Analysis

  • max time kernel
    2564738s
  • max time network
    142s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    23-12-2023 17:34

General

  • Target

    5936661db2df9d475550a26d2e834aa807760678b8ef148084ca0242c3cc526f.apk

  • Size

    10.8MB

  • MD5

    8c8354e6f3f2c595d5a5f1ad12c44bf8

  • SHA1

    41bfc202d3e527f48c1b1138033cbbedde03e447

  • SHA256

    5936661db2df9d475550a26d2e834aa807760678b8ef148084ca0242c3cc526f

  • SHA512

    3f31f601df2c4bf0daf6cf57ca185d2ed67e88e33e6aca66deaefc5b7df7c1343f4380a8a0a5d1a314306e65e674ea91011c3d1c4798d6cf4d41d446adc4d0fe

  • SSDEEP

    196608:UvpF5luTCzHYIibt4xVuz1FFoZCU3pAefVcfeUd2mdhiU1rrsOMgXjr:UvTPue7Ymsp3U3pAefVcf31dhtrsXU

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.nahideh.amozeshjele
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4625

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/27562ffd-b5c2-4ee3-9e3e-1c3577a5661b.jobs

    Filesize

    278B

    MD5

    18e1764f676607cb145341cd61c20aac

    SHA1

    b49c5e276ff82eda216e6b9d1ff7a70cfc5229b0

    SHA256

    4f06703088cc607980f17b227efb808e7d44289afdd524e441f7ae13f54a6286

    SHA512

    33fcbda86dfb1f96d8f4724859989e394e291c367b77a54d63c280b9f6a2ea43cb4696db332c602fa599f36983d9cd579cafc70f21eed9a8f81753fd5ec76edd

  • /data/user/0/ir.nahideh.amozeshjele/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/user/0/ir.nahideh.amozeshjele/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

  • /data/user/0/ir.nahideh.amozeshjele/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/user/0/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    e32acc007be91bf3a11970fa8f19a015

    SHA1

    fce9b720f920d1c21c88fb6830e1c68e3f09b92a

    SHA256

    58e8f829f8868fad3ec9435794515ec46c29e3c4bc1fc9fbf1031a071a8e9eb5

    SHA512

    9b1c17f002e9682c22dc69ea1cba49a178976df7284ac16dc423bc6f5da551c37855dadc9a03acfb75af3121881e95097d65b0446bd78f53aa73456976caa7bb

  • /data/user/0/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    f50052ebc2aaf6e577c131e0e3d67782

    SHA1

    35a1cce55be6811277bae4f40c7e7a590c1691d2

    SHA256

    6aeedd9c92ed297a442e981807478eb7393bc9b57eda7fc77f813f50a836b9c7

    SHA512

    a9a81b46d77a8d2dd7ea989f2cd502e475914bef30c44a2d61cbdc0ace49b6f7badb3f8e6358fa10e713f2440a5397928a104b0f32c99ec906a8e9c447fcbb28

  • /data/user/0/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    199e90d09548cdeb1126fd2d90982b98

    SHA1

    3b86a5723407b2bdb3327579c687bcc33e145a1c

    SHA256

    815e0249fd1f5b417841ee64c78a5c5a41d0a4ee5b7f4028e7243d43b533b879

    SHA512

    d9c11256942d54c56183ca12a5435b00cdab0f65289b6317516ecd6f3652f85ee076d55a7c1e67ad98db1dddcb22da8452c5167b053185c27047ff880219094d

  • /data/user/0/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    b3f7fb1cd812948fbc1178676404870c

    SHA1

    0e05a7683810871df567a6a8dd1e2d4d6c9c0bd3

    SHA256

    88375b1dff9674755aecad96f704901ae5f5ad5070e0499ef48a8fc0147a094f

    SHA512

    f98f53604715afe070a89f9a018cf5da756b3ef4c9af3d74b8b2e7f0529ae2605a0077b384499088e88422e6b94874082e7aed2e7b3bf01bcb33c7527b92179d

  • /data/user/0/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    65cea82f3d07cdbd891af19551a19984

    SHA1

    47cd6e16a0ca7456ae89abce79253952a4143948

    SHA256

    fbe53bfb0b589591a1dbe95d39a6e28a351c707fe162254ebbb06f10d60baf88

    SHA512

    01a028bb5e5f3acb2a50efa5cb355c0befaadbc08559ba8690d9af4b1a1b27253b0807cc7446f0eb00b8f548b177626673514554bc5cc91d8618ac7ed2a54580

