Analysis
-
max time kernel
2570413s -
max time network
163s -
platform
android_x64 -
resource
android-x64-20231215-en -
resource tags
androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system -
submitted
23-12-2023 17:11
Behavioral task
behavioral1
Sample
543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77.apk
-
Size
9.8MB
-
MD5
ccd7efc491f7629c74a6297c1353ea76
-
SHA1
ea5eed8c208cbd0501f463d03003be0510b8ea26
-
SHA256
543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77
-
SHA512
edd0d0077990abea83a4886459b03573bd12b7d2f984e7e9b1db6137fcde889e58571a19d187f2e29d6dec999ace49dc242a60acb80438ccab4abbea801fe944
-
SSDEEP
196608:IKOdH96pKc9gB9MCzekbOU3pAedx50AEWeQc5gVdhiU1rrsOMgXj1:Lag8IgB9MQFOU3pAedx50AEW5ccdhtr9
Malware Config
Signatures
-
Requests cell location 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation ir.ziba.keikbedunfer Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo ir.ziba.keikbedunfer -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/ir.ziba.keikbedunfer/cache/1582435991586.jar 4916 ir.ziba.keikbedunfer -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock ir.ziba.keikbedunfer -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ir.ziba.keikbedunfer
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0b142b68-df32-42ee-9cdf-b66a6fec7097.jobs
Filesize179B
MD5ac58f99a1b179d71e8621412ad31c6a1
SHA1b51fdad95876f5615735c2ab411031ff67d5e946
SHA2569537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b
-
/data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/8740363c-5c66-43cc-8483-84205f202d1a.jobs
Filesize176B
MD5f56f328eea1d5c96a1b96dbbf59488df
SHA1440c784cacff61932e2f61580b7cfdc3a4943c95
SHA25690949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA51236e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb
-
/data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e1c5012c-2f19-438b-aeb7-20ea9ba81849.jobs
Filesize278B
MD50c7b4dbe8946de3f0a26f9739d8da9fe
SHA1bc46a6fb66565ee64885ae0cd9cf6f53e732dece
SHA2563caf65bee716b2ce28e3fa3e1e459901745ef45c55e857a3755c21405d8ef0b9
SHA512657ec3fd84d0065c1df09df265ecf2a396c53cdd2ed9bea55834e791ea546d128710f94aa323976384e8d36ac185a7109ad5f646966680748cac131b16628d46
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
512B
MD52426e3c70a6a778901f1f14bb4b3688a
SHA11a50a93dbc5ab0b6ad81a3bb1eacdf1b19fb1d0d
SHA25633d382bdb9229c5e828755bead00792bc6b54bbb4be7c457da7c2d64ad25c57f
SHA5127f7af78dc0b1f730a91f97ceb25fb758e415ee27e347dafad5d1ed483b04bf8759c5bca0eb1637994f127df3a806d09f7a0581a0c6638911f642a14b3e37a9c0
-
Filesize
8KB
MD573296a02dfc246c5720168dddd798d29
SHA1eac8fd5273c27f4985d790c86efbf11bb29314b2
SHA25637ddd5c8471cb7a81dc3dc9b72c151241865523dece411302e48c68e5621e4d5
SHA5128f7dcf24bb3b4fc1e898dde97a959c3adce00f4450a5d99d82c63760ffff2a915b18abdf3e28ebc1ebfbce971e9355b18b2cb2950acae8264d6c96e43fd38cac
