Analysis

  • max time kernel
    2601601s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23-12-2023 17:11

General

  • Target

    543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77.apk

  • Size

    9.8MB

  • MD5

    ccd7efc491f7629c74a6297c1353ea76

  • SHA1

    ea5eed8c208cbd0501f463d03003be0510b8ea26

  • SHA256

    543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77

  • SHA512

    edd0d0077990abea83a4886459b03573bd12b7d2f984e7e9b1db6137fcde889e58571a19d187f2e29d6dec999ace49dc242a60acb80438ccab4abbea801fe944

  • SSDEEP

    196608:IKOdH96pKc9gB9MCzekbOU3pAedx50AEWeQc5gVdhiU1rrsOMgXj1:Lag8IgB9MQFOU3pAedx50AEW5ccdhtr9

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Checks Android system properties for emulator presence. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.ziba.keikbedunfer
    1⤵
    • Requests cell location
    • Checks Android system properties for emulator presence.
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4267

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/12faee17-6d24-4387-861c-818f3e7a07d7.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/5c329812-0366-43e7-bf76-9d57daeb36e9.jobs

    Filesize

    278B

    MD5

    949c32454c17310e3525dddf8c1d718a

    SHA1

    781e345036709f0b5b18052632f39fbc907a9759

    SHA256

    ee942930fa4354f8e8d58db374f900f856424296963495d48d4afead36a38481

    SHA512

    039426fbc3e8e14e2bacaff2c00030f0aad8135e90a7fe536aedb851f48b3fc0a2268ddcd10962682f313555b6b3174a5bde4797b618eb6e12cb6ea7b511c4ba

  • /data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/9adb8a1b-255a-4086-bcb9-ecda0ae91064.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/ir.ziba.keikbedunfer/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    ed786d6b2eb40bc341d15317582ab4bf

    SHA1

    0d578a13ff8828b56c6c73fb869224511bcd39aa

    SHA256

    6008b32dec444760ffdbe67643d8f1ec16c604c0f0088e22bd7fa76948015678

    SHA512

    725132d007523a05d2bed1e40cfca08c3942df05376326b3dd94327efb177216d4291746fa29db5613371ea048b6ced127ca9185765998c570a62433c7a5d973

  • /data/data/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-wal

    Filesize

    36KB

    MD5

    cbdcd45dbe6dc8d89a21b02147aa6b9f

    SHA1

    fb19a744324e442683af463e9fe1f364fff3e275

    SHA256

    c22ae20b3b4721bd995e424badd7ce568e7771ec47f8827e1b83a800ebb55cb1

    SHA512

    49a5abdda9d5b7b4ebf1e15b21e339874e51d3a371927bb2ef217d492b49fe42438a4398b593574bf24157759968b5ca346e9c694c571a5d679b0c9836b1b3ac

  • /data/data/ir.ziba.keikbedunfer/databases/cheshdb

    Filesize

    20KB

    MD5

    fe1d33a2f5509fcfb9a3476557cb96da

    SHA1

    cd7d12da527295bce2da88c085177d2e219ebafa

    SHA256

    8643b125f95e31e755a5a4b6faa936c9f2b0ade422c9f362bd609a7da8972022

    SHA512

    26ed8af054b5ceabcd24dbdc1e3e8aa24e844116dd7f3a1bab445380ded73928c8b03b3dea4215762aca614e80c44ef72ce2c3886d50479e573ae9028e6db59b

  • /data/data/ir.ziba.keikbedunfer/databases/cheshdb

    Filesize

    20KB

    MD5

    4fe72c449344f482d5eff5e42303cb68

    SHA1

    e6e3acff8187dce555ea104edc26bb5335551159

    SHA256

    77cebc61596d41c5ef100c761cf3714cdb207b9d05aa3eec771cbb8ab3f9e8d0

    SHA512

    694ac82191c1fc404e0a8494ba042288afd48ee6d418b3c21c8bf75e9ed85cee394a4b9470f93f7fe6ffab1a604a96294a2585ce4c5b287560887817c741f483