  • /data/user/0/ir.nahideh.amozeshjele/databases/cheshdb

    Filesize

    20KB

    MD5

    9c6f5bf23b75193da078e2a43c8f17a9

    SHA1

    1a7f1081af19a49a1df528396e74b5cb352a9ed7

    SHA256

    e5cfb76d688cadce77249508925b2e365af6517da3e0b2da63161e4b7447ef30

    SHA512

    1028fe2225f6c7e7da38a667b4b7bc10acd7e798ffa46ff9e7c94d9627c59c4d9b119e90864c1fb8fcea8d787182ddaa5a6bd544f2687f9e8c454253b3b4cccc

  • /data/user/0/ir.nahideh.amozeshjele/databases/cheshdb

    Filesize

    20KB

    MD5

    6544549e58d222a332693f272814e9d9

    SHA1

    402424821169b828db4ace1eb4a282accd41353f

    SHA256

    1117a9c250dd242368e90f25f762cc1090be1b1b3561effe20f6433eee8b1405

    SHA512

    f86915252490d943bb5b58bdc99ae6904c4b07c25056b50ef8e906fdbd17de32a2faff50178e07ecf1523ad445df37970901c7c703459159015a4a55da83bd2d

  • /data/user/0/ir.nahideh.amozeshjele/databases/cheshdb-journal

    Filesize

    12KB

    MD5

    ed4d2dae680419341b5a2ebe18fcda26

    SHA1

    fc3596146ad82e64229c0c21c0a22ac0be06decd

    SHA256

    2a40c0259f47d9e24c11844b3d72ab056451029c6e100705eca0d7d85571ed0a

    SHA512

    276e95a37967e92e7b88d379a72ea3efa2d316d17fa4618cfcab617ecceb9fb7e0831fe68d0b6c040f502599660d9ecbf740e868e73763eeba85a46661b7744a

  • /data/user/0/ir.nahideh.amozeshjele/databases/cheshdb-journal

    Filesize

    12KB

    MD5

    8282dbfb6e9750a77c114ea2f460b2fe

    SHA1

    016e32e5500e1e8450963242349b9fe8a08f1232

    SHA256

    8aea6ef18b2b6d6ae4eb7bf6c53b471b939622e6644ba3cee52fd51004f68bcd

    SHA512

    27f626a0307f56b080db4306eda220593b5b1839818f56607ef14694daeb34d275ae0b1a7b56068eeb1d6a7ce8de50546aec28c01db1a78d59d5756a60692aa3

  • /data/user/0/ir.nahideh.amozeshjele/databases/db_default_job_manager

    Filesize

    12KB

    MD5

    171aedf968e17a2744d2585715606cb9

    SHA1

    bbeddeb3b89fcf809619c35b4a318a80e7d5b029

    SHA256

    d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

    SHA512

    78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

  • /data/user/0/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    e5c60d55e92fa7ecd73ce816b85b1601

    SHA1

    41e3c50f6d518e3d5b6bc86d6ace8ab8aefcd063

    SHA256

    301c497d084b5ea7a71caaa50fd85b6a0dfbd84d8c428fc0e603e11c8099b241

    SHA512

    e82d7e44226561f128fdd1136fa16317f230b03eca6a8ba518dae5a9df4bc2870a9b4c9f52838122d8a3077d3b125f9a444d8394acdae930248ed35a5f070bd1

  • /data/user/0/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    53ac669c42e86118aa906a8c5b6035c9

    SHA1

    e3d566356c3854f1fe78de191d59527afe3ec6ec

    SHA256

    943f304c81e56ff35d9e277c6e1ceb7bb80b7260fccf5307ae408245b89c25cd

    SHA512

    c18ccc2be2bb171dda4ba23b044c19476e2d0759bba3cb041e103334f4f8a3a0b7929ba5ea8f5db0af2f308ad4f721dc5b65f137d2732099007e7e0c1d3642fc

  • /data/user/0/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    e712cf17f0f9c5883f0beae7e51634dd

    SHA1

    05ac2f1f52982c3dc6e9b58f51829fa50ba01b3e

    SHA256

    a2617b9463d7ee16075043a3a47565c64ca23bc8839370617b87c9a96a0c2db8

    SHA512

    e79dde441d7d6f4d5e777dc8eccb002ec2b0cc71c7e80e9f0cd962c482000773013f141a57a073f4345fa219e29c85ae6519f3181d60d6b00217773c22490c82

