Analysis

  • max time kernel
    2556912s
  • max time network
    145s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    23-12-2023 16:53

General

  • Target

    50280ade0a3242129bbfdf499a5fc1f55cbf702ab87b9797a54b0bec71092193.apk

  • Size

    9.3MB

  • MD5

    e3911f063841bf8fbf8beefe281c2b28

  • SHA1

    82fd3f4228281d2690ba79968fb86734de21301f

  • SHA256

    50280ade0a3242129bbfdf499a5fc1f55cbf702ab87b9797a54b0bec71092193

  • SHA512

    6c0a6453df9225a49f598d9f83a14bcd5bd6efea177996e9d827caed421ecaf6717e331f1a99debf1f628002363b0a107f5d821a202d6f3fed4d3c1efc002238

  • SSDEEP

    196608:yjDK1hVvNv/JqYellHXqfCr8QiqQyzcoXaz29+1Ta+Qjmaa3tZvz:yC1h1NvjellHaf28QQScFa+Qaaa3Lvz

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • forat.group.halva
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4641

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/forat.group.halva/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/3f9ae4af-6db0-4260-91d4-832c85515914.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/user/0/forat.group.halva/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/777e172c-cd70-43ac-b9c7-7fa1d98fa7ec.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/user/0/forat.group.halva/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/user/0/forat.group.halva/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

  • /data/user/0/forat.group.halva/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    81cb49f37ac3827548ba3c14f8919f0b

    SHA1

    248bbe93d63b1771f896c1cd0a0ae540bc9313db

    SHA256

    08c986e12fbe4a0dbe8b7ee17ad9ae0eaba3dda632341e3686b4b60634a1ae56

    SHA512

    92fcac892f1101dcc87f58628baf6f4923bacf70c59ddc1f4efb44fa85f772691b69b3b1019663f1525de66bdcd7fb1811686f1737ab5f92540867b3bb460d99

  • /data/user/0/forat.group.halva/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    46df57456c88c7ac95f6c37fb0005a29

    SHA1

    2f417d87e3caa2e06a6ddcb4a62601d0c08fc76c

    SHA256

    158e508b3326166dbfefff4730e6bb2c8deb189cf8499fc456ea98a2dd9060b8

    SHA512

    aa8e8625bbafc8ecb408d18dc6523224aa29430eadfccd1e5b9c435de87e2b0a8f163f4e21431d7653b1275e1fc6ffd424e50d321d52bf74fe7f735906fb6f57

  • /data/user/0/forat.group.halva/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    8762507ea8c19b2ae515d3c55126e547

    SHA1

    31b9c485dac0f7a3c5e9fbc77818405f397b88a6

    SHA256

    3c4dd308cc9ff11ea98cb41f133b9cf0555a1a208017b27acb2857990cf6c792

    SHA512

    a9ddf59de84303c228163ea73c9cee0f942a698c5e0ce97845c2ce53175782aaf39edea41cff6e68c33b8514e0994d24a6c36429fabd3dceed06b7f8ec29d0f8

  • /data/user/0/forat.group.halva/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    732e5e595201575548b272ab499a53e0

    SHA1

    84b035369ba6f6422bac1ea81f9b414e7680554f

    SHA256

    657ec3110a3cc290887e925dd2104a14e602969fb18af81b086631897d65a230

    SHA512

    5979f854292f3ca4c670384f83c2ac2055e5e7e71d22d346b3c4a6bbc8a88ee6cfec3d881ee2c88d20bbe516c1a14bf1b3f831901a1e079d2be433b8cb5417b2

  • /data/user/0/forat.group.halva/databases/cheshdb

    Filesize

    20KB

    MD5

    0fb17a5b083abff4ddd7e3c72c9f06d4

    SHA1

    6295426ed6c841fac014211c2e24b27a6ad7beb6

    SHA256

    3d619f9060b7fc170d05cc124b1586b4876ddfa3bd25ed2ec93445a1ae183239

    SHA512

    4af33f20bfc381223c59941e8de1a20e38affb9c9ad6e673e885b07ffd628384ec35e7b5c78a82eeb2b51b37ccbf64ac0e4428dce88cc930fe116d53a9405a79

