Analysis Overview
SHA256
5936661db2df9d475550a26d2e834aa807760678b8ef148084ca0242c3cc526f
Threat Level: Known bad
The file 5936661db2df9d475550a26d2e834aa807760678b8ef148084ca0242c3cc526f was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Checks Android system properties for emulator presence.
Loads dropped Dex/Jar
Requests dangerous framework permissions
Acquires the wake lock
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-23 17:34
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 17:34
Reported
2023-12-24 06:25
Platform
android-x86-arm-20231215-en
Max time kernel
2592021s
Max time network
157s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Checks Android system properties for emulator presence.
| Description | Indicator | Process | Target |
| Accessed system property | key: ro.product.model | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.nahideh.amozeshjele
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| FR | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | almabala.com | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | almabala.com | udp |
| US | 1.1.1.1:53 | admob.mehranarzani.ir | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 1.1.1.1:53 | utahpeejmazjjr | udp |
| US | 1.1.1.1:53 | jrferrkn | udp |
| US | 1.1.1.1:53 | uejwkgswioybxk | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
Files
/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal
| MD5 | 86b38de5c2da501ee7e9a8a77f7450b5 |
| SHA1 | 8b8023b514069ac5d894af8d532bf2b8f5eff775 |
| SHA256 | 3596040b64c489ff26acff7db526e000689f44dcd3b3ded0456f293e5d86a1d4 |
| SHA512 | a13aaf29847b8634f45874ad555631df2f81daa3e81149640b9054ab6febc3f7b6a22700970a42cf5c1106c9bca39f5ccd8d2ae77adb4f02aadb0ccad6d8b6c2 |
/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-wal
| MD5 | d8c34e127bfb069daedad8b22b208208 |
| SHA1 | 6c0158aadbddb556552f7321698adc5e0a10755f |
| SHA256 | a01c2d83add0c89580456c7c5249754b27344bd9e53042cab0e48fb50a9a4399 |
| SHA512 | 33159cf096050085063231351a961580c43ea037a20d5634339ff975c7ef8094702aca8bbf22e5e318569dde4f6e131e96f095e6038c44a2b7db803533fd39f1 |
/data/data/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e1b23b61-59ce-4d71-ac03-cd24214993df.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/bd091890-085c-44a1-a579-ac35ddc78308.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/ir.nahideh.amozeshjele/databases/cheshdb-journal
| MD5 | 303184560097c88e629f600e5f7f4756 |
| SHA1 | 6096dc5ab27f3a318a70fb9bd6b55d85a5bfa696 |
| SHA256 | 174f50ea1b6674f92bcccdd1c8db5d1ffd3a8d3c4f4528b63347ce8553a7211f |
| SHA512 | b0ec0b25270c0bf0b19cd91ca953715d5ddb2037f61c0a4a478fdbff0db8a4421a0f2acc5d3cc049cac78f1e34dd840558de4d26acf91c8f86ed48e85f1a36f8 |
/data/data/ir.nahideh.amozeshjele/databases/cheshdb-wal
| MD5 | 656ce15c0499a294356341f7e7bfe576 |
| SHA1 | 14a05e3a7f712ca3dda287c9fc0bf57c08d85fbd |
| SHA256 | ebe6ed6bfc97004a985f3cf682e1931bb4dcc72fa6914d24ff5fd5e86697f88b |
| SHA512 | f8b691e335bb04d6646c0cd05421ad4abedc0029dbb8fceafbfc9a5086ff26e38881f63228dd0017ad6e024307bbae6018205256ffe9a238e654770fa79e27ff |
/data/data/ir.nahideh.amozeshjele/no_backup/com.google.InstanceId.properties
| MD5 | 6b6de9d8f13de7f3fd6eda298a235afd |
| SHA1 | 02734d4dc91cfddd5ed45a0641ff85e31b498ead |
| SHA256 | f6fbb94794895808d0c148a9ce8ae1802a3d46b97f00baa15a08322b94d0b182 |
| SHA512 | de7c97c183cd44c5646da3e3caa99ad40d340b6cd5f9caae8cfb822e6538a99418a8847a57aef2107f7f529109738afdab0c22891baeb9aa7855cda21f5f3d83 |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-journal
| MD5 | 5fb004a3698693836bb237c3803a6523 |
| SHA1 | 33fe4b499b2361040c59f4ac2d629f6e99e46a52 |
| SHA256 | 6332750804799cb3264bf55cd722b2798a0c0d34f05fd8184ddca892840a07b2 |
| SHA512 | e6d022b2a444d7b8a4e7785597f5c5197bfd497b1490257f8bef10848999ec0ad00622d1b7770dca0e1905b16887ed5b92c06126321383c93e48260bf9c03efe |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal
| MD5 | 807c662ea5ca459d5a64d64fc9c6002e |
| SHA1 | ca8391801cb5e26a71476d4ddcb01228527eccc7 |
| SHA256 | 79da97fe501744cfefdfd930dc405000f3fc087f03044fb4cacfd4373182e52e |
| SHA512 | 51e8ff83a99f468e9cac24ad05b655192c08163cad07311de614a7a2719dc2348ce963e1c99d5db418248896fa1af7a50e004c11c820b8e0b98ffccfcfb5b1b6 |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal
| MD5 | fa8d960c8925adfb6c66986f843e2f2c |
| SHA1 | 36bfc0db32c65ca7d8f28dd7eceb6d997de4c07e |
| SHA256 | 8824369320f4a48039baaccbd09b6dfd6d89ea3af4cb8caf9bae26299cd9bd24 |