-
Filesize
8KB
MD51e7c216abffb3a4e54a26f241edc5f38
SHA10876384b0a250f4bc895005e7a018d818512b119
SHA2565d5c24a57e2918af586c2512f064e7b5d52ea8e3f315eca188e4b14113a847c0
SHA512e4951462b02403decab5dd1c18c648e0267f5d569d589b9f7a56fa0c60c21f296bfbaa56e47bfb0422c9565bae56118c62331be1befdbe62d32507e8d1fda001
-
Filesize
8KB
MD55d803fef3a6e68048781f3521117ab6d
SHA16dbf3f858e3d9b5333c0a84b02a494e462efc740
SHA2560d115be5dfc68cbf5c71f650a44c9d3726b5d3b27a2552a57365e2bc31231e5e
SHA51244835ef76e26230406d005a567b607c1c946176ecd2ebc7cc6c977754f1ca6fa64a4d55dd62a05b368c179fd34efc83a9bba3d0458f3307a7d1d2ad3fa682503
-
Filesize
8KB
MD54ed1e6efc22919805978ee3b3dd75ba4
SHA1239245dcfa69e86673894de2ffbb15f36f116c10
SHA256f2213c277934ae599581bf439bd4d34e55a41aae7247907a7e78f291d513a67b
SHA512e9822364c6fae8b7f7bcf874fca82889838f290270b1883f66b5338ae566c3b938534b0480f6dca0513120a75ee45a5013f0b90dc105e6c9cd7ec18b943671e3
-
Filesize
24KB
MD54e4aa949c28abf1e3ff617bc46ecdc47
SHA19174880f91c420fa3b61b967cd49ca02871275d4
SHA2564705858c03fca78d18fbf593261d2134176cd338883e9abd223b353255ebeb1d
SHA5128749fa75d3ed4e1fdd0ba91538c94bb57d712ca7bf292f41c303b111fb18b22042c4ec88bdb6da80f4a6f4316c6cacb646679f48e5bc80823ef3d1a971e365fe
-
Filesize
512B
MD5bc88fa81003acf127752c04d957b8846
SHA18aa36108f0a38d6228d5dbaabaa2ce0db05b4b91
SHA256b309eb7b87a72d6c228d18e5b5f99f22ca1d7f54c41f4bc7d86f7e6339bf3381
SHA51221e514b458608ed7f6ca929ecd702df995c1d8c8063a30baabfe82cefa0c3e84fdf598f96f230bb49df9de67b59d34f9a40f4c782f0e00796fb1423a7d12de92
-
Filesize
8KB
MD5e2d11cb2d521fd887a8e99a28b2c3501
SHA1eb2273bc798a2eddc603ef54271764430a9e7cca
SHA256803a5a5ad912ff977d1fee68030d9fc5f0a1f022d17eb7e2e7c9a913070c58f6
SHA5124246008aa5dd4253a145f26b0d2b76f208b5779ff82b841a24e5e5164535e564a66d7ecc8635dc42fcc55e2a23985e83fd99e9e1728b151afd3d1f51e7245b24
-
Filesize
8KB
MD5ea70bec8106b5a7766d271febc451f69
SHA1aaf88643fd1e4290f194fb573a4deb867730450e
SHA256f1ad351a37682a28500ecbe408986baeead32dd17287db0abfcab4b5bcbcc94a
SHA512068a60ccba4556316ea22189a803a1dee805f769b81dd01c13403c991990d478069b812b328ff3907d999f36b0f6cc78b30a01f2f18083343be4837423914d8f
-
Filesize
8KB
MD5a8f87545287ed807be7811611eb24f06
SHA10d2ca431cc8a4e4d7c115603920c7180b3ea9dbe
SHA25659393c67a0e3e60f5dfffd10fe5a71eb539567c32abf4448c3500b7d5434a295
SHA512ea67033f4f5014bc1ab936e25cd3390f8291d84ec76cd33bcb3415e86d9888791904ddf4778b832ba2b8be4d2ae88511fc20656c80a2c9e4408bebb830a6baf1
-
Filesize
28KB
MD52ecf97bf6a429315014daf7c9b13f51c
SHA1332b0f3b714d8e789e931883b6fe4822c785b9ad
SHA2560cac24e4d2cb67d9e494dc9cc820b81a0c8a5d74fa7cdba199d6a0f32fbac743
SHA51256028d6da5e8f90c8b201b3aa6a76a47655a40250773f29e44757e744157807acab9604e62cfa9a939b3fa68c6c675e85fca28d2490ddfb44d1bcbfd9efc4474
-
Filesize
20KB
MD55206ea641268b0d85f7cc1270a6b362b
