Malware Analysis Report

2025-01-19 06:34

Sample ID 231223-vslfgsagak
Target 54d7923d73a811b91a7bd2b5b80eec837a551da37d4052224b1c6c768a658f35
SHA256 54d7923d73a811b91a7bd2b5b80eec837a551da37d4052224b1c6c768a658f35
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

54d7923d73a811b91a7bd2b5b80eec837a551da37d4052224b1c6c768a658f35

Threat Level: Known bad

The file 54d7923d73a811b91a7bd2b5b80eec837a551da37d4052224b1c6c768a658f35 was found to be: Known bad.

Malicious Activity Summary

irata

Irata payload

Irata family

Requests cell location

Requests cell location

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 17:15

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 17:15

Reported

2023-12-24 10:33

Platform

android-x86-arm-20231215-en

Max time kernel

2606866s

Max time network

129s

Command Line

honare.araei

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

honare.araei

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
BE 173.194.76.188:5228 tcp
GB 142.250.180.4:443 tcp
GB 216.58.212.228:443 www.google.com tcp

Files

/data/data/honare.araei/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/honare.araei/databases/evernote_jobs.db-journal

MD5 5e262dab8bf1dbc8ef0af1c42612669e
SHA1 eb25467f12916767613d8a24588568549689bb2a
SHA256 de9f0cea5ee03a786974abc664abf003f0334e78db2b91cafd54d3828db46224
SHA512 2794a3a32933b5d36ab2cdfe6fe8dbb494736b35f3ecd992e64dcb4dbea5d924d64131d1eb1b7ccc0d39eead4d603e70d9268799cfc79897c7958640eada56b2

/data/data/honare.araei/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/honare.araei/databases/evernote_jobs.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/honare.araei/databases/evernote_jobs.db-wal

MD5 733414fc423e5534677ad9365dc0585d
SHA1 45212c709e1fb2317d12627466b5cf21f25002a0
SHA256 37ad409ed5e47fc91c8b993eb29d000140210deca57237b550544d27c102e237
SHA512 29bb6022c209c7c8f5e8597c83dc0e340d6127f1efa75d15202643f619942f60f13609ce4c1a2fdbd0b3831cc9d385c844e5f077de1148a0ad9af6b0ac8394b2

/data/data/honare.araei/databases/evernote_jobs.db-wal

MD5 d99e2e96613cd4b1bbc97f205ef08ff3
SHA1 6510475e11da370cd32c0daf4a3fad185b95db91
SHA256 047198fa7961dc4a43cffb06717f77f707b62860f194d26bd943587ea88e470d
SHA512 decdc85a0ce25d1db35d343c1c34c4fa3c6af007253e0a8fdba8cac56bc547b5d1215d4f262136c12ebea9366f716cfe8f499990070bc955f7cddf9318b63f56

/data/data/honare.araei/databases/evernote_jobs.db

MD5 22b3b744485db50706a443a6831a9d92
SHA1 24c59d8e5e125b9ec50a1654b4541eaa62636619
SHA256 70f43bcf31151761aaef56b13a3101e0fb1e7b0a36ca79ee677c114383ba780a
SHA512 73f0229f8c6bafe676490c2d3353e2948c3db7fa51f963357b2791d8c34f6953a52179c10f99bd7f990de0cbdfbea3dafaa1673871c0368c297d2c89c6cd0269

/data/data/honare.araei/databases/__pushe_base_lib_db-journal

MD5 47dcb123e6a0496f64482eedd40288ae
SHA1 aeaaf82b1acfaecb1db6cf7f36de9f2b822a2a2f
SHA256 38826e2ee7a3767dad1150a5ee0b7f14bb31ca76a47624be781b45b4f53e6211
SHA512 9c2058718a23c7335a97df52d22ffca2762de1f1b82a4dd44de6f6b405fa985d3e4776d30e807a0aec368bd6a7482a7584b72b5a3a734d5b584408b95c54880c

/data/data/honare.araei/databases/__pushe_base_lib_db-wal

MD5 ad5d4b57664ad21c13fab1200bf28ce6
SHA1 3393ff46b510a04a60fd2d46a016e39a6103ec46
SHA256 e72086198773f609d0d09cf64f7fbe095742e318391c3978b98786ec6cd230a9
SHA512 1493f9dba60956d06846ca7404811864e1c987703cc1b5fb0e2acbfe73acd80e787ef41b2fc2dbe4fc155af92fe84faab65422597d1dd5a16c00b59ee920a7c7