| SHA512 | 79392b1cee15ffb86179f141f8b875c44f9c83d6bdb237255368af45a3a40c82fc322112304ea2257b68ec348ac56df433aa214c6cf86c2f6c65ba5b42916f0f |
/data/data/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/23b1d1e9-f1e4-47d3-a900-1b4321129230.jobs
| MD5 | 0ba0f9e85f74d3291aef47e5ce75bd15 |
| SHA1 | 601ca65291a120c6f22892709d8cab0465e409c0 |
| SHA256 | 19b2fa8c7f99a7ff2b937c50fa7230359a1b1e5db1e6efa57ef885844da3a0bc |
| SHA512 | 9a5a2bf47e2d4cdf4aef93ba75741beeb472a86fb1ebe4f592310810e280c9793bfd24148674b4ce6423a18bf4285408a8769c3e28f46dab949a722a11f3cc4f |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db
| MD5 | 047887e12308343c25d94cbb9a39d731 |
| SHA1 | cae984b3be07b1e6d378b80610d70a8236deba9b |
| SHA256 | 9d928c15deb5d49ffee85e82b2ac53946996b2cc5f18ed11421505bd74983b22 |
| SHA512 | de26d650454e7061101107248ff5deaf513298f9dc34fc3838d49f4cd1f3956dca4125eee1633a63c138bb32326c46766f8e3beff6525939704abd41e5e074e0 |
/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal
| MD5 | 0214856c9e19eebea000a28bfd7e3b86 |
| SHA1 | 400ed0b7cbd282ae8771e0ec11603f19a48b7170 |
| SHA256 | 36f517738fd578570900448c828c0f58076c2668f093ee1937f11078c7e443e5 |
| SHA512 | 86fe8be2a703e8b4da038641278e83878bbeddb36741816df48f9b3923beaa41882106a8df910478c0657f477ee4d68a91abddf68a8e58697ae81ca3feaa338c |
/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-wal
| MD5 | 2736eb56803e282041cb0881cd221a37 |
| SHA1 | d3b2dfdc721290855a6687da155f6ca9e8cd0400 |
| SHA256 | 332bec021966d4fdc9ff4a204a08c9349869f61ccd723dfeb0e73907cdf6ac7e |
| SHA512 | fbd1864a581d4d3a74b6bec4195bf3c9e6e923fec53e1fb4f9814eb6b9dc4e5d2b77822d01328e035ea82ebf88c1a4e427e5363e3f51acd100f62cf748740271 |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal
| MD5 | 670fe72635604bdbbaf24768abc82b5e |
| SHA1 | c4c0950a77431329a14dc3d7cac08c2fcfa2a8b0 |
| SHA256 | 07d798abf2cfd1c977b6396aadb7f16549fd18ee69327984f06be7e0a085e63e |
| SHA512 | 26439c722bfb2e07a974067bf32cc8c100d53c37c358fd3558801b39ebb1590f0ccf4ad11d050fb15770903a07771f502adaabf06f52428a3b5c7303315d143f |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db
| MD5 | c92734036fbfbd2e5e558aade5627890 |
| SHA1 | 696634f1fd2dfd41cec1a39e6f469fb0d46da2cf |
| SHA256 | 3880e78e7fe703734ad4c2fab7e3c8c29301a835f41b34ed86fa200c30e1fe4c |
| SHA512 | 69a860ca2119a014495f6077323f6ac5cf1e517ee20aa465c65dd672d02ad197052f20e2aab7ffd2e48f109a704c44e642780174f3f1df2f45f504c92090a3b5 |
/data/data/ir.nahideh.amozeshjele/files/info.db
| MD5 | 754f469bd97296baeab3a599f3929c5e |
| SHA1 | 01e717d061ef833a3b8a97699e24495316278d85 |
| SHA256 | a7a2c41be2137bc2f323eede89c890f0e1bcee9a7cb0fe89461e6a7d4d35eb13 |
| SHA512 | 18f448c6b862ba672ef5dc732c1ba77d273f1f27949dd0069694639985159af07ce0304628db3a83b7010927bc74539fca811df3894ec8ff7d1f4e6106a3f3d9 |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal
| MD5 | 43a420ca783c91c121769f3ca05a8015 |
| SHA1 | ee134eb70c03bb1f12f60517a4986252635426a0 |
| SHA256 | d7b6455982edd9086270e9bf06bd939929f5ae2f8715b759e8aa73dff7bc9cf9 |
| SHA512 | f94ef66d8477cfc5ff66cfe54be29938f3617d78fa9766db514fb888384c75ef666b2f938bea82e76e9a937db2b956f54d264804e3d7cde031c63f2b636dcf75 |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db
| MD5 | 63b2e99a9ceb7fcc0273e6b913a1ec49 |
| SHA1 | 72787433701f67b5a9a7d214af08bc9281c524ac |
| SHA256 | 710142c7940bf04db099b5c808e037e38a413704085ea2fa2e13565dc56448e9 |
| SHA512 | d4cb30276a3ac14701fbe5b130cfcaf976e3431cb6beffdc20497fead84d2cecb284aa10068d68256d8fbb8e949ba1133edbf5672a55022c29b637e2c942c0c8 |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal
| MD5 | db6cf7afc9dd1e46c9a414aac762a1c3 |
| SHA1 | 479a7db04e2afffe327c69959bd6b4959028b6e4 |
| SHA256 | fa654b32dc2a59de58315ac9d12245c5e7bdcbd8ba3979ab6223d37bb4b58d0f |
| SHA512 | 98fd2426c237140224b7d308b95d14e1c376e49988285f56a9bbd97d68ba5dfa9f2cba00063708088d2e81fb04ca3ad17bf27135d5e3cc2290a47a37b6bca5b8 |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db
| MD5 | 42cd694dafbf2d73f235a1ba873bb1f9 |
| SHA1 | 61e6e054ee23877ee3c6a58c33a623058fd641b9 |
| SHA256 | 0fb585a01ed07c4e90cb797b5ff70e77d374e4b2f690a97168ab523f4a8601e2 |
| SHA512 | b8f5bf66bc34344c4d43c73a5c37a7f5a6b60c5c3f3e00584105921d43821df8c3234e124ab828ca2a3fef0ce5b79d5fb2788d15aab378ac6a46a53d25183539 |
/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal
| MD5 | db568300515cd16f1e097c837efc8d75 |
| SHA1 | 27ffa52544694019c2ce7e698a027d1811136d29 |
| SHA256 | 12122ab8f2d858d06930bae239e6cb6e1a5bedd5f62d85300855d6e8e9890103 |