  • /data/data/ir.ziba.keikbedunfer/databases/cheshdb

    Filesize

    24KB

    MD5

    1f347cea6a53594be878e35079bdabc4

    SHA1

    ae24631f83d3c875dd678040baafb5e64fc6ba6e

    SHA256

    46cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5

    SHA512

    6f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9

  • /data/data/ir.ziba.keikbedunfer/databases/cheshdb-journal

    Filesize

    512B

    MD5

    2e9e9f1e96baf3deae3effe4cac9aeb1

    SHA1

    3dd2d7ff45b4b5f5ff783413e639e24cf45982cc

    SHA256

    1d6db29bdb3f919dd734b5557f6b586225d9590c7b21a0ad9210307330e187f9

    SHA512

    45c1eb0eb04a6434ac6633640f93e10891465f999d4aaf5c7791b1a9fc7de576118f991428b2c58c032c516a9bd6bbe95e290866415d95e06add06f562382059

  • /data/data/ir.ziba.keikbedunfer/databases/cheshdb-wal

    Filesize

    40KB

    MD5

    3430501229b5422ab9d480b048391e24

    SHA1

    5bffd69f5ec4b1d4ce5c7abcc94161a6462d95b1

    SHA256

    ea9361f4deaa93d7636602ba2a14ecda6871587d94bb373d0e8f7d53c3b4b939

    SHA512

    a241007689982e96bbba9f5692ac491ab94ef7c721634d3125489a3841a507cd46fac647c15603d287f33dfe8b0baf45e2f54970c83e19de54f678a6f1eae95d

  • /data/data/ir.ziba.keikbedunfer/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    9e6ee6c61cf1669ef52f3eb1ad09ea5e

    SHA1

    89925db2235e9f4cc19f6cd35884edc6a066116c

    SHA256

    427b21b56c110ed172990b9835e622251b08859137b27a78d4a044193318c838

    SHA512

    648ab245ddeaa233dbdecefe47ffa0f4928539804a91c5c0b7ee23706c6c7c7a98c9ddd434f4344ffd0b73a317d0e779ef1b565f2b601902278b5db8dff72eeb

  • /data/data/ir.ziba.keikbedunfer/databases/cheshdb-wal

    Filesize

    16KB

    MD5

    0b184535a2e8e9159f9302cf99debadc

    SHA1

    442994be0853d8bc9c15bf1a33e72cbd96a8380f

    SHA256

    471367fa9175ecbe35d3bc9d7736497dd04b0357aa4ed4fad008b25bf44c87e6

    SHA512

    831f5c742775d930bbde072b6d3e880af173ce3fc3457ea2bc4d4b166a2751abc053430a230e4b92e373fd873b3ca5a51c7dcd5b268580269fe298e9f01fbe32

  • /data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    5c6d88b1b40f8554965f1557ab9aab8c

    SHA1

    7549813883e5df0bfb82c4ec6fee6cdb28d122f6

    SHA256

    19699c802547dc0a782e6ebbf9fd677329c12cd692e80fc3e7c9c3345f631851

    SHA512

    711339983ca6a881fcc2d7bee0942c40ab4c93aec23b46fe30c312475f54181436c58fdae00044e5a1be55d2dc4dde97019dcd3f9bef7537094af8fa933072f4

  • /data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-shm

    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-wal

    Filesize

    96KB

    MD5

    8271c5f573121cab3b6a4ab285719603

    SHA1

    89f5bd4197180d42e6fb4ca6b36ffb2c87a880e8

    SHA256

    2c15da2b061b8877ddc788d09e3e3c396de351463bfad0c35ea5339d2d58e654

    SHA512

    b8a94ba516c4a79c99a72422977a43e08e8004963ef68167c35e200aa36fe95cf52323ef5ea40b4efca6ffb87c9ee4d8210626ab14856439b54508a79ab754ce

  • /data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    3b031308f6c812d538541bb9ebd97b78

    SHA1

    94b861cc3ee99a78988130c5ff620c76df7a8153

    SHA256

    6c6e71678722532dc22d546ae163f933ec7510812cf0acfebca0d5d2f1c7e149

    SHA512

    5fe7b37a1e5b2b059194835f83187eb9999e7d58ea1038a134cfc356aef2a3b66fe487bf496f904c2caf9f8cfcc9a64c0b707fa310dcf85efda969c0de5b6b2d

  • /data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    e82d593665b02e98e41d2ee52e7592c2

    SHA1

    5022da6b96ed0b26b358327957bf24ad40421979

    SHA256

    9a8d50dcec54d1cac21905670854ab0011f92ab5a7554cc892880bbb214b1d3a

    SHA512

    5aa2a6021e3811f9718cd6ac6c73333fd41f137795b124d8eb7a66ec61b8d5428eaf1ec7a1b3a9488b54065ed3fb30814f6495b452669f99f558759f9ca1c496

