Analysis
-
max time kernel
2601601s -
max time network
156s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system -
submitted
23-12-2023 17:11
Behavioral task
behavioral1
Sample
543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77.apk
-
Size
9.8MB
-
MD5
ccd7efc491f7629c74a6297c1353ea76
-
SHA1
ea5eed8c208cbd0501f463d03003be0510b8ea26
-
SHA256
543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77
-
SHA512
edd0d0077990abea83a4886459b03573bd12b7d2f984e7e9b1db6137fcde889e58571a19d187f2e29d6dec999ace49dc242a60acb80438ccab4abbea801fe944
-
SSDEEP
196608:IKOdH96pKc9gB9MCzekbOU3pAedx50AEWeQc5gVdhiU1rrsOMgXj1:Lag8IgB9MQFOU3pAedx50AEW5ccdhtr9
Malware Config
Signatures
-
Requests cell location 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation ir.ziba.keikbedunfer Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo ir.ziba.keikbedunfer -
Checks Android system properties for emulator presence. 1 IoCs
description ioc Process Accessed system property key: ro.product.model ir.ziba.keikbedunfer -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock ir.ziba.keikbedunfer -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ir.ziba.keikbedunfer
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/12faee17-6d24-4387-861c-818f3e7a07d7.jobs
Filesize179B
MD5ac58f99a1b179d71e8621412ad31c6a1
SHA1b51fdad95876f5615735c2ab411031ff67d5e946
SHA2569537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b
-
/data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/5c329812-0366-43e7-bf76-9d57daeb36e9.jobs
Filesize278B
MD5949c32454c17310e3525dddf8c1d718a
SHA1781e345036709f0b5b18052632f39fbc907a9759
SHA256ee942930fa4354f8e8d58db374f900f856424296963495d48d4afead36a38481
SHA512039426fbc3e8e14e2bacaff2c00030f0aad8135e90a7fe536aedb851f48b3fc0a2268ddcd10962682f313555b6b3174a5bde4797b618eb6e12cb6ea7b511c4ba
-
/data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/9adb8a1b-255a-4086-bcb9-ecda0ae91064.jobs
Filesize176B
MD5f56f328eea1d5c96a1b96dbbf59488df
SHA1440c784cacff61932e2f61580b7cfdc3a4943c95
SHA25690949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA51236e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
512B
MD5ed786d6b2eb40bc341d15317582ab4bf
SHA10d578a13ff8828b56c6c73fb869224511bcd39aa
SHA2566008b32dec444760ffdbe67643d8f1ec16c604c0f0088e22bd7fa76948015678
SHA512725132d007523a05d2bed1e40cfca08c3942df05376326b3dd94327efb177216d4291746fa29db5613371ea048b6ced127ca9185765998c570a62433c7a5d973
-
Filesize
36KB
MD5cbdcd45dbe6dc8d89a21b02147aa6b9f
SHA1fb19a744324e442683af463e9fe1f364fff3e275
SHA256c22ae20b3b4721bd995e424badd7ce568e7771ec47f8827e1b83a800ebb55cb1
SHA51249a5abdda9d5b7b4ebf1e15b21e339874e51d3a371927bb2ef217d492b49fe42438a4398b593574bf24157759968b5ca346e9c694c571a5d679b0c9836b1b3ac
-
Filesize
20KB
MD5fe1d33a2f5509fcfb9a3476557cb96da
SHA1cd7d12da527295bce2da88c085177d2e219ebafa
