Analysis
-
max time kernel
2564738s -
max time network
142s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system -
submitted
23-12-2023 17:34
Behavioral task
behavioral1
Sample
5936661db2df9d475550a26d2e834aa807760678b8ef148084ca0242c3cc526f.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
5936661db2df9d475550a26d2e834aa807760678b8ef148084ca0242c3cc526f.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
5936661db2df9d475550a26d2e834aa807760678b8ef148084ca0242c3cc526f.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
5936661db2df9d475550a26d2e834aa807760678b8ef148084ca0242c3cc526f.apk
-
Size
10.8MB
-
MD5
8c8354e6f3f2c595d5a5f1ad12c44bf8
-
SHA1
41bfc202d3e527f48c1b1138033cbbedde03e447
-
SHA256
5936661db2df9d475550a26d2e834aa807760678b8ef148084ca0242c3cc526f
-
SHA512
3f31f601df2c4bf0daf6cf57ca185d2ed67e88e33e6aca66deaefc5b7df7c1343f4380a8a0a5d1a314306e65e674ea91011c3d1c4798d6cf4d41d446adc4d0fe
-
SSDEEP
196608:UvpF5luTCzHYIibt4xVuz1FFoZCU3pAefVcfeUd2mdhiU1rrsOMgXjr:UvTPue7Ymsp3U3pAefVcf31dhtrsXU
Malware Config
Signatures
-
Requests cell location 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation ir.nahideh.amozeshjele Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo ir.nahideh.amozeshjele -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/ir.nahideh.amozeshjele/cache/1582435991586.jar 4625 ir.nahideh.amozeshjele -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock ir.nahideh.amozeshjele -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ir.nahideh.amozeshjele
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/27562ffd-b5c2-4ee3-9e3e-1c3577a5661b.jobs
Filesize278B
MD518e1764f676607cb145341cd61c20aac
SHA1b49c5e276ff82eda216e6b9d1ff7a70cfc5229b0
SHA2564f06703088cc607980f17b227efb808e7d44289afdd524e441f7ae13f54a6286
SHA51233fcbda86dfb1f96d8f4724859989e394e291c367b77a54d63c280b9f6a2ea43cb4696db332c602fa599f36983d9cd579cafc70f21eed9a8f81753fd5ec76edd
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56
-
Filesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
Filesize
512B
MD5e32acc007be91bf3a11970fa8f19a015
SHA1fce9b720f920d1c21c88fb6830e1c68e3f09b92a
SHA25658e8f829f8868fad3ec9435794515ec46c29e3c4bc1fc9fbf1031a071a8e9eb5
SHA5129b1c17f002e9682c22dc69ea1cba49a178976df7284ac16dc423bc6f5da551c37855dadc9a03acfb75af3121881e95097d65b0446bd78f53aa73456976caa7bb
-
Filesize
8KB
MD5f50052ebc2aaf6e577c131e0e3d67782
SHA135a1cce55be6811277bae4f40c7e7a590c1691d2
SHA2566aeedd9c92ed297a442e981807478eb7393bc9b57eda7fc77f813f50a836b9c7
SHA512a9a81b46d77a8d2dd7ea989f2cd502e475914bef30c44a2d61cbdc0ace49b6f7badb3f8e6358fa10e713f2440a5397928a104b0f32c99ec906a8e9c447fcbb28
-
Filesize
8KB
MD5199e90d09548cdeb1126fd2d90982b98
SHA13b86a5723407b2bdb3327579c687bcc33e145a1c