  • /data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    11f32ae7a4631e66a92a32b9f037da9c

    SHA1

    d29747e271edde8ceb87b419fbf61ec9efb94a32

    SHA256

    48f78c5511b4db8e5562757be4ff86dc65fe312bde6e7a95d4776a0d008a04e2

    SHA512

    5f8368a55091a8af919665889d33cd50bed4c540b8e618e86e243332a9292daea26eac405b303d464a36a950d635d2f599cc882f773d1092f24557ca290efdad

  • /data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    667e1032b85ff7fcf74ff0a5ca07468f

    SHA1

    b873e39e7cf3214051b9e5ac49937416d91fb145

    SHA256

    b1fb96293e93291f869893563f6b1b2b12897bcc32fa7013d4f37450ddd27b46

    SHA512

    778cd1d13505ecff9ab8f19c298cd8a02f4d25966ca1879873cee4d0918c54599e9709a2e388d28eb66362abd0d31cbc9c19977fc5da90208d5614b1d60d1d7b

  • /data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    40ba72fe146856d2352cb18a042809d4

    SHA1

    728f371eefe5d8d14085e151ae6d47c4cc2ad4b9

    SHA256

    321a0baece0629efbad99edd81432f01d303e585fb3d69ee3648114186e6aa3e

    SHA512

    3d07169a6ac52b74f5ac5bacfcf158d5ac3b1e67fda3a0ff0000a750a511e854b5cbf33b0b7fd25116e343b19b5739959071b7186b286e64b7b8079ab1c1f459

  • /data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    97ef1384da19c47f1c7560136889bf3e

    SHA1

    6c4a49569d8cbbd90182d98f4744674faeebd8fa

    SHA256

    4210e43a462bcd1abc3eeb2195a157e9e7fe3c67a08870a7511116c3a82e975a

    SHA512

    126425c036bbaf4222a2fdec96a27f6c48f3fec18458c0ad2455291040f559b0f0d92359302aef9bf5cd08d3f72d634f7f0e3e0ebb82e9dec857339952f16bbe

  • /data/data/ir.ziba.keikbedunfer/files/info.db

    Filesize

    4.4MB

    MD5

    72fceb6e827c0d8265a820ad68674437

    SHA1

    1a309d87fa196446a0643a856ce1b640c0a979b9

    SHA256

    4bba131ca7fd51c74d54b7500107f977ea07d0e3185494d83fa30d318a8f2721

    SHA512

    0fff3ad0bdcc5e0d43c46797db83f204a845825411c7feca50e93a9027aa18498ce1b12f1115ca614a50ef31385ee97d681d2a1d442936701300cee3fc03ecd8

  • /data/data/ir.ziba.keikbedunfer/files/info.db

    Filesize

    1024B

    MD5

    81aa2a38a6ed66249df1b7cc3f3da1ba

    SHA1

    af03b08464a94742a469e09cd86e6dac3cac1a07

    SHA256

    4a1b702d4dd622f7733771a4412af614b3d3259ab9270e11e46b908b1283b6db

    SHA512

    ff31dbe48d12acc6489fb87e1cf1f56755ccca10b82c543380e48477f9437dd8cf57bf5318dd965e819cdc2bc1a47b062c2c6ec8178a7b5b6458d720ed1fbf86

  • /data/data/ir.ziba.keikbedunfer/files/info.db-journal

    Filesize

    1KB

    MD5

    a0267271b65fc0fa99210c1a989db37f

    SHA1

    35ca00181750fbb6b12b6eec98da90acc742a17e

    SHA256

    94f87a8b87f499635c1b9a8426973f19974c9cd337e916b7e3c45371c9a62c4e

    SHA512

    643e786948fd3d90110dd0a3bfcd5829660ab7c5cc83f77ca8391fd46bd846c51464faf1cd8e4d28422d411ae5f68129ae8fadd322cac693b785da968f21bf25

  • /data/data/ir.ziba.keikbedunfer/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    8a67a6459e49a5f2c038075075c48ea9

    SHA1

    9e39d5282292ccc968f5f762f3de6035cbc224ad

    SHA256

    21a8c19c5703004b9a6c1bcb03cede7d139a2d8c4f1d389cca6285c5e44cb969

    SHA512

    042ac04ae2c78b0df964ea9cad1cf266394140425cc57deef69cdcccdaddd9fe2bbd83a3e2cf82bdf85a6a0b51235121fe9810bb04ec806f4fafa475208cd1ec