Malware Analysis Report

2025-01-19 06:34

Sample ID 231223-v5pnnsbccr
Target 5936661db2df9d475550a26d2e834aa807760678b8ef148084ca0242c3cc526f
SHA256 5936661db2df9d475550a26d2e834aa807760678b8ef148084ca0242c3cc526f
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5936661db2df9d475550a26d2e834aa807760678b8ef148084ca0242c3cc526f

Threat Level: Known bad

The file 5936661db2df9d475550a26d2e834aa807760678b8ef148084ca0242c3cc526f was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Checks Android system properties for emulator presence.

Loads dropped Dex/Jar

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 17:34

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 17:34

Reported

2023-12-24 06:25

Platform

android-x86-arm-20231215-en

Max time kernel

2592021s

Max time network

157s

Command Line

ir.nahideh.amozeshjele

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Checks Android system properties for emulator presence.

Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.nahideh.amozeshjele

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
FR 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
US 1.1.1.1:53 admob.mehranarzani.ir udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 tcp
GB 172.217.169.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 utahpeejmazjjr udp
US 1.1.1.1:53 jrferrkn udp
US 1.1.1.1:53 uejwkgswioybxk udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal

MD5 86b38de5c2da501ee7e9a8a77f7450b5
SHA1 8b8023b514069ac5d894af8d532bf2b8f5eff775
SHA256 3596040b64c489ff26acff7db526e000689f44dcd3b3ded0456f293e5d86a1d4
SHA512 a13aaf29847b8634f45874ad555631df2f81daa3e81149640b9054ab6febc3f7b6a22700970a42cf5c1106c9bca39f5ccd8d2ae77adb4f02aadb0ccad6d8b6c2

/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-wal

MD5 d8c34e127bfb069daedad8b22b208208
SHA1 6c0158aadbddb556552f7321698adc5e0a10755f
SHA256 a01c2d83add0c89580456c7c5249754b27344bd9e53042cab0e48fb50a9a4399
SHA512 33159cf096050085063231351a961580c43ea037a20d5634339ff975c7ef8094702aca8bbf22e5e318569dde4f6e131e96f095e6038c44a2b7db803533fd39f1

/data/data/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e1b23b61-59ce-4d71-ac03-cd24214993df.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/bd091890-085c-44a1-a579-ac35ddc78308.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.nahideh.amozeshjele/databases/cheshdb-journal

MD5 303184560097c88e629f600e5f7f4756
SHA1 6096dc5ab27f3a318a70fb9bd6b55d85a5bfa696
SHA256 174f50ea1b6674f92bcccdd1c8db5d1ffd3a8d3c4f4528b63347ce8553a7211f
SHA512 b0ec0b25270c0bf0b19cd91ca953715d5ddb2037f61c0a4a478fdbff0db8a4421a0f2acc5d3cc049cac78f1e34dd840558de4d26acf91c8f86ed48e85f1a36f8

/data/data/ir.nahideh.amozeshjele/databases/cheshdb-wal

MD5 656ce15c0499a294356341f7e7bfe576
SHA1 14a05e3a7f712ca3dda287c9fc0bf57c08d85fbd
SHA256 ebe6ed6bfc97004a985f3cf682e1931bb4dcc72fa6914d24ff5fd5e86697f88b
SHA512 f8b691e335bb04d6646c0cd05421ad4abedc0029dbb8fceafbfc9a5086ff26e38881f63228dd0017ad6e024307bbae6018205256ffe9a238e654770fa79e27ff

/data/data/ir.nahideh.amozeshjele/no_backup/com.google.InstanceId.properties

MD5 6b6de9d8f13de7f3fd6eda298a235afd
SHA1 02734d4dc91cfddd5ed45a0641ff85e31b498ead
SHA256 f6fbb94794895808d0c148a9ce8ae1802a3d46b97f00baa15a08322b94d0b182
SHA512 de7c97c183cd44c5646da3e3caa99ad40d340b6cd5f9caae8cfb822e6538a99418a8847a57aef2107f7f529109738afdab0c22891baeb9aa7855cda21f5f3d83

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-journal

MD5 5fb004a3698693836bb237c3803a6523
SHA1 33fe4b499b2361040c59f4ac2d629f6e99e46a52
SHA256 6332750804799cb3264bf55cd722b2798a0c0d34f05fd8184ddca892840a07b2
SHA512 e6d022b2a444d7b8a4e7785597f5c5197bfd497b1490257f8bef10848999ec0ad00622d1b7770dca0e1905b16887ed5b92c06126321383c93e48260bf9c03efe

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal

MD5 807c662ea5ca459d5a64d64fc9c6002e
SHA1 ca8391801cb5e26a71476d4ddcb01228527eccc7
SHA256 79da97fe501744cfefdfd930dc405000f3fc087f03044fb4cacfd4373182e52e
SHA512 51e8ff83a99f468e9cac24ad05b655192c08163cad07311de614a7a2719dc2348ce963e1c99d5db418248896fa1af7a50e004c11c820b8e0b98ffccfcfb5b1b6

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal

MD5 fa8d960c8925adfb6c66986f843e2f2c
SHA1 36bfc0db32c65ca7d8f28dd7eceb6d997de4c07e
SHA256 8824369320f4a48039baaccbd09b6dfd6d89ea3af4cb8caf9bae26299cd9bd24
SHA512 79392b1cee15ffb86179f141f8b875c44f9c83d6bdb237255368af45a3a40c82fc322112304ea2257b68ec348ac56df433aa214c6cf86c2f6c65ba5b42916f0f

/data/data/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/23b1d1e9-f1e4-47d3-a900-1b4321129230.jobs

