Analysis
-
max time kernel
2570477s -
max time network
146s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system -
submitted
23-12-2023 17:11
Behavioral task
behavioral1
Sample
543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77.apk
-
Size
9.8MB
-
MD5
ccd7efc491f7629c74a6297c1353ea76
-
SHA1
ea5eed8c208cbd0501f463d03003be0510b8ea26
-
SHA256
543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77
-
SHA512
edd0d0077990abea83a4886459b03573bd12b7d2f984e7e9b1db6137fcde889e58571a19d187f2e29d6dec999ace49dc242a60acb80438ccab4abbea801fe944
-
SSDEEP
196608:IKOdH96pKc9gB9MCzekbOU3pAedx50AEWeQc5gVdhiU1rrsOMgXj1:Lag8IgB9MQFOU3pAedx50AEW5ccdhtr9
Malware Config
Signatures
-
Requests cell location 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation ir.ziba.keikbedunfer Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo ir.ziba.keikbedunfer -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/ir.ziba.keikbedunfer/cache/1582435991586.jar 4622 ir.ziba.keikbedunfer -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock ir.ziba.keikbedunfer -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ir.ziba.keikbedunfer
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/320728dd-f917-4e45-a011-8505e879272a.jobs
Filesize278B
MD5c4174b37b9f87dc428b9b4a601f99603
SHA1fe0764533c84f199779f740e2e9d76d519694133
SHA256b29d0eeb18097b363ac3bef934ddb01b62102c10fd90c532f286a4db50f1a7ff
SHA5120326b6b5ca5a59c8e4afc68d83f86bc69a326addadb6f669904008a2d55b9487fdb98d672c7bae6ee78c3222405fc417242ce3b7fc9512279c20598a7934f3e7
-
/data/user/0/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6de78840-eef6-4579-bdac-44af53881f31.jobs
Filesize179B
MD5ac58f99a1b179d71e8621412ad31c6a1
SHA1b51fdad95876f5615735c2ab411031ff67d5e946
SHA2569537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56
-
Filesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
Filesize
12KB
MD5171aedf968e17a2744d2585715606cb9
SHA1bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA51278a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b
-
Filesize
512B
MD5bc312deeee3c8841ed3949d469fad468
SHA1622fe0064947cff256a47039f35f494678a50b29
SHA25648ed0f90aa3593a0fa390d282a7e05fa17408c83b4f18cf009dc336c2617abd6
SHA51249527b9c52d1e9f7ca0e61e445e71c0e19ee9d877c3c2b2ee5cabfa8628d38f52ae6b25cfe910ffa95fee947b72cccda4a4a162723ef538023f44dd43aaf900a
-
Filesize
8KB
MD5288ab0e59b28b033a9d13782f31b0a0e
SHA19fb4ec3d57dae6473e9e54594d24730e53802d07
SHA256a12e698bb2fb71ccde26c8cc747aaa7a7800243c32c58a9d9d55aca88e1f5ada
SHA512370c424c11b3aab231ec841b697d426cabce317f3ecaf0ffbd203b92844560367cb7c09d38f82675a8e137ce1ced0e9d107a8b61577d4df66ee763f8335e7651
-
Filesize
8KB
MD5a7408e673404c3fa06123e9157e914df
SHA15aad5436d08b19bfe3259aa436c7b95c1d7b29cd
SHA256e40f3691833ca7111a45efabfd4e0e9bc63ed71651011935960f0b99d70becbb
SHA5123799b3257776829780113e761c86f64ac7abac870238a603acb8729222bd7a25b34afc34108d62d32b11ca34966811e34dac6605e13f95d101213ccdee70c04d
-
Filesize
8KB
MD537ae46eba6d9e89c913c36b3b2ac2b37
SHA1dce9abe49036ad78cb0826952c03cfcb46a27b71
SHA25638a576497d7216838dee504a901d42db1c96b47012b62fb07ca9c6ae2900fcc2
SHA512aba419fe293afca2ef1c97bd0b976dbf6982725321f5053f7cc5c381714b85116561cf55886dc8caf2c4fd9ab26da672c0436ba2a3a348a98df8f6600d263e9a
-
Filesize
8KB
MD57a21474db8c74080e33c466aee0f23eb
SHA1bde0399edc24ef2396f28727b3259fe6b9b0eae7
SHA256a63069f896750da1b633870f79c7f8939f5e88065d940d29f00c64629135c2a4
