Analysis

  • max time kernel
    2570477s
  • max time network
    146s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    23-12-2023 17:11

General

  • Target

    543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77.apk

  • Size

    9.8MB

  • MD5

    ccd7efc491f7629c74a6297c1353ea76

  • SHA1

    ea5eed8c208cbd0501f463d03003be0510b8ea26

  • SHA256

    543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77

  • SHA512

    edd0d0077990abea83a4886459b03573bd12b7d2f984e7e9b1db6137fcde889e58571a19d187f2e29d6dec999ace49dc242a60acb80438ccab4abbea801fe944

  • SSDEEP

    196608:IKOdH96pKc9gB9MCzekbOU3pAedx50AEWeQc5gVdhiU1rrsOMgXj1:Lag8IgB9MQFOU3pAedx50AEW5ccdhtr9

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.ziba.keikbedunfer
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4622

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/320728dd-f917-4e45-a011-8505e879272a.jobs

    Filesize

    278B

    MD5

    c4174b37b9f87dc428b9b4a601f99603

    SHA1

    fe0764533c84f199779f740e2e9d76d519694133

    SHA256

    b29d0eeb18097b363ac3bef934ddb01b62102c10fd90c532f286a4db50f1a7ff

    SHA512

    0326b6b5ca5a59c8e4afc68d83f86bc69a326addadb6f669904008a2d55b9487fdb98d672c7bae6ee78c3222405fc417242ce3b7fc9512279c20598a7934f3e7

  • /data/user/0/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6de78840-eef6-4579-bdac-44af53881f31.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/user/0/ir.ziba.keikbedunfer/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/user/0/ir.ziba.keikbedunfer/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

  • /data/user/0/ir.ziba.keikbedunfer/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/user/0/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db

    Filesize

    12KB

    MD5

    171aedf968e17a2744d2585715606cb9

    SHA1

    bbeddeb3b89fcf809619c35b4a318a80e7d5b029

    SHA256

    d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

    SHA512

    78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

  • /data/user/0/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    bc312deeee3c8841ed3949d469fad468

    SHA1

    622fe0064947cff256a47039f35f494678a50b29

    SHA256

    48ed0f90aa3593a0fa390d282a7e05fa17408c83b4f18cf009dc336c2617abd6

    SHA512

    49527b9c52d1e9f7ca0e61e445e71c0e19ee9d877c3c2b2ee5cabfa8628d38f52ae6b25cfe910ffa95fee947b72cccda4a4a162723ef538023f44dd43aaf900a

  • /data/user/0/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    288ab0e59b28b033a9d13782f31b0a0e

    SHA1

    9fb4ec3d57dae6473e9e54594d24730e53802d07

    SHA256

    a12e698bb2fb71ccde26c8cc747aaa7a7800243c32c58a9d9d55aca88e1f5ada

    SHA512

    370c424c11b3aab231ec841b697d426cabce317f3ecaf0ffbd203b92844560367cb7c09d38f82675a8e137ce1ced0e9d107a8b61577d4df66ee763f8335e7651

  • /data/user/0/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    a7408e673404c3fa06123e9157e914df

    SHA1

    5aad5436d08b19bfe3259aa436c7b95c1d7b29cd

    SHA256

    e40f3691833ca7111a45efabfd4e0e9bc63ed71651011935960f0b99d70becbb

    SHA512

    3799b3257776829780113e761c86f64ac7abac870238a603acb8729222bd7a25b34afc34108d62d32b11ca34966811e34dac6605e13f95d101213ccdee70c04d

  • /data/user/0/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    37ae46eba6d9e89c913c36b3b2ac2b37

    SHA1

    dce9abe49036ad78cb0826952c03cfcb46a27b71

    SHA256

    38a576497d7216838dee504a901d42db1c96b47012b62fb07ca9c6ae2900fcc2

    SHA512

    aba419fe293afca2ef1c97bd0b976dbf6982725321f5053f7cc5c381714b85116561cf55886dc8caf2c4fd9ab26da672c0436ba2a3a348a98df8f6600d263e9a

  • /data/user/0/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    7a21474db8c74080e33c466aee0f23eb