SHA2568643b125f95e31e755a5a4b6faa936c9f2b0ade422c9f362bd609a7da8972022
SHA51226ed8af054b5ceabcd24dbdc1e3e8aa24e844116dd7f3a1bab445380ded73928c8b03b3dea4215762aca614e80c44ef72ce2c3886d50479e573ae9028e6db59b
-
Filesize
20KB
MD54fe72c449344f482d5eff5e42303cb68
SHA1e6e3acff8187dce555ea104edc26bb5335551159
SHA25677cebc61596d41c5ef100c761cf3714cdb207b9d05aa3eec771cbb8ab3f9e8d0
SHA512694ac82191c1fc404e0a8494ba042288afd48ee6d418b3c21c8bf75e9ed85cee394a4b9470f93f7fe6ffab1a604a96294a2585ce4c5b287560887817c741f483
-
Filesize
24KB
MD51f347cea6a53594be878e35079bdabc4
SHA1ae24631f83d3c875dd678040baafb5e64fc6ba6e
SHA25646cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5
SHA5126f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9
-
Filesize
512B
MD52e9e9f1e96baf3deae3effe4cac9aeb1
SHA13dd2d7ff45b4b5f5ff783413e639e24cf45982cc
SHA2561d6db29bdb3f919dd734b5557f6b586225d9590c7b21a0ad9210307330e187f9
SHA51245c1eb0eb04a6434ac6633640f93e10891465f999d4aaf5c7791b1a9fc7de576118f991428b2c58c032c516a9bd6bbe95e290866415d95e06add06f562382059
-
Filesize
40KB
MD53430501229b5422ab9d480b048391e24
SHA15bffd69f5ec4b1d4ce5c7abcc94161a6462d95b1
SHA256ea9361f4deaa93d7636602ba2a14ecda6871587d94bb373d0e8f7d53c3b4b939
SHA512a241007689982e96bbba9f5692ac491ab94ef7c721634d3125489a3841a507cd46fac647c15603d287f33dfe8b0baf45e2f54970c83e19de54f678a6f1eae95d
-
Filesize
8KB
MD59e6ee6c61cf1669ef52f3eb1ad09ea5e
SHA189925db2235e9f4cc19f6cd35884edc6a066116c
SHA256427b21b56c110ed172990b9835e622251b08859137b27a78d4a044193318c838
SHA512648ab245ddeaa233dbdecefe47ffa0f4928539804a91c5c0b7ee23706c6c7c7a98c9ddd434f4344ffd0b73a317d0e779ef1b565f2b601902278b5db8dff72eeb
-
Filesize
16KB
MD50b184535a2e8e9159f9302cf99debadc
SHA1442994be0853d8bc9c15bf1a33e72cbd96a8380f
SHA256471367fa9175ecbe35d3bc9d7736497dd04b0357aa4ed4fad008b25bf44c87e6
SHA512831f5c742775d930bbde072b6d3e880af173ce3fc3457ea2bc4d4b166a2751abc053430a230e4b92e373fd873b3ca5a51c7dcd5b268580269fe298e9f01fbe32
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD55c6d88b1b40f8554965f1557ab9aab8c
SHA17549813883e5df0bfb82c4ec6fee6cdb28d122f6
SHA25619699c802547dc0a782e6ebbf9fd677329c12cd692e80fc3e7c9c3345f631851
SHA512711339983ca6a881fcc2d7bee0942c40ab4c93aec23b46fe30c312475f54181436c58fdae00044e5a1be55d2dc4dde97019dcd3f9bef7537094af8fa933072f4
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
96KB
MD58271c5f573121cab3b6a4ab285719603
SHA189f5bd4197180d42e6fb4ca6b36ffb2c87a880e8
SHA2562c15da2b061b8877ddc788d09e3e3c396de351463bfad0c35ea5339d2d58e654
SHA512b8a94ba516c4a79c99a72422977a43e08e8004963ef68167c35e200aa36fe95cf52323ef5ea40b4efca6ffb87c9ee4d8210626ab14856439b54508a79ab754ce
-
Filesize
16KB
MD53b031308f6c812d538541bb9ebd97b78
SHA194b861cc3ee99a78988130c5ff620c76df7a8153
SHA2566c6e71678722532dc22d546ae163f933ec7510812cf0acfebca0d5d2f1c7e149