MD5 0ba0f9e85f74d3291aef47e5ce75bd15
SHA1 601ca65291a120c6f22892709d8cab0465e409c0
SHA256 19b2fa8c7f99a7ff2b937c50fa7230359a1b1e5db1e6efa57ef885844da3a0bc
SHA512 9a5a2bf47e2d4cdf4aef93ba75741beeb472a86fb1ebe4f592310810e280c9793bfd24148674b4ce6423a18bf4285408a8769c3e28f46dab949a722a11f3cc4f

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

MD5 047887e12308343c25d94cbb9a39d731
SHA1 cae984b3be07b1e6d378b80610d70a8236deba9b
SHA256 9d928c15deb5d49ffee85e82b2ac53946996b2cc5f18ed11421505bd74983b22
SHA512 de26d650454e7061101107248ff5deaf513298f9dc34fc3838d49f4cd1f3956dca4125eee1633a63c138bb32326c46766f8e3beff6525939704abd41e5e074e0

/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

MD5 0214856c9e19eebea000a28bfd7e3b86
SHA1 400ed0b7cbd282ae8771e0ec11603f19a48b7170
SHA256 36f517738fd578570900448c828c0f58076c2668f093ee1937f11078c7e443e5
SHA512 86fe8be2a703e8b4da038641278e83878bbeddb36741816df48f9b3923beaa41882106a8df910478c0657f477ee4d68a91abddf68a8e58697ae81ca3feaa338c

/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-wal

MD5 2736eb56803e282041cb0881cd221a37
SHA1 d3b2dfdc721290855a6687da155f6ca9e8cd0400
SHA256 332bec021966d4fdc9ff4a204a08c9349869f61ccd723dfeb0e73907cdf6ac7e
SHA512 fbd1864a581d4d3a74b6bec4195bf3c9e6e923fec53e1fb4f9814eb6b9dc4e5d2b77822d01328e035ea82ebf88c1a4e427e5363e3f51acd100f62cf748740271

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal

MD5 670fe72635604bdbbaf24768abc82b5e
SHA1 c4c0950a77431329a14dc3d7cac08c2fcfa2a8b0
SHA256 07d798abf2cfd1c977b6396aadb7f16549fd18ee69327984f06be7e0a085e63e
SHA512 26439c722bfb2e07a974067bf32cc8c100d53c37c358fd3558801b39ebb1590f0ccf4ad11d050fb15770903a07771f502adaabf06f52428a3b5c7303315d143f

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

MD5 c92734036fbfbd2e5e558aade5627890
SHA1 696634f1fd2dfd41cec1a39e6f469fb0d46da2cf
SHA256 3880e78e7fe703734ad4c2fab7e3c8c29301a835f41b34ed86fa200c30e1fe4c
SHA512 69a860ca2119a014495f6077323f6ac5cf1e517ee20aa465c65dd672d02ad197052f20e2aab7ffd2e48f109a704c44e642780174f3f1df2f45f504c92090a3b5

/data/data/ir.nahideh.amozeshjele/files/info.db

MD5 754f469bd97296baeab3a599f3929c5e
SHA1 01e717d061ef833a3b8a97699e24495316278d85
SHA256 a7a2c41be2137bc2f323eede89c890f0e1bcee9a7cb0fe89461e6a7d4d35eb13
SHA512 18f448c6b862ba672ef5dc732c1ba77d273f1f27949dd0069694639985159af07ce0304628db3a83b7010927bc74539fca811df3894ec8ff7d1f4e6106a3f3d9

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal

MD5 43a420ca783c91c121769f3ca05a8015
SHA1 ee134eb70c03bb1f12f60517a4986252635426a0
SHA256 d7b6455982edd9086270e9bf06bd939929f5ae2f8715b759e8aa73dff7bc9cf9
SHA512 f94ef66d8477cfc5ff66cfe54be29938f3617d78fa9766db514fb888384c75ef666b2f938bea82e76e9a937db2b956f54d264804e3d7cde031c63f2b636dcf75

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

MD5 63b2e99a9ceb7fcc0273e6b913a1ec49
SHA1 72787433701f67b5a9a7d214af08bc9281c524ac
SHA256 710142c7940bf04db099b5c808e037e38a413704085ea2fa2e13565dc56448e9
SHA512 d4cb30276a3ac14701fbe5b130cfcaf976e3431cb6beffdc20497fead84d2cecb284aa10068d68256d8fbb8e949ba1133edbf5672a55022c29b637e2c942c0c8

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal

MD5 db6cf7afc9dd1e46c9a414aac762a1c3
SHA1 479a7db04e2afffe327c69959bd6b4959028b6e4
SHA256 fa654b32dc2a59de58315ac9d12245c5e7bdcbd8ba3979ab6223d37bb4b58d0f
SHA512 98fd2426c237140224b7d308b95d14e1c376e49988285f56a9bbd97d68ba5dfa9f2cba00063708088d2e81fb04ca3ad17bf27135d5e3cc2290a47a37b6bca5b8

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

MD5 42cd694dafbf2d73f235a1ba873bb1f9
SHA1 61e6e054ee23877ee3c6a58c33a623058fd641b9
SHA256 0fb585a01ed07c4e90cb797b5ff70e77d374e4b2f690a97168ab523f4a8601e2
SHA512 b8f5bf66bc34344c4d43c73a5c37a7f5a6b60c5c3f3e00584105921d43821df8c3234e124ab828ca2a3fef0ce5b79d5fb2788d15aab378ac6a46a53d25183539

/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal

MD5 db568300515cd16f1e097c837efc8d75
SHA1 27ffa52544694019c2ce7e698a027d1811136d29
SHA256 12122ab8f2d858d06930bae239e6cb6e1a5bedd5f62d85300855d6e8e9890103
SHA512 6f5f742f576c749997aa2e22cd268aaa6a6f5ceec149b8987c55b2b2040fbc81af11ae79b3b3775504e2ab829aefe98aa1ff152352716ddd6171a596116b29b9