    SHA1

    bde0399edc24ef2396f28727b3259fe6b9b0eae7

    SHA256

    a63069f896750da1b633870f79c7f8939f5e88065d940d29f00c64629135c2a4

    SHA512

    c3278162d5d32ae0bcc7aa29eaf8253426a0d77074483205a67e69c9185ddfe653fa814a96f6d09a46b44658f18371afc74abe58a13bcccc22af11d777b6db02

  • /data/user/0/ir.ziba.keikbedunfer/databases/cheshdb

    Filesize

    12KB

    MD5

    f41f531c07d4141546a531ff9caffdcd

    SHA1

    9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5

    SHA256

    bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646

    SHA512

    e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

  • /data/user/0/ir.ziba.keikbedunfer/databases/cheshdb

    Filesize

    20KB

    MD5

    8aac874a39667bc7732f6331351bcbfb

    SHA1

    0ba03805d91c1c3394aacfb61a6fe9fd421ea7e7

    SHA256

    c3f85f1a3bdacf22dfa191a365286d0e1ab4b0fc1358098c1cbb35e8c415678e

    SHA512

    e64bc2f5cf19cb8347acaadb87392720d207fe3aafcee20f4c75302e88a81ef05fb9939d8bf1600d92f3db62730dbc73161be4f67d1515970693735485184413

  • /data/user/0/ir.ziba.keikbedunfer/databases/cheshdb

    Filesize

    20KB

    MD5

    9c775e809c5ca358b411c137a0af798a

    SHA1

    8cb4d69291045109fb4d0a9fea36b014d0d01f71

    SHA256

    e14a3e88352c28222964bfbb6b169405fc707a2f97dc5515b2857fefcf3ca9e9

    SHA512

    b7a0b02e42395aa67856f88ac32c04bd3d85f757b44125d786334b6750379005c5d6be95a910f439ad6b8a10b426fc4683c3e16bb78a229d93db836f6377ef14

  • /data/user/0/ir.ziba.keikbedunfer/databases/cheshdb-journal

    Filesize

    512B

    MD5

    0d7c327e8836a190ea435ee2e118b404

    SHA1

    0b68b7da3d6f430c9d6f0a5ffd960e2a8b7f021c

    SHA256

    6b9a4469a023df2687fd12b2eeb410f97a4b14e62a63c36a52c9e4eddc35bca6

    SHA512

    52b798f2eaaf2bbcc1db805c42683e120f60ce9a256bb29b7c9b89a7c9a568783116cdd0e22dc2d7e8c313fed8677ed20628f530df34eb5221504d9152a0998b

  • /data/user/0/ir.ziba.keikbedunfer/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    b6bf7c6d06d923b96aacc24b1ad0b90c

    SHA1

    0de44cbade60917402759d77bd220423c643fc2d

    SHA256

    4a9625959522e5ce64903bbf3a0c2bf79b5eef99039d019dd853b637d47ec00d

    SHA512

    0d320dc5e822e5e1c609960bfb6fd6f7dd3cc58a51fd4fa4e495335eb9cc16cb9a6c0bb779bc92f645cc7658fb36ed5110448578da29c7547cf7bfd8b72c6dda

  • /data/user/0/ir.ziba.keikbedunfer/databases/cheshdb-journal

    Filesize

    12KB

    MD5

    deb54accfc437a69dfe6cec6b2beecdf

    SHA1

    df65fa3f3622d9ee66885be0fa60397725a59efa

    SHA256

    0d944cde905e01e53a1a322bd1a5e9fba0102e02f47cec1fcbf3b23e0ab012bc

    SHA512

    1d11b5d77989e0632d09defcc60801af0e36e51b63f6bca8bde6ac6292684c858823c0158e1f22abe500a136227c8a6e0cf3d421e7e99fdbfda50022fb3ca84d

  • /data/user/0/ir.ziba.keikbedunfer/databases/db_default_job_manager

    Filesize

    28KB

    MD5

    4a1f18b25648733896b29fdf2a1d89be

    SHA1

    b8883150a1eabcf6784dd19b959ad4ccfc020744

    SHA256

    18bc4e177a262bc1db79293c918c1e1fd9d22a43cd8af9f6f820e02250d6b9a1

    SHA512

    d241d2a4828c236d31c0cd712787bf83d946c91ee126dc696bc1d237798afea3d19fb94a59fc1255a8af3b29174180e72be5910561190475c35d21c31a17ba0e

