Analysis

  • max time kernel
    2592021s
  • max time network
    157s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23-12-2023 17:34

General

  • Target

    5936661db2df9d475550a26d2e834aa807760678b8ef148084ca0242c3cc526f.apk

  • Size

    10.8MB

  • MD5

    8c8354e6f3f2c595d5a5f1ad12c44bf8

  • SHA1

    41bfc202d3e527f48c1b1138033cbbedde03e447

  • SHA256

    5936661db2df9d475550a26d2e834aa807760678b8ef148084ca0242c3cc526f

  • SHA512

    3f31f601df2c4bf0daf6cf57ca185d2ed67e88e33e6aca66deaefc5b7df7c1343f4380a8a0a5d1a314306e65e674ea91011c3d1c4798d6cf4d41d446adc4d0fe

  • SSDEEP

    196608:UvpF5luTCzHYIibt4xVuz1FFoZCU3pAefVcfeUd2mdhiU1rrsOMgXjr:UvTPue7Ymsp3U3pAefVcf31dhtrsXU

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Checks Android system properties for emulator presence. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.nahideh.amozeshjele
    1⤵
    • Requests cell location
    • Checks Android system properties for emulator presence.
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4271

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/23b1d1e9-f1e4-47d3-a900-1b4321129230.jobs

    Filesize

    278B

    MD5

    0ba0f9e85f74d3291aef47e5ce75bd15

    SHA1

    601ca65291a120c6f22892709d8cab0465e409c0

    SHA256

    19b2fa8c7f99a7ff2b937c50fa7230359a1b1e5db1e6efa57ef885844da3a0bc

    SHA512

    9a5a2bf47e2d4cdf4aef93ba75741beeb472a86fb1ebe4f592310810e280c9793bfd24148674b4ce6423a18bf4285408a8769c3e28f46dab949a722a11f3cc4f

  • /data/data/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/bd091890-085c-44a1-a579-ac35ddc78308.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e1b23b61-59ce-4d71-ac03-cd24214993df.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/ir.nahideh.amozeshjele/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/ir.nahideh.amozeshjele/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    0214856c9e19eebea000a28bfd7e3b86

    SHA1

    400ed0b7cbd282ae8771e0ec11603f19a48b7170

    SHA256

    36f517738fd578570900448c828c0f58076c2668f093ee1937f11078c7e443e5

    SHA512

    86fe8be2a703e8b4da038641278e83878bbeddb36741816df48f9b3923beaa41882106a8df910478c0657f477ee4d68a91abddf68a8e58697ae81ca3feaa338c

  • /data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-wal

    Filesize

    36KB

    MD5

    2736eb56803e282041cb0881cd221a37

    SHA1

    d3b2dfdc721290855a6687da155f6ca9e8cd0400

    SHA256

    332bec021966d4fdc9ff4a204a08c9349869f61ccd723dfeb0e73907cdf6ac7e

    SHA512

    fbd1864a581d4d3a74b6bec4195bf3c9e6e923fec53e1fb4f9814eb6b9dc4e5d2b77822d01328e035ea82ebf88c1a4e427e5363e3f51acd100f62cf748740271

  • /data/data/ir.nahideh.amozeshjele/databases/cheshdb

    Filesize

    20KB

    MD5

    f209534f47abff744f8a123bb33720e1

    SHA1

    4d3d680b1bb2b7f1367bfd36e605c7aa22e16fb6

    SHA256

    24f381266086c3b126a838cf99ce4c57e81e24d5f060b2aff565602a699573c4

    SHA512

    099173203e2d66e34b4dacb1efbe76884ca9529eae1e9d10aa9f72ed4a38788fdad211d6c662a4349e81cfd44b3556a7c45618adf2dc35e333d6def2ce9f6d29

  • /data/data/ir.nahideh.amozeshjele/databases/cheshdb

    Filesize

    20KB

    MD5

    39db6f0be745bc744fc613c73a9e10b6

    SHA1

    fd7b91a17a39017c31161db892d79e774a15c94c

    SHA256

    30b7a28c5869795cab13cd095f8075ea6e0001687370e5ec1a8334daae38573d

    SHA512

    e060156be3586da673a76a345a89cf209637c82efe7188a94fc08a856ed5605393c4a7de18634f647d5909af2d2b4a88a7c3ef3f3f9a5028c62c81d9975eeecc

