Analysis

  • max time kernel
    2570413s
  • max time network
    163s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    23-12-2023 17:11

General

  • Target

    543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77.apk

  • Size

    9.8MB

  • MD5

    ccd7efc491f7629c74a6297c1353ea76

  • SHA1

    ea5eed8c208cbd0501f463d03003be0510b8ea26

  • SHA256

    543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77

  • SHA512

    edd0d0077990abea83a4886459b03573bd12b7d2f984e7e9b1db6137fcde889e58571a19d187f2e29d6dec999ace49dc242a60acb80438ccab4abbea801fe944

  • SSDEEP

    196608:IKOdH96pKc9gB9MCzekbOU3pAedx50AEWeQc5gVdhiU1rrsOMgXj1:Lag8IgB9MQFOU3pAedx50AEW5ccdhtr9

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.ziba.keikbedunfer
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0b142b68-df32-42ee-9cdf-b66a6fec7097.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/8740363c-5c66-43cc-8483-84205f202d1a.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e1c5012c-2f19-438b-aeb7-20ea9ba81849.jobs

    Filesize

    278B

    MD5

    0c7b4dbe8946de3f0a26f9739d8da9fe

    SHA1

    bc46a6fb66565ee64885ae0cd9cf6f53e732dece

    SHA256

    3caf65bee716b2ce28e3fa3e1e459901745ef45c55e857a3755c21405d8ef0b9

    SHA512

    657ec3fd84d0065c1df09df265ecf2a396c53cdd2ed9bea55834e791ea546d128710f94aa323976384e8d36ac185a7109ad5f646966680748cac131b16628d46

  • /data/data/ir.ziba.keikbedunfer/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    2426e3c70a6a778901f1f14bb4b3688a

    SHA1

    1a50a93dbc5ab0b6ad81a3bb1eacdf1b19fb1d0d

    SHA256

    33d382bdb9229c5e828755bead00792bc6b54bbb4be7c457da7c2d64ad25c57f

    SHA512

    7f7af78dc0b1f730a91f97ceb25fb758e415ee27e347dafad5d1ed483b04bf8759c5bca0eb1637994f127df3a806d09f7a0581a0c6638911f642a14b3e37a9c0

  • /data/data/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    73296a02dfc246c5720168dddd798d29

    SHA1

    eac8fd5273c27f4985d790c86efbf11bb29314b2

    SHA256

    37ddd5c8471cb7a81dc3dc9b72c151241865523dece411302e48c68e5621e4d5

    SHA512

    8f7dcf24bb3b4fc1e898dde97a959c3adce00f4450a5d99d82c63760ffff2a915b18abdf3e28ebc1ebfbce971e9355b18b2cb2950acae8264d6c96e43fd38cac

  • /data/data/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    1e7c216abffb3a4e54a26f241edc5f38

    SHA1

    0876384b0a250f4bc895005e7a018d818512b119

    SHA256

    5d5c24a57e2918af586c2512f064e7b5d52ea8e3f315eca188e4b14113a847c0

    SHA512

    e4951462b02403decab5dd1c18c648e0267f5d569d589b9f7a56fa0c60c21f296bfbaa56e47bfb0422c9565bae56118c62331be1befdbe62d32507e8d1fda001

  • /data/data/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    5d803fef3a6e68048781f3521117ab6d

    SHA1

    6dbf3f858e3d9b5333c0a84b02a494e462efc740

    SHA256

    0d115be5dfc68cbf5c71f650a44c9d3726b5d3b27a2552a57365e2bc31231e5e

    SHA512

    44835ef76e26230406d005a567b607c1c946176ecd2ebc7cc6c977754f1ca6fa64a4d55dd62a05b368c179fd34efc83a9bba3d0458f3307a7d1d2ad3fa682503

  • /data/data/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    4ed1e6efc22919805978ee3b3dd75ba4

    SHA1

    239245dcfa69e86673894de2ffbb15f36f116c10

    SHA256

    f2213c277934ae599581bf439bd4d34e55a41aae7247907a7e78f291d513a67b

    SHA512

    e9822364c6fae8b7f7bcf874fca82889838f290270b1883f66b5338ae566c3b938534b0480f6dca0513120a75ee45a5013f0b90dc105e6c9cd7ec18b943671e3