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal

MD5 cdfcc575d98193b4e2c2f1e3536ca52f
SHA1 5a43d1180bdd4f4d4a0b0491ee8b78678e7a8b0b
SHA256 295d9dafbd22419fc1feb95d0acfe15d0380219d5907c21de66243a5c819f9e7
SHA512 b09382c71b160dcac8fb4c6db66eed4772b133cd6f4a4accbf2b57ae766b4cf4418472a97da5b7ca1be0dfecd1960c8e40759c2e382358c0d25383b13319a973

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

MD5 720589f0f2f8201900329edafc42a113
SHA1 3dfa3a3e1bc6f006b0488abc3a0143af6abc1c27
SHA256 543aea7cbf3be4c12119572af98ea6fda72e8cf886edd19a6ba8a80263e16c59
SHA512 bc4da98c2bc11dacf7e5b8edf23ba5a123faadb5a02cbdc4f082109619ca956c93b3f2d1a5b44aa039ccb0e0915ecddbfb2bd71307df7fd4fba6d38ee9cb63ea

/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-wal

MD5 5cfa9712f6f52349bddc167e6a51ac2b
SHA1 18f6ee53af8a2b77642eb2a14f0d43e3e34afd6d
SHA256 ab417c0dd745320b53c3f97f5c0a93148ee7fa75af60509bd2ccc9f19303225d
SHA512 b55b5067939c0f523c92bcfa6a405f7310b16eeb9782246f5cb3201a814beea6e2ea8726f1d936b49c5b53e344fb913fe16a1d7ca78712768d36474bdebb1b33

/data/data/ir.nahideh.amozeshjele/databases/cheshdb-wal

MD5 7ef1bdd4990c3992001acf1fac0da938
SHA1 55dead391d27e5526372ac8382541b2ef287b548
SHA256 6928ff7be04178aad8ada20cbf06462f7d09f76dfc05a6557e971f2c149e94c2
SHA512 47174df9f86369ce9077c6ed234def00d74f53b49da6c6a4b95d46726e0fc9caf5319035504d7155212c4fac369848fb82e47c343ffbba69c4876e64070799ef

/data/data/ir.nahideh.amozeshjele/databases/cheshdb

MD5 f209534f47abff744f8a123bb33720e1
SHA1 4d3d680b1bb2b7f1367bfd36e605c7aa22e16fb6
SHA256 24f381266086c3b126a838cf99ce4c57e81e24d5f060b2aff565602a699573c4
SHA512 099173203e2d66e34b4dacb1efbe76884ca9529eae1e9d10aa9f72ed4a38788fdad211d6c662a4349e81cfd44b3556a7c45618adf2dc35e333d6def2ce9f6d29

/data/data/ir.nahideh.amozeshjele/databases/cheshdb-wal

MD5 ae5412d0decc9e6a6bfda166f812e344
SHA1 358eb6ed5b124e228d3a1eba80b90977d7763eb9
SHA256 e14f3a9eaf3d64db5a232601dc6f154ee52827edbde6541ff05ec8d7b866ff27
SHA512 5a10dab685e3fb649bd7c8fbb258ec4caabb754c2b488b3b89906215c394f3774501193dd8b0686dcc555dbb237a5fea02f3bc2c1a2e05a18f1b87b3be0e8fa0

/data/data/ir.nahideh.amozeshjele/databases/cheshdb

MD5 39db6f0be745bc744fc613c73a9e10b6
SHA1 fd7b91a17a39017c31161db892d79e774a15c94c
SHA256 30b7a28c5869795cab13cd095f8075ea6e0001687370e5ec1a8334daae38573d
SHA512 e060156be3586da673a76a345a89cf209637c82efe7188a94fc08a856ed5605393c4a7de18634f647d5909af2d2b4a88a7c3ef3f3f9a5028c62c81d9975eeecc

/data/data/ir.nahideh.amozeshjele/files/info.db-journal

MD5 f6bf186a6cf5def8b253430ac8dfe087
SHA1 c3d02322892c277f3e5d79a483786d81634480e1
SHA256 72ec972ae260429adb8850fc51873792220ba0a22b0bf186a2437eb64e1ed0da
SHA512 098041447a042131071d5e51e82b4bf0c6d546dd61c6d4e4966b0e310a0a982967d330d58e46e89fe0899a9033b6c0102d26ceae40441a170c9739834c3c64a4

/data/data/ir.nahideh.amozeshjele/files/info.db

MD5 f4098104ccad5bbebe07e7ea04c6f0f5
SHA1 7fc3adb39d1c4257ecbbc8e1feb6cefd3e206f3d
SHA256 06b034ab1187bfaef015ad6fb2d5bfbd488dc781f8408cb57db4fdf3ebb74f4a
SHA512 0ed94f869a18ae1767472e1240a487a2a1f59317b5a2abad95669e2453883957f6a7c5b84c9091c17ebbbbedcc2cd7da7e9736c01f3fe1aff45c1184b755b809

/data/data/ir.nahideh.amozeshjele/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/data/ir.nahideh.amozeshjele/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 17:34

Reported

2023-12-23 22:50

Platform

android-x64-20231215-en

Max time kernel

2564659s

Max time network

164s

Command Line

ir.nahideh.amozeshjele

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.nahideh.amozeshjele/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.nahideh.amozeshjele

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
BE 64.233.167.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
FR 216.58.201.100:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
FR 216.58.201.100:443 www.google.com tcp
FR 216.58.201.100:443 www.google.com tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.169.46:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal

MD5 cfa758271083f7143e057c76fe1d9a53
SHA1 c20efb3fc9a9a0bdcd0a619d5d68a0a4ae04340f
SHA256 4b0c924c6e6d074faa8950ea85af12a8466613d1b4c9e7d29ed488223f598ff7
SHA512 d6b57e573e28efdc46f6316758ca6e4a2257ccab595441706c4bc1f5d1df6ddbfa1d2b970f3ca97111e000e7dd6fcc0c2e757f8d8a514f25e0acc3b686507525