SHA512c3278162d5d32ae0bcc7aa29eaf8253426a0d77074483205a67e69c9185ddfe653fa814a96f6d09a46b44658f18371afc74abe58a13bcccc22af11d777b6db02
-
Filesize
12KB
MD5f41f531c07d4141546a531ff9caffdcd
SHA19dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5
SHA256bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646
SHA512e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4
-
Filesize
20KB
MD58aac874a39667bc7732f6331351bcbfb
SHA10ba03805d91c1c3394aacfb61a6fe9fd421ea7e7
SHA256c3f85f1a3bdacf22dfa191a365286d0e1ab4b0fc1358098c1cbb35e8c415678e
SHA512e64bc2f5cf19cb8347acaadb87392720d207fe3aafcee20f4c75302e88a81ef05fb9939d8bf1600d92f3db62730dbc73161be4f67d1515970693735485184413
-
Filesize
20KB
MD59c775e809c5ca358b411c137a0af798a
SHA18cb4d69291045109fb4d0a9fea36b014d0d01f71
SHA256e14a3e88352c28222964bfbb6b169405fc707a2f97dc5515b2857fefcf3ca9e9
SHA512b7a0b02e42395aa67856f88ac32c04bd3d85f757b44125d786334b6750379005c5d6be95a910f439ad6b8a10b426fc4683c3e16bb78a229d93db836f6377ef14
-
Filesize
512B
MD50d7c327e8836a190ea435ee2e118b404
SHA10b68b7da3d6f430c9d6f0a5ffd960e2a8b7f021c
SHA2566b9a4469a023df2687fd12b2eeb410f97a4b14e62a63c36a52c9e4eddc35bca6
SHA51252b798f2eaaf2bbcc1db805c42683e120f60ce9a256bb29b7c9b89a7c9a568783116cdd0e22dc2d7e8c313fed8677ed20628f530df34eb5221504d9152a0998b
-
Filesize
8KB
MD5b6bf7c6d06d923b96aacc24b1ad0b90c
SHA10de44cbade60917402759d77bd220423c643fc2d
SHA2564a9625959522e5ce64903bbf3a0c2bf79b5eef99039d019dd853b637d47ec00d
SHA5120d320dc5e822e5e1c609960bfb6fd6f7dd3cc58a51fd4fa4e495335eb9cc16cb9a6c0bb779bc92f645cc7658fb36ed5110448578da29c7547cf7bfd8b72c6dda
-
Filesize
12KB
MD5deb54accfc437a69dfe6cec6b2beecdf
SHA1df65fa3f3622d9ee66885be0fa60397725a59efa
SHA2560d944cde905e01e53a1a322bd1a5e9fba0102e02f47cec1fcbf3b23e0ab012bc
SHA5121d11b5d77989e0632d09defcc60801af0e36e51b63f6bca8bde6ac6292684c858823c0158e1f22abe500a136227c8a6e0cf3d421e7e99fdbfda50022fb3ca84d
-
Filesize
28KB
MD54a1f18b25648733896b29fdf2a1d89be
SHA1b8883150a1eabcf6784dd19b959ad4ccfc020744
SHA25618bc4e177a262bc1db79293c918c1e1fd9d22a43cd8af9f6f820e02250d6b9a1
SHA512d241d2a4828c236d31c0cd712787bf83d946c91ee126dc696bc1d237798afea3d19fb94a59fc1255a8af3b29174180e72be5910561190475c35d21c31a17ba0e
-
Filesize
16KB
MD59b680aa141d55f703f798bc6fff68206
SHA12f6179719e435713996bc46fd78654ac06843826
SHA2567f361d331a8ce8e478bcbee0fbb2871825eabc50fc069cd3d19b62f3e85f0157
SHA512d91d339ee036052ffc15884496214d37781b66bd81a57b75040dd9726489da7fa78ecd79ba7a781fe842a5a736f8993f47689027110df9d168e21806828a20af
-
Filesize
512B
MD5495afe164196faab2a56b8d307aa30e5
SHA12acc8ba569f80cf674d2214bc44a2d1b7b9828aa
SHA256377ba8d12117978b69ba1a0d940f5443ad908fe49a6c8dba7a80b839ea43a509
SHA5121fbdd18f89278f05a36954fd88f42646b82b3428131805b97ab3da1b6d8c9d15753baf79bdc7988dabc55514e54eb521b8037caff5202d7628a9daeb7a1fc80e
-
Filesize
8KB
MD5f21200f137a8f37c314279f3eb09199d
SHA1fd628fafdfc7a30e9a64f1c8c1736e20c2fa0783
SHA256cb7dfd557ed3f0d40ce160c21f6cafccbd1f2311442baf7753059ff6f3cc8a01
SHA512d2809668ed36bed53ddf7a1323681f02b5c315e1e9267adb606662d657a2f0db88685bb331b3f79da6791a11acd70cdaf526cbb53145c2c659f739815366e807
-
Filesize
8KB
MD53353c3186925b81a744d8a13ec69eb5b
SHA119b4d21ea27fae4c85459f61cbd9f7ef615e1289
SHA256dec9954c8d47260d54d5f116b6c72373e489c16584dd00f36f63afcc1bce3201
SHA5126f7aab440355eb6bd11d328e03450e6a8280775f7950a4f19decf51b7e774e8b54e9d7d0033131edf44c405194e7711b64aaa072fa1a7fac509c892191011410