SHA126e8de111a57d127df7beab714e505468c3656e9
SHA256b7fe7885f3442cf3167766828cc70fe35535ec12faddba121a7144ea3c5e8d3c
SHA5124ed7bab53bf65a4181557dd18b440eb04d6172e2f31efebba7a25a1ebe294ba95006a272075ee83916040459c166a1e57e7fb839f6a3e179587d8210259d3388
-
Filesize
12KB
MD52a131301256a7a15b414ea768f70274f
SHA12e10a137fbcd9211c5498cd0cf8aa65bcac2fc3f
SHA25687be54ea94e46378737b63b33d01b7d2c80e7969f051ae36a65e7146d9763f3c
SHA512a570bf9efe3fabff5389d1148cfc0d5cdf3e97d33c5ae00bb545afec9ca9ddb7b0740cd0e1bfd35e57263927d3acc70900ad36734475ea0f2b4dd83612e41aa6
-
Filesize
512B
MD5f8d4430d28ffaae0d50f69978074d218
SHA1af589036f9030bdac2f68160295df471181cbfc6
SHA2565412cac897d02953ecb14694712b88ac15033f1bcf2cecba43801c9af48afd5f
SHA51267177685e2ff015718d4fc84e670c0325bb0abcdb20fc0f9d4ee06215ddf745397c97911256d7f2c7fa50ab448a6caf80d5769cb04680afd3bee5b4561739310
-
Filesize
8KB
MD575d5ee2a7903c55bf374043643ac8bfa
SHA1e573e6207c2afe3cc723d72c33254a39559c2909
SHA25600378f6bf67083eedd31ff63becb8593bd961161e4d044948ecf5d5066bc436e
SHA512ec29d411a62490ca60322f25ad000b100ded69e8951b99323945edc719d790126ff5fd08fca9ba98851131971ab083706d9dd339b628b4424f75008a831ffa18
-
Filesize
8KB
MD5c75ad706da12e2011b0d6d20e2110a1e
SHA1575b00e6bb620b548fc1051a59eba9ee903336c8
SHA256de3ee1234af7c191c7cc6dfba4b858f86ad157d8c5aee209f7aa066c5efda6df
SHA5121ebfaa5572b12486c6a330482d2c60d09d637fb8da87dd6cb800aac13b68a564155ccbe03af0c8833eb59b56db9c6d88afe786d1b2fa4c80342dcd6ed0a552d8
-
Filesize
12KB
MD5f082c25dd6cefac41d33bb181f4c86eb
SHA14eda848aa1dc4b6b71283f9526e975cda4a1960d
SHA2567158c3b436df44b7028f3dabb801ae741043ab2b663ece1e9df52fe600f25acc
SHA51260a8070393280c4c7b5d5a9133dcb957f8a925c442fcbaf0d7f5fbcf9a73c3ca864bee9f5319c59ed8f745bf4319b2d54a28663478080575a17d21bb3701d5eb
-
Filesize
512B
MD583f75218904ddd96a9926e59fb08dc47
SHA167463acf08dd022c0451d3befb34083df81777f4
SHA2567b46dbcb467c3736c36aa514040c5fde55e3cfcf4df652fe5ef76beea3fa29c4
SHA512eca8ea5e5facb0939d0f2e5018600d85900ccfc20c04adf4bc87c7131eccd0a4e1e276e1ba1a0f0a1e1eab9c0ee2d7257967b4ea35ebef3df80423840bc4bcab
-
Filesize
8KB
MD58522cc36d0836696bd450ecdd396e7ad
SHA1a2e64978d61d7fad3e8d9fbb205e79e2595a0004
SHA2564a03ce6b5f2f5f75be518c39139d0ae1810a9206c4a6e139e604130144e57588
SHA512855437c0c2725a98bee12f83e27025e7d8c3d1108db619dfd9a1b99af088e9f6ffaded33f7b996e589f424e31df1f7975473d2abbbbca66e804f545636ae8263
-
Filesize
8KB
MD5ff2f3f4862da5397dbe72edea326d7a2
SHA1fc7e429600f5350980973959294c95f882c3d95e
SHA25667eb302eb7917b55435af0b5dc321b04b577d1333f11a0447b30eab3b2d6bdb8
SHA51201a95775c106e2972011e9d8c3bba8627dd09d9935eb72d18b644a82cfe7af6118ea3a4fb1b61043e602e75352d7a94704de36bbdd3a368ba3f443bccc51b160
-
Filesize
8KB
MD53393e692331f76f5e4591381c35152e3
SHA1b53308be1512f5019167beae2e2106174fff771d
SHA256cb20f10c671f8593f5373724ede3bdd19dccb15e0d6f4b3b9a071653f969ee50