/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager

MD5 26c4d70f46e316596ccf722f691cec21
SHA1 e4563ff8b7675fe6cf25461528461ceafd817ea9
SHA256 2255e323d7465a95f3a52ce108ed5ce9e70d4a5e01af6aa4a4f3e2f671bf5b44
SHA512 997877eb1f80c14666095e184766241c8e913561f3349f54a99993e353052d6eb8827f63d2df78fd7ed9d0fadb619dbaaa006b1369f7c07756040cf02490debc

/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal

MD5 1c60f8d47a7803676501b1155da80525
SHA1 fa7f2b1fc2de15f7a026685fed4a363af0b35d0c
SHA256 999256c49801363fc20b46ee4b51da8215f6e455f432a1647ad966197e0c0e86
SHA512 b4bfd4ee39e753817aa6a86a8785f4335253b8a115ba4f2c4c69889a85bca3c3f9e9dc038f03afcc6b982cb4487740c325bdc821107b0efdcc05e6891e767fd2

/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal

MD5 4d4fabb2541f701d64966442be0a5dc9
SHA1 e56105ef02b97b852d039d1e01ea419be2e23d66
SHA256 c3e0d019202b46a27201e329b31d21ba4453a475ac2a9e19b1578cf86c6a10fd
SHA512 da986d346dcdb2c942dce359c782323db79d6cc48de094c9446f51a66b0db9847cc6b97b357a9a0d099a5d064ab0697de1942758ecb3de35d30a31951ee6287e

/data/data/ir.nahideh.amozeshjele/no_backup/com.google.InstanceId.properties

MD5 321760db164fbc5d327940fb5d01be08
SHA1 49ca1a1727d42cd37164b8c733ae3bef71021c34
SHA256 c18128f709140a4c4b0607f7ffc4ca949b620c781b0001eba82f72fd057dd638
SHA512 a3a1a927c7a1e5418482cbf3b9746e1ecbfd8983fc9728f8fd167cc7bfecc2564af49845f25f819a2cace9559585b37f18b0122f294b44e5bcb43186d5eb9ddf

/data/data/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/4e5f5891-4acb-46a5-9b10-3789ac1af79c.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal

MD5 8bbd537a594954dd845e60a76b8979ff
SHA1 ff1eb766f54c8df71dbb577bf3201a308f1ff6e3
SHA256 653456112a504eba3d292021e74b5f21fdf0f1b8e98d507d978c915e6bf9e773
SHA512 580c0fe50169558688f293ecc22f391b339c23a6d53f2c6147b30ee8ba9d05d6f5f3734fecb25ba70b5967ed16138baa14d2b45d57535d42e2eb9986e787468c

/data/data/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/c3ecc55e-f118-40d4-8508-afadd3cedaa0.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal

MD5 871d4ef8fe472696589037a08ec4cfbe
SHA1 323e27166518821716b903e050b11659c5542648
SHA256 63b129ec7d7662cc08f4fe7cd540e435a7287b04c61fe7a3aae54e624477d9a3
SHA512 2c807b9a30cb0cc6852c9a0bbc4a2955dcbf9276e20faffbe41d4284d509822c36d49f898f0955ace46c4af868cfa4daab537db28d88accbb586df753a130d3c

/data/data/ir.nahideh.amozeshjele/databases/cheshdb-journal

MD5 206d3749338c5460ebe60b3f90f713a0
SHA1 ce507fb65b24d1d5535bc0150728c83aca42285d
SHA256 c43f3e9394badc1f513b80e174f0df28064e4680aae46ccf8b05442142009de6
SHA512 4ea6e859c18d18565be5e369f368eb99702d733902e518824e8dd16bac2f1ae4c8b69948d0fdae2afd1e269200cce9d4f46939ecafc652a192ac3305b906bba2

/data/data/ir.nahideh.amozeshjele/databases/cheshdb

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-journal

MD5 d25c94eea69ee22bd7a21657d535d871
SHA1 efaf68083d7d2310a6d155c7a34d8757d59c98e2
SHA256 43764fae2de76d361f4048bdf9c77aae68f4d693b92e2870ac8e59c344865c11
SHA512 a97c03e9c144798a25674aba0e7090104942d6dc0e0ff9bb0e20d66d35e629b8db86f1ea7c18f17fab4d0b417b2041e69903f6dfbb3e1091fc391675322300a5

/data/data/ir.nahideh.amozeshjele/databases/cheshdb-journal

MD5 1de39032e4461149b511137cee4781d5
SHA1 06be034bbb73516d11872a219bc671a788825c44
SHA256 99763a5c785fe452445c68ab3b664dc4ec806e8fec11b76beec484e22de15954
SHA512 0d7503b2be8ccf965580c03c8f881718505de4d8fd137b60cec27c0bb193cd239d64d5b0b5c9c99b747d59baca713b0f774446ba698ac9f4fc52c8358d3a04b6

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-journal

MD5 a7b36ad08478a3269cf91ac7fc3778bd
SHA1 5054162466aff6ce56462096a5773e230e46d415
SHA256 5f7a63409cc9e9069fb51b74c0551b8a074408f59ef6ca175f0cb19901625c37
SHA512 ad3bcad96911da73f9a9a810c4d154e7aee99b61d455242dc56c024200363dea9854c15c82427c34667c5da8a32a2c499a72ba1d0a8744c43949cfd72b3392f8