/data/data/honare.araei/files/fav.txt

MD5 a5ea0ad9260b1550a14cc58d2c39b03d
SHA1 f0aedf295071ed34ab8c6a7692223d22b6a19841
SHA256 f1b2f662800122bed0ff255693df89c4487fbdcf453d3524a42d4ec20c3d9c04
SHA512 7c735c613ece191801114785c1ee26a0485cbf1e8ee2c3b85ba1ad290ef75eec9fede5e1a5dc26d504701f3542e6b6457818f4c1d62448d0db40d5f35c357d74

/data/data/honare.araei/files/seting.db

MD5 ec3e26c859373af93bfb35ad7124deaf
SHA1 f3deec3fa82bd72054091e9e07c2ee96e63a32e3
SHA256 a7cb5508bed65398db8d7119cae233f0815888f021ec13042363ae6670bb5efc
SHA512 64e4642c341dc07896023d964db9ef03ca7491a8ece764edba48d81b2471c01dfbd104fb577d822662da5062dba68f5d90524d459ca563dbd8b170a23a2adffb

/data/data/honare.araei/files/seting.db-journal

MD5 47f46595480de67d52c57cffd2173451
SHA1 7b587256640e741a598eb030d47d88882dd5b3ae
SHA256 08e4603a3074480a8c46adab1f9bf8895529f1831eaea27b11e7a0f9891c366a
SHA512 5de48a25b99dbb2bd37c65d2f609863a69a891b69dd250874d6c5c4f4bcbdadb94a14f8ce92678fda0e4ccc7416d3faa48989c32e94d8bbbe32cc1ec2926e29f

/data/data/honare.araei/files/seting.db

MD5 9e496001e3583d3e97786c6edab32e21
SHA1 c8f3180a27ee69b0f6e1b610350fc497f78e7d70
SHA256 44f8ffc7965998fdad119328307c8cee29435df4a5ba6dbeb97c9e6abcd1d803
SHA512 68d85acc107813cdefb233e9491f547697c19aec9958d24009c4ce94ef31673f7a0a6839222012ec84c0ff1fdfe24cbaeafbb2e4b685e8f8c72018f85914d895

/data/data/honare.araei/databases/evernote_jobs.db-wal

MD5 320ce15e301aa42f7b68b89c0313a62d
SHA1 0e92fd5880395f5d4c24d1a114324e717a80d389
SHA256 92dad9b316aa6d13294e1ab2a040b02040f20f50f6189c7426758fdf5220aa69
SHA512 e38d5384283f218d04897b32e0d621e22d605f2d48bdbc6ac39b19d705a72fcdfcbfa98cb6ddced7eb98bd3a77eb622e529dd338e33b255393b45ba6ea01d8ab

/data/data/honare.araei/databases/evernote_jobs.db

MD5 33ab968b52629b169fbd7c46e7673410
SHA1 35b0dccb55c21149f44b050306761ddafa7e5bb4
SHA256 2b3ab3036edb7419e8a7c0cd386362e7aac6a948d1f6a3e38409f205283a3095
SHA512 a58f06b9d1b2085d11db242bc87baa73ec782b9922cb8aaf6706b70bde6578160d04861a63a96194550a02764a507a723af062021e235745284f765773373435

/data/data/honare.araei/databases/evernote_jobs.db-wal

MD5 cfa797de8388cfe420a200725991d703
SHA1 ecb1727442d7e8c14222f8c1126e2d7e6b137564
SHA256 69389bde9412913a2497ba7f816197fbe060d75a113d5c8c2f04fcec31c67977
SHA512 c16c7713ece6197cd9b03b9c6f6a5466f2c235235858fe6decefeae16d3a37d0a57ec77be748e6066ec1de739ac4e67b4ba0b102b8c54a9f3ff567c12b6c99d5

/data/data/honare.araei/databases/evernote_jobs.db

MD5 3b90a355e965f7a5564b184168fdb403
SHA1 fd01597738089aea7b37c0e10ebba93e27a8289d
SHA256 5fb23bfe3cd122cf3410a9346eb16f736a8537da6cccf5fcb71e4e356c6ef9ef
SHA512 0321fcf12b5278927d4fd7ecc6dcfdd2826abcbc9f7352ef5e168391f194ad21222b92e57a96fa1702306fe83c4788f7bdd651204c81369d44ee688b3b49ecfa