| SHA512 | 6f5f742f576c749997aa2e22cd268aaa6a6f5ceec149b8987c55b2b2040fbc81af11ae79b3b3775504e2ab829aefe98aa1ff152352716ddd6171a596116b29b9 |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-wal
| MD5 | cdfcc575d98193b4e2c2f1e3536ca52f |
| SHA1 | 5a43d1180bdd4f4d4a0b0491ee8b78678e7a8b0b |
| SHA256 | 295d9dafbd22419fc1feb95d0acfe15d0380219d5907c21de66243a5c819f9e7 |
| SHA512 | b09382c71b160dcac8fb4c6db66eed4772b133cd6f4a4accbf2b57ae766b4cf4418472a97da5b7ca1be0dfecd1960c8e40759c2e382358c0d25383b13319a973 |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db
| MD5 | 720589f0f2f8201900329edafc42a113 |
| SHA1 | 3dfa3a3e1bc6f006b0488abc3a0143af6abc1c27 |
| SHA256 | 543aea7cbf3be4c12119572af98ea6fda72e8cf886edd19a6ba8a80263e16c59 |
| SHA512 | bc4da98c2bc11dacf7e5b8edf23ba5a123faadb5a02cbdc4f082109619ca956c93b3f2d1a5b44aa039ccb0e0915ecddbfb2bd71307df7fd4fba6d38ee9cb63ea |
/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-wal
| MD5 | 5cfa9712f6f52349bddc167e6a51ac2b |
| SHA1 | 18f6ee53af8a2b77642eb2a14f0d43e3e34afd6d |
| SHA256 | ab417c0dd745320b53c3f97f5c0a93148ee7fa75af60509bd2ccc9f19303225d |
| SHA512 | b55b5067939c0f523c92bcfa6a405f7310b16eeb9782246f5cb3201a814beea6e2ea8726f1d936b49c5b53e344fb913fe16a1d7ca78712768d36474bdebb1b33 |
/data/data/ir.nahideh.amozeshjele/databases/cheshdb-wal
| MD5 | 7ef1bdd4990c3992001acf1fac0da938 |
| SHA1 | 55dead391d27e5526372ac8382541b2ef287b548 |
| SHA256 | 6928ff7be04178aad8ada20cbf06462f7d09f76dfc05a6557e971f2c149e94c2 |
| SHA512 | 47174df9f86369ce9077c6ed234def00d74f53b49da6c6a4b95d46726e0fc9caf5319035504d7155212c4fac369848fb82e47c343ffbba69c4876e64070799ef |
/data/data/ir.nahideh.amozeshjele/databases/cheshdb
| MD5 | f209534f47abff744f8a123bb33720e1 |
| SHA1 | 4d3d680b1bb2b7f1367bfd36e605c7aa22e16fb6 |
| SHA256 | 24f381266086c3b126a838cf99ce4c57e81e24d5f060b2aff565602a699573c4 |
| SHA512 | 099173203e2d66e34b4dacb1efbe76884ca9529eae1e9d10aa9f72ed4a38788fdad211d6c662a4349e81cfd44b3556a7c45618adf2dc35e333d6def2ce9f6d29 |
/data/data/ir.nahideh.amozeshjele/databases/cheshdb-wal
| MD5 | ae5412d0decc9e6a6bfda166f812e344 |
| SHA1 | 358eb6ed5b124e228d3a1eba80b90977d7763eb9 |
| SHA256 | e14f3a9eaf3d64db5a232601dc6f154ee52827edbde6541ff05ec8d7b866ff27 |
| SHA512 | 5a10dab685e3fb649bd7c8fbb258ec4caabb754c2b488b3b89906215c394f3774501193dd8b0686dcc555dbb237a5fea02f3bc2c1a2e05a18f1b87b3be0e8fa0 |
/data/data/ir.nahideh.amozeshjele/databases/cheshdb
| MD5 | 39db6f0be745bc744fc613c73a9e10b6 |
| SHA1 | fd7b91a17a39017c31161db892d79e774a15c94c |
| SHA256 | 30b7a28c5869795cab13cd095f8075ea6e0001687370e5ec1a8334daae38573d |
| SHA512 | e060156be3586da673a76a345a89cf209637c82efe7188a94fc08a856ed5605393c4a7de18634f647d5909af2d2b4a88a7c3ef3f3f9a5028c62c81d9975eeecc |
/data/data/ir.nahideh.amozeshjele/files/info.db-journal
| MD5 | f6bf186a6cf5def8b253430ac8dfe087 |
| SHA1 | c3d02322892c277f3e5d79a483786d81634480e1 |
| SHA256 | 72ec972ae260429adb8850fc51873792220ba0a22b0bf186a2437eb64e1ed0da |
| SHA512 | 098041447a042131071d5e51e82b4bf0c6d546dd61c6d4e4966b0e310a0a982967d330d58e46e89fe0899a9033b6c0102d26ceae40441a170c9739834c3c64a4 |
/data/data/ir.nahideh.amozeshjele/files/info.db
| MD5 | f4098104ccad5bbebe07e7ea04c6f0f5 |
| SHA1 | 7fc3adb39d1c4257ecbbc8e1feb6cefd3e206f3d |
| SHA256 | 06b034ab1187bfaef015ad6fb2d5bfbd488dc781f8408cb57db4fdf3ebb74f4a |
| SHA512 | 0ed94f869a18ae1767472e1240a487a2a1f59317b5a2abad95669e2453883957f6a7c5b84c9091c17ebbbbedcc2cd7da7e9736c01f3fe1aff45c1184b755b809 |
/data/data/ir.nahideh.amozeshjele/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/data/ir.nahideh.amozeshjele/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 17:34
Reported
2023-12-23 22:50
Platform
android-x64-20231215-en
Max time kernel
2564659s
Max time network
164s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ir.nahideh.amozeshjele/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.nahideh.amozeshjele
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | almabala.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | admob.mehranarzani.ir | udp |
| BE | 64.233.167.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.169.46:443 | tcp | |
| GB | 142.250.200.2:443 | tcp |
Files
/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal
| MD5 | cfa758271083f7143e057c76fe1d9a53 |
| SHA1 | c20efb3fc9a9a0bdcd0a619d5d68a0a4ae04340f |
| SHA256 | 4b0c924c6e6d074faa8950ea85af12a8466613d1b4c9e7d29ed488223f598ff7 |
| SHA512 | d6b57e573e28efdc46f6316758ca6e4a2257ccab595441706c4bc1f5d1df6ddbfa1d2b970f3ca97111e000e7dd6fcc0c2e757f8d8a514f25e0acc3b686507525 |