SHA512cf294cff391e40142ead628e5bf5ec7a649771c2b7f6456f81551d247ad64bdc0297e363b4322b9671be32bf80d4654efdcc64124ce46f90ba990da4e7454786
-
Filesize
12KB
MD5ea628e04765adaf4238a5dcdff4bbd51
SHA1a801947619ea8c368efe9c006a324dc6339ac60b
SHA256885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe
-
Filesize
4KB
MD5c54d72ef979472e7bd38a78d91537648
SHA1b9a16a0749c01fa7b410369221335454d455d58c
SHA2560ba26b04feb2646ed9be5449c3f4c20f2ad02ceac034a2327cade0076481410a
SHA5122f2f55b5de619ef4df803821fbf8858b4844041efcebcf6497454ccd7f9632630ee2955bce9c494690bcca394ce0ae6b95b6f7dc810c9eda5df674d37b7c70e3
-
Filesize
16KB
MD553f8b8c6c440d0a8a971c71b2ba0674c
SHA173a4e0faea5b78f720ee5f7985cd4b72c69bd351
SHA25658d8214cfe89b428478a4b07a8f34047a2fffcd5ec9f906b20315ade29743d4e
SHA51228effc6fb17116ea0b6ead39da8a5d1027e2af7056e84a84a3163061546b7d58ab35547bebe1475b137a3863493f75cafa222830f1f4e78a89e57448081a3d8c
-
Filesize
16KB
MD516d25bafaad6d158417c16a475df3342
SHA119f5f3ca61d8e6187df7e380d2101d29617b6096
SHA256fdf55fb5d0d0c487f44f35136c21584ba466445659653dccbf647d68b789d051
SHA512f197c7ab1d5fbe0baa123a69dc07daa3b1f5e083993745fa190547601ef4109853f6476efc9ce00cb6d5ee60f1a204157be5081cd312b93caef3dc97574fbadd
-
Filesize
512B
MD532ebeab93306f5c8eefbaa0c9dd4d101
SHA1fba2abb2ece16ad0e8e38cfa7d23cc1b6f9bb072
SHA2568d74c1120d706c9e4b07da78ff64bcdb46928ccd640ceb01f4d144a44ae46f25
SHA512b560d962ca18698741147757039a38e322acb8a193a71eaad75dc9e5b3d8e1635bd7689dfed3effc7daabce4c0f5551aae878486d7baa1cefd543228b66f8754
-
Filesize
8KB
MD515edd96da675f7ec8d53c36dd93858b5
SHA1a9e1370a53f5e4817d261e720c793a09c4a7043e
SHA2569794f08f5fe4103fb48776afc7a8166d3baea3d05958d0ac3d15e20912080935
SHA5128fb16d4d654a729110bdf47858fa527fd1ff26fc2fe84b0c5df82eebe4fad08dc6b03f8f30d8aa64245062f2c5765ade2b4c17e38a3fb84de4f721fff502a44f
-
Filesize
4KB
MD55e9982852fea0708616aa5d22814a2e2
SHA1d60037db0c939194f6c903d6b33e459e02d0eb5f
SHA256fc01565f2f60234c02e85fd85fbba0293353df285c9da4e66f95ef396a57ff87
SHA5128fbd7999e9999228b2cd0d06901f9d2b48339e8576ad97675a16b1b536fd096974b78a5aba883e48c1f13cc7e5b126eb1f8981a4914361a48e63099cd46d6e80
-
Filesize
51KB
MD5316f4ead30c802f891d46b00afb2044e
SHA193d35afe857a8926b659c8dc72191284fdf7634d
SHA256ff26063a8e2fc944be446e61e9d145290871aaebe9c48b000103adb93e839145
SHA5128cf38411a2d82f752c89fda40c0f48f5a37882e138a5e8fafb6ad501a7e8e5e092b15418d57dc1d578afdb8df1360a11b98efb5b2580cdd3d77c303c6b3f7b17
-
Filesize
2KB
MD57bdb5d9f4eeea0c93679c875b8bd343d
SHA1bb3a1d092fbdaa2c908ed124b055b7028576fa2a
SHA25639dd0be1b5448627d691420ddba65c0d2229a63c8badff1f32d1ed30d4fd9721
SHA512bf9c5be23bc62e5e5555d1fe3cc6612a47c0791525558cec817b24017e2577211e88f43f6d20ed29d0536cb3354dac71edfe59ddf9e574be9242c967cea03984
-
Filesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56