-
Filesize
16KB
MD56111defb3cce4ac2fec4aa6e1be2b0b5
SHA1505791c7604cc561df74e3a6f5a844d5ee152512
SHA256c1001b938212d8a6c7dd58865334d0cec5a93412d35715a441b556a69ba4fd16
SHA51258a319fd5f1590152b8d0e8c6e4a5a9a4dda76526efdbed37054f75e7c287baf7121a8aba752977c17172956d93e9ab5e7e824ff1263d38f33c82b4612c0f8f8
-
Filesize
512B
MD5fdcd5f2d383964c2e38246d2ee099284
SHA15db73e3ac6c0a41d80b7dce6e5f6d92278b168cc
SHA2562ecb148b63537a9847742ccdd2fc15fe549e4da7ad736464110b57cfbd5a3fd5
SHA512be9d5a5e44654b5b468ec9755bcc80b50313809e995720b0b812a07b6b2ef30453f5cc6b35266824ff3cb7368c958231ec5a0619975a4f22bf9b9ab82aa81a56
-
Filesize
8KB
MD51dc4228920c9fe7e5056b8f5328e9802
SHA14876e0234574a1e1f2022b0b333de84c7a2dcde2
SHA2565e7216fe446e3f96772c00e7ad6bf06a63b2df29504b79e613199800cfb7f564
SHA512aacbfc678ec569ec040251e7068581b9dd5faba64c91374ee489dd3aa20d93046efefb71465cce2aa195d90afeca3433ec88e990ada1be149dac02998f1ca723
-
Filesize
8KB
MD5804325f92abae3d74f7cce59602f52e3
SHA12e239f335c2c7464fd43925e298ebc4a9dc0327b
SHA256524b0fee6b750fc750c5905ff1a8dbd6c9c2f65fc9082660f6e20d5a4db5d450
SHA512d1856a24e997296def808dcdc7bfe67c5ffd31e8a07eaba83ecbbb5985461aab29b897f3df2076212c027aae9bbf00e5591ce5234803260949e8c588cee85a14
-
Filesize
8KB
MD56cc421bfb491843a02be9ef303adb015
SHA1a6150c9146166def5f64859292557953bb8b3fbc
SHA2560593bb1f38e0f34044a88b9b601b4bba27884b1fb2f7e96e9376f05bc9869b53
SHA5129871c6db34d86eb16be8e78726112346c75685270afb2106a89154c14041fcf716d097b03a9a13eba4120ba77a2501114920743067a7bbf2ccc7d1dd8c84cd07
-
Filesize
8KB
MD52c8142e391128d44b9ce1c2f2ad0c541
SHA1385aebbcb3f4a6ff4b40f57a89f08a46eac20a71
SHA2566739174c0ad32ea7f0a7feac89d07846bcf9494c9416c8f04b262a386d87eb01
SHA512f9f44709e00e7e2a4a2aba712af7e3ba91b4e83dc6e553062f399b3098f8565f0e6b2d5f5635f060d2959d7ba1ebe82ac6b3124e4ce35e218475ffc13e71f68b
-
Filesize
8KB
MD507df2d1e108a2dd06e5b48c6fba1a3f4
SHA15784a4653fc754c3f12e18ce5893bb3a0ee82a81
SHA2568301578980fca79097fa0871a9485863c2afc779fc5f0ef4023e9e926cc78384
SHA51248fb642bb9804b53c99d776f50ca336e8ffc94d15f3d04d026e08dcf903d46e27a121ca1bf58113d8d86d3fed9c1a36d150049eeaa7827b9562aa516e2a0ba31
-
Filesize
16KB
MD52ddd3ea8b7779263748a5c30f3bb795a
SHA1dcf3712e8ffb442d6df0d721f1496582fb1ea31f
SHA2564cd7ae815fbc417a150f08f826d07ee652ac2a7cf579411719281e44b8bcd7e6
SHA512ced51dc33331512fc33b06edd61caf18e070532994a95f1bea0d7bb9429f2b07994133b084cd0e1f12d875cd2c225221b2ffd43b86662d0c2f79793c07afb977
-
Filesize
16KB
MD59693e77d674f91c1600ccf62192be6db
SHA1e7f47871ead610fe595624392a5d86cab48baf70
SHA256b6f9f70e2b58d152037238cfa188be45155d8b6cec2d6cfc7967228fdde662d8
SHA512f9fd83382f3bd3cb9961395bb956a4dbf5c63e42e6249edcb2b5c61e74985475d0360687d17f2558ed9bde43da55e5f963ffded24f8a084480952905a98e93f0
-
Filesize
512B
MD5889d81783f097cf0ed6aa43a8a085324
SHA106b7046bc527d6af2b1126170915703aac2b2149
SHA256cfb3eaee5fecbcadd25dabbda2173f0d55919dd23fdc0dabd6308648a3f308e6
SHA5120193adcca753d4fed5f6d9cdff3b34b03418fd050d2b2dd3d30bfa4c8fd557d01e3236cf749901d4dece22cfb7aaf7529c7af3bc569b5aaa39bf809daa5a44ae
-
Filesize
2KB
MD5115e23aeaa03e906ca7c442693f7c421
SHA1f3ee2d26b90748f1a96fc81e74e9fb861bbc9882
SHA256e8ba2bf9b8023d80de6f4d01e1238cc61813a6735efcc2f3a4f643dea06e8fd4
SHA512dff43d1c98cfba35c9071e97cb3abaa6c3b4d3fa0ace45727cef803b804dc4fcccf58af46d884c2157b38c07cb52a1a17da6bee503efdd0dc71d576110186e32