  • /data/user/0/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal

    Filesize

    16KB

    MD5

    9b680aa141d55f703f798bc6fff68206

    SHA1

    2f6179719e435713996bc46fd78654ac06843826

    SHA256

    7f361d331a8ce8e478bcbee0fbb2871825eabc50fc069cd3d19b62f3e85f0157

    SHA512

    d91d339ee036052ffc15884496214d37781b66bd81a57b75040dd9726489da7fa78ecd79ba7a781fe842a5a736f8993f47689027110df9d168e21806828a20af

  • /data/user/0/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    495afe164196faab2a56b8d307aa30e5

    SHA1

    2acc8ba569f80cf674d2214bc44a2d1b7b9828aa

    SHA256

    377ba8d12117978b69ba1a0d940f5443ad908fe49a6c8dba7a80b839ea43a509

    SHA512

    1fbdd18f89278f05a36954fd88f42646b82b3428131805b97ab3da1b6d8c9d15753baf79bdc7988dabc55514e54eb521b8037caff5202d7628a9daeb7a1fc80e

  • /data/user/0/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    f21200f137a8f37c314279f3eb09199d

    SHA1

    fd628fafdfc7a30e9a64f1c8c1736e20c2fa0783

    SHA256

    cb7dfd557ed3f0d40ce160c21f6cafccbd1f2311442baf7753059ff6f3cc8a01

    SHA512

    d2809668ed36bed53ddf7a1323681f02b5c315e1e9267adb606662d657a2f0db88685bb331b3f79da6791a11acd70cdaf526cbb53145c2c659f739815366e807

  • /data/user/0/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    3353c3186925b81a744d8a13ec69eb5b

    SHA1

    19b4d21ea27fae4c85459f61cbd9f7ef615e1289

    SHA256

    dec9954c8d47260d54d5f116b6c72373e489c16584dd00f36f63afcc1bce3201

    SHA512

    6f7aab440355eb6bd11d328e03450e6a8280775f7950a4f19decf51b7e774e8b54e9d7d0033131edf44c405194e7711b64aaa072fa1a7fac509c892191011410

  • /data/user/0/ir.ziba.keikbedunfer/databases/evernote_jobs.db

    Filesize

    16KB

    MD5

    6111defb3cce4ac2fec4aa6e1be2b0b5

    SHA1

    505791c7604cc561df74e3a6f5a844d5ee152512

    SHA256

    c1001b938212d8a6c7dd58865334d0cec5a93412d35715a441b556a69ba4fd16

    SHA512

    58a319fd5f1590152b8d0e8c6e4a5a9a4dda76526efdbed37054f75e7c287baf7121a8aba752977c17172956d93e9ab5e7e824ff1263d38f33c82b4612c0f8f8

  • /data/user/0/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    fdcd5f2d383964c2e38246d2ee099284

    SHA1

    5db73e3ac6c0a41d80b7dce6e5f6d92278b168cc

    SHA256

    2ecb148b63537a9847742ccdd2fc15fe549e4da7ad736464110b57cfbd5a3fd5

    SHA512

    be9d5a5e44654b5b468ec9755bcc80b50313809e995720b0b812a07b6b2ef30453f5cc6b35266824ff3cb7368c958231ec5a0619975a4f22bf9b9ab82aa81a56

  • /data/user/0/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    1dc4228920c9fe7e5056b8f5328e9802

    SHA1

    4876e0234574a1e1f2022b0b333de84c7a2dcde2

    SHA256

    5e7216fe446e3f96772c00e7ad6bf06a63b2df29504b79e613199800cfb7f564

    SHA512

    aacbfc678ec569ec040251e7068581b9dd5faba64c91374ee489dd3aa20d93046efefb71465cce2aa195d90afeca3433ec88e990ada1be149dac02998f1ca723

  • /data/user/0/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    804325f92abae3d74f7cce59602f52e3