  • /data/data/ir.ziba.keikbedunfer/databases/cheshdb

    Filesize

    24KB

    MD5

    4e4aa949c28abf1e3ff617bc46ecdc47

    SHA1

    9174880f91c420fa3b61b967cd49ca02871275d4

    SHA256

    4705858c03fca78d18fbf593261d2134176cd338883e9abd223b353255ebeb1d

    SHA512

    8749fa75d3ed4e1fdd0ba91538c94bb57d712ca7bf292f41c303b111fb18b22042c4ec88bdb6da80f4a6f4316c6cacb646679f48e5bc80823ef3d1a971e365fe

  • /data/data/ir.ziba.keikbedunfer/databases/cheshdb-journal

    Filesize

    512B

    MD5

    bc88fa81003acf127752c04d957b8846

    SHA1

    8aa36108f0a38d6228d5dbaabaa2ce0db05b4b91

    SHA256

    b309eb7b87a72d6c228d18e5b5f99f22ca1d7f54c41f4bc7d86f7e6339bf3381

    SHA512

    21e514b458608ed7f6ca929ecd702df995c1d8c8063a30baabfe82cefa0c3e84fdf598f96f230bb49df9de67b59d34f9a40f4c782f0e00796fb1423a7d12de92

  • /data/data/ir.ziba.keikbedunfer/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    e2d11cb2d521fd887a8e99a28b2c3501

    SHA1

    eb2273bc798a2eddc603ef54271764430a9e7cca

    SHA256

    803a5a5ad912ff977d1fee68030d9fc5f0a1f022d17eb7e2e7c9a913070c58f6

    SHA512

    4246008aa5dd4253a145f26b0d2b76f208b5779ff82b841a24e5e5164535e564a66d7ecc8635dc42fcc55e2a23985e83fd99e9e1728b151afd3d1f51e7245b24

  • /data/data/ir.ziba.keikbedunfer/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    ea70bec8106b5a7766d271febc451f69

    SHA1

    aaf88643fd1e4290f194fb573a4deb867730450e

    SHA256

    f1ad351a37682a28500ecbe408986baeead32dd17287db0abfcab4b5bcbcc94a

    SHA512

    068a60ccba4556316ea22189a803a1dee805f769b81dd01c13403c991990d478069b812b328ff3907d999f36b0f6cc78b30a01f2f18083343be4837423914d8f

  • /data/data/ir.ziba.keikbedunfer/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    a8f87545287ed807be7811611eb24f06

    SHA1

    0d2ca431cc8a4e4d7c115603920c7180b3ea9dbe

    SHA256

    59393c67a0e3e60f5dfffd10fe5a71eb539567c32abf4448c3500b7d5434a295

    SHA512

    ea67033f4f5014bc1ab936e25cd3390f8291d84ec76cd33bcb3415e86d9888791904ddf4778b832ba2b8be4d2ae88511fc20656c80a2c9e4408bebb830a6baf1

  • /data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager

    Filesize

    28KB

    MD5

    2ecf97bf6a429315014daf7c9b13f51c

    SHA1

    332b0f3b714d8e789e931883b6fe4822c785b9ad

    SHA256

    0cac24e4d2cb67d9e494dc9cc820b81a0c8a5d74fa7cdba199d6a0f32fbac743

    SHA512

    56028d6da5e8f90c8b201b3aa6a76a47655a40250773f29e44757e744157807acab9604e62cfa9a939b3fa68c6c675e85fca28d2490ddfb44d1bcbfd9efc4474

  • /data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal

    Filesize

    20KB

    MD5

    5206ea641268b0d85f7cc1270a6b362b

    SHA1

    26e8de111a57d127df7beab714e505468c3656e9

    SHA256

    b7fe7885f3442cf3167766828cc70fe35535ec12faddba121a7144ea3c5e8d3c

    SHA512

    4ed7bab53bf65a4181557dd18b440eb04d6172e2f31efebba7a25a1ebe294ba95006a272075ee83916040459c166a1e57e7fb839f6a3e179587d8210259d3388

  • /data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal

    Filesize

    12KB

    MD5

    2a131301256a7a15b414ea768f70274f

    SHA1

    2e10a137fbcd9211c5498cd0cf8aa65bcac2fc3f

    SHA256

    87be54ea94e46378737b63b33d01b7d2c80e7969f051ae36a65e7146d9763f3c

    SHA512

    a570bf9efe3fabff5389d1148cfc0d5cdf3e97d33c5ae00bb545afec9ca9ddb7b0740cd0e1bfd35e57263927d3acc70900ad36734475ea0f2b4dd83612e41aa6