  • /data/data/ir.nahideh.amozeshjele/databases/cheshdb-journal

    Filesize

    512B

    MD5

    303184560097c88e629f600e5f7f4756

    SHA1

    6096dc5ab27f3a318a70fb9bd6b55d85a5bfa696

    SHA256

    174f50ea1b6674f92bcccdd1c8db5d1ffd3a8d3c4f4528b63347ce8553a7211f

    SHA512

    b0ec0b25270c0bf0b19cd91ca953715d5ddb2037f61c0a4a478fdbff0db8a4421a0f2acc5d3cc049cac78f1e34dd840558de4d26acf91c8f86ed48e85f1a36f8

  • /data/data/ir.nahideh.amozeshjele/databases/cheshdb-wal

    Filesize

    40KB

    MD5

    656ce15c0499a294356341f7e7bfe576

    SHA1

    14a05e3a7f712ca3dda287c9fc0bf57c08d85fbd

    SHA256

    ebe6ed6bfc97004a985f3cf682e1931bb4dcc72fa6914d24ff5fd5e86697f88b

    SHA512

    f8b691e335bb04d6646c0cd05421ad4abedc0029dbb8fceafbfc9a5086ff26e38881f63228dd0017ad6e024307bbae6018205256ffe9a238e654770fa79e27ff

  • /data/data/ir.nahideh.amozeshjele/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    7ef1bdd4990c3992001acf1fac0da938

    SHA1

    55dead391d27e5526372ac8382541b2ef287b548

    SHA256

    6928ff7be04178aad8ada20cbf06462f7d09f76dfc05a6557e971f2c149e94c2

    SHA512

    47174df9f86369ce9077c6ed234def00d74f53b49da6c6a4b95d46726e0fc9caf5319035504d7155212c4fac369848fb82e47c343ffbba69c4876e64070799ef

  • /data/data/ir.nahideh.amozeshjele/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    ae5412d0decc9e6a6bfda166f812e344

    SHA1

    358eb6ed5b124e228d3a1eba80b90977d7763eb9

    SHA256

    e14f3a9eaf3d64db5a232601dc6f154ee52827edbde6541ff05ec8d7b866ff27

    SHA512

    5a10dab685e3fb649bd7c8fbb258ec4caabb754c2b488b3b89906215c394f3774501193dd8b0686dcc555dbb237a5fea02f3bc2c1a2e05a18f1b87b3be0e8fa0

  • /data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    86b38de5c2da501ee7e9a8a77f7450b5

    SHA1

    8b8023b514069ac5d894af8d532bf2b8f5eff775

    SHA256

    3596040b64c489ff26acff7db526e000689f44dcd3b3ded0456f293e5d86a1d4

    SHA512

    a13aaf29847b8634f45874ad555631df2f81daa3e81149640b9054ab6febc3f7b6a22700970a42cf5c1106c9bca39f5ccd8d2ae77adb4f02aadb0ccad6d8b6c2

  • /data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-shm

    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-wal

    Filesize

    40KB

    MD5

    d8c34e127bfb069daedad8b22b208208

    SHA1

    6c0158aadbddb556552f7321698adc5e0a10755f

    SHA256

    a01c2d83add0c89580456c7c5249754b27344bd9e53042cab0e48fb50a9a4399

    SHA512

    33159cf096050085063231351a961580c43ea037a20d5634339ff975c7ef8094702aca8bbf22e5e318569dde4f6e131e96f095e6038c44a2b7db803533fd39f1

  • /data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    db568300515cd16f1e097c837efc8d75

    SHA1

    27ffa52544694019c2ce7e698a027d1811136d29

    SHA256

    12122ab8f2d858d06930bae239e6cb6e1a5bedd5f62d85300855d6e8e9890103

    SHA512

    6f5f742f576c749997aa2e22cd268aaa6a6f5ceec149b8987c55b2b2040fbc81af11ae79b3b3775504e2ab829aefe98aa1ff152352716ddd6171a596116b29b9

  • /data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-wal

    Filesize

    28KB

    MD5

    5cfa9712f6f52349bddc167e6a51ac2b

    SHA1

    18f6ee53af8a2b77642eb2a14f0d43e3e34afd6d

    SHA256

    ab417c0dd745320b53c3f97f5c0a93148ee7fa75af60509bd2ccc9f19303225d

    SHA512

    b55b5067939c0f523c92bcfa6a405f7310b16eeb9782246f5cb3201a814beea6e2ea8726f1d936b49c5b53e344fb913fe16a1d7ca78712768d36474bdebb1b33