/data/data/ir.nahideh.amozeshjele/databases/cheshdb-journal

MD5 1d2d13351f05b70e6afedca4ce39c007
SHA1 5999f654be13e9630ba23ab06f2d31e6b6c0eceb
SHA256 4d85f1e759829bbee6c04680d2bbc5b31ec45b6e97148d1292cfac0cc859de6d
SHA512 ddf6dcf1cf11eaf2bd4c65b12163c8497bde06ad190d5ff498500651f128adc7d3b76635117fec699586bf00e311d261a851f1f051e0ac7f2437b0a4632d74a2

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-journal

MD5 96a601559a45074868e92bf386ee1dfb
SHA1 04e15fd9e01ea54972fb3a5de208e58f980f308c
SHA256 c52f6dca927296deef7054e855f7fd886b457cb84c715d6b0de4555583b04649
SHA512 8ef0529e5fc4cdd8601528049b499a42d3e999fdd19b8cd727c54b944fe3699c6b5de13825ae670de6ae7be12a34b3453894f5e25c8848b392e94f9b98d96a70

/data/data/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/a6e1846c-80c8-4d8f-b836-a2b21b49ef57.jobs

MD5 1abcbe14812bc3aebf4f1b54d021e437
SHA1 c56c352a3c26c53b9e6b5a04e51fd553d8e275c9
SHA256 962996a677e6a1f84cb067631dbafd9b49537f87502dfa288855c5dc90299369
SHA512 ffbbfddbae7775c103b0980141751782f602a7b590869f5b1ddf11653134dff1125ef4a2b8a2a9cb818a625541e190c6f481940584c1aae6d4aa6d1c5370c54e

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

MD5 7c99aa99957bb721dd78508165c47efd
SHA1 2c32654cf02f138dc3e0e6f81f26a4e0eb98432c
SHA256 ce18bb671c3b9bc21867268a4b3eeebe2b7fa01c9d519a480134150211bc3caa
SHA512 66e4e14c7aed8ea61238ef2114d6f32a0d8e9a1ba897ff596f2c6a70ce14ede94ee251bda34e4f4971ffdcb5d18892ecf3b64680100ad03a4a5dd12b63c0a8c7

/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

MD5 1aa4363bae3396a00e717838437b0d08
SHA1 b17c754faf4a3214de704cbdbb03ae01c94d7523
SHA256 bed7909d6f01b067ae0432a2c5547584f658a88b1a6df46928b6a40dff2b9bcc
SHA512 1ab12fe75e827e070a6315b1da4825f5d471d2c3cd0c9192eb041c765a47efc338d84c26b64d86478f48fe1a6205ea326687f3511fda17f3afbb71bba5e5c0e1

/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db

MD5 abe9fa56c177c65db8c072e6d81fc41c
SHA1 abe9e9bb6f7294324f549af4435f58578ae69f2f
SHA256 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a
SHA512 bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a

/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

MD5 c33745cecbeea76c965d93657b945725
SHA1 78e569f836bf05b2ee50be3a571c54f6096a84e5
SHA256 0336babfdfd1c6b938c03879fdaca1f3117552011a78813fc8bec20740f78196
SHA512 8c2fd742d1b1b3b6a99de71cb877e3dde3b2f8c23dc6d8f798537d72a0ddd2825f6e61c404910e6024c5c75621c4e62fb47b5e0d73db6ee8ac5a02c9fa9984ed

/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

MD5 0195f244d25fe15fea5b86877eb992df
SHA1 239517e0221547fbb346b547aa46c46fbf782482
SHA256 5ad81794827a2565f5dd0699628cae9a917ef43e1cd4cbaaa1f9953488e4e560
SHA512 44c719321ee687d0e4984b2eeac4a78132a2c9d53e7aeb8e5422c8a6aba53f971c65841fc03503de0b373ca35ed10626e5c05f533cd0369ae266e9d4ae945bb2

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

MD5 4de1500e4b90ec71763c7488941ff9c6
SHA1 b90eff96287b0e6403b453a076456f12885d0e85
SHA256 39441eb46a76510eaaf125355980fa9249fc19809acbb102727a4afcf8049e3b
SHA512 52a4c9e77a4e0e2e69de1f3ea767d93f702eac66bd086b988f2a77d50c6dd01d24ec02fc10038897b186be8a06b257a7b8872bccb7df06de4ac2879ce92c02f8

/data/data/ir.nahideh.amozeshjele/files/info.db

MD5 754f469bd97296baeab3a599f3929c5e
SHA1 01e717d061ef833a3b8a97699e24495316278d85
SHA256 a7a2c41be2137bc2f323eede89c890f0e1bcee9a7cb0fe89461e6a7d4d35eb13
SHA512 18f448c6b862ba672ef5dc732c1ba77d273f1f27949dd0069694639985159af07ce0304628db3a83b7010927bc74539fca811df3894ec8ff7d1f4e6106a3f3d9

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

MD5 0d08db3f20fcde9ac5662b0478e77339
SHA1 3767085c77913d1b22fcee8b7b86c04223a47265
SHA256 c8f08b300eda110210aee7cf631b9fd7f5f2f46a2312c55e7a264241962619ea
SHA512 1f15de5a070b4404a4d087484fe4d50ee7deabc54ad03295ce12767fe1f40bde0bcd51e48e0702dd39a93806901f0bd3dd89442a4124cdf2a51b2651fb91c477

/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

MD5 16d25bafaad6d158417c16a475df3342
SHA1 19f5f3ca61d8e6187df7e380d2101d29617b6096
SHA256 fdf55fb5d0d0c487f44f35136c21584ba466445659653dccbf647d68b789d051
SHA512 f197c7ab1d5fbe0baa123a69dc07daa3b1f5e083993745fa190547601ef4109853f6476efc9ce00cb6d5ee60f1a204157be5081cd312b93caef3dc97574fbadd