/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager
| MD5 | 26c4d70f46e316596ccf722f691cec21 |
| SHA1 | e4563ff8b7675fe6cf25461528461ceafd817ea9 |
| SHA256 | 2255e323d7465a95f3a52ce108ed5ce9e70d4a5e01af6aa4a4f3e2f671bf5b44 |
| SHA512 | 997877eb1f80c14666095e184766241c8e913561f3349f54a99993e353052d6eb8827f63d2df78fd7ed9d0fadb619dbaaa006b1369f7c07756040cf02490debc |
/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal
| MD5 | 1c60f8d47a7803676501b1155da80525 |
| SHA1 | fa7f2b1fc2de15f7a026685fed4a363af0b35d0c |
| SHA256 | 999256c49801363fc20b46ee4b51da8215f6e455f432a1647ad966197e0c0e86 |
| SHA512 | b4bfd4ee39e753817aa6a86a8785f4335253b8a115ba4f2c4c69889a85bca3c3f9e9dc038f03afcc6b982cb4487740c325bdc821107b0efdcc05e6891e767fd2 |
/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal
| MD5 | 4d4fabb2541f701d64966442be0a5dc9 |
| SHA1 | e56105ef02b97b852d039d1e01ea419be2e23d66 |
| SHA256 | c3e0d019202b46a27201e329b31d21ba4453a475ac2a9e19b1578cf86c6a10fd |
| SHA512 | da986d346dcdb2c942dce359c782323db79d6cc48de094c9446f51a66b0db9847cc6b97b357a9a0d099a5d064ab0697de1942758ecb3de35d30a31951ee6287e |
/data/data/ir.nahideh.amozeshjele/no_backup/com.google.InstanceId.properties
| MD5 | 321760db164fbc5d327940fb5d01be08 |
| SHA1 | 49ca1a1727d42cd37164b8c733ae3bef71021c34 |
| SHA256 | c18128f709140a4c4b0607f7ffc4ca949b620c781b0001eba82f72fd057dd638 |
| SHA512 | a3a1a927c7a1e5418482cbf3b9746e1ecbfd8983fc9728f8fd167cc7bfecc2564af49845f25f819a2cace9559585b37f18b0122f294b44e5bcb43186d5eb9ddf |
/data/data/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/4e5f5891-4acb-46a5-9b10-3789ac1af79c.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal
| MD5 | 8bbd537a594954dd845e60a76b8979ff |
| SHA1 | ff1eb766f54c8df71dbb577bf3201a308f1ff6e3 |
| SHA256 | 653456112a504eba3d292021e74b5f21fdf0f1b8e98d507d978c915e6bf9e773 |
| SHA512 | 580c0fe50169558688f293ecc22f391b339c23a6d53f2c6147b30ee8ba9d05d6f5f3734fecb25ba70b5967ed16138baa14d2b45d57535d42e2eb9986e787468c |
/data/data/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/c3ecc55e-f118-40d4-8508-afadd3cedaa0.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal
| MD5 | 871d4ef8fe472696589037a08ec4cfbe |
| SHA1 | 323e27166518821716b903e050b11659c5542648 |
| SHA256 | 63b129ec7d7662cc08f4fe7cd540e435a7287b04c61fe7a3aae54e624477d9a3 |
| SHA512 | 2c807b9a30cb0cc6852c9a0bbc4a2955dcbf9276e20faffbe41d4284d509822c36d49f898f0955ace46c4af868cfa4daab537db28d88accbb586df753a130d3c |
/data/data/ir.nahideh.amozeshjele/databases/cheshdb-journal
| MD5 | 206d3749338c5460ebe60b3f90f713a0 |
| SHA1 | ce507fb65b24d1d5535bc0150728c83aca42285d |
| SHA256 | c43f3e9394badc1f513b80e174f0df28064e4680aae46ccf8b05442142009de6 |
| SHA512 | 4ea6e859c18d18565be5e369f368eb99702d733902e518824e8dd16bac2f1ae4c8b69948d0fdae2afd1e269200cce9d4f46939ecafc652a192ac3305b906bba2 |
/data/data/ir.nahideh.amozeshjele/databases/cheshdb
| MD5 | ea628e04765adaf4238a5dcdff4bbd51 |
| SHA1 | a801947619ea8c368efe9c006a324dc6339ac60b |
| SHA256 | 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4 |
| SHA512 | c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-journal
| MD5 | d25c94eea69ee22bd7a21657d535d871 |
| SHA1 | efaf68083d7d2310a6d155c7a34d8757d59c98e2 |
| SHA256 | 43764fae2de76d361f4048bdf9c77aae68f4d693b92e2870ac8e59c344865c11 |
| SHA512 | a97c03e9c144798a25674aba0e7090104942d6dc0e0ff9bb0e20d66d35e629b8db86f1ea7c18f17fab4d0b417b2041e69903f6dfbb3e1091fc391675322300a5 |
/data/data/ir.nahideh.amozeshjele/databases/cheshdb-journal
| MD5 | 1de39032e4461149b511137cee4781d5 |
| SHA1 | 06be034bbb73516d11872a219bc671a788825c44 |
| SHA256 | 99763a5c785fe452445c68ab3b664dc4ec806e8fec11b76beec484e22de15954 |
| SHA512 | 0d7503b2be8ccf965580c03c8f881718505de4d8fd137b60cec27c0bb193cd239d64d5b0b5c9c99b747d59baca713b0f774446ba698ac9f4fc52c8358d3a04b6 |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-journal
| MD5 | a7b36ad08478a3269cf91ac7fc3778bd |
| SHA1 | 5054162466aff6ce56462096a5773e230e46d415 |
| SHA256 | 5f7a63409cc9e9069fb51b74c0551b8a074408f59ef6ca175f0cb19901625c37 |
| SHA512 | ad3bcad96911da73f9a9a810c4d154e7aee99b61d455242dc56c024200363dea9854c15c82427c34667c5da8a32a2c499a72ba1d0a8744c43949cfd72b3392f8 |
/data/data/ir.nahideh.amozeshjele/databases/cheshdb-journal
| MD5 | 1d2d13351f05b70e6afedca4ce39c007 |
| SHA1 | 5999f654be13e9630ba23ab06f2d31e6b6c0eceb |
| SHA256 | 4d85f1e759829bbee6c04680d2bbc5b31ec45b6e97148d1292cfac0cc859de6d |