  • /data/user/0/forat.group.halva/databases/cheshdb

    Filesize

    20KB

    MD5

    4d7a56971be3d55db5af3d0e15851b94

    SHA1

    780ef22975102314a792d4633c0b795be2e3d8f7

    SHA256

    2f66c406e168cf4457593ef5729730635a11502273108ecec5aa9cb02d05e229

    SHA512

    69defed99fb3bed74ef26e4c178f2bacce5897d8405f02214d141895379c53036ca34bbb5ce694a2614c0678257be08748deb376f35363d495d881860d4c670d

  • /data/user/0/forat.group.halva/databases/cheshdb

    Filesize

    20KB

    MD5

    e7a47d7a41f971a595c15a723dc53607

    SHA1

    b52536b744bc1d0ecff3381a8a0a63357fa40bdf

    SHA256

    ae626185ca23fed7407872180b5ba5e997f56214e5ab4e73c8445ffbe276ce7d

    SHA512

    77c222d0d1066228f407362098d142ae2808e70ce693e5966557719017c1fb892ea1d261d2fb30a07dab269206eff76e9de7379a3d2afe59317b418bdff94c52

  • /data/user/0/forat.group.halva/databases/cheshdb

    Filesize

    20KB

    MD5

    ea35afa72a71baa2fdbeeed82c208375

    SHA1

    bf6696d9ad3e546114337a6f8ae496d681e116f0

    SHA256

    b1d874cf428b3039d01052bbf2445c302eae263a24a5dab11d66709d05516b00

    SHA512

    d42fb42358c8bf90a774a88b3ea3649c231a21df3a04488f31c68b745a27302a52e516afde3ee8d542de2868bfff54588e96afa3722e677a161d599c9a065ecd

  • /data/user/0/forat.group.halva/databases/cheshdb

    Filesize

    12KB

    MD5

    171aedf968e17a2744d2585715606cb9

    SHA1

    bbeddeb3b89fcf809619c35b4a318a80e7d5b029

    SHA256

    d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

    SHA512

    78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

  • /data/user/0/forat.group.halva/databases/cheshdb-journal

    Filesize

    512B

    MD5

    bf17f41e67e6e3ae4c7fe79ab62570fb

    SHA1

    75217b33eb4af0da062d75e6bb8bae264832ff30

    SHA256

    0a84f3e06b7d16b668432749057f1eb4c8a4a91f668007c831688c1142dbc29d

    SHA512

    5725548215c0c2f1748c2adac3c9bfb65c6e026b9011d3615df125e95f0f479768df3f59bc29715ec841f5c587c359eda07b13dd24123a853bc5ce6f59c21284

  • /data/user/0/forat.group.halva/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    041312d96a3da2ae56a74ec274ae6950

    SHA1

    90a2d1bfc6091fb1f69f55e3fd70819929355efc

    SHA256

    8f4240c054dbfde00c618c0b774aa8a357c07ab653dde69074bb21bb30fc17dd

    SHA512

    aff90cd5cb37fbdb853efba3157da28ec53955e344989bf49e5f01d39c60b00d239216c396a2b8c9f4e5bdb4cdd580ba950d44b4511431d11ce1dd1608bb4594

  • /data/user/0/forat.group.halva/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    dbb648d7f40796914b481241cccf69ae

    SHA1

    35dfb36a10d61aa658e659b92cac93fc340cb3b8

    SHA256

    6b392a096b7aa00ca303df5afcda8c8712f9064ff56729cd379fa9513c654569

    SHA512

    9be103c1c7d8705dbebc86a178b61d862d4df93f21448d5d3936a49ca4de4f9f0e081c71630d19ce5492563f8cfcc5092faa608e5e97601a567f50182fa69607