SHA256815e0249fd1f5b417841ee64c78a5c5a41d0a4ee5b7f4028e7243d43b533b879
SHA512d9c11256942d54c56183ca12a5435b00cdab0f65289b6317516ecd6f3652f85ee076d55a7c1e67ad98db1dddcb22da8452c5167b053185c27047ff880219094d
-
Filesize
8KB
MD5b3f7fb1cd812948fbc1178676404870c
SHA10e05a7683810871df567a6a8dd1e2d4d6c9c0bd3
SHA25688375b1dff9674755aecad96f704901ae5f5ad5070e0499ef48a8fc0147a094f
SHA512f98f53604715afe070a89f9a018cf5da756b3ef4c9af3d74b8b2e7f0529ae2605a0077b384499088e88422e6b94874082e7aed2e7b3bf01bcb33c7527b92179d
-
Filesize
8KB
MD565cea82f3d07cdbd891af19551a19984
SHA147cd6e16a0ca7456ae89abce79253952a4143948
SHA256fbe53bfb0b589591a1dbe95d39a6e28a351c707fe162254ebbb06f10d60baf88
SHA51201a028bb5e5f3acb2a50efa5cb355c0befaadbc08559ba8690d9af4b1a1b27253b0807cc7446f0eb00b8f548b177626673514554bc5cc91d8618ac7ed2a54580
-
Filesize
20KB
MD59c6f5bf23b75193da078e2a43c8f17a9
SHA11a7f1081af19a49a1df528396e74b5cb352a9ed7
SHA256e5cfb76d688cadce77249508925b2e365af6517da3e0b2da63161e4b7447ef30
SHA5121028fe2225f6c7e7da38a667b4b7bc10acd7e798ffa46ff9e7c94d9627c59c4d9b119e90864c1fb8fcea8d787182ddaa5a6bd544f2687f9e8c454253b3b4cccc
-
Filesize
20KB
MD56544549e58d222a332693f272814e9d9
SHA1402424821169b828db4ace1eb4a282accd41353f
SHA2561117a9c250dd242368e90f25f762cc1090be1b1b3561effe20f6433eee8b1405
SHA512f86915252490d943bb5b58bdc99ae6904c4b07c25056b50ef8e906fdbd17de32a2faff50178e07ecf1523ad445df37970901c7c703459159015a4a55da83bd2d
-
Filesize
12KB
MD5ed4d2dae680419341b5a2ebe18fcda26
SHA1fc3596146ad82e64229c0c21c0a22ac0be06decd
SHA2562a40c0259f47d9e24c11844b3d72ab056451029c6e100705eca0d7d85571ed0a
SHA512276e95a37967e92e7b88d379a72ea3efa2d316d17fa4618cfcab617ecceb9fb7e0831fe68d0b6c040f502599660d9ecbf740e868e73763eeba85a46661b7744a
-
Filesize
12KB
MD58282dbfb6e9750a77c114ea2f460b2fe
SHA1016e32e5500e1e8450963242349b9fe8a08f1232
SHA2568aea6ef18b2b6d6ae4eb7bf6c53b471b939622e6644ba3cee52fd51004f68bcd
SHA51227f626a0307f56b080db4306eda220593b5b1839818f56607ef14694daeb34d275ae0b1a7b56068eeb1d6a7ce8de50546aec28c01db1a78d59d5756a60692aa3
-
Filesize
12KB
MD5171aedf968e17a2744d2585715606cb9
SHA1bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA51278a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b
-
Filesize
512B
MD5e5c60d55e92fa7ecd73ce816b85b1601
SHA141e3c50f6d518e3d5b6bc86d6ace8ab8aefcd063
SHA256301c497d084b5ea7a71caaa50fd85b6a0dfbd84d8c428fc0e603e11c8099b241
SHA512e82d7e44226561f128fdd1136fa16317f230b03eca6a8ba518dae5a9df4bc2870a9b4c9f52838122d8a3077d3b125f9a444d8394acdae930248ed35a5f070bd1
-
Filesize
8KB
MD553ac669c42e86118aa906a8c5b6035c9
SHA1e3d566356c3854f1fe78de191d59527afe3ec6ec
SHA256943f304c81e56ff35d9e277c6e1ceb7bb80b7260fccf5307ae408245b89c25cd
SHA512c18ccc2be2bb171dda4ba23b044c19476e2d0759bba3cb041e103334f4f8a3a0b7929ba5ea8f5db0af2f308ad4f721dc5b65f137d2732099007e7e0c1d3642fc