  • /data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    047887e12308343c25d94cbb9a39d731

    SHA1

    cae984b3be07b1e6d378b80610d70a8236deba9b

    SHA256

    9d928c15deb5d49ffee85e82b2ac53946996b2cc5f18ed11421505bd74983b22

    SHA512

    de26d650454e7061101107248ff5deaf513298f9dc34fc3838d49f4cd1f3956dca4125eee1633a63c138bb32326c46766f8e3beff6525939704abd41e5e074e0

  • /data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    c92734036fbfbd2e5e558aade5627890

    SHA1

    696634f1fd2dfd41cec1a39e6f469fb0d46da2cf

    SHA256

    3880e78e7fe703734ad4c2fab7e3c8c29301a835f41b34ed86fa200c30e1fe4c

    SHA512

    69a860ca2119a014495f6077323f6ac5cf1e517ee20aa465c65dd672d02ad197052f20e2aab7ffd2e48f109a704c44e642780174f3f1df2f45f504c92090a3b5

  • /data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    63b2e99a9ceb7fcc0273e6b913a1ec49

    SHA1

    72787433701f67b5a9a7d214af08bc9281c524ac

    SHA256

    710142c7940bf04db099b5c808e037e38a413704085ea2fa2e13565dc56448e9

    SHA512

    d4cb30276a3ac14701fbe5b130cfcaf976e3431cb6beffdc20497fead84d2cecb284aa10068d68256d8fbb8e949ba1133edbf5672a55022c29b637e2c942c0c8

  • /data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    42cd694dafbf2d73f235a1ba873bb1f9

    SHA1

    61e6e054ee23877ee3c6a58c33a623058fd641b9

    SHA256

    0fb585a01ed07c4e90cb797b5ff70e77d374e4b2f690a97168ab523f4a8601e2

    SHA512

    b8f5bf66bc34344c4d43c73a5c37a7f5a6b60c5c3f3e00584105921d43821df8c3234e124ab828ca2a3fef0ce5b79d5fb2788d15aab378ac6a46a53d25183539

  • /data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    720589f0f2f8201900329edafc42a113

    SHA1

    3dfa3a3e1bc6f006b0488abc3a0143af6abc1c27

    SHA256

    543aea7cbf3be4c12119572af98ea6fda72e8cf886edd19a6ba8a80263e16c59

    SHA512

    bc4da98c2bc11dacf7e5b8edf23ba5a123faadb5a02cbdc4f082109619ca956c93b3f2d1a5b44aa039ccb0e0915ecddbfb2bd71307df7fd4fba6d38ee9cb63ea

  • /data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    5fb004a3698693836bb237c3803a6523

    SHA1

    33fe4b499b2361040c59f4ac2d629f6e99e46a52

    SHA256

    6332750804799cb3264bf55cd722b2798a0c0d34f05fd8184ddca892840a07b2

    SHA512

    e6d022b2a444d7b8a4e7785597f5c5197bfd497b1490257f8bef10848999ec0ad00622d1b7770dca0e1905b16887ed5b92c06126321383c93e48260bf9c03efe

  • /data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal

    Filesize

    16KB

    MD5

    807c662ea5ca459d5a64d64fc9c6002e

    SHA1

    ca8391801cb5e26a71476d4ddcb01228527eccc7

    SHA256

    79da97fe501744cfefdfd930dc405000f3fc087f03044fb4cacfd4373182e52e

    SHA512

    51e8ff83a99f468e9cac24ad05b655192c08163cad07311de614a7a2719dc2348ce963e1c99d5db418248896fa1af7a50e004c11c820b8e0b98ffccfcfb5b1b6

  • /data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    fa8d960c8925adfb6c66986f843e2f2c

    SHA1

    36bfc0db32c65ca7d8f28dd7eceb6d997de4c07e

    SHA256

    8824369320f4a48039baaccbd09b6dfd6d89ea3af4cb8caf9bae26299cd9bd24

    SHA512

    79392b1cee15ffb86179f141f8b875c44f9c83d6bdb237255368af45a3a40c82fc322112304ea2257b68ec348ac56df433aa214c6cf86c2f6c65ba5b42916f0f

  • /data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    670fe72635604bdbbaf24768abc82b5e

    SHA1

    c4c0950a77431329a14dc3d7cac08c2fcfa2a8b0

    SHA256

    07d798abf2cfd1c977b6396aadb7f16549fd18ee69327984f06be7e0a085e63e

    SHA512

    26439c722bfb2e07a974067bf32cc8c100d53c37c358fd3558801b39ebb1590f0ccf4ad11d050fb15770903a07771f502adaabf06f52428a3b5c7303315d143f

  • /data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    43a420ca783c91c121769f3ca05a8015

    SHA1

    ee134eb70c03bb1f12f60517a4986252635426a0

    SHA256

    d7b6455982edd9086270e9bf06bd939929f5ae2f8715b759e8aa73dff7bc9cf9

    SHA512

    f94ef66d8477cfc5ff66cfe54be29938f3617d78fa9766db514fb888384c75ef666b2f938bea82e76e9a937db2b956f54d264804e3d7cde031c63f2b636dcf75

  • /data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    db6cf7afc9dd1e46c9a414aac762a1c3

    SHA1

    479a7db04e2afffe327c69959bd6b4959028b6e4

    SHA256

    fa654b32dc2a59de58315ac9d12245c5e7bdcbd8ba3979ab6223d37bb4b58d0f

    SHA512

    98fd2426c237140224b7d308b95d14e1c376e49988285f56a9bbd97d68ba5dfa9f2cba00063708088d2e81fb04ca3ad17bf27135d5e3cc2290a47a37b6bca5b8

  • /data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    cdfcc575d98193b4e2c2f1e3536ca52f

    SHA1

    5a43d1180bdd4f4d4a0b0491ee8b78678e7a8b0b

    SHA256

    295d9dafbd22419fc1feb95d0acfe15d0380219d5907c21de66243a5c819f9e7

    SHA512

    b09382c71b160dcac8fb4c6db66eed4772b133cd6f4a4accbf2b57ae766b4cf4418472a97da5b7ca1be0dfecd1960c8e40759c2e382358c0d25383b13319a973

  • /data/data/ir.nahideh.amozeshjele/files/info.db

    Filesize

    11.0MB

    MD5

    754f469bd97296baeab3a599f3929c5e

    SHA1

    01e717d061ef833a3b8a97699e24495316278d85

    SHA256

    a7a2c41be2137bc2f323eede89c890f0e1bcee9a7cb0fe89461e6a7d4d35eb13

    SHA512

    18f448c6b862ba672ef5dc732c1ba77d273f1f27949dd0069694639985159af07ce0304628db3a83b7010927bc74539fca811df3894ec8ff7d1f4e6106a3f3d9

  • /data/data/ir.nahideh.amozeshjele/files/info.db

    Filesize

    1024B

    MD5

    f4098104ccad5bbebe07e7ea04c6f0f5

    SHA1

    7fc3adb39d1c4257ecbbc8e1feb6cefd3e206f3d

    SHA256

    06b034ab1187bfaef015ad6fb2d5bfbd488dc781f8408cb57db4fdf3ebb74f4a

    SHA512

    0ed94f869a18ae1767472e1240a487a2a1f59317b5a2abad95669e2453883957f6a7c5b84c9091c17ebbbbedcc2cd7da7e9736c01f3fe1aff45c1184b755b809

  • /data/data/ir.nahideh.amozeshjele/files/info.db-journal

    Filesize

    1KB

    MD5

    f6bf186a6cf5def8b253430ac8dfe087

    SHA1

    c3d02322892c277f3e5d79a483786d81634480e1

    SHA256

    72ec972ae260429adb8850fc51873792220ba0a22b0bf186a2437eb64e1ed0da

    SHA512

    098041447a042131071d5e51e82b4bf0c6d546dd61c6d4e4966b0e310a0a982967d330d58e46e89fe0899a9033b6c0102d26ceae40441a170c9739834c3c64a4

  • /data/data/ir.nahideh.amozeshjele/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    6b6de9d8f13de7f3fd6eda298a235afd

    SHA1

    02734d4dc91cfddd5ed45a0641ff85e31b498ead

    SHA256

    f6fbb94794895808d0c148a9ce8ae1802a3d46b97f00baa15a08322b94d0b182

    SHA512

    de7c97c183cd44c5646da3e3caa99ad40d340b6cd5f9caae8cfb822e6538a99418a8847a57aef2107f7f529109738afdab0c22891baeb9aa7855cda21f5f3d83