| SHA512 | ddf6dcf1cf11eaf2bd4c65b12163c8497bde06ad190d5ff498500651f128adc7d3b76635117fec699586bf00e311d261a851f1f051e0ac7f2437b0a4632d74a2 |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-journal
| MD5 | 96a601559a45074868e92bf386ee1dfb |
| SHA1 | 04e15fd9e01ea54972fb3a5de208e58f980f308c |
| SHA256 | c52f6dca927296deef7054e855f7fd886b457cb84c715d6b0de4555583b04649 |
| SHA512 | 8ef0529e5fc4cdd8601528049b499a42d3e999fdd19b8cd727c54b944fe3699c6b5de13825ae670de6ae7be12a34b3453894f5e25c8848b392e94f9b98d96a70 |
/data/data/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/a6e1846c-80c8-4d8f-b836-a2b21b49ef57.jobs
| MD5 | 1abcbe14812bc3aebf4f1b54d021e437 |
| SHA1 | c56c352a3c26c53b9e6b5a04e51fd553d8e275c9 |
| SHA256 | 962996a677e6a1f84cb067631dbafd9b49537f87502dfa288855c5dc90299369 |
| SHA512 | ffbbfddbae7775c103b0980141751782f602a7b590869f5b1ddf11653134dff1125ef4a2b8a2a9cb818a625541e190c6f481940584c1aae6d4aa6d1c5370c54e |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db
| MD5 | 7c99aa99957bb721dd78508165c47efd |
| SHA1 | 2c32654cf02f138dc3e0e6f81f26a4e0eb98432c |
| SHA256 | ce18bb671c3b9bc21867268a4b3eeebe2b7fa01c9d519a480134150211bc3caa |
| SHA512 | 66e4e14c7aed8ea61238ef2114d6f32a0d8e9a1ba897ff596f2c6a70ce14ede94ee251bda34e4f4971ffdcb5d18892ecf3b64680100ad03a4a5dd12b63c0a8c7 |
/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal
| MD5 | 1aa4363bae3396a00e717838437b0d08 |
| SHA1 | b17c754faf4a3214de704cbdbb03ae01c94d7523 |
| SHA256 | bed7909d6f01b067ae0432a2c5547584f658a88b1a6df46928b6a40dff2b9bcc |
| SHA512 | 1ab12fe75e827e070a6315b1da4825f5d471d2c3cd0c9192eb041c765a47efc338d84c26b64d86478f48fe1a6205ea326687f3511fda17f3afbb71bba5e5c0e1 |
/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db
| MD5 | abe9fa56c177c65db8c072e6d81fc41c |
| SHA1 | abe9e9bb6f7294324f549af4435f58578ae69f2f |
| SHA256 | 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a |
| SHA512 | bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a |
/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal
| MD5 | c33745cecbeea76c965d93657b945725 |
| SHA1 | 78e569f836bf05b2ee50be3a571c54f6096a84e5 |
| SHA256 | 0336babfdfd1c6b938c03879fdaca1f3117552011a78813fc8bec20740f78196 |
| SHA512 | 8c2fd742d1b1b3b6a99de71cb877e3dde3b2f8c23dc6d8f798537d72a0ddd2825f6e61c404910e6024c5c75621c4e62fb47b5e0d73db6ee8ac5a02c9fa9984ed |
/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal
| MD5 | 0195f244d25fe15fea5b86877eb992df |
| SHA1 | 239517e0221547fbb346b547aa46c46fbf782482 |
| SHA256 | 5ad81794827a2565f5dd0699628cae9a917ef43e1cd4cbaaa1f9953488e4e560 |
| SHA512 | 44c719321ee687d0e4984b2eeac4a78132a2c9d53e7aeb8e5422c8a6aba53f971c65841fc03503de0b373ca35ed10626e5c05f533cd0369ae266e9d4ae945bb2 |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db
| MD5 | 4de1500e4b90ec71763c7488941ff9c6 |
| SHA1 | b90eff96287b0e6403b453a076456f12885d0e85 |
| SHA256 | 39441eb46a76510eaaf125355980fa9249fc19809acbb102727a4afcf8049e3b |
| SHA512 | 52a4c9e77a4e0e2e69de1f3ea767d93f702eac66bd086b988f2a77d50c6dd01d24ec02fc10038897b186be8a06b257a7b8872bccb7df06de4ac2879ce92c02f8 |
/data/data/ir.nahideh.amozeshjele/files/info.db
| MD5 | 754f469bd97296baeab3a599f3929c5e |
| SHA1 | 01e717d061ef833a3b8a97699e24495316278d85 |
| SHA256 | a7a2c41be2137bc2f323eede89c890f0e1bcee9a7cb0fe89461e6a7d4d35eb13 |
| SHA512 | 18f448c6b862ba672ef5dc732c1ba77d273f1f27949dd0069694639985159af07ce0304628db3a83b7010927bc74539fca811df3894ec8ff7d1f4e6106a3f3d9 |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db
| MD5 | 0d08db3f20fcde9ac5662b0478e77339 |
| SHA1 | 3767085c77913d1b22fcee8b7b86c04223a47265 |
| SHA256 | c8f08b300eda110210aee7cf631b9fd7f5f2f46a2312c55e7a264241962619ea |
| SHA512 | 1f15de5a070b4404a4d087484fe4d50ee7deabc54ad03295ce12767fe1f40bde0bcd51e48e0702dd39a93806901f0bd3dd89442a4124cdf2a51b2651fb91c477 |
/data/data/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db
| MD5 | 16d25bafaad6d158417c16a475df3342 |
| SHA1 | 19f5f3ca61d8e6187df7e380d2101d29617b6096 |
| SHA256 | fdf55fb5d0d0c487f44f35136c21584ba466445659653dccbf647d68b789d051 |
| SHA512 | f197c7ab1d5fbe0baa123a69dc07daa3b1f5e083993745fa190547601ef4109853f6476efc9ce00cb6d5ee60f1a204157be5081cd312b93caef3dc97574fbadd |
/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal
| MD5 | 97dd3599aa85e72c35f8dbef7c818e70 |
| SHA1 | 0d4b192d2c03131bf90c19bb822a87646d8d89e7 |
| SHA256 | 6df99bc92e9c2817d5e72e00da26ca73b6d662156d94dd1e405ce9733849d18f |
| SHA512 | e041ba02de7a208b2f33d2e5479f50cbba45cfb96118a8d07c909fa39f107f6e5619f900ccf5201c14d17966f6f8bb6ddc1bcac3d1bdafa6203f2f6c7d0be7aa |