SHA5125fe7b37a1e5b2b059194835f83187eb9999e7d58ea1038a134cfc356aef2a3b66fe487bf496f904c2caf9f8cfcc9a64c0b707fa310dcf85efda969c0de5b6b2d
-
Filesize
16KB
MD5e82d593665b02e98e41d2ee52e7592c2
SHA15022da6b96ed0b26b358327957bf24ad40421979
SHA2569a8d50dcec54d1cac21905670854ab0011f92ab5a7554cc892880bbb214b1d3a
SHA5125aa2a6021e3811f9718cd6ac6c73333fd41f137795b124d8eb7a66ec61b8d5428eaf1ec7a1b3a9488b54065ed3fb30814f6495b452669f99f558759f9ca1c496
-
Filesize
512B
MD511f32ae7a4631e66a92a32b9f037da9c
SHA1d29747e271edde8ceb87b419fbf61ec9efb94a32
SHA25648f78c5511b4db8e5562757be4ff86dc65fe312bde6e7a95d4776a0d008a04e2
SHA5125f8368a55091a8af919665889d33cd50bed4c540b8e618e86e243332a9292daea26eac405b303d464a36a950d635d2f599cc882f773d1092f24557ca290efdad
-
Filesize
36KB
MD5667e1032b85ff7fcf74ff0a5ca07468f
SHA1b873e39e7cf3214051b9e5ac49937416d91fb145
SHA256b1fb96293e93291f869893563f6b1b2b12897bcc32fa7013d4f37450ddd27b46
SHA512778cd1d13505ecff9ab8f19c298cd8a02f4d25966ca1879873cee4d0918c54599e9709a2e388d28eb66362abd0d31cbc9c19977fc5da90208d5614b1d60d1d7b
-
Filesize
4KB
MD540ba72fe146856d2352cb18a042809d4
SHA1728f371eefe5d8d14085e151ae6d47c4cc2ad4b9
SHA256321a0baece0629efbad99edd81432f01d303e585fb3d69ee3648114186e6aa3e
SHA5123d07169a6ac52b74f5ac5bacfcf158d5ac3b1e67fda3a0ff0000a750a511e854b5cbf33b0b7fd25116e343b19b5739959071b7186b286e64b7b8079ab1c1f459
-
Filesize
4KB
MD597ef1384da19c47f1c7560136889bf3e
SHA16c4a49569d8cbbd90182d98f4744674faeebd8fa
SHA2564210e43a462bcd1abc3eeb2195a157e9e7fe3c67a08870a7511116c3a82e975a
SHA512126425c036bbaf4222a2fdec96a27f6c48f3fec18458c0ad2455291040f559b0f0d92359302aef9bf5cd08d3f72d634f7f0e3e0ebb82e9dec857339952f16bbe
-
Filesize
4.4MB
MD572fceb6e827c0d8265a820ad68674437
SHA11a309d87fa196446a0643a856ce1b640c0a979b9
SHA2564bba131ca7fd51c74d54b7500107f977ea07d0e3185494d83fa30d318a8f2721
SHA5120fff3ad0bdcc5e0d43c46797db83f204a845825411c7feca50e93a9027aa18498ce1b12f1115ca614a50ef31385ee97d681d2a1d442936701300cee3fc03ecd8
-
Filesize
1024B
MD581aa2a38a6ed66249df1b7cc3f3da1ba
SHA1af03b08464a94742a469e09cd86e6dac3cac1a07
SHA2564a1b702d4dd622f7733771a4412af614b3d3259ab9270e11e46b908b1283b6db
SHA512ff31dbe48d12acc6489fb87e1cf1f56755ccca10b82c543380e48477f9437dd8cf57bf5318dd965e819cdc2bc1a47b062c2c6ec8178a7b5b6458d720ed1fbf86
-
Filesize
1KB
MD5a0267271b65fc0fa99210c1a989db37f
SHA135ca00181750fbb6b12b6eec98da90acc742a17e
SHA25694f87a8b87f499635c1b9a8426973f19974c9cd337e916b7e3c45371c9a62c4e
SHA512643e786948fd3d90110dd0a3bfcd5829660ab7c5cc83f77ca8391fd46bd846c51464faf1cd8e4d28422d411ae5f68129ae8fadd322cac693b785da968f21bf25
-
Filesize
2KB
MD58a67a6459e49a5f2c038075075c48ea9
SHA19e39d5282292ccc968f5f762f3de6035cbc224ad
SHA25621a8c19c5703004b9a6c1bcb03cede7d139a2d8c4f1d389cca6285c5e44cb969
SHA512042ac04ae2c78b0df964ea9cad1cf266394140425cc57deef69cdcccdaddd9fe2bbd83a3e2cf82bdf85a6a0b51235121fe9810bb04ec806f4fafa475208cd1ec