    SHA1

    2e239f335c2c7464fd43925e298ebc4a9dc0327b

    SHA256

    524b0fee6b750fc750c5905ff1a8dbd6c9c2f65fc9082660f6e20d5a4db5d450

    SHA512

    d1856a24e997296def808dcdc7bfe67c5ffd31e8a07eaba83ecbbb5985461aab29b897f3df2076212c027aae9bbf00e5591ce5234803260949e8c588cee85a14

  • /data/user/0/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    6cc421bfb491843a02be9ef303adb015

    SHA1

    a6150c9146166def5f64859292557953bb8b3fbc

    SHA256

    0593bb1f38e0f34044a88b9b601b4bba27884b1fb2f7e96e9376f05bc9869b53

    SHA512

    9871c6db34d86eb16be8e78726112346c75685270afb2106a89154c14041fcf716d097b03a9a13eba4120ba77a2501114920743067a7bbf2ccc7d1dd8c84cd07

  • /data/user/0/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    2c8142e391128d44b9ce1c2f2ad0c541

    SHA1

    385aebbcb3f4a6ff4b40f57a89f08a46eac20a71

    SHA256

    6739174c0ad32ea7f0a7feac89d07846bcf9494c9416c8f04b262a386d87eb01

    SHA512

    f9f44709e00e7e2a4a2aba712af7e3ba91b4e83dc6e553062f399b3098f8565f0e6b2d5f5635f060d2959d7ba1ebe82ac6b3124e4ce35e218475ffc13e71f68b

  • /data/user/0/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    07df2d1e108a2dd06e5b48c6fba1a3f4

    SHA1

    5784a4653fc754c3f12e18ce5893bb3a0ee82a81

    SHA256

    8301578980fca79097fa0871a9485863c2afc779fc5f0ef4023e9e926cc78384

    SHA512

    48fb642bb9804b53c99d776f50ca336e8ffc94d15f3d04d026e08dcf903d46e27a121ca1bf58113d8d86d3fed9c1a36d150049eeaa7827b9562aa516e2a0ba31

  • /data/user/0/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    2ddd3ea8b7779263748a5c30f3bb795a

    SHA1

    dcf3712e8ffb442d6df0d721f1496582fb1ea31f

    SHA256

    4cd7ae815fbc417a150f08f826d07ee652ac2a7cf579411719281e44b8bcd7e6

    SHA512

    ced51dc33331512fc33b06edd61caf18e070532994a95f1bea0d7bb9429f2b07994133b084cd0e1f12d875cd2c225221b2ffd43b86662d0c2f79793c07afb977

  • /data/user/0/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    9693e77d674f91c1600ccf62192be6db

    SHA1

    e7f47871ead610fe595624392a5d86cab48baf70

    SHA256

    b6f9f70e2b58d152037238cfa188be45155d8b6cec2d6cfc7967228fdde662d8

    SHA512

    f9fd83382f3bd3cb9961395bb956a4dbf5c63e42e6249edcb2b5c61e74985475d0360687d17f2558ed9bde43da55e5f963ffded24f8a084480952905a98e93f0

  • /data/user/0/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    889d81783f097cf0ed6aa43a8a085324

    SHA1

    06b7046bc527d6af2b1126170915703aac2b2149

    SHA256

    cfb3eaee5fecbcadd25dabbda2173f0d55919dd23fdc0dabd6308648a3f308e6

    SHA512

    0193adcca753d4fed5f6d9cdff3b34b03418fd050d2b2dd3d30bfa4c8fd557d01e3236cf749901d4dece22cfb7aaf7529c7af3bc569b5aaa39bf809daa5a44ae

  • /data/user/0/ir.ziba.keikbedunfer/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    115e23aeaa03e906ca7c442693f7c421

    SHA1

    f3ee2d26b90748f1a96fc81e74e9fb861bbc9882

    SHA256

    e8ba2bf9b8023d80de6f4d01e1238cc61813a6735efcc2f3a4f643dea06e8fd4

    SHA512

    dff43d1c98cfba35c9071e97cb3abaa6c3b4d3fa0ace45727cef803b804dc4fcccf58af46d884c2157b38c07cb52a1a17da6bee503efdd0dc71d576110186e32