 |
| SHA512 | 2951ff846ed49c0191bf0b9094cc36977e3883e06a01a914e9aeb3597e3abed825ecf7bd6ae095bc923ee2679bbcbe7ae015130b561c8486bf3d547784a25eae |
/data/user/0/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | 045dc4e90b3d327ad43c6ec43ea34b6c |
| SHA1 | 477e1a96643da0b51df24e26fdb056fb827bab99 |
| SHA256 | 33c249991dfb1422383d59f41630d8939d6a311043c4ed02a61e137220f51551 |
| SHA512 | 2415d8241b28c0c904619761e4f3ff39660452ce5532fbc41c251cede441e8cd362b6347b16ef9a6472cc2d36ac86a6d83a3470ddb2388046ab22504840915df |
/data/user/0/ir.nahideh.lazaniya/databases/evernote_jobs.db-journal
| MD5 | 4f6ef2a50af20c340d643d21561dd0f6 |
| SHA1 | cf2457bd0375b3f0a6b45ed942adba7ef5805601 |
| SHA256 | 439452cc262adb11f18fafcaea7cc1164777b42eff302cf5f437ffd73a1899e7 |
| SHA512 | 38dba6dd1e97dfc109829965269b94479bacea02253099d37824b06e708ade9320d9948f5c286756a08568f9e36a7bdad52b39cf9d1b2708c2b0294d7ee7c2e5 |
/data/user/0/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | ec1e94c2c8287db0b449add23b491196 |
| SHA1 | 2d7c6ea46f8b3a9bb1cbf4c5e6019babd928d6de |
| SHA256 | 2e2b66b586d97d9b03c1c715538a2e019e943f717b6e94f72d5c1f78bfc7aaad |
| SHA512 | 8edcfc29625038fdc988b34427d6fcd39d545fc2cfc972a8c2d9d9e60e1dd5d6b5f72650c835853478dfaeb26ee213f1b288dca162168aaf542a2e83802c5ad3 |
/data/user/0/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | 374a7ca32f461c087300efe96402dbad |
| SHA1 | 9b9d8d4c38cd91bc80752bff6c353473686b68cb |
| SHA256 | c6f3d8d739fb0f3d132849f8ef852f29866a456821f3d89d2d42c780b847c968 |
| SHA512 | 935301baf27db919ab9f5ef24938d577e34b1847ba128c0d061784aa168dd6de25849b8388e48d1af9d510e6078ab406facd2296d40f5f8c12e1aaf591b0d15a |
/data/user/0/ir.nahideh.lazaniya/databases/evernote_jobs.db
| MD5 | 5e6239d091c190c6794825b6a4bd1220 |
| SHA1 | 0a7676a2de4a93dacfdf041ff2e6fc9edd44448f |
| SHA256 | dfbd033a4a744efa2e6007260daad8e5f01d822389fb5662610e44bd65716acc |
| SHA512 | 80c2570cbf14cda3cc50c1cb8511a1de63079dd947005d3cfcde8d2a3346cca6c8ecad091d111928da096e21f8933359466d9d8f9f55409405dcaec251dcd458 |
/data/user/0/ir.nahideh.lazaniya/databases/__pushe_base_lib_db-journal
| MD5 | 0ac0d94b57abd126ace806d2749a17a4 |
| SHA1 | dfd80430f75744930b4209f9a6490a9c49fa8af9 |
| SHA256 | 4a89949f275ae1d010ae6eee05651dd26e4fe7c7dd1955140fde992712741e23 |
| SHA512 | 22dfee4f17f74001380313f6676e7c8fe23fdca4b06bf6f3e3dd36b791c5db0be87768b4c3e87bd2fc1430b540e027fa90f156c5947eff9d629c5ce1baa3973a |
/data/user/0/ir.nahideh.lazaniya/databases/__pushe_base_lib_db-journal
| MD5 | 06badb38ed8767f497d719afbbcb5582 |
| SHA1 | f96a686788067bebf6f814aa145f8ff09bffaee3 |
| SHA256 | 907decc1faca73442de0d6787bea0b0d88d403bb8f802461e76ab47d93c75c95 |
| SHA512 | 45ca160477f793f7d3ddc89e0361b41dd486126f9fdc84090119b5a68e6488d8f1de3752ce9b795a8524211a8eddb3fc53cd0cb5bc4cf733bdbcd77042a08c8b |
/data/user/0/ir.nahideh.lazaniya/databases/__pushe_base_lib_db-journal
| MD5 | d9371d452a6bede7b6cdbb81e2da2eeb |
| SHA1 | 60592a55b1d380c95eff2bf304078eee28d8fc0b |
| SHA256 | b814eb35b063423ea7e8f75ab9ba3cc7e6640a76db97fc64245d451708bdd279 |
| SHA512 | b447ea19ccfe384ec1d32ae09601e5c4ef5f534be59cff507d96466ac42571093bbe0ec0fe52d3813676a8c42338e1f3000925545a2db4a443267537d3da9802 |