-
Filesize
8KB
MD5e712cf17f0f9c5883f0beae7e51634dd
SHA105ac2f1f52982c3dc6e9b58f51829fa50ba01b3e
SHA256a2617b9463d7ee16075043a3a47565c64ca23bc8839370617b87c9a96a0c2db8
SHA512e79dde441d7d6f4d5e777dc8eccb002ec2b0cc71c7e80e9f0cd962c482000773013f141a57a073f4345fa219e29c85ae6519f3181d60d6b00217773c22490c82
-
Filesize
8KB
MD55438995425da01fd3ff37365c2d475c3
SHA1b1f5fcedac302cf5e52a5861a90859d5bdc30584
SHA256b28062a5e125ae03636185343b39f89dabf967d7f54d9664b435531cd912142a
SHA5128949a654eb801f38c29259eb2c83df064753962392bcd168487556180271e5cc115d50971a62d972a23fa04a407dd7a23ebef0e99970d08101206721569ea2db
-
Filesize
8KB
MD551ac9475821bc5592da632b3641d8e7b
SHA1586a8eca92675ae7c9e0bf06fe16af99f8aa8b6c
SHA2566f9a660b74683b18aef97deb6de926bbb30f17023d89dd2af25d2ed0d82e3b81
SHA512aee939b5099b34450c8a626de371cf209e50a7fdc1391bdaca6ee6c96bdaabf414e8b153a94b3887c01d423e42ca60cfe4aa2b593e05cd62945fa22104440ba5
-
Filesize
8KB
MD51b742622ed808fd97aab74bc9c237f5f
SHA1e700203c63ffae62d51971150284f259e4b1e170
SHA25659e6ce0fedcdcfc1142a6c5e937da84451dcb8fd08770228827e5759befc64e3
SHA5129b9ffe0d29017d38648315d1d570c8297fd0b4c18be5cc1d3ee48a152ed6c5938d913b06c7dbc03e6ef07fb7c6d77818b5196cad623e0f42bd9fa88463bafd5a
-
Filesize
16KB
MD59e57e3211cc53cf49542d8f8480c4a3a
SHA10539201c5e3380ee9a123dbe9a074a2ff7099729
SHA2565a43322616d507e794b652c6c2a3dfa6746bb1a8e3e3e87645465edbfe514607
SHA5125e12eb0e2257ceb683dec91e8acfcc900c6ee001d977819f8af219cb7836ddd6a479d69faa47c67537384b6d535389c3b61c57425b0be24f8ea2a7318a788a98
-
Filesize
16KB
MD59345ee363065f0dc4f7a06a00a54c162
SHA141b126e4ac9e6af84e7d9c0bbfe446a072b09f90
SHA2564e09363b481785b073ed71f818310a2c48c51d2b3b89103fe5c350625089b698
SHA512f0dfea27d3dc6dd1f97b2b55a3dd966f42183759fa44806239af203cc0d31ade7fde862b095768df20b6b25b49bf9c29ca6d893d31286343cc25afc9b22c14f5
-
Filesize
16KB
MD5219d275fa5d08f827e819793d8f5998e
SHA176c8b20dfec045a05aaeda6196b8bace92216e4a
SHA2566a893e536eb60d4d1c61013b2b34d4a12c7f540d61d6a01d8d5f59d3bf2f02e1
SHA512ac840b8c6406da0c752eb70db32516f0746b3c205444bdf998c0ca266cb30eeb8742e176688fc827af01f60ba25258053af857116e84d6e9f86d266d86de3617
-
Filesize
8KB
MD5bfe3319c1d4ad8b0ff9707021178b5f3
SHA1e7d297eeaa0296ff2bd02270b0ba0f9aecd683c0
SHA2564086b53dadc8303c0eefbddd5229f059c857d9fe6da7d36f95cadbd38364161d
SHA5126bb257e068e38f2d9e8ed00865c034ea86c9ae3c569c3f81e688c8d07ee58ca8fca154f64e1c4f952441ec436c74d78900dd973fe40b82bdd271d7d0ba8ebf39
-
Filesize
2KB
MD578c1976175721c1f0483d05503d5e5d4
SHA1cad61892ae5b30bc11217d6ac4cefdf9038fa3b5
SHA2562df08f6a3f13a4b89af585b85b194a1b80cc8d94d554a2b1ef5aab63f8d3d6d6
SHA512f88d1230371e431655babed96ef24c42694273daa204dba0cf573f451be29395a16bca4d19c1d1630894c85c4c3e0d836999f933b8695d717320eb0d10984071