  • /data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    f8d4430d28ffaae0d50f69978074d218

    SHA1

    af589036f9030bdac2f68160295df471181cbfc6

    SHA256

    5412cac897d02953ecb14694712b88ac15033f1bcf2cecba43801c9af48afd5f

    SHA512

    67177685e2ff015718d4fc84e670c0325bb0abcdb20fc0f9d4ee06215ddf745397c97911256d7f2c7fa50ab448a6caf80d5769cb04680afd3bee5b4561739310

  • /data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    75d5ee2a7903c55bf374043643ac8bfa

    SHA1

    e573e6207c2afe3cc723d72c33254a39559c2909

    SHA256

    00378f6bf67083eedd31ff63becb8593bd961161e4d044948ecf5d5066bc436e

    SHA512

    ec29d411a62490ca60322f25ad000b100ded69e8951b99323945edc719d790126ff5fd08fca9ba98851131971ab083706d9dd339b628b4424f75008a831ffa18

  • /data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    c75ad706da12e2011b0d6d20e2110a1e

    SHA1

    575b00e6bb620b548fc1051a59eba9ee903336c8

    SHA256

    de3ee1234af7c191c7cc6dfba4b858f86ad157d8c5aee209f7aa066c5efda6df

    SHA512

    1ebfaa5572b12486c6a330482d2c60d09d637fb8da87dd6cb800aac13b68a564155ccbe03af0c8833eb59b56db9c6d88afe786d1b2fa4c80342dcd6ed0a552d8

  • /data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal

    Filesize

    12KB

    MD5

    f082c25dd6cefac41d33bb181f4c86eb

    SHA1

    4eda848aa1dc4b6b71283f9526e975cda4a1960d

    SHA256

    7158c3b436df44b7028f3dabb801ae741043ab2b663ece1e9df52fe600f25acc

    SHA512

    60a8070393280c4c7b5d5a9133dcb957f8a925c442fcbaf0d7f5fbcf9a73c3ca864bee9f5319c59ed8f745bf4319b2d54a28663478080575a17d21bb3701d5eb

  • /data/data/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    83f75218904ddd96a9926e59fb08dc47

    SHA1

    67463acf08dd022c0451d3befb34083df81777f4

    SHA256

    7b46dbcb467c3736c36aa514040c5fde55e3cfcf4df652fe5ef76beea3fa29c4

    SHA512

    eca8ea5e5facb0939d0f2e5018600d85900ccfc20c04adf4bc87c7131eccd0a4e1e276e1ba1a0f0a1e1eab9c0ee2d7257967b4ea35ebef3df80423840bc4bcab

  • /data/data/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    8522cc36d0836696bd450ecdd396e7ad

    SHA1

    a2e64978d61d7fad3e8d9fbb205e79e2595a0004

    SHA256

    4a03ce6b5f2f5f75be518c39139d0ae1810a9206c4a6e139e604130144e57588

    SHA512

    855437c0c2725a98bee12f83e27025e7d8c3d1108db619dfd9a1b99af088e9f6ffaded33f7b996e589f424e31df1f7975473d2abbbbca66e804f545636ae8263

  • /data/data/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    ff2f3f4862da5397dbe72edea326d7a2

    SHA1

    fc7e429600f5350980973959294c95f882c3d95e

    SHA256

    67eb302eb7917b55435af0b5dc321b04b577d1333f11a0447b30eab3b2d6bdb8

    SHA512

    01a95775c106e2972011e9d8c3bba8627dd09d9935eb72d18b644a82cfe7af6118ea3a4fb1b61043e602e75352d7a94704de36bbdd3a368ba3f443bccc51b160

  • /data/data/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    3393e692331f76f5e4591381c35152e3

    SHA1

    b53308be1512f5019167beae2e2106174fff771d

    SHA256

    cb20f10c671f8593f5373724ede3bdd19dccb15e0d6f4b3b9a071653f969ee50

    SHA512

    cf294cff391e40142ead628e5bf5ec7a649771c2b7f6456f81551d247ad64bdc0297e363b4322b9671be32bf80d4654efdcc64124ce46f90ba990da4e7454786