/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal
| MD5 | 514344efbd5defab89405ef887726efd |
| SHA1 | 11e876fab9b1672d1885e5943445e058ad0628ea |
| SHA256 | 8dbf8bbd5fc24e32b4f0efa45f97ca9f4c2bdae78649189e2722af5568b29513 |
| SHA512 | 42402fedae87134874d89ef1d763993f6bf9f6665235009a889944865d8bc34d3acb741f2076b81874af3039d765a63d0d426146c3d6a1689f4dd50ee84bd642 |
/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db
| MD5 | 12627a2ec645c4a4bc50dba5903afd59 |
| SHA1 | 504005c938517e61bcf68b65a055c2faba635c2e |
| SHA256 | f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903 |
| SHA512 | 7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd |
/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal
| MD5 | 282232259e66dc5cb8f29d1f69e5708e |
| SHA1 | 72ecf6efb86d22966adfbbaa3accc294ef331676 |
| SHA256 | 3551c5e79f6a88c951448922bf155a18f14e9096aa40ed3359d83a6c03e7d7fe |
| SHA512 | 79cf85f3c931887683a0559bcaacbcf6a2f2da84bf50b6c95bb61619616cdc3597b206990176e76f7c93c7f7d0f3fa52dea0efb3d7fd4cee6861acd1a5014a42 |
/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal
| MD5 | cb805351666dec6d7ff5c39905fcd545 |
| SHA1 | a4e84b5f5ae4355d8c55645a41f3a753d948d601 |
| SHA256 | b3334ad53bb3faf41019e9f4e11b94059cfec98eacd76bb25220b5509ca844a3 |
| SHA512 | 4e4364efb2bbb781f4aecca7850b51c7c26468e399677c214151956b399bc4729925e5c22d944996393faee42012436a3c8fc1e1c5192e412d4639e232b55ef5 |
/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal
| MD5 | 5ffc250f74204f415ac7f1f1e98edee6 |
| SHA1 | eed1ecf0a3454078efdcaf1e245f51fe050b1a7f |
| SHA256 | 49d4abd46bec87ed16f26bc08c4bdc2f10a44ddd5a94c60bcf980e24a6975a37 |
| SHA512 | 9dd2df5c95724e3eb1a996f4c2f7724dd711e5c1a180185c7a324a0a83a37a8fd96c849cb8deea6aef15cf7c4490ebc6a2cbc3693822c771df7e82d6a01cf442 |
/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal
| MD5 | ae93d166ded7474404ce1bd39122c2f3 |
| SHA1 | e311a0a00ad3d174c1c5fb71ade8926f6d094297 |
| SHA256 | b2d8ee38fb32626aad9ffe74001ac4a3d5443d72a733b94ffadcae4c1c2b08ff |
| SHA512 | 138ff990090dc5f2884516f8f5717d71b7f9f5aac9d612f34d87bf44385c4503babe6ed39f45966189f50e199926ea2e42cd035539c80370af956d832bf7fe3f |
/data/data/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal
| MD5 | c998a154f0ba8c99d77f986dbbfef703 |
| SHA1 | 8198a8b48ed75d1c21ab6fcf6b11ed26897c9963 |
| SHA256 | 695ecc8a8af03d0bd34a2ba5f6130885ac109d511d2ccb1967400c9032367935 |
| SHA512 | 34a056284db3bbaeb30c1ff9cfc9303df665622b06f07708cb7293af96b5ddc652e40af044e56fadf5ba995c0ee8101da9eb186449a90476c764993af38a5841 |
/data/data/ir.nahideh.amozeshjele/databases/cheshdb-journal
| MD5 | bec1aca982e3e62285e54a3e40f537aa |
| SHA1 | e5d82ad136908aeddae906b65b844f6557efa903 |
| SHA256 | 14964cf8b8cce377394693c21a008c31d1e1ae51081a8632c57008cf39a47b08 |
| SHA512 | 6133dc3abb9a26f5251062bd8b5c32412a07797456c5b89d7bee4021f85550dee67ffcea91d1884cd234a2d2f037bbe53a97f72b253d9d56499c6ecc3dca15a0 |
/data/data/ir.nahideh.amozeshjele/databases/cheshdb
| MD5 | d15d4111024202b130ac744cccc64e7a |
| SHA1 | 33ff282b383c5e43b8c8723882f1ac596886b7f3 |
| SHA256 | 06cc59a5e9d7509283adc73d8efd6697c84896db815a50d945a89de96aaa1517 |
| SHA512 | a33a544a68b8c07bcfcab110af6d714a0fa5d77b1823077e17200ef5e42b6c8a2e0211a3ee367aa5ad1ffe2c8d12f62a6e93d88c52014b4cd861b080f3ea77fd |
/data/data/ir.nahideh.amozeshjele/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/ir.nahideh.amozeshjele/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal
| MD5 | 5327ceb786ecb8c244249ea7a6577f98 |
| SHA1 | 55b6b86693942ce6ea6537f7757ad732b1db0c8c |
| SHA256 | ce177743e40b937cddca8b406f51425d388aee98f0344543262b065ad963d2c7 |
| SHA512 | 46d901c9d88eb590bf5737513e4862bf1d727ddc07ac8a9917e4f8089a0cd0a2914fba5eee80f53b10cb51ea28e3aea6fa53ed193d4b61c2e681a3265416ea1d |
/data/data/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal
| MD5 | 410db475255f54c20e70f8f742896eee |
| SHA1 | c500618b9fa8498be4421e5e74637b2014cbb943 |
| SHA256 | 49eeac850a4b4cf9714f5027729e5499832d168db62b43bab068dc68f2d34b4c |
| SHA512 | 25470eaed75e3f7b4e394c4858ed8db09634baf92ad9ea131c25bb1182a94dcaa9cb5a0ff04472b01c7eee379ebedbf168339fd643d4552b5f48f1623fb17fe6 |
/data/data/ir.nahideh.amozeshjele/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 17:34
Reported
2023-12-23 22:50
Platform
android-x64-arm64-20231215-en
Max time kernel
2564738s
Max time network
142s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ir.nahideh.amozeshjele/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.nahideh.amozeshjele