  • /data/user/0/forat.group.halva/databases/cheshdb-journal

    Filesize

    12KB

    MD5

    181ace5aca815c70125db79536180dc7

    SHA1

    73c36cd95ffdb3977668d4942a3a47188e6d5ae2

    SHA256

    2a3dd0b13a26dd304fa4c0fcda04c590dcbe82db1905d9caf009f624ef503443

    SHA512

    e8e7afa1bb1742227222e73693b99460e3d2014e504b1b4b1ceb3dfbfd38a5ccf0a8d05aefb238f5af12b96c8951df06a11717edfcc3812a0b2daa388c1015ca

  • /data/user/0/forat.group.halva/databases/db_default_job_manager

    Filesize

    28KB

    MD5

    356f4716a6da881a14941b0fb6a1a173

    SHA1

    fdf5a421f9af23f439af54b825b0db1133e13847

    SHA256

    247edc8404fe099d31ca1789a9254fe0506ba04b44f466694177508da847cf17

    SHA512

    8081cdc72426791048362b3709f5494f2b474da93cf47d3aef116651836fdd9962a97cb21a79304012859048a8719424dad808a8d4d10240309fe9ffa6ad0820

  • /data/user/0/forat.group.halva/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    babe4ad7277dce7d2b9441ac4b21ca73

    SHA1

    096c533a095584fe73cff2cbaf58f88b1144d68a

    SHA256

    52da029501cc3bbdccf0b86fddf9fd91e60991a553e143b708d270f81f29fc05

    SHA512

    0e8cf393e10b01cf145f2a9c762d5f04e6edccef7a47e6d204c368e014a9928f3b7a3967b6313bf7d4b6b8462308e83f25467a2d267c7206c08dfd65152c07e6

  • /data/user/0/forat.group.halva/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    8f811e000aa620b29da2a557859a5f79

    SHA1

    139ae6fabeb7545430f146d5428e1efb6e18a881

    SHA256

    e34d4a02b49c685b1936d323dfb182540562cef3f2e01f110982b5089882f085

    SHA512

    e9f0b0b7dccdd53bae55f6605b164e20ed00ed02e9bb061b04e3a3643ad0436ba8b8acf06a16d467a4856b96e342a0b3f9519c16611041cb898a613694e6fa40

  • /data/user/0/forat.group.halva/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    28d0c319672dda38d20ff7852a618690

    SHA1

    16d9374e6c7730da9066076017dba3245335342b

    SHA256

    776d76c4a3ce6dda133fe1ea9ff5360d5a46dc153e582c740d85925ac42eab3f

    SHA512

    eada4c643df9705f13845bf454ac46134e5e062187e1b859deff6cf6bb16d9c6f3deda71678e19b1d2bdd065625ee37cce16f8ccc3d2636fa85528c67695b8e1

  • /data/user/0/forat.group.halva/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    2d587f5d845f7e33d47f1020f58bb3ba

    SHA1

    b99890d0457f70982ee307738b4a4568d5150ee0

    SHA256

    ac9283d9c69a36d5ab3825689340886f691b541fd228ce4cfbf481772901b647

    SHA512

    386751257cd0868b9a41e68642509c3ddad86ae30c01f786396b689898292ab0a1fc8a196bc84802a26c5add9336bfc715845f011f916e27c60f8984c54d6c1b

  • /data/user/0/forat.group.halva/databases/db_default_job_manager-journal

    Filesize

    12KB

    MD5

    ac8643bfe99f03a34ab7bb32f5c5e76e

    SHA1

    0e61bb651305eecbc525f43828b5bf643a87a54f

    SHA256

    e2fa64a618fa69d67577c0ff9dca177a02b777f4215639e0d7bc27e8a14263ac

    SHA512

    f1fa672acebbe9de57b97a1b73bfb6be2ba977f5c735820b553f812c6692a25d82577d58cd8abac858cc0ee54d1c9538d76c5189aea8aca7370a79193c5aa83a

  • /data/user/0/forat.group.halva/databases/db_default_job_manager-journal

    Filesize

    20KB

    MD5

    3c9d3f48716cb1c2dbac68f61414171a

    SHA1

    764d5a0b135e7c010b54697969615a95a961d73b

    SHA256

    46274e0c71ba722dec2edbd14befc74ec89cfac7a21d41576584db82eb4fe2ec

    SHA512

    bbbd8d3c92556fa275b3712dd16932e0a32d300314949d24c3c593db839c28e9568e7cd4ef505633f72d42f485a195d725eee467d43633e8a44b46a670e118f7

  • /data/user/0/forat.group.halva/databases/evernote_jobs.db

    Filesize

    16KB

    MD5

    58c0b6e45328752b20ac6e719ac034f8

    SHA1

    372b2638afd00bbbc4034657b3df3d2e428fb367

    SHA256

    9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a

    SHA512

    2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab

  • /data/user/0/forat.group.halva/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    913dd93447e11813b4b833456838c4b3

    SHA1

    1a141ffe338583cc7bb2627cec9520bf9ef235a9

    SHA256

    b0ddd59e93d157564961350eafbf8adb235e491bd0ca12e92a5cf4ef2f7c0172

    SHA512

    fe76305765cc8809a2509e918ea7956d84d5a33609c1b16e192116ec0923744c67c33949a7a8f94e28912c4053e5adcec7e9755055ce3d1f72f0ff1e6acca436

  • /data/user/0/forat.group.halva/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    8c1cde4ce28659b8e102f9908a8d0ebf

    SHA1

    7ec0918f20fcffb37cdf7adc6ad8ca3cf31853ec

    SHA256

    bedfcc6a7e03a2b4b7cd06025dc26f90a64979bf690b6d3c47bfadc1b8eade69

    SHA512

    2bfd29e1a5562670de5e94012a290c2cb8a2ed87b117efd0a0a0d19fec257bb3b2d7e48781d50827732569729f6b7637cd017e73a9e6ba392bae97dc504d5c12

  • /data/user/0/forat.group.halva/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    ed4c651d7cde0064ab287d0f80da3098

    SHA1

    cbd3a1fee4cd96e04c3095d7a422246521ef7d41

    SHA256

    693053d2e80666898f9258151a0b19d77e18477062db2be4e897ec65c579052b

    SHA512

    4a26442c3ae68aa4af06ce0a94ad23948ae539f3350d3ab490499f31f0b668873db011967434a7085ca60d63ed6025daee24127548ec423e744b6a5b837e5311

  • /data/user/0/forat.group.halva/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    d46cd799704aaa1763b608a5d962dc7a

    SHA1

    073e277eb716b2c2a75ac8e8db5cb66e2f3cc7b2

    SHA256

    ced14113e155d83a6612a3afb4825a5f2b753401a989e612eedea51c70c372eb

    SHA512

    6f9d37abe372378d0dec46e38220fe70e7d4ff453e40c540d4babd1c67aae0138f611e48ef67b867ebc80948ee0f1a10ba98d6ca233b8e47f0a125d1264eec45

  • /data/user/0/forat.group.halva/files/db.db

    Filesize

    160KB

    MD5

    9287af83203a9e152fa1deeb52fbea15

    SHA1

    265364061d8d2863dd75a08ad2b14be8433de88b

    SHA256

    76c7a3492522f17bca8c7cdc20bc0bdaab51e8c5f10334b97dbd0f77945a2e8d

    SHA512

    c6a7200002cf02037373c42237cfa1b4ec4df2ef2a551b38a56ea70f34cc3205bd0a2171247169226f17486a3faa92d332fc4ee1b01ca9328bae97d82a618e59