  • /data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db

    Filesize

    12KB

    MD5

    ea628e04765adaf4238a5dcdff4bbd51

    SHA1

    a801947619ea8c368efe9c006a324dc6339ac60b

    SHA256

    885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

    SHA512

    c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

  • /data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db

    Filesize

    4KB

    MD5

    c54d72ef979472e7bd38a78d91537648

    SHA1

    b9a16a0749c01fa7b410369221335454d455d58c

    SHA256

    0ba26b04feb2646ed9be5449c3f4c20f2ad02ceac034a2327cade0076481410a

    SHA512

    2f2f55b5de619ef4df803821fbf8858b4844041efcebcf6497454ccd7f9632630ee2955bce9c494690bcca394ce0ae6b95b6f7dc810c9eda5df674d37b7c70e3

  • /data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    53f8b8c6c440d0a8a971c71b2ba0674c

    SHA1

    73a4e0faea5b78f720ee5f7985cd4b72c69bd351

    SHA256

    58d8214cfe89b428478a4b07a8f34047a2fffcd5ec9f906b20315ade29743d4e

    SHA512

    28effc6fb17116ea0b6ead39da8a5d1027e2af7056e84a84a3163061546b7d58ab35547bebe1475b137a3863493f75cafa222830f1f4e78a89e57448081a3d8c

  • /data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    16d25bafaad6d158417c16a475df3342

    SHA1

    19f5f3ca61d8e6187df7e380d2101d29617b6096

    SHA256

    fdf55fb5d0d0c487f44f35136c21584ba466445659653dccbf647d68b789d051

    SHA512

    f197c7ab1d5fbe0baa123a69dc07daa3b1f5e083993745fa190547601ef4109853f6476efc9ce00cb6d5ee60f1a204157be5081cd312b93caef3dc97574fbadd

  • /data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    32ebeab93306f5c8eefbaa0c9dd4d101

    SHA1

    fba2abb2ece16ad0e8e38cfa7d23cc1b6f9bb072

    SHA256

    8d74c1120d706c9e4b07da78ff64bcdb46928ccd640ceb01f4d144a44ae46f25

    SHA512

    b560d962ca18698741147757039a38e322acb8a193a71eaad75dc9e5b3d8e1635bd7689dfed3effc7daabce4c0f5551aae878486d7baa1cefd543228b66f8754

  • /data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    15edd96da675f7ec8d53c36dd93858b5

    SHA1

    a9e1370a53f5e4817d261e720c793a09c4a7043e

    SHA256

    9794f08f5fe4103fb48776afc7a8166d3baea3d05958d0ac3d15e20912080935

    SHA512

    8fb16d4d654a729110bdf47858fa527fd1ff26fc2fe84b0c5df82eebe4fad08dc6b03f8f30d8aa64245062f2c5765ade2b4c17e38a3fb84de4f721fff502a44f

  • /data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    5e9982852fea0708616aa5d22814a2e2

    SHA1

    d60037db0c939194f6c903d6b33e459e02d0eb5f

    SHA256

    fc01565f2f60234c02e85fd85fbba0293353df285c9da4e66f95ef396a57ff87

    SHA512

    8fbd7999e9999228b2cd0d06901f9d2b48339e8576ad97675a16b1b536fd096974b78a5aba883e48c1f13cc7e5b126eb1f8981a4914361a48e63099cd46d6e80

  • /data/data/ir.ziba.keikbedunfer/files/info.db

    Filesize

    51KB

    MD5

    316f4ead30c802f891d46b00afb2044e

    SHA1

    93d35afe857a8926b659c8dc72191284fdf7634d

    SHA256

    ff26063a8e2fc944be446e61e9d145290871aaebe9c48b000103adb93e839145

    SHA512

    8cf38411a2d82f752c89fda40c0f48f5a37882e138a5e8fafb6ad501a7e8e5e092b15418d57dc1d578afdb8df1360a11b98efb5b2580cdd3d77c303c6b3f7b17

  • /data/data/ir.ziba.keikbedunfer/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    7bdb5d9f4eeea0c93679c875b8bd343d

    SHA1

    bb3a1d092fbdaa2c908ed124b055b7028576fa2a

    SHA256

    39dd0be1b5448627d691420ddba65c0d2229a63c8badff1f32d1ed30d4fd9721

    SHA512

    bf9c5be23bc62e5e5555d1fe3cc6612a47c0791525558cec817b24017e2577211e88f43f6d20ed29d0536cb3354dac71edfe59ddf9e574be9242c967cea03984

  • /data/user/0/ir.ziba.keikbedunfer/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56