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 216.58.204.74:443 | udp | |
| GB | 142.250.200.14:443 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | almabala.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | admob.mehranarzani.ir | udp |
| BE | 66.102.1.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
Files
/data/user/0/ir.nahideh.amozeshjele/no_backup/com.google.InstanceId.properties
| MD5 | 78c1976175721c1f0483d05503d5e5d4 |
| SHA1 | cad61892ae5b30bc11217d6ac4cefdf9038fa3b5 |
| SHA256 | 2df08f6a3f13a4b89af585b85b194a1b80cc8d94d554a2b1ef5aab63f8d3d6d6 |
| SHA512 | f88d1230371e431655babed96ef24c42694273daa204dba0cf573f451be29395a16bca4d19c1d1630894c85c4c3e0d836999f933b8695d717320eb0d10984071 |
/data/user/0/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal
| MD5 | e5c60d55e92fa7ecd73ce816b85b1601 |
| SHA1 | 41e3c50f6d518e3d5b6bc86d6ace8ab8aefcd063 |
| SHA256 | 301c497d084b5ea7a71caaa50fd85b6a0dfbd84d8c428fc0e603e11c8099b241 |
| SHA512 | e82d7e44226561f128fdd1136fa16317f230b03eca6a8ba518dae5a9df4bc2870a9b4c9f52838122d8a3077d3b125f9a444d8394acdae930248ed35a5f070bd1 |
/data/user/0/ir.nahideh.amozeshjele/databases/db_default_job_manager
| MD5 | 171aedf968e17a2744d2585715606cb9 |
| SHA1 | bbeddeb3b89fcf809619c35b4a318a80e7d5b029 |
| SHA256 | d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e |
| SHA512 | 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b |
/data/user/0/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal
| MD5 | 53ac669c42e86118aa906a8c5b6035c9 |
| SHA1 | e3d566356c3854f1fe78de191d59527afe3ec6ec |
| SHA256 | 943f304c81e56ff35d9e277c6e1ceb7bb80b7260fccf5307ae408245b89c25cd |
| SHA512 | c18ccc2be2bb171dda4ba23b044c19476e2d0759bba3cb041e103334f4f8a3a0b7929ba5ea8f5db0af2f308ad4f721dc5b65f137d2732099007e7e0c1d3642fc |
/data/user/0/ir.nahideh.amozeshjele/databases/db_default_job_manager-journal
| MD5 | e712cf17f0f9c5883f0beae7e51634dd |
| SHA1 | 05ac2f1f52982c3dc6e9b58f51829fa50ba01b3e |
| SHA256 | a2617b9463d7ee16075043a3a47565c64ca23bc8839370617b87c9a96a0c2db8 |
| SHA512 | e79dde441d7d6f4d5e777dc8eccb002ec2b0cc71c7e80e9f0cd962c482000773013f141a57a073f4345fa219e29c85ae6519f3181d60d6b00217773c22490c82 |
/data/user/0/ir.nahideh.amozeshjele/databases/cheshdb-journal
| MD5 | ed4d2dae680419341b5a2ebe18fcda26 |
| SHA1 | fc3596146ad82e64229c0c21c0a22ac0be06decd |
| SHA256 | 2a40c0259f47d9e24c11844b3d72ab056451029c6e100705eca0d7d85571ed0a |
| SHA512 | 276e95a37967e92e7b88d379a72ea3efa2d316d17fa4618cfcab617ecceb9fb7e0831fe68d0b6c040f502599660d9ecbf740e868e73763eeba85a46661b7744a |
/data/user/0/ir.nahideh.amozeshjele/databases/cheshdb
| MD5 | 9c6f5bf23b75193da078e2a43c8f17a9 |
| SHA1 | 1a7f1081af19a49a1df528396e74b5cb352a9ed7 |
| SHA256 | e5cfb76d688cadce77249508925b2e365af6517da3e0b2da63161e4b7447ef30 |
| SHA512 | 1028fe2225f6c7e7da38a667b4b7bc10acd7e798ffa46ff9e7c94d9627c59c4d9b119e90864c1fb8fcea8d787182ddaa5a6bd544f2687f9e8c454253b3b4cccc |
/data/user/0/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db-journal
| MD5 | bfe3319c1d4ad8b0ff9707021178b5f3 |
| SHA1 | e7d297eeaa0296ff2bd02270b0ba0f9aecd683c0 |
| SHA256 | 4086b53dadc8303c0eefbddd5229f059c857d9fe6da7d36f95cadbd38364161d |
| SHA512 | 6bb257e068e38f2d9e8ed00865c034ea86c9ae3c569c3f81e688c8d07ee58ca8fca154f64e1c4f952441ec436c74d78900dd973fe40b82bdd271d7d0ba8ebf39 |
/data/user/0/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db
| MD5 | 9e57e3211cc53cf49542d8f8480c4a3a |
| SHA1 | 0539201c5e3380ee9a123dbe9a074a2ff7099729 |
| SHA256 | 5a43322616d507e794b652c6c2a3dfa6746bb1a8e3e3e87645465edbfe514607 |
| SHA512 | 5e12eb0e2257ceb683dec91e8acfcc900c6ee001d977819f8af219cb7836ddd6a479d69faa47c67537384b6d535389c3b61c57425b0be24f8ea2a7318a788a98 |
/data/user/0/ir.nahideh.amozeshjele/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/27562ffd-b5c2-4ee3-9e3e-1c3577a5661b.jobs
| MD5 | 18e1764f676607cb145341cd61c20aac |
| SHA1 | b49c5e276ff82eda216e6b9d1ff7a70cfc5229b0 |
| SHA256 | 4f06703088cc607980f17b227efb808e7d44289afdd524e441f7ae13f54a6286 |
| SHA512 | 33fcbda86dfb1f96d8f4724859989e394e291c367b77a54d63c280b9f6a2ea43cb4696db332c602fa599f36983d9cd579cafc70f21eed9a8f81753fd5ec76edd |
/data/user/0/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db
| MD5 | 9345ee363065f0dc4f7a06a00a54c162 |
| SHA1 | 41b126e4ac9e6af84e7d9c0bbfe446a072b09f90 |
| SHA256 | 4e09363b481785b073ed71f818310a2c48c51d2b3b89103fe5c350625089b698 |
| SHA512 | f0dfea27d3dc6dd1f97b2b55a3dd966f42183759fa44806239af203cc0d31ade7fde862b095768df20b6b25b49bf9c29ca6d893d31286343cc25afc9b22c14f5 |