/data/data/honare.araei/databases/evernote_jobs.db-wal

MD5 70aff7b9f2ee9955b74b7190739a3127
SHA1 ced819d2133f8c6375f32b0adedef833bb5d06dc
SHA256 83172c93a57765cc16ea03e16a3e4d0f9047e82ea528e90be1d5e0ebdffac486
SHA512 0867f6e31b01caa29e1e707944252b517429c1c1dae68e143361be1fc72746808ece35fa9460370d08115982aea07f4fc8212bd71becee7134ad07f037e53d01

/data/data/honare.araei/databases/evernote_jobs.db

MD5 318019e0ace17ff6e350eb3297a3af5c
SHA1 8afd7caec4a5b3bc286a47ec4319856a1fdb9085
SHA256 1fac7249d6412299ec38a2d07a73534ee10b4b2967c44c7d9aca05a8a60eaa27
SHA512 a3357758f268b9dcfb4407e46bb5ba2528a0a6d177ae89d4cdab3154c12d6a9ce72a2a0e29059a4c7e4c67bc8bde110921a47ca15c7d1b266e739bcb640c762c

/data/data/honare.araei/databases/evernote_jobs.db-wal

MD5 859502ef62bae84bb7246c2d89887491
SHA1 49acc07b2198225da78be1048ebe85503acc1edb
SHA256 0aab08de2273d7f16e666b5dc9a7f5145bfa74826b21de2c8fe5b477a95c519b
SHA512 0df83dbc5bd2000d639e5bc7f3771d02b4b03cc0397828d82a154014e7548d1e85724c23cbeb5938d2aebe0f9c75a093a23f0d3167b86ca7a6fb5539ac3551b6

/data/data/honare.araei/databases/evernote_jobs.db

MD5 608e6c54ff02fb35f8c1f7923aae96a1
SHA1 6668c52ea49155d9bc7150faa0ce09c9d9833856
SHA256 4925acde83da461ca8cd27203df92803e6d555e46048b6e6747f43dec786e311
SHA512 bee7ef8be3d064b0b3cffaec3746ec4805854f8b7e73a1fe3e706471ba10fb734f879cc298c041934ffcc258d3d0df7ed31cd4eb66da22c84fc88042b90f2a62

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 17:15

Reported

2023-12-24 01:10

Platform

android-x64-20231215-en

Max time kernel

2573109s

Max time network

161s

Command Line

honare.araei

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

honare.araei

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 216.58.213.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
BE 108.177.15.188:5228 tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.169.4:443 tcp
GB 172.217.169.4:443 tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.238:443 tcp
GB 142.250.200.34:443 tcp

Files

/data/data/honare.araei/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/honare.araei/databases/evernote_jobs.db-journal

MD5 ca52b4812f206b715fbb79538c8dae93
SHA1 1ceee90c41107632263640b2ebd0991704904f18
SHA256 a654f2f6233cda89b3df4c7f4d4c107bc62c1432fe572b0aa67fee337402d789
SHA512 6704292d9dea162c7495488dfdf2897152271f5e7ce42396f1f3e6cb23c92d4f538e528a1b5da4e68abbced7d60da033cc832d4895e7733f991e6e17ed47d49a

/data/data/honare.araei/databases/evernote_jobs.db

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/honare.araei/databases/evernote_jobs.db-journal

MD5 79ba0c653bedcffe9972ff13a9a48774
SHA1 9b532fc1529e4d4d18f03c8261ea1ddfdda1a694
SHA256 c5aad8134da55a59b7abcc85dce58e5488262ff17071bc1dbe00551e69bbe28e
SHA512 b9195c5bacfc320933984bd0b0513c8640f0b555ef5c782fc328f5dae94e390239ee0452c67ae09b013de922300f9c803fe079625f2a609a297ef0edb0c4a634

/data/data/honare.araei/databases/evernote_jobs.db-journal

MD5 447d22cf54589052c4f1fc3f6720789b
SHA1 9b48c96c1a989425e5f836a0324d69a35a9f0a44
SHA256 ca77c753c0b7e2efbec4816cc605381a8d46ee9474e1c6518aceae1a0ffdc930
SHA512 e0e4ab269343728fa8dda2c53f54bed3d672cc77c74af02ef1ddc0ec60fac4fcf9ae6101e9f445f403595be38eee98efae83e01164f833f2e5fa06fcbf567fd4

/data/data/honare.araei/databases/evernote_jobs.db-journal

MD5 93c0dedb77c3b6aa2a5738352b874e73
SHA1 5187ba1766365286515d947bb9edfbb4f5186b7f
SHA256 411dba223584ec76a18e9b633fc1bd26b36ba7bfcedef864051894757f92fad4
SHA512 fe1abf30ad35cfa2ba991923e0728c15254279ee575e842f7bf6324ee5c411f26866536724ca98b417b350f24016b435b7b394b9e780e1e6b2d5a62ba31037b5

/data/data/honare.araei/databases/evernote_jobs.db

MD5 6a276e51d2b8a08e66f92dfa466cff7d
SHA1 94d4f806e08ae9edb03b09bc5ddea09a39237851
SHA256 76291553012d4b0d7a3ccd3337f36f1b3a9b186cace3f980e38ec0ca7e6da32c
SHA512 7acb6554ef4054d56fc93100b21b0b73cedc4ad871486f67f17940ac5616a1edc485234237c4956c650d459d4355657c71212646891553abb5888b6949a69440

/data/data/honare.araei/databases/__pushe_base_lib_db-journal

MD5 2175b2f386582e1218039e05c503b70a
SHA1 dd394a85991bb03cb694e6da268f4a02d9fb8556
SHA256 e0587103112901e0f6b41025352d168045c70762daff1cc9e43f2310d18b0832
SHA512 563314b5c6f25aa0dcfc63e586b68fcebd74eae55bde4a1a63006228a066c962ef4fd75f68a45bc4a199b6bed2144ef731d9188d05b032abc7a034048ff631ac

/data/data/honare.araei/databases/__pushe_base_lib_db

MD5 abe9fa56c177c65db8c072e6d81fc41c
SHA1 abe9e9bb6f7294324f549af4435f58578ae69f2f
SHA256 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a
SHA512 bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a

/data/data/honare.araei/databases/__pushe_base_lib_db-journal

MD5 c8b9f292da6941281327958e026e379a
SHA1 67b663e79f108c885dd04ca063828572009f05d1
SHA256 4198a27226415c89ad58b6cff1b47e3b28e62f9d5fa37e6a4db7600d1cd32fdf
SHA512 34bd0bf387250919d37f81ac5d7391801a4fb42cdc075aadfc64559db2cca2452a86c2d05b12633cbe96489b15393c5a530d14be1d6ee1334262ab66a465fbb7

/data/data/honare.araei/databases/__pushe_base_lib_db-journal

MD5 41158ca5863dfc18ab5ccd29709cda3d
SHA1 6a6697fbd7fc3574810d9ce7f2291df34299ea5d
SHA256 b40ff65f32b9494d54b5996c6b45308f28799ac4fd2ed431292f407dba71d59d
SHA512 a7fd859a826faabfe5084919f31e601936d5f7c463b9e4b18f2c442fa64f006ef8566ff514b2e4e5bd139845d715568335de29b7a53ccb971fe7617873eaa8b3

/data/data/honare.araei/files/fav.txt

MD5 a5ea0ad9260b1550a14cc58d2c39b03d
SHA1 f0aedf295071ed34ab8c6a7692223d22b6a19841
SHA256 f1b2f662800122bed0ff255693df89c4487fbdcf453d3524a42d4ec20c3d9c04
SHA512 7c735c613ece191801114785c1ee26a0485cbf1e8ee2c3b85ba1ad290ef75eec9fede5e1a5dc26d504701f3542e6b6457818f4c1d62448d0db40d5f35c357d74

/data/data/honare.araei/files/seting.db

MD5 ec3e26c859373af93bfb35ad7124deaf
SHA1 f3deec3fa82bd72054091e9e07c2ee96e63a32e3
SHA256 a7cb5508bed65398db8d7119cae233f0815888f021ec13042363ae6670bb5efc
SHA512 64e4642c341dc07896023d964db9ef03ca7491a8ece764edba48d81b2471c01dfbd104fb577d822662da5062dba68f5d90524d459ca563dbd8b170a23a2adffb

/data/data/honare.araei/databases/evernote_jobs.db-journal

MD5 6be3fc9b02de4fa83cd4df72be3d5330
SHA1 990fb7908d529422184c05d3aa00606fef26b956
SHA256 59273ddb2fa3718fa0027ca5d2f6fdd3cb23ab3b5b4a1270a9b63626b431d716
SHA512 1555b497723de609ce658f1431aea3f77ce5ff1d3a60c4af9463230483a9ca33f73c4c1c77c5ba32910b1a3ef253186eeb6f78d07411e538f1cc0f252bd7859b

/data/data/honare.araei/databases/evernote_jobs.db

MD5 3eae40bb4a005b103b9d9f1f6393c4d9
SHA1 f5dc7e8837c6864833fbaf62ea5e5ca1726a4bea
SHA256 17945f6ebd4a346d3e598466ddec9a49e0f85043705bef7e20cd6dd10a657a6b
SHA512 edc9d50f41f0f280f015f1095ac50fd7635cfbbbb3dce9d0f47b8178e50943453b346862e6c68148452ae1d98dd5c7ced1361dce9afacf159f4d12bf18b4f7e9

/data/data/honare.araei/databases/evernote_jobs.db-journal

MD5 8f060c9e20784e9e81cacc10d732e59d
SHA1 7f2ac211af6a7d024552dcd95281d5c7a47e1692
SHA256 d62eabd2bacb3b4afbd14c39cb3de60f39aaa5b5d3bca7d573203539fba15e6e
SHA512 516f691fd91b7e043fe781fe83b771402d883802e4f4f17a600851c72082c6a6844074ab5544d2152e2b1941686772f37c8c984a35a956e4e1b90ec5175e4f21

/data/data/honare.araei/databases/evernote_jobs.db

MD5 7927106eea4337670c33249ad5ad8b9e
SHA1 015b1ba44449e6364e59e37c3332777c990bb421
SHA256 a94e6f8a6c51dbdde6669c12926b0b929eb5838f1b6ffd09c7f824a2e7916091
SHA512 4ea1efffca0b7422dbb08f3f992b82b497e11028f0a91b7d06e0f9127b82614a4327c2f3eed6a06faa7acd6adeb1bd516486845f1ac901c870a95849b60409d0

/data/data/honare.araei/databases/evernote_jobs.db

MD5 db705bf9d1d5e087b669e11c8e8bfec7
SHA1 24d2592878e70359af337928988bc3ea6d225a82
SHA256 45986670e4c3451594023f0517c902def59fa827e31288b277892dae19d2ad5c
SHA512 429cc4421f96bc4096ff5aa9d8d7bae7e1e9175b3e3f61c12a5b8108425f4ba32f8ad7d1ba2aa5341b274b019000adf45e584e4fd6a0ac42c51bd69661988c14

/data/data/honare.araei/databases/evernote_jobs.db

MD5 b88a3838a4885120b4dfd68c81cb39e5
SHA1 75c9f84d597a54e1009b6333bd5f29326f6fa993
SHA256 c0006f96da527308ad6acbb3e21e4eac9af2aba68e81d19f7cbd048fff58e6d4
SHA512 7faae2a9da22752d6a08796faa7841f94657e0aae8da28a7f53e7143462400a9d2814fce873cf294bfe9a523deb7b44a39e84b66501c467c908859b96c8f1875

/data/data/honare.araei/databases/__pushe_base_lib_db-journal

MD5 3064816666538cab5c90edd24896c1d8
SHA1 561d89ccc55e9cab808cc853085aba6d3fc595b6
SHA256 bd8336984d4fb6a60f67cb084c0d8fef09e6caca40b916592fbad86617285e6d
SHA512 a0d5d0fa5f9c4cdfd00c767282171329c9ee6205299a2cd4c337e5bc4bae9a02545eb6b3c1f19d6a7741aad3f9ca9b202382d346569ebc5ebca9e3501bdd7c1c

/data/data/honare.araei/databases/__pushe_base_lib_db-journal

MD5 0dfe9e88aa5124f84e23a2004f069350
SHA1 013eb901ce91a885988ede301bf0888785acf047
SHA256 9e9393d70ad353eae6ff7ce848f34559f3104b3fadc73bcabc20730d48dddf50
SHA512 b9accfab2320e9c8ba8764622604ad17c5e1bf54ffea2ebb35a18ac0f72ae762c1d5235ce1aa1ff00c2ba3759c1de3e7cc915c2f7cb1f92ee370fb6640032632

/data/data/honare.araei/databases/__pushe_base_lib_db-journal

MD5 6f4ad5302504367d6b96c17882c47c11
SHA1 9c24e7a635da7d12b990046135e713500706a871
SHA256 ac9057df04aef9003dd1772bef056104b9f9c0b7f0e1709eb288b4d29c8591d3
SHA512 793470a995895d2d12ce49606d64071805c7987854938d7745961959e1e6b962c1f4a73a6be72bff64adfcf52b29c79ed98b524f13fea1fdab184a2f917bdca9

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 17:15

Reported

2023-12-24 01:10

Platform

android-x64-arm64-20231215-en

Max time kernel

2573107s

Max time network

136s

Command Line

honare.araei

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

honare.araei

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 udp
GB 142.250.200.46:443 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.196:443 www.google.com tcp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
BE 173.194.76.188:5228 tcp
GB 216.58.212.196:443 www.google.com tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
GB 216.58.212.196:443 www.google.com tcp

Files

/data/user/0/honare.araei/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/honare.araei/databases/evernote_jobs.db-journal

MD5 6170ea6deadf66ebadec5d4ef2190e8c
SHA1 4092537efa29e0ac7aa982365e6597f099398248
SHA256 97d7d2363135e742483003d2f5a990f5db5e989ebdca816a4a1bc2b52b24f56e
SHA512 2b1bb89917b11e91c16f3fe6b88fba2a628a256d329da40e7dc356dacedbf3eefa33294f1617800a46c3063dddf27db3dda5435250ca09be5c1c2f60bddb6449

/data/user/0/honare.araei/databases/evernote_jobs.db

MD5 47080e3bfcf2db9b8620f2faf6c5857a
SHA1 6f63c1851255e0fa99567f047382074b086d38bc
SHA256 dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb
SHA512 e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

/data/user/0/honare.araei/databases/evernote_jobs.db-journal

MD5 fce039fae32ae3472673bbba6b2a939e
SHA1 5c22105adf755c20cd18059923c1febe103d1500
SHA256 aa3bb7cbbcf2c301902e528823cabc2ca92cd576b579d7224ec8f682c1c8ecfa
SHA512 d8be2f233a7b8aa02799792c35b53a5c8bd6ef9d04234fa0c115d51c9c78298bc3a09b3aa0ecbf0b4c6516421ada3627f26bc0a370a224718f4784e4e90c2159

/data/user/0/honare.araei/databases/evernote_jobs.db-journal

MD5 db20c46bb8bf707fd5be048284dc5c35
SHA1 dbb52154cc61606e98e9562f1b3ea3c6db1e8e20
SHA256 67921194f38567a6de6cc52c8d3e15eb767012cee0e824d6834e6e823a3a7c12
SHA512 7c144bb47728efe4dcbf11ae45c56e9d683f52e31b4b9c91ef82a9c0304538b744a5b12d1bb63658dd4d00f1dd48a5d95f6de24caa05d15908821b1383e0a2e5

/data/user/0/honare.araei/databases/evernote_jobs.db-journal

MD5 80e8c7852d0877a2c7e88d8bdd3cd50c
SHA1 4035a6e5a173532ad0c630249b94efd5be3a2db9
SHA256 d3e3c4c3b441a19637cec2765e3c7161c4caf7b1108e213d40b3e7668dccbb59
SHA512 ff95e809d36495b0f38240be386704485ba9500878c617e9c77a2aea79839045a8176e53632d3a74539eee83269d899e28d443f1bebe22ba5f12cc36fe472802

/data/user/0/honare.araei/databases/evernote_jobs.db

MD5 cc677a6dfc2c4ad1baaa2827ead8b745
SHA1 d13df636ee3c18785eb5018d614d892617497dbf
SHA256 5a1547ddab92539d0ea9ebe614c0b65e3d72d0c0fe3655b77e0b563a24d1a42a
SHA512 6a60b802bc5fa9493ae81311ec93dc1cc41b37486cf976a8e04326c170668383aa1ad3c2b342645cc3b575de88a1436559fe34dbb01a554112d6ecbdbf0ca13e

/data/user/0/honare.araei/databases/__pushe_base_lib_db-journal

MD5 113107fea2fe3739dde74571e752e861
SHA1 e6c4cd7dcfeb7dcfb2e8f1e7880af99bdb165dc1
SHA256 add5546a21a3b55d8881b6724a654178ab9a23df849356e6532c512a06fe3a08
SHA512 e35d7bd41485b0345dc913c053f181dc8a171545ae32463560a5fe0c9f1ff4901ae4c39abe9fb86e58a692e233f1fd0783ebdf747b371ea658241ed407006eed

/data/user/0/honare.araei/databases/__pushe_base_lib_db

MD5 c058a59352faed1f951e8f7d033f5eef
SHA1 17fc71b7d0702b9bd6ed2e7b56918bd80ab60f24
SHA256 f2eaeb62d3884bdd5843248a8da585dd89c93bb80fa8696aa1c60d68d6a8fe35
SHA512 6489f1d2626926bd03b85ca87e4181909f552c821e3f338d304b3a6160ad1bba5db67db61f404ced645c322f66408344db1dd72ee7711e619d6c031f52c62f7e

/data/user/0/honare.araei/databases/__pushe_base_lib_db-journal

MD5 cac795b8adb1de6109fa6504db38863e
SHA1 6ab079ee774424653d3f35d05545301f115200cc
SHA256 522b3f2209b79f6892b068177d04ea32026dcecbdfdfa5578b8f7540518cc69c
SHA512 f978ef09de7442cdea0b7491de507fcb9cd6c11129e95b2f5234e133ee0811ba1736dd6b6b45a159f125e979ed7f4a2ff10fdaad7d0581254807984660db1d27

/data/user/0/honare.araei/databases/__pushe_base_lib_db-journal

MD5 7ad6689e003a8fc015a874f39f1a903c
SHA1 7e621d7679f1b647331a5f304ecb2720979269e9
SHA256 240ed161ca88df7204153d32e52856ffd70024b9f8ea314793769c3e40fbef99
SHA512 ae3c381393048cd2f712427613617fe9ecba2f2ff2758ed26b6b75b9097eb7b237a90f4424c7bb9e68a3923bcf85fb9dc0b1c3b3082ab3c4a2422220ad1cbee4

/data/user/0/honare.araei/files/fav.txt

MD5 a5ea0ad9260b1550a14cc58d2c39b03d
SHA1 f0aedf295071ed34ab8c6a7692223d22b6a19841
SHA256 f1b2f662800122bed0ff255693df89c4487fbdcf453d3524a42d4ec20c3d9c04
SHA512 7c735c613ece191801114785c1ee26a0485cbf1e8ee2c3b85ba1ad290ef75eec9fede5e1a5dc26d504701f3542e6b6457818f4c1d62448d0db40d5f35c357d74

/data/user/0/honare.araei/files/seting.db

MD5 ec3e26c859373af93bfb35ad7124deaf
SHA1 f3deec3fa82bd72054091e9e07c2ee96e63a32e3
SHA256 a7cb5508bed65398db8d7119cae233f0815888f021ec13042363ae6670bb5efc
SHA512 64e4642c341dc07896023d964db9ef03ca7491a8ece764edba48d81b2471c01dfbd104fb577d822662da5062dba68f5d90524d459ca563dbd8b170a23a2adffb

/data/user/0/honare.araei/databases/evernote_jobs.db-journal

MD5 7383fdb08f17221e93df02288304e221
SHA1 557e7314018d37d61ee46cf96e48b0c584603ac1
SHA256 56977b3b701acdc088cc75c15ca19707516839250b36a24163daf2ae1a91cee8
SHA512 b061991354482bac6c605edea884d38691cde9a981d0a7ba1dd562bcb0a28a14a187b8efbeddc3a06c61449e5e85c4ccc050b1e5ddbc9de65241d84c48e189f2

/data/user/0/honare.araei/databases/evernote_jobs.db

MD5 9ce06e7fadafaff310a2822c71a4154b
SHA1 bd3e041f857ff3cf3b3de3d6e69212b342b58da5
SHA256 8ae38b9475b3d0a8a3924566c58908fe15f300be70d2d339fe758a7abdab2c5c
SHA512 decc0384ba4011fde4a7606df020dad6c4b2b31139099173c453824a76d0f05b41067b1ceec8eccc167e34f489a0561cf5d0694907accf6c48315509a0081204

/data/user/0/honare.araei/databases/evernote_jobs.db-journal

MD5 ec2a1ffedc8a8724fb7cf66026a4e362
SHA1 537b314eb6111c70cc2ac86834888c0a486c7936
SHA256 cca6fb8e2d2c0c6049d79b820bcd6526028613301a55f08a8f67b48a4b8afedd
SHA512 96bfaf54ec019d2f4b6a91ccc9aa46dd07070ba7ede2e8a43c1711e4301ab4722c1561da4011f1bbf0c058a273ab1461ff4f6b1bb19bfb5743cd18ae2f7cf0f4

/data/user/0/honare.araei/databases/evernote_jobs.db

MD5 4b49e5b55d3827174284371a84f39d4d
SHA1 ff64c983d3c99caff1a0aef9c3bc800e2d13e4a2
SHA256 a95ced35798f01a9e86e8325644d1130ead4ccb110a4e6c5576b659ad277dfdc
SHA512 22f1248d02a5a5c4f73534e8f37affefe902ae9af315f7af7d8fef462d7f14b673d93711bf2317623cf0f6a4d56e3d4f4b3ef37631e516c6a4f04b0079fd05cf

/data/user/0/honare.araei/databases/evernote_jobs.db

MD5 7534fcc4d82411e7c3b8a73afa48f80f
SHA1 7f72fdaa7ee98a9aa63ee76c409694b7792e71ed
SHA256 4d9a78172ef8d730154ab5a366244ecfc3e734ed526d744b2c7d3d98edf79d82
SHA512 cb431205bf56c8d9229d37f789e34feb3363ec2ae1bc598746726e613cf5c25ba125ea97cc2ad0d338ff5aaf55887dfb905038e1de9e6844a14f944c98b76fb2

/data/user/0/honare.araei/databases/evernote_jobs.db

MD5 0298e69f0de407604dedee55181f22df
SHA1 f53fc9926c8032f461110c9fbf90c62625603322
SHA256 da284f3fa722cf2611a81db98e5755351a6b72396a85bf6ee0dc7875933ae398
SHA512 a2de0376faa99caec4b8484ffbc6918f831ba06808cb944407f69112e3713aba5e7259f696b2f6dd2dfe23961d874667a7134acebcb9d100834326dc4d1014e2

/data/user/0/honare.araei/databases/__pushe_base_lib_db-journal

MD5 e0395614953e27b1e52b1354a89d2143
SHA1 18a09b343b079ef267a3542aeb30b84f504a253b
SHA256 1567fbe3e0d6a408584203a5ead6abcaa56891c578bb4f598e6e53bcbe0e41e3
SHA512 5ec68550b62812d9f6e06667bf337c187c18d56fe23ff04eea424e6dec052a1c3da8ae4654cec0a05cb43036f3b932b4229019c87873b6cdfef47f5653309c12

/data/user/0/honare.araei/databases/__pushe_base_lib_db-journal

MD5 ac6357571204b5f8109782b2aef96453
SHA1 212445242f670d0e7230bd69af0ff324c05ee644
SHA256 5be6cb6f7a827dd16b84c5544b572dbad73fb8445e44f9347a537085ea4e2eef
SHA512 709eff8add5e8145b1fcb863ed17aa36fb618d88ee1d3fc64601674e880d5d7199111633dcdd20482aa191cb846be44745aadb716a557af3ec435a62727f52e8

/data/user/0/honare.araei/databases/__pushe_base_lib_db-journal

MD5 44ec3c0bd2bf9f1075d12b18fc250cd4
SHA1 c76000d6a1c1a4666f362a2e7f0ea4952014b442
SHA256 0e9c321a7e35334c03f2d184c379c6206a45ffc2b56fa8bce871a3ffc0c747fd
SHA512 fff9fee388e88065b625e7d8eecf50d715ce2f99aa2aa34b7b1dc6b3cfc49fc76e15ee0dcc97f487a023480b632f72074f4721a31db479a73d017090278a3029