/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

MD5 97dd3599aa85e72c35f8dbef7c818e70
SHA1 0d4b192d2c03131bf90c19bb822a87646d8d89e7
SHA256 6df99bc92e9c2817d5e72e00da26ca73b6d662156d94dd1e405ce9733849d18f
SHA512 e041ba02de7a208b2f33d2e5479f50cbba45cfb96118a8d07c909fa39f107f6e5619f900ccf5201c14d17966f6f8bb6ddc1bcac3d1bdafa6203f2f6c7d0be7aa

/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal

MD5 514344efbd5defab89405ef887726efd
SHA1 11e876fab9b1672d1885e5943445e058ad0628ea
SHA256 8dbf8bbd5fc24e32b4f0efa45f97ca9f4c2bdae78649189e2722af5568b29513
SHA512 42402fedae87134874d89ef1d763993f6bf9f6665235009a889944865d8bc34d3acb741f2076b81874af3039d765a63d0d426146c3d6a1689f4dd50ee84bd642

/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db

MD5 12627a2ec645c4a4bc50dba5903afd59
SHA1 504005c938517e61bcf68b65a055c2faba635c2e
SHA256 f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903
SHA512 7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd

/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal

MD5 282232259e66dc5cb8f29d1f69e5708e
SHA1 72ecf6efb86d22966adfbbaa3accc294ef331676
SHA256 3551c5e79f6a88c951448922bf155a18f14e9096aa40ed3359d83a6c03e7d7fe
SHA512 79cf85f3c931887683a0559bcaacbcf6a2f2da84bf50b6c95bb61619616cdc3597b206990176e76f7c93c7f7d0f3fa52dea0efb3d7fd4cee6861acd1a5014a42

/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal

MD5 cb805351666dec6d7ff5c39905fcd545
SHA1 a4e84b5f5ae4355d8c55645a41f3a753d948d601
SHA256 b3334ad53bb3faf41019e9f4e11b94059cfec98eacd76bb25220b5509ca844a3
SHA512 4e4364efb2bbb781f4aecca7850b51c7c26468e399677c214151956b399bc4729925e5c22d944996393faee42012436a3c8fc1e1c5192e412d4639e232b55ef5

/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal

MD5 5ffc250f74204f415ac7f1f1e98edee6
SHA1 eed1ecf0a3454078efdcaf1e245f51fe050b1a7f
SHA256 49d4abd46bec87ed16f26bc08c4bdc2f10a44ddd5a94c60bcf980e24a6975a37
SHA512 9dd2df5c95724e3eb1a996f4c2f7724dd711e5c1a180185c7a324a0a83a37a8fd96c849cb8deea6aef15cf7c4490ebc6a2cbc3693822c771df7e82d6a01cf442

/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal

MD5 ae93d166ded7474404ce1bd39122c2f3
SHA1 e311a0a00ad3d174c1c5fb71ade8926f6d094297
SHA256 b2d8ee38fb32626aad9ffe74001ac4a3d5443d72a733b94ffadcae4c1c2b08ff
SHA512 138ff990090dc5f2884516f8f5717d71b7f9f5aac9d612f34d87bf44385c4503babe6ed39f45966189f50e199926ea2e42cd035539c80370af956d832bf7fe3f

/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal

MD5 c998a154f0ba8c99d77f986dbbfef703
SHA1 8198a8b48ed75d1c21ab6fcf6b11ed26897c9963
SHA256 695ecc8a8af03d0bd34a2ba5f6130885ac109d511d2ccb1967400c9032367935
SHA512 34a056284db3bbaeb30c1ff9cfc9303df665622b06f07708cb7293af96b5ddc652e40af044e56fadf5ba995c0ee8101da9eb186449a90476c764993af38a5841

/data/data/ir.nahideh.amozeshjele/databases/cheshdb-journal

MD5 bec1aca982e3e62285e54a3e40f537aa
SHA1 e5d82ad136908aeddae906b65b844f6557efa903
SHA256 14964cf8b8cce377394693c21a008c31d1e1ae51081a8632c57008cf39a47b08
SHA512 6133dc3abb9a26f5251062bd8b5c32412a07797456c5b89d7bee4021f85550dee67ffcea91d1884cd234a2d2f037bbe53a97f72b253d9d56499c6ecc3dca15a0

/data/data/ir.nahideh.amozeshjele/databases/cheshdb

MD5 d15d4111024202b130ac744cccc64e7a
SHA1 33ff282b383c5e43b8c8723882f1ac596886b7f3
SHA256 06cc59a5e9d7509283adc73d8efd6697c84896db815a50d945a89de96aaa1517
SHA512 a33a544a68b8c07bcfcab110af6d714a0fa5d77b1823077e17200ef5e42b6c8a2e0211a3ee367aa5ad1ffe2c8d12f62a6e93d88c52014b4cd861b080f3ea77fd

/data/data/ir.nahideh.amozeshjele/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.nahideh.amozeshjele/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

MD5 5327ceb786ecb8c244249ea7a6577f98
SHA1 55b6b86693942ce6ea6537f7757ad732b1db0c8c
SHA256 ce177743e40b937cddca8b406f51425d388aee98f0344543262b065ad963d2c7
SHA512 46d901c9d88eb590bf5737513e4862bf1d727ddc07ac8a9917e4f8089a0cd0a2914fba5eee80f53b10cb51ea28e3aea6fa53ed193d4b61c2e681a3265416ea1d

/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

MD5 410db475255f54c20e70f8f742896eee
SHA1 c500618b9fa8498be4421e5e74637b2014cbb943
SHA256 49eeac850a4b4cf9714f5027729e5499832d168db62b43bab068dc68f2d34b4c
SHA512 25470eaed75e3f7b4e394c4858ed8db09634baf92ad9ea131c25bb1182a94dcaa9cb5a0ff04472b01c7eee379ebedbf168339fd643d4552b5f48f1623fb17fe6

/data/data/ir.nahideh.amozeshjele/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 17:34