/data/user/0/ir.nahideh.amozeshjele/databases/google_app_measurement_local.db
| MD5 | 219d275fa5d08f827e819793d8f5998e |
| SHA1 | 76c8b20dfec045a05aaeda6196b8bace92216e4a |
| SHA256 | 6a893e536eb60d4d1c61013b2b34d4a12c7f540d61d6a01d8d5f59d3bf2f02e1 |
| SHA512 | ac840b8c6406da0c752eb70db32516f0746b3c205444bdf998c0ca266cb30eeb8742e176688fc827af01f60ba25258053af857116e84d6e9f86d266d86de3617 |
/data/user/0/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal
| MD5 | e32acc007be91bf3a11970fa8f19a015 |
| SHA1 | fce9b720f920d1c21c88fb6830e1c68e3f09b92a |
| SHA256 | 58e8f829f8868fad3ec9435794515ec46c29e3c4bc1fc9fbf1031a071a8e9eb5 |
| SHA512 | 9b1c17f002e9682c22dc69ea1cba49a178976df7284ac16dc423bc6f5da551c37855dadc9a03acfb75af3121881e95097d65b0446bd78f53aa73456976caa7bb |
/data/user/0/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal
| MD5 | f50052ebc2aaf6e577c131e0e3d67782 |
| SHA1 | 35a1cce55be6811277bae4f40c7e7a590c1691d2 |
| SHA256 | 6aeedd9c92ed297a442e981807478eb7393bc9b57eda7fc77f813f50a836b9c7 |
| SHA512 | a9a81b46d77a8d2dd7ea989f2cd502e475914bef30c44a2d61cbdc0ace49b6f7badb3f8e6358fa10e713f2440a5397928a104b0f32c99ec906a8e9c447fcbb28 |
/data/user/0/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal
| MD5 | 199e90d09548cdeb1126fd2d90982b98 |
| SHA1 | 3b86a5723407b2bdb3327579c687bcc33e145a1c |
| SHA256 | 815e0249fd1f5b417841ee64c78a5c5a41d0a4ee5b7f4028e7243d43b533b879 |
| SHA512 | d9c11256942d54c56183ca12a5435b00cdab0f65289b6317516ecd6f3652f85ee076d55a7c1e67ad98db1dddcb22da8452c5167b053185c27047ff880219094d |
/data/user/0/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal
| MD5 | 5438995425da01fd3ff37365c2d475c3 |
| SHA1 | b1f5fcedac302cf5e52a5861a90859d5bdc30584 |
| SHA256 | b28062a5e125ae03636185343b39f89dabf967d7f54d9664b435531cd912142a |
| SHA512 | 8949a654eb801f38c29259eb2c83df064753962392bcd168487556180271e5cc115d50971a62d972a23fa04a407dd7a23ebef0e99970d08101206721569ea2db |
/data/user/0/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal
| MD5 | 51ac9475821bc5592da632b3641d8e7b |
| SHA1 | 586a8eca92675ae7c9e0bf06fe16af99f8aa8b6c |
| SHA256 | 6f9a660b74683b18aef97deb6de926bbb30f17023d89dd2af25d2ed0d82e3b81 |
| SHA512 | aee939b5099b34450c8a626de371cf209e50a7fdc1391bdaca6ee6c96bdaabf414e8b153a94b3887c01d423e42ca60cfe4aa2b593e05cd62945fa22104440ba5 |
/data/user/0/ir.nahideh.amozeshjele/databases/evernote_jobs.db-journal
| MD5 | 1b742622ed808fd97aab74bc9c237f5f |
| SHA1 | e700203c63ffae62d51971150284f259e4b1e170 |
| SHA256 | 59e6ce0fedcdcfc1142a6c5e937da84451dcb8fd08770228827e5759befc64e3 |
| SHA512 | 9b9ffe0d29017d38648315d1d570c8297fd0b4c18be5cc1d3ee48a152ed6c5938d913b06c7dbc03e6ef07fb7c6d77818b5196cad623e0f42bd9fa88463bafd5a |
/data/user/0/ir.nahideh.amozeshjele/databases/cheshdb-journal
| MD5 | 8282dbfb6e9750a77c114ea2f460b2fe |
| SHA1 | 016e32e5500e1e8450963242349b9fe8a08f1232 |
| SHA256 | 8aea6ef18b2b6d6ae4eb7bf6c53b471b939622e6644ba3cee52fd51004f68bcd |
| SHA512 | 27f626a0307f56b080db4306eda220593b5b1839818f56607ef14694daeb34d275ae0b1a7b56068eeb1d6a7ce8de50546aec28c01db1a78d59d5756a60692aa3 |
/data/user/0/ir.nahideh.amozeshjele/databases/cheshdb
| MD5 | 6544549e58d222a332693f272814e9d9 |
| SHA1 | 402424821169b828db4ace1eb4a282accd41353f |
| SHA256 | 1117a9c250dd242368e90f25f762cc1090be1b1b3561effe20f6433eee8b1405 |
| SHA512 | f86915252490d943bb5b58bdc99ae6904c4b07c25056b50ef8e906fdbd17de32a2faff50178e07ecf1523ad445df37970901c7c703459159015a4a55da83bd2d |
/data/user/0/ir.nahideh.amozeshjele/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/ir.nahideh.amozeshjele/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/user/0/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal
| MD5 | b3f7fb1cd812948fbc1178676404870c |
| SHA1 | 0e05a7683810871df567a6a8dd1e2d4d6c9c0bd3 |
| SHA256 | 88375b1dff9674755aecad96f704901ae5f5ad5070e0499ef48a8fc0147a094f |
| SHA512 | f98f53604715afe070a89f9a018cf5da756b3ef4c9af3d74b8b2e7f0529ae2605a0077b384499088e88422e6b94874082e7aed2e7b3bf01bcb33c7527b92179d |
/data/user/0/ir.nahideh.amozeshjele/databases/__pushe_base_lib_db-journal
| MD5 | 65cea82f3d07cdbd891af19551a19984 |
| SHA1 | 47cd6e16a0ca7456ae89abce79253952a4143948 |
| SHA256 | fbe53bfb0b589591a1dbe95d39a6e28a351c707fe162254ebbb06f10d60baf88 |
| SHA512 | 01a028bb5e5f3acb2a50efa5cb355c0befaadbc08559ba8690d9af4b1a1b27253b0807cc7446f0eb00b8f548b177626673514554bc5cc91d8618ac7ed2a54580 |
/data/user/0/ir.nahideh.amozeshjele/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |