Analysis

  • max time kernel
    2557032s
  • max time network
    162s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    23-12-2023 16:53

General

  • Target

    50280ade0a3242129bbfdf499a5fc1f55cbf702ab87b9797a54b0bec71092193.apk

  • Size

    9.3MB

  • MD5

    e3911f063841bf8fbf8beefe281c2b28

  • SHA1

    82fd3f4228281d2690ba79968fb86734de21301f

  • SHA256

    50280ade0a3242129bbfdf499a5fc1f55cbf702ab87b9797a54b0bec71092193

  • SHA512

    6c0a6453df9225a49f598d9f83a14bcd5bd6efea177996e9d827caed421ecaf6717e331f1a99debf1f628002363b0a107f5d821a202d6f3fed4d3c1efc002238

  • SSDEEP

    196608:yjDK1hVvNv/JqYellHXqfCr8QiqQyzcoXaz29+1Ta+Qjmaa3tZvz:yC1h1NvjellHaf28QQScFa+Qaaa3Lvz

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • forat.group.halva
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5102

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/forat.group.halva/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/a66b659a-776c-4fc2-ba7f-4ba7b4c6cc49.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/forat.group.halva/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/c2fd50d6-419f-4087-a934-50f842914a91.jobs

    Filesize

    278B

    MD5

    5cf781d2487bf04fd756815da4b2ecc7

    SHA1

    777004ae77a3de8a708e3dce64e242b3d4828bce

    SHA256

    a75c8a686b1bc6a3ac30ef9b091cde77af60774841958b03f302a86233fa4a7f

    SHA512

    c378bed5a442277b64f85f646fb075d50d74ef0f48397dad55a131241b56687a3529de554b5c09230fe07b540fe0a130de33e8ee9e41c67dd9d8f0d6c55a2f3d

  • /data/data/forat.group.halva/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f0bdd322-da82-4098-9c68-f512710dbde3.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/forat.group.halva/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/forat.group.halva/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    0a86ce35816397d8dd451aea32ad31cb

    SHA1

    ec6ffe3530df08e5ae91bbe785cd918caf795d71

    SHA256

    5deb94c4ad67214f65457e2d04bcb3841a9c8e08250d5adef3da7324d8295734

    SHA512

    ae3e5c3ccbaae948da41ec1922ce68b03e033fac4a74c930977f5f07910663c649ff835f4306c4020d90c6781c46240de3207f3357ce5a8b0253b86221c79fa0

  • /data/data/forat.group.halva/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    ca338dd39beac27c9df4917f985570c5

    SHA1

    89fe6f5479428badc77ce9087c285de084a480a8

    SHA256

    228ca822a3e38344b7383b80164d88c4503765bf70625cb91a78f251b7cad56b

    SHA512

    25db8784e80197c0d4b75156eda03cab183e059a6306ac24a8a06aee3a7ad2a52731805bdb26508134bf8caca5ea8fe33e8b2a3d3d7ba04434f77381a1b6f4ad

  • /data/data/forat.group.halva/databases/cheshdb

    Filesize

    20KB

    MD5

    cfdfba18f1b9221319aba74455d92b11

    SHA1

    f834784f4ee28f766ffbeaef04fbe7e2732995df

    SHA256

    570399aea387e2e3a9982c166a6fe1be27bb8ca3a6565854608018d1547d3ffe

    SHA512

    1fa390f150e10b2925332d138e10afaed37d67b1fa4b2da5f81d6b6a629f7e9b661caf16b088e9638141dc59e657a4bfb5a5e49a04f87ecd5ed9a9de2db8bd9c

  • /data/data/forat.group.halva/databases/cheshdb

    Filesize

    20KB

    MD5

    ae658676bd7ae919cc019e97a1c1d7dc

    SHA1

    1e94236ca2062f7761d46d1652293a25171d7111

    SHA256

    8f6c922d41e8d7450a977b03aad072623f75971b7d067b574ca8713dac4ad129

    SHA512

    2a10e4bee7d59fd398e85ba7550412c0a269f0a5ae1d540eab5f3dd309e43f889592e958ce36f2b46beb3d78d370621fe3fd23491bf770af3815704ab281b868

  • /data/data/forat.group.halva/databases/cheshdb

    Filesize

    20KB

    MD5

    4cce9c6941abbe3dbb0eae4ad33d78f2

    SHA1

    9b06d626ece68069a0207037c7a0aa024b4d043f

    SHA256

    98b70450cd948749928909ba9fce9798c9d16a1822f5e25546c75f1df57c1a1b

    SHA512

    5c7fd7a9c4010ac3598027c5c56b72ff4eeeff5afa9343e53234f7d5e43d2d11678f578e6747b72cdeb1f0f57f672fb0ffae450e2a5da31e6254949424296e0e

  • /data/data/forat.group.halva/databases/cheshdb

    Filesize

    12KB

    MD5

    163b0e3f017becbc89b9d7f330b78f09

    SHA1

    1ef9cd8ac8655190468d0ccece0a4738634ab0f9

    SHA256

    cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36

    SHA512

    6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

  • /data/data/forat.group.halva/databases/cheshdb-journal

    Filesize

    512B

    MD5

    9208f0e1af702f8fe82e3b209db1771b

    SHA1

    1182bda52299dda480e01cb57b9890ee5357d5e3

    SHA256

    b754efb39c21b61d4b3a5cbcbb6c309c65d5b8d96204ddc3b74250ac24042686

    SHA512

    e542191bb562713069c6a770da153137fe3189b1984d561c4d51322a68641080e3efcadba46bfc72b3da38557f5c75b37c9b90d0e636d367297041564805a4bf

  • /data/data/forat.group.halva/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    03381cd45fd0f9edfec54324647757dd

    SHA1

    58e40c017afab3a6dab748a560771d864d6ddb8d

    SHA256

    2231ac2dc5811bb86827806a1c8211638b283dd02081f095bafbc3bc22f446f7

    SHA512

    7a73ed8d1cbecf68adcc281f3d0ba2c70d08de9dd8a32c58ebf5ba214e8ae584c5e488bb834ef6d9c1f375ca24be57e649116321d6abdd98dcb5a7449d3b4b45

  • /data/data/forat.group.halva/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    d26560a4e7b46eb10af75a4f0acf409d

    SHA1

    ec9c42b911a3800dee282d1140760c80d6858dae

    SHA256

    c0962aab78ec06a31506eede3dc435505cf2f599d5fb626b6269e5081976b9d3

    SHA512

    723e1892649045c40e432adb1b15193587207e4adcf1cb13ad6ee23199c734db15beff67e41c2335319bd642d31c2ddc1ed8a220c2dbadb810fec401c74bee5a

  • /data/data/forat.group.halva/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    77fe64fec76d471105282754733f4f3b

    SHA1

    d970b5913daba3dc4f794db745481b8e7d27b2f3

    SHA256

    50eaa25da5be327fa5d0feeb718f0b47606d00c81375477ddcfadf620cbfcc29

    SHA512

    c4d2b1144f84c710b4cdf90e246fe19a5edff3673be2d2e6f2179738bb1109fe21cc076f637216916a3bf1d14f1291a90d76f2d5848762579421e0de03eac415

  • /data/data/forat.group.halva/databases/cheshdb-journal

    Filesize

    12KB

    MD5

    c927a9eaa8822610efaca281e1467f84

    SHA1

    e015b5396aae8ff760160aa5790cd41efb60cf16

    SHA256

    38a610a0f53e9efc70d9a2de0d2c6e89ad882988290cca8de95e9881c683a991

    SHA512

    f3607564b6eda68a985b6ba4373df57e73908b105f1e0bf32521e0ecb8074b0f93d92b5bcca150ab9e9e89e6e80b7eacc6a58b9382997782c2162acdf529fa00

  • /data/data/forat.group.halva/databases/cheshdb-journal

    Filesize

    12KB

    MD5

    983cb463e3a0a92694c52079dd1e8cca

    SHA1

    e536f97aa3f826e99c9c91538e83e450186720bb

    SHA256

    498c9252d207f3a32ff2178fbb70a87066101bd50944e71341f4450001bdf402

    SHA512

    d93f8bbb098dbebc007d84cbf7c0f13b943b97d79e55c105fed0b5cce6bdb21feb0476b7502c82580ec5e0cabe0f08ba1e6e8969335444be0b7a61f81247459e

  • /data/data/forat.group.halva/databases/db_default_job_manager

    Filesize

    12KB

    MD5

    ea628e04765adaf4238a5dcdff4bbd51

    SHA1

    a801947619ea8c368efe9c006a324dc6339ac60b

    SHA256

    885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

    SHA512

    c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

  • /data/data/forat.group.halva/databases/db_default_job_manager-journal

    Filesize

    12KB

    MD5

    cf8c36892fb4a7256daff4600a7c2093

    SHA1

    c2a6a75b3d75f3330d2cf67959cd2e2955f0c70b

    SHA256

    cf7749de913aba77c484033c012b07f053e6669f1814cf3c79b23535aed27ac5

    SHA512

    544ce1568976fb9df08768639ae2f660b8d955f57f2048ed70e7bdc7a78676a905bcf8a04025fa8a7a43cf5cbd45211daf998422d3ea324093f2268ef5042626

  • /data/data/forat.group.halva/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    36cac4bef73445ac72bc404b2a28d5ba

    SHA1

    6cb5980e0717ce11f017bae400b412a8c53e3a29

    SHA256

    1d1d860d93900e6830589ac719cd9fa8d0c4bd2b85a2eda0bd6f124f025e227b

    SHA512

    e15364873a79f8787e9d1f751aa5d5814a96c2f051deb5f0b3755882b4bd7ce4bbcca90f48e233d0c682dcfb32e461351c0bed86824fdb3c6df77baa29b6eac1

  • /data/data/forat.group.halva/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    92f43402d23967272ba1c93a3fdc944f

    SHA1

    424540ff56dc5e2425da22085f12f67857cf631c

    SHA256

    bc7c5c225fa3c5f7645da50e2ee00d8a1a6abffd29ce364aa966566144f9a526

    SHA512

    f0ed314d2f3c94a971788cd577afa659f57f01797f929d75fc19af50ee31f60f491f132437c227bce8186925301e527ad7a0b33493bee04d6386785bc322f949

  • /data/data/forat.group.halva/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    77bd486fcbf062f9f1e25e79f1ac227e

    SHA1

    2d25ce378aa8094063db5bd894c0971e2714ecaa

    SHA256

    ac1d4705ddcfc04e051db2e4190055db01b9e40f86035f08426117aa87440760

    SHA512

    29d39ba889c6d961c44003841064d067789f61e3aa2d3ad1f1feb042dae79018a484acdf2851164f58225b877b76e0a5c2b58e1270fe5ad1ee91fe0c64c86851

  • /data/data/forat.group.halva/databases/db_default_job_manager-journal

    Filesize

    12KB

    MD5

    254334ab44b229e94b47104f55c88f9a

    SHA1

    eb8c75060f0ab7fb5bdbb90d2050a3301c5aa717

    SHA256

    28bef03ab33ed9de416648ff6d0d4a5c6ac734a505230e0de00d4482c85040e2

    SHA512

    181f257501f2a28bb6eb1aa2ebdbab6872c1044ede6d07902c67b3dc942367196bb3a15a3237869430649903ea2e81a58f859e88c2d5d32a00ebeeebd912eea3

  • /data/data/forat.group.halva/databases/db_default_job_manager-journal

    Filesize

    20KB

    MD5

    3de4209011793fc302490b45ef372ded

    SHA1

    774632d11b1d69a2afce1b2108041a87826904a5

    SHA256

    cf8da05a3900e6b459780eb720252b69c5d1af7f04b89e20b96154f625c5ab38

    SHA512

    cfad707d904428c22f10a58303ccfb7b6dc78fe7fd12d711afafb077ce2349bafc4711b7f056afa9404f15efe63ce2d9c29bb34ad9f9305d5e5ba725b73ac4df

  • /data/data/forat.group.halva/databases/evernote_jobs.db

    Filesize

    16KB

    MD5

    12627a2ec645c4a4bc50dba5903afd59

    SHA1

    504005c938517e61bcf68b65a055c2faba635c2e

    SHA256

    f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903

    SHA512

    7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd

  • /data/data/forat.group.halva/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    76c122c50b7dff1709d9db4463e81b1a

    SHA1

    8e6c61fafff8677f9f21bfbdc0c2a780239488bc

    SHA256

    5357123d3b2accbe8ce1783ee1e247978233df11a6e11821c558266242806d0a

    SHA512

    f591e3d903bbcea11e58d497622e2e402012a5730df352326b89fdcd18ca2fc73a4a2df183fa7336985654a58bf8dffc07c4b1c0981a8ee8ff3ad31f7f56f34f

  • /data/data/forat.group.halva/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    a8d86ce5a7c67d9a24b57d373dad1550

    SHA1

    15d479d8c0356590c99d64f059dc8600a2fd7745

    SHA256

    4d26eab0b463839aab38531f1d094d943a94896dba7da8f330012b61944f33f5

    SHA512

    d856c3fad289dad291f30ff9a1837763fc68ed5e1532d16e68b2484d88f35c72541ac1a20402f68ab10202720b9357a30188dc4bf6d9b5e15da5ff215574ead2

  • /data/data/forat.group.halva/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    85afe053f57e0f029353cedf973f37ee

    SHA1

    4d8b6df3da7c516d001f2d06ad5e7973a61feaf0

    SHA256

    d683c258133fde5c8b82e0c2d81fc67b903e033fb8d82193901ecf74fdd3f722

    SHA512

    78c09ca84a31f6c03417041788187e8c6f2ea15966ad4f042f81bf514527dce2853dc3e339cef9e6dfa5ea7e674f19aa184aad54e37d039d65b1863da89db530

  • /data/data/forat.group.halva/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    8ff18e372f9f61f7c07f51ea51cb3ff7

    SHA1

    2e4a3cc62b8ae22e739e1898e85b151cae7ac8d7

    SHA256

    ede84588c1bc4ec19444a66807805844f285b5332e9552f75be7d36690cfbe4d

    SHA512

    24036a06c656f8157d4dbb5e5f101a15e0661a12ccd5c22cafb677e134dc3964d0d3e78ccfdca8f86c02c984430bbd403fec5d5ce3ced5fb3145cd19fcd49272

  • /data/data/forat.group.halva/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    e8c27afe8ca16a3f6b5a6b165344efea

    SHA1

    092456944930564005a27749a3ea67aef0260c28

    SHA256

    4730b4bd4f74b0809172ef042478ffb8a147bce5bb0a9911b584b6d10378590c

    SHA512

    673779b2193ec7b3b4d89df0ac827b1b0862f5bf1530698fdcb1006e53a58274942d6dad2688ea520507bd6bf94aa100e219e98b92e1d3296d77d16624d5dfed

  • /data/data/forat.group.halva/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    e7f01d6f816b013de10c6b668738cb7a

    SHA1

    2e2f478712fb665b87d34730cae1c09a18b53696

    SHA256

    40fb63a6ed748b1d2ce241a45272957ef4c3e9dbf77bc03933d3419276721a2d

    SHA512

    d9a17d8f5db758bb00457ad15b788b8ebaa860c2440e34b5b74d1c2a165f3d57bcad947f885588c56288b6ab4dee8763cd639f56a319746d8e37b7ff9ef76649

  • /data/data/forat.group.halva/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    e8c99144c781676c47a3acd23a84ecd7

    SHA1

    48423f20627c6a82dc7226862829bba6c7f0521a

    SHA256

    b721daabd62cfb1c76d7fae23a798fc89b6aceffbc4c94411f6907f863e3e2fa

    SHA512

    cfa41f26a3fb147cd94c98a7d272ecfb2e38419c59880221d6128fa644030cd196b69179c87fb8f28aa175e3a6887898a588a892c880c3b3f247b0fb50a02398

  • /data/user/0/forat.group.halva/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56