Reported

2023-12-23 22:50

Platform

android-x64-arm64-20231215-en

Max time kernel

2564738s

Max time network

142s

Command Line

ir.nahideh.amozeshjele

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.nahideh.amozeshjele/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.nahideh.amozeshjele

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
FR 216.58.204.74:443 udp
GB 142.250.200.14:443 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
BE 66.102.1.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/user/0/ir.nahideh.amozeshjele/no_backup/com.google.InstanceId.properties

MD5 78c1976175721c1f0483d05503d5e5d4
SHA1 cad61892ae5b30bc11217d6ac4cefdf9038fa3b5
SHA256 2df08f6a3f13a4b89af585b85b194a1b80cc8d94d554a2b1ef5aab63f8d3d6d6
SHA512 f88d1230371e431655babed96ef24c42694273daa204dba0cf573f451be29395a16bca4d19c1d1630894c85c4c3e0d836999f933b8695d717320eb0d10984071

/data/user/0/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal

MD5 e5c60d55e92fa7ecd73ce816b85b1601
SHA1 41e3c50f6d518e3d5b6bc86d6ace8ab8aefcd063
SHA256 301c497d084b5ea7a71caaa50fd85b6a0dfbd84d8c428fc0e603e11c8099b241
SHA512 e82d7e44226561f128fdd1136fa16317f230b03eca6a8ba518dae5a9df4bc2870a9b4c9f52838122d8a3077d3b125f9a444d8394acdae930248ed35a5f070bd1

/data/user/0/ir.nahideh.amozeshjele/databases/db_default_job_manager

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal

MD5 53ac669c42e86118aa906a8c5b6035c9
SHA1 e3d566356c3854f1fe78de191d59527afe3ec6ec
SHA256 943f304c81e56ff35d9e277c6e1ceb7bb80b7260fccf5307ae408245b89c25cd
SHA512 c18ccc2be2bb171dda4ba23b044c19476e2d0759bba3cb041e103334f4f8a3a0b7929ba5ea8f5db0af2f308ad4f721dc5b65f137d2732099007e7e0c1d3642fc

/data/user/0/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal

MD5 e712cf17f0f9c5883f0beae7e51634dd
SHA1 05ac2f1f52982c3dc6e9b58f51829fa50ba01b3e
SHA256 a2617b9463d7ee16075043a3a47565c64ca23bc8839370617b87c9a96a0c2db8
SHA512 e79dde441d7d6f4d5e777dc8eccb002ec2b0cc71c7e80e9f0cd962c482000773013f141a57a073f4345fa219e29c85ae6519f3181d60d6b00217773c22490c82

/data/user/0/ir.nahideh.amozeshjele/databases/cheshdb-journal

MD5 ed4d2dae680419341b5a2ebe18fcda26
SHA1 fc3596146ad82e64229c0c21c0a22ac0be06decd
SHA256 2a40c0259f47d9e24c11844b3d72ab056451029c6e100705eca0d7d85571ed0a
SHA512 276e95a37967e92e7b88d379a72ea3efa2d316d17fa4618cfcab617ecceb9fb7e0831fe68d0b6c040f502599660d9ecbf740e868e73763eeba85a46661b7744a

/data/user/0/ir.nahideh.amozeshjele/databases/cheshdb

MD5 9c6f5bf23b75193da078e2a43c8f17a9
SHA1 1a7f1081af19a49a1df528396e74b5cb352a9ed7
SHA256 e5cfb76d688cadce77249508925b2e365af6517da3e0b2da63161e4b7447ef30
SHA512 1028fe2225f6c7e7da38a667b4b7bc10acd7e798ffa46ff9e7c94d9627c59c4d9b119e90864c1fb8fcea8d787182ddaa5a6bd544f2687f9e8c454253b3b4cccc

/data/user/0/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-journal

MD5 bfe3319c1d4ad8b0ff9707021178b5f3
SHA1 e7d297eeaa0296ff2bd02270b0ba0f9aecd683c0
SHA256 4086b53dadc8303c0eefbddd5229f059c857d9fe6da7d36f95cadbd38364161d
SHA512 6bb257e068e38f2d9e8ed00865c034ea86c9ae3c569c3f81e688c8d07ee58ca8fca154f64e1c4f952441ec436c74d78900dd973fe40b82bdd271d7d0ba8ebf39

/data/user/0/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

MD5 9e57e3211cc53cf49542d8f8480c4a3a
SHA1 0539201c5e3380ee9a123dbe9a074a2ff7099729
SHA256 5a43322616d507e794b652c6c2a3dfa6746bb1a8e3e3e87645465edbfe514607
SHA512 5e12eb0e2257ceb683dec91e8acfcc900c6ee001d977819f8af219cb7836ddd6a479d69faa47c67537384b6d535389c3b61c57425b0be24f8ea2a7318a788a98

/data/user/0/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/27562ffd-b5c2-4ee3-9e3e-1c3577a5661b.jobs

MD5 18e1764f676607cb145341cd61c20aac
SHA1 b49c5e276ff82eda216e6b9d1ff7a70cfc5229b0
SHA256 4f06703088cc607980f17b227efb808e7d44289afdd524e441f7ae13f54a6286
SHA512 33fcbda86dfb1f96d8f4724859989e394e291c367b77a54d63c280b9f6a2ea43cb4696db332c602fa599f36983d9cd579cafc70f21eed9a8f81753fd5ec76edd

/data/user/0/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

MD5 9345ee363065f0dc4f7a06a00a54c162
SHA1 41b126e4ac9e6af84e7d9c0bbfe446a072b09f90
SHA256 4e09363b481785b073ed71f818310a2c48c51d2b3b89103fe5c350625089b698
SHA512 f0dfea27d3dc6dd1f97b2b55a3dd966f42183759fa44806239af203cc0d31ade7fde862b095768df20b6b25b49bf9c29ca6d893d31286343cc25afc9b22c14f5

/data/user/0/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db

MD5 219d275fa5d08f827e819793d8f5998e
SHA1 76c8b20dfec045a05aaeda6196b8bace92216e4a
SHA256 6a893e536eb60d4d1c61013b2b34d4a12c7f540d61d6a01d8d5f59d3bf2f02e1
SHA512 ac840b8c6406da0c752eb70db32516f0746b3c205444bdf998c0ca266cb30eeb8742e176688fc827af01f60ba25258053af857116e84d6e9f86d266d86de3617

/data/user/0/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

MD5 e32acc007be91bf3a11970fa8f19a015
SHA1 fce9b720f920d1c21c88fb6830e1c68e3f09b92a
SHA256 58e8f829f8868fad3ec9435794515ec46c29e3c4bc1fc9fbf1031a071a8e9eb5
SHA512 9b1c17f002e9682c22dc69ea1cba49a178976df7284ac16dc423bc6f5da551c37855dadc9a03acfb75af3121881e95097d65b0446bd78f53aa73456976caa7bb

/data/user/0/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

MD5 f50052ebc2aaf6e577c131e0e3d67782
SHA1 35a1cce55be6811277bae4f40c7e7a590c1691d2
SHA256 6aeedd9c92ed297a442e981807478eb7393bc9b57eda7fc77f813f50a836b9c7
SHA512 a9a81b46d77a8d2dd7ea989f2cd502e475914bef30c44a2d61cbdc0ace49b6f7badb3f8e6358fa10e713f2440a5397928a104b0f32c99ec906a8e9c447fcbb28

/data/user/0/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

MD5 199e90d09548cdeb1126fd2d90982b98
SHA1 3b86a5723407b2bdb3327579c687bcc33e145a1c
SHA256 815e0249fd1f5b417841ee64c78a5c5a41d0a4ee5b7f4028e7243d43b533b879
SHA512 d9c11256942d54c56183ca12a5435b00cdab0f65289b6317516ecd6f3652f85ee076d55a7c1e67ad98db1dddcb22da8452c5167b053185c27047ff880219094d

/data/user/0/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal

MD5 5438995425da01fd3ff37365c2d475c3
SHA1 b1f5fcedac302cf5e52a5861a90859d5bdc30584
SHA256 b28062a5e125ae03636185343b39f89dabf967d7f54d9664b435531cd912142a
SHA512 8949a654eb801f38c29259eb2c83df064753962392bcd168487556180271e5cc115d50971a62d972a23fa04a407dd7a23ebef0e99970d08101206721569ea2db

/data/user/0/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal

MD5 51ac9475821bc5592da632b3641d8e7b
SHA1 586a8eca92675ae7c9e0bf06fe16af99f8aa8b6c
SHA256 6f9a660b74683b18aef97deb6de926bbb30f17023d89dd2af25d2ed0d82e3b81
SHA512 aee939b5099b34450c8a626de371cf209e50a7fdc1391bdaca6ee6c96bdaabf414e8b153a94b3887c01d423e42ca60cfe4aa2b593e05cd62945fa22104440ba5

/data/user/0/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal

MD5 1b742622ed808fd97aab74bc9c237f5f
SHA1 e700203c63ffae62d51971150284f259e4b1e170
SHA256 59e6ce0fedcdcfc1142a6c5e937da84451dcb8fd08770228827e5759befc64e3
SHA512 9b9ffe0d29017d38648315d1d570c8297fd0b4c18be5cc1d3ee48a152ed6c5938d913b06c7dbc03e6ef07fb7c6d77818b5196cad623e0f42bd9fa88463bafd5a

/data/user/0/ir.nahideh.amozeshjele/databases/cheshdb-journal

MD5 8282dbfb6e9750a77c114ea2f460b2fe
SHA1 016e32e5500e1e8450963242349b9fe8a08f1232
SHA256 8aea6ef18b2b6d6ae4eb7bf6c53b471b939622e6644ba3cee52fd51004f68bcd
SHA512 27f626a0307f56b080db4306eda220593b5b1839818f56607ef14694daeb34d275ae0b1a7b56068eeb1d6a7ce8de50546aec28c01db1a78d59d5756a60692aa3

/data/user/0/ir.nahideh.amozeshjele/databases/cheshdb

MD5 6544549e58d222a332693f272814e9d9
SHA1 402424821169b828db4ace1eb4a282accd41353f
SHA256 1117a9c250dd242368e90f25f762cc1090be1b1b3561effe20f6433eee8b1405
SHA512 f86915252490d943bb5b58bdc99ae6904c4b07c25056b50ef8e906fdbd17de32a2faff50178e07ecf1523ad445df37970901c7c703459159015a4a55da83bd2d

/data/user/0/ir.nahideh.amozeshjele/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.nahideh.amozeshjele/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

MD5 b3f7fb1cd812948fbc1178676404870c
SHA1 0e05a7683810871df567a6a8dd1e2d4d6c9c0bd3
SHA256 88375b1dff9674755aecad96f704901ae5f5ad5070e0499ef48a8fc0147a094f
SHA512 f98f53604715afe070a89f9a018cf5da756b3ef4c9af3d74b8b2e7f0529ae2605a0077b384499088e88422e6b94874082e7aed2e7b3bf01bcb33c7527b92179d

/data/user/0/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal

MD5 65cea82f3d07cdbd891af19551a19984
SHA1 47cd6e16a0ca7456ae89abce79253952a4143948
SHA256 fbe53bfb0b589591a1dbe95d39a6e28a351c707fe162254ebbb06f10d60baf88
SHA512 01a028bb5e5f3acb2a50efa5cb355c0befaadbc08559ba8690d9af4b1a1b27253b0807cc7446f0eb00b8f548b177626673514554bc5cc91d8618ac7ed2a54580

/data/user/0/ir.nahideh.amozeshjele/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff