Analysis

  • max time kernel
    2581706s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23-12-2023 17:24

General

  • Target

    56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6.apk

  • Size

    9.6MB

  • MD5

    09d65159abefddbdbb34f0a2395f5ac5

  • SHA1

    5124ac356ce7723732b8c4e5e458a25cb13089c1

  • SHA256

    56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6

  • SHA512

    f6ce06f1525cafc279a76e5856f8efd2a73df550b8ae714523b8c57d5845c96cbfd1b8320b3d44299cb0b44d98a7494d3704ff8ffe97dfe797668b0d49abeb93

  • SSDEEP

    196608:hkQmTyPTsFe1iffMellHBCT8eiqQyzgW/kw8PO4awyxV+Xh6OapCnv8HrXvA:pay7gjMellHBCT8eDkwQOR38XpnUrXvA

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell information.

  • Checks Android system properties for emulator presence. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • forat.group.noshidani
    1⤵
    • Requests cell location
    • Checks Android system properties for emulator presence.
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4218

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/1651eca7-981b-4402-92e9-ac634b5eb02b.jobs

    Filesize

    278B

    MD5

    64f6147053bed34f55552a7354d7c8d7

    SHA1

    b45b8ef253f9418c011a60df7a91cd9258459f13

    SHA256

    19884ea6f7a7731b8728d5091b6717d17c4e59bf94dd6de2376d14ca8b25f67c

    SHA512

    de3eccdb902fce0bb68e3bbcd1db942c5c5abdd29404565fe137cfb3a51c18d1440de2be1ad011a0eee2956c425d5d132677f93d62223170b8d9440a1f7f1eac

  • /data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/39bfee92-f7b5-4a46-a3bd-a1aad2686357.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ec3c91a1-cf69-491c-8d28-d601f14bc4a4.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/forat.group.noshidani/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    045c6a86871f10d4ab17b3657f36d5bb

    SHA1

    1aaaaeab597e7c79908a294b9cb9d6874e81294c

    SHA256

    714830bdc89eabe2930a10281cf4894ce162f94f2a9c9cf1ef0c9b5d15b4a1bc

    SHA512

    d042331c2e446d20cebe1c326d322efea3f8c31defb1ea9339b806bd821930249e86d1df311e541372dd230c73fe42d956f392de2f935cac9318e442a745eb56

  • /data/data/forat.group.noshidani/databases/__pushe_base_lib_db-wal

    Filesize

    36KB

    MD5

    ab6ac72228f22947bb19948b82202274

    SHA1

    186f6b52fa0076ed24cd20b8d21f297ea3bcaae0

    SHA256

    2e9efa0affa5958e059dd6f67fc4289f29fee59228383402d34102ba454b1e2c

    SHA512

    9ae7861ef856d6c8064442dbfc9fedf3f1ff8c3a3d014e8c04692d64d3863df848142f9d34e8ad00529641c1ee1729da5644b0b7a66c3beb146631822e2cd6d4

  • /data/data/forat.group.noshidani/databases/cheshdb

    Filesize

    20KB

    MD5

    a1cc000872dee68a41aa8786279af6ec

    SHA1

    22d82b7128788431f07cef7d2ce283aa504521f4

    SHA256

    60384fa5ad99c80ec15d1f3b5abb7b96d072127684827b7d765c3d7e7048451f

    SHA512

    689b77a0d0526de06c10c5168c416e8b5a9b5fefcfce7be9ee3f2c2f57730562b52645695665e8648013e6ccae912af8bdfac83b4a60037b5b5198e59b7b3678

  • /data/data/forat.group.noshidani/databases/cheshdb

    Filesize

    20KB

    MD5

    5e236f3d38d670df5c212893e0b3d529

    SHA1

    66dc9ca6dc645d0382176b187cfacb2a42848650

    SHA256

    73c6217d7a97b3ec3dd9b3152adc9628f0064e8c5323a114a0782f347d8e0b20

    SHA512

    8944fc0cac9116644891d4cdf940c5100f41137c9c31d46b975a68fb9506adf2234349f90c6eb528a7f152f9a327c60ab28bf741869b75efeacb624a795d1f51

  • /data/data/forat.group.noshidani/databases/cheshdb

    Filesize

    24KB

    MD5

    1f347cea6a53594be878e35079bdabc4

    SHA1

    ae24631f83d3c875dd678040baafb5e64fc6ba6e

    SHA256

    46cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5

    SHA512

    6f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9

  • /data/data/forat.group.noshidani/databases/cheshdb-journal

    Filesize

    512B

    MD5

    7fe3e0d5fde5e465d9e24335af5896d1

    SHA1

    940585b3d41c382c57e41ca6f008bece65714357

    SHA256

    1d872a231e0cc5732bc2c2563da940192fbf3f57a082bd5c24e219745ac8dd67

    SHA512

    4395822d631ccef0b49b2f90c7bba1624500944bdd576255660bbca6419352df82cc16ad73c731cfe2cedfc19a6d3199ffe2fa4c7bcf0fe801b104318698c616

  • /data/data/forat.group.noshidani/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    cb631a641f3d84c59c225163d547bb2f

    SHA1

    db5e729ed5003d8c10ee7f7e3a21de81543143f7

    SHA256

    f2a18f36b68f7397d37cda193b27a7d97a237da9220239a81752e3eecb1efa18

    SHA512

    c3777fa6af6e743faaea00096acf2cc45741f9e87d562a5dad6d892f3a04579c3dc73dc658c54a050b32aeb86727542c6a69d6ccab5bc361c251ff4bbee61e15

  • /data/data/forat.group.noshidani/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    3eed297dc6692a2e9ac714cc2c6d72ef

    SHA1

    1336f460862b8577e953964cc855f04ede38de3a

    SHA256

    86753cbc9fb818a5350899814c73d26dd7373d1ac5ee479e9b449c7915d42ca2

    SHA512

    d74a81508e8415e5b350139dea4dc0d0b718e5ca142fc05bfe4c06fcb555e16dbd3cef17c67fb2772ee54f497322de7d604417176c89ae632cc5eaf038ae2b86

  • /data/data/forat.group.noshidani/databases/cheshdb-wal

    Filesize

    40KB

    MD5

    ada34c393582749d02ea83c76bdc9d4c

    SHA1

    13d5a48d1834b6521b532245c40978e37a3463e3

    SHA256

    395dca287f55e7f7134fc94c28e960b996b47c9594c01c2cee04e0c6abf17d3e

    SHA512

    9ca3a14cab45f860abce89aea95d2da9f753a0eba0677445d4a49120e77fd09e84dfc95422adabc19e0db46c2e6e3a1dd3a43397bea30ef0dfa2ba5d3e3b54da

  • /data/data/forat.group.noshidani/databases/db_default_job_manager

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/forat.group.noshidani/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    68ff23517ab4518ca1aa92474044fbaa

    SHA1

    1abaf1618ed3aa91a9b4c307c84b34f7e6290115

    SHA256

    3a640f85c53f9a94b10f9af0bc55f53c1ce3ee090a4f76462202ad17994fb7c6

    SHA512

    ebdb9ae4dc204877932a5d41a4f31fc918505cc5126d9d4cb69deb089ac1bdf2978aef6333c32084594e13ca2d4030619cef96a3c9f2fb679ed51d0c84eecf83

  • /data/data/forat.group.noshidani/databases/db_default_job_manager-wal

    Filesize

    76KB

    MD5

    1d35fe26cad06f7a30ce9c0caf957c85

    SHA1

    d0582e8bec25a17b875516c369b69d774d781576

    SHA256

    3dd1431b615916617c2fd15351693c4d3d03f19c991910403bd6c354e23350f2

    SHA512

    ce95044e1bf44f5b8012febc95becc44610071d0476e73a6edda7a1cc6550c6c410c49207c272e5df9fa574ec1dfa4d613797d08762d3c399305b58e93dd290d

  • /data/data/forat.group.noshidani/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    739e63ea385e18df12605ba2d30e4a3d

    SHA1

    e1006af5253f66dbde73fdf0acdafadef134efa7

    SHA256

    aee0e3090047d71f6bc264e18244213f02aa7c548e85e2665df5a14883aec826

    SHA512

    1119d4d784649a5583fe792f15acbe0ba6c699025e87535184d6c6702bec4dd129bd48f3c1848ab8f723a0de8259d33727174576ad6e65f83825dc3220e77448

  • /data/data/forat.group.noshidani/databases/evernote_jobs.db-wal

    Filesize

    32KB

    MD5

    f4be4d42f7bac8b38de7ff0a3f2bd4e2

    SHA1

    cc27db52f82e953b618408d3b9bd97c7b6013356

    SHA256

    3aadc3bbc0c74d07a76140a7a1e843636fbfb9a51854661aa0580d8e7f10a797

    SHA512

    8e42a6e6374261618be9391568d518b696231d219236b825199289cecf0202739eeea75bf1ceb75253dfad4fee3341a7db1303671418df43b02ce20e783a3fb1

  • /data/data/forat.group.noshidani/files/db.db

    Filesize

    158KB

    MD5

    426179142a16f9ccf11b14af2c4b9814

    SHA1

    5ef5bcd7454f56017adc4d62e480de8540970301

    SHA256

    4b4d274ee8b5c46e4fb929fa1b1d272c388cd36256a69bb6beaaf6bfb698a0fc

    SHA512

    0c874897956081b92557259a8f99eeda8bd9db475aa909731f2da7b21e42ce7c14768115600646cc0984ecbd7f845c3d8092526f685cdffc35b876f257483b52

  • /data/data/forat.group.noshidani/files/db.db

    Filesize

    1024B

    MD5

    5bdb981b75700cecff7e6f86bc918d3a

    SHA1

    c1e27ef5fd91bb364297411173f853c50f9304b3

    SHA256

    0b9781155a34cf1746179c37bb03d125e51968fde116995c4c5a73f2376b8d4d

    SHA512

    466efa75415779bbc29987667b73f989947fc1fd2b2106ef8bb63e7ffe970d4281506071e39b600cf891c8e8f00c7479c5b2b692ec58773d57a8db28c5224b1f

  • /data/data/forat.group.noshidani/files/db.db-journal

    Filesize

    1KB

    MD5

    05aa70a60c25be4cd3cd4b4cc707aede

    SHA1

    83ef7d10cb7b760a0819c33c7388caf67b319e00

    SHA256

    82417130bd91d43b4d634e9b7347ff0385a5375349d76ba8526b7d67b29a9ae8

    SHA512

    9e6385fa792c33115c61c68abf657b37a80387eb4683fe90709e5f5a0e9ee361678206570a8165f34bf57e6213dbd3367df914e98d12500518f214d4a2ea8714

  • /data/data/forat.group.noshidani/files/db.db-shm

    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/forat.group.noshidani/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    f10ad2cc87b027b788f2e8366215f654

    SHA1

    2ad824f8736cf20ae1b897670142b20bab1d30fd

    SHA256

    b77500538c5da86bdf366be0e3c4a14f9b819392ff075bbccdd4e9752fe7a9f0

    SHA512

    e8aedee7c35c88dbf8bbf598291a95d071e1cff91350822e14ce7d3317cbf45cf608840a2177883e39d81ae35e27736955db9786f0c39b8b6724419ef87aa3ac