  • /data/user/0/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    5438995425da01fd3ff37365c2d475c3

    SHA1

    b1f5fcedac302cf5e52a5861a90859d5bdc30584

    SHA256

    b28062a5e125ae03636185343b39f89dabf967d7f54d9664b435531cd912142a

    SHA512

    8949a654eb801f38c29259eb2c83df064753962392bcd168487556180271e5cc115d50971a62d972a23fa04a407dd7a23ebef0e99970d08101206721569ea2db

  • /data/user/0/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    51ac9475821bc5592da632b3641d8e7b

    SHA1

    586a8eca92675ae7c9e0bf06fe16af99f8aa8b6c

    SHA256

    6f9a660b74683b18aef97deb6de926bbb30f17023d89dd2af25d2ed0d82e3b81

    SHA512

    aee939b5099b34450c8a626de371cf209e50a7fdc1391bdaca6ee6c96bdaabf414e8b153a94b3887c01d423e42ca60cfe4aa2b593e05cd62945fa22104440ba5

  • /data/user/0/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    1b742622ed808fd97aab74bc9c237f5f

    SHA1

    e700203c63ffae62d51971150284f259e4b1e170

    SHA256

    59e6ce0fedcdcfc1142a6c5e937da84451dcb8fd08770228827e5759befc64e3

    SHA512

    9b9ffe0d29017d38648315d1d570c8297fd0b4c18be5cc1d3ee48a152ed6c5938d913b06c7dbc03e6ef07fb7c6d77818b5196cad623e0f42bd9fa88463bafd5a

  • /data/user/0/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    9e57e3211cc53cf49542d8f8480c4a3a

    SHA1

    0539201c5e3380ee9a123dbe9a074a2ff7099729

    SHA256

    5a43322616d507e794b652c6c2a3dfa6746bb1a8e3e3e87645465edbfe514607

    SHA512

    5e12eb0e2257ceb683dec91e8acfcc900c6ee001d977819f8af219cb7836ddd6a479d69faa47c67537384b6d535389c3b61c57425b0be24f8ea2a7318a788a98

  • /data/user/0/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    9345ee363065f0dc4f7a06a00a54c162

    SHA1

    41b126e4ac9e6af84e7d9c0bbfe446a072b09f90

    SHA256

    4e09363b481785b073ed71f818310a2c48c51d2b3b89103fe5c350625089b698

    SHA512

    f0dfea27d3dc6dd1f97b2b55a3dd966f42183759fa44806239af203cc0d31ade7fde862b095768df20b6b25b49bf9c29ca6d893d31286343cc25afc9b22c14f5

  • /data/user/0/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    219d275fa5d08f827e819793d8f5998e

    SHA1

    76c8b20dfec045a05aaeda6196b8bace92216e4a

    SHA256

    6a893e536eb60d4d1c61013b2b34d4a12c7f540d61d6a01d8d5f59d3bf2f02e1

    SHA512

    ac840b8c6406da0c752eb70db32516f0746b3c205444bdf998c0ca266cb30eeb8742e176688fc827af01f60ba25258053af857116e84d6e9f86d266d86de3617

  • /data/user/0/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    bfe3319c1d4ad8b0ff9707021178b5f3

    SHA1

    e7d297eeaa0296ff2bd02270b0ba0f9aecd683c0

    SHA256

    4086b53dadc8303c0eefbddd5229f059c857d9fe6da7d36f95cadbd38364161d

    SHA512

    6bb257e068e38f2d9e8ed00865c034ea86c9ae3c569c3f81e688c8d07ee58ca8fca154f64e1c4f952441ec436c74d78900dd973fe40b82bdd271d7d0ba8ebf39

  • /data/user/0/ir.nahideh.amozeshjele/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    78c1976175721c1f0483d05503d5e5d4

    SHA1

    cad61892ae5b30bc11217d6ac4cefdf9038fa3b5

    SHA256

    2df08f6a3f13a4b89af585b85b194a1b80cc8d94d554a2b1ef5aab63f8d3d6d6

    SHA512

    f88d1230371e431655babed96ef24c42694273daa204dba0cf573f451be29395a16bca4d19c1d1630894c85c4c3e0d836999f933b8695d717320eb0d10984071