Analysis
-
max time kernel
2558464s -
max time network
164s -
platform
android_x64 -
resource
android-x64-20231215-en -
resource tags
androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system -
submitted
23-12-2023 17:24
Behavioral task
behavioral1
Sample
56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6.apk
-
Size
9.6MB
-
MD5
09d65159abefddbdbb34f0a2395f5ac5
-
SHA1
5124ac356ce7723732b8c4e5e458a25cb13089c1
-
SHA256
56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6
-
SHA512
f6ce06f1525cafc279a76e5856f8efd2a73df550b8ae714523b8c57d5845c96cbfd1b8320b3d44299cb0b44d98a7494d3704ff8ffe97dfe797668b0d49abeb93
-
SSDEEP
196608:hkQmTyPTsFe1iffMellHBCT8eiqQyzgW/kw8PO4awyxV+Xh6OapCnv8HrXvA:pay7gjMellHBCT8eDkwQOR38XpnUrXvA
Malware Config
Signatures
-
Requests cell location 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation forat.group.noshidani Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo forat.group.noshidani -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/forat.group.noshidani/cache/1582435991586.jar 5002 forat.group.noshidani -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock forat.group.noshidani -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal forat.group.noshidani
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/5f2081bb-4f78-4718-9e3b-6b1395eeb4c6.jobs
Filesize176B
MD5f56f328eea1d5c96a1b96dbbf59488df
SHA1440c784cacff61932e2f61580b7cfdc3a4943c95
SHA25690949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA51236e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb
-
/data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/b1697da3-2c8c-4b17-ad54-6d93e1ac65f7.jobs
Filesize179B
MD5ac58f99a1b179d71e8621412ad31c6a1
SHA1b51fdad95876f5615735c2ab411031ff67d5e946
SHA2569537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b
-
/data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/eca12631-afac-4b3d-8e78-d3b6dbc392aa.jobs
Filesize278B
MD5e45a3f01c27b2027b9c76321ee40c6b1
SHA1d84b1eebf245a018f83af89d821d2333817fb84c
SHA2562a587ba3b65e55cfbcf73a4f22f8c324d64ddeaba0357f431fecbc0eb949d4cf
SHA51222a60f01d2acbc50071694554115e3ea0465e2449377d7ee571b9b1e1b4dad5635b34bbfb9ec5e170f336aaa248dffffdb0a029f5380fbd423c46f2f7e4e4ed6
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
12KB
MD5e7318ff2b44d2c64b5dd8a7723830104
SHA112639941a685cd69714fc8f256bc33a2ebb92cea
SHA2563313a05c0bbdf6daed07605de0d7b391e3e7e878a90b50ba025f201f38aa449f
SHA512361d3db990e47f80211548388934ea395a9f7641ca4d0bb216f68581910c6c6ff98ce578d9c6df3fa17ce88738ae34cbb1b5371947b9d4197a067183432c1d7d
-
Filesize
512B
MD5ce4a6cc594ce7bf41be7baf96cfac2ea
SHA1627b4c549ee234363976d49255eaa2afaee08325
SHA256ea971ca3a40d0a86cd880e7ca4e104f124e1a2b7b627f82654922bc2a13ac1a6
SHA512249f29ec02ee46a8601493d6e6850bbcd50245c9130d936bb729dd2f6d4e7d9a80692120c54285823e2203d43ab66b1a61b3975804facb619fcf52373c7ae258
-
Filesize
8KB
MD57f0c4fe5d87f8bfa9444ffcfc196b353
SHA1427c23a62331d87d061935b6d2edbc9f0d1fe1bd
SHA256af73714a7941d956d27cbdf6cd6dd92fa83bb73906330a165b468ad77b90010c
SHA512405161bbfafd0abe77a3f2ec2a1a5648de0b3d78fec40717942048b28537534eebd9da40295d1b7d16009a5212828c1cc664418add1bbea01a125a50b59ac3b4
-
Filesize
8KB
MD5b368105b4624c1a4026c3132fc26f628
SHA119799531d04083ba1da79f4bce4fe9f40b86f4ec
SHA256afe01e98fb4ba6835c23d6df504dd8452b598a9a3d2b0dcca4d705e1b47b8eea
SHA512303080a8fd5f53ded01adda319494c1a28d108845d7895dab1ef918dc3abea690ffb59022ff2420fd8e83ad164ffb87f645fd5a7512ed0a4f803608a8fe32f27
-
Filesize
8KB
MD54b4bcc91986c9006b81980e01b90b666
SHA183f0c4f65d0ecb506ed027db66977b466b17fd55
SHA2560f9d64888ecaf71be9d17f91307837d1946cd7cd4c85f07d897880c2aa0f365c
SHA5129b5d8397e683cc557bf602f532482daa4308ca87c7a3cf6358f1a2612ee32d6822ff532977eba0554578d0d69bb142d7afb9342fc405304771ede3ae9dd75aee
-
Filesize
8KB
MD53c3b1560402d935a7218852359956b1f
SHA16a160e6bf81b0f67e0e75c0b0cf0c8343b852b64
SHA256a10d3bf774340daf1bd639ef61b56de247da16e0dca34db3e039771b2129b39b
SHA51208e7e8e9a3b127d742c4107caacb9fa8dd398f442bf9a0964408741179f1f27defeda8facd11446fc76671b8f3a8ddf1a17b967b0343d6aa5e2a594827bbe543
-
Filesize
8KB
MD537662fad3804cffde1cd4aa48f4be2f7
SHA1b62ff11d7bd1d79c0c85607e62b41781b4fbb114
SHA256e4786fd04a5fb6dae68d3b267493b5030ce56e8bbcefd543598cdac7573d7ae3
SHA5128d69ce18895b91a20cc288507aa5adeca650a9ee83cebd4b00e51b262b1ae99f30dd0b95b1900b23a2e3d9c3f19490f6d33d017f4b66df7014360f08ecb932b9
-
Filesize
20KB
MD5d919172b0e451df1bb3fe6fbf27e65e0
SHA1460640866b0c49e6500e30e162674a2ee46956de
SHA256b14f8fe8336ca8ec3a4f350feda4816e1c126353ceb0d0db817aa3e3a2152737
SHA512204a04a1134d95bcb2b75b41139f6e11ec5f6e0cd814c5e5b9920e327514a3cde45b98abc67975ff76cf9657b2348430f1eeafc47ea94b1ac38cefbf0f3342b6
-
Filesize
20KB
MD5b9abf3251243d72e16790fccc94b7da9
SHA17917fed77734c20053e628e3f7cff69aed23b6e5
SHA25647aa4692297303082f1cb491354692bd9d6952c548c1ea6d727c8b8553789ac0
SHA5122176b17afff17a64a87dedf931ccea6a06708f9329a2b649c94904ee3f038de297bdfe5f044f05f4cea2ef2b5e33d4140bd2d9062bc1998125b23c8f7ec2214a
-
Filesize
24KB
MD5259a1e4e7ebc4b0d0341ffcf0c3bc2ea
SHA19b8da5a0b24833a3e84567d9d8ee0d2f54d7b48c
SHA2564f4987ac3d84abad3490459fa7a32b7bfadaae5f329e15dcff36e07d34faaeb1
SHA512dc1296e2b0b18dd83a3782acb700e155ea9a60ef193bfa8c98999e7cc3c5b73a97c20a974cc956ab438aeeba812ec2d2f401fb2e714bb9bb5fb421fa4b7a2313
-
Filesize
512B
MD55052fb6693d0e9ab22963edabb0489b2
SHA1c982841893f51c155173374700654886c70d601a
SHA256532a339f779fd741faa584d38b87a9122dd7eaef8a073d4a4a0124958ef19b94
SHA51293c6e3912207cfcf7c50f0bee243e8bfd3332c2e911eb52bfff2246ad17ffef8d75e2a53304a94217dc2652ad0ff9c875212e5e3ffd56f56ac47787dbc537780
-
Filesize
8KB
MD5a8cc5b8486da42757acf506123d7624b
SHA1cfc19d9e33d81209a938bfd61c6513f88090f56c
SHA25614a7db7f496492b3f42b6369062e35110b25a15e8ead6836b77808de6244f330
SHA51233badfbe360d336389d6a0d7c45822b289506894296a852933de57948875c1e03b195fe902366f00def653cc51b0898fdf9ce1cbb7b9960b6474d76a41334914
-
Filesize
8KB
MD55ef0abe1c44b5075e05dbd7b959e22f6
SHA171ab4355bf04e0319abbc85224ae5e8846553c93
SHA256dd3a860d51f2b955d1e7358a6d42c03beb9891dd618b04dac72c2f21dd165afa
SHA512b3b1ce4a2af5eeec32429d9d46d0e3aa70a6fa3738bb7152a1a3ca55933e138bed1560fd326e6c6f5850513d48e762a39ae7ab83151c8812203de795518dd26f
-
Filesize
8KB
MD57c11285e10966cbb329292520b7fef83
SHA137e2faacb95d22640f87a036e5701f3641381ee2
SHA2567adb24c282a00cf1bfe37334f55d928b2fcc45f7242bbba9886589263523a4b5
SHA512cb472584a57d1838d54a525eceeea792a86ee67defeeaa0c3633e01bb55cc2ea5a3ef21488c14cbe9cae60cee79026a649c26a72066f624ba645abb04a27c916
-
Filesize
512B
MD527476d17f22d0eec323130dcbe7481be
SHA184539432fac48a56a62243e26f751f322a48e0c2
SHA2562cc52c94dc1a4f84dcd49d049b700da31d9fc3eddf5e56e1e3bc6b1bb623bab3
SHA512abafe5d90557c58788fc3e1695583a1a4b50ef98975d4027e7e74bcf1b3bec4485244f948a9248927816b6e2064d254e84f3d2c16c2f5d02e8ac1037d48e7685
-
Filesize
12KB
MD564311faef2848fe367d32f977645fa39
SHA1b7a9bcaa8f8fe0f77137f2fee7860bcb25980528
SHA2567bce0b2bf986fc1ce3afc1e867255766d326d3533b5c9de25d4ab038770cf5dd
SHA512e8e073126baa4f741ea3e3d2b09baadf0c8baf238eb72fd17ffeef67d08a27fc88920a06826faac5a04e2bb81229cbd47bd421da4ec01896a3ee9abe65bb1569
-
Filesize
28KB
MD5eda4e5f53129dca7344c7e3f3e6d9513
SHA1ed01e856ac998b6c3de46ac8a2a155f09d6db185
SHA2567c4bbb192102dd3dfc3d30cd5542d9a115cbc6c52369f1630eeb9e5ea81c8e5b
SHA512cf733d69c95b4db67de951dbd2b4f3c9b31008dd0b7f8a1d42bb14820def6b34a5bfa178d1e8cee0dafdf64531751674e7f6398743e915ef469bb97662c063a1
-
Filesize
12KB
MD57d881347bf41181973952b2a77268295
SHA1cfbc94bed44dd3e8878f475205775b9fa95c936d
SHA2568fd8bf1b580c4342fb6887d60504be7753a322c55c36a3ec492cadfb2a1b92d3
SHA512062a02c3cf7ba8d89166a01d0f8e262c25069563ba988619a0dcee9ea9034aa8690f36bf37bab75c3987af246059ef2b1d5bede28ec7ac11d62e63b3cdb3f2a6
-
Filesize
512B
MD5a03a49c88177391c58cf76c5f1d54a5d
SHA1737b8cb4aef94d023cbf712315f1c51a2375b819
SHA256b0ca5a5bbeee16acccd7aa7db245d8b8d5a688465202137a09bfbec4273219b6
SHA51206ffe4470ea900b8ce8470c2447f34a9fb5fcc75e908bd37c5dfc16ae87aa1400fdf2bebf8faa19b5303bd6a57418a1bca2cb6267307f0e6dc1e61aca2fdfb86
-
Filesize
8KB
MD52ff0ad6ac54d69130f5135774cd1985d
SHA1a927833e80e3f5a9650a3c8bc11f6a67f946d490
SHA25659993ede50db7014bfc2828ca6bfcb6e2c56c35db152eed36db823f78dbe2d30
SHA5121e694fe83585ad39ee7932c9e44b98fc24a89d72fe066c646c5bb5f2c213c54ffd6448067efaf8e834036e15e80ac033216e4be702ddd2a4a9f94627bc05848c
-
Filesize
8KB
MD56773dc2a0cb4eeb527d2169ec936ed8b
SHA128e2cf3fd111eeb5ac2981da2e9b73355c149441
SHA2563ffad11ae1aa6f4dcdebaf2847a75b0941b7e83ae893ea815e3bacf2a22218f9
SHA5121cc70dd05da60217e35f1479364f428323273729f16fe1d4cd90fcdcdea1bfcb7ea9f0de29338751f5d36cc7363ba48ae0f66f640e404e121f110bceed60aace
-
Filesize
12KB
MD585f3f71daedc072016c38dcb22eefac3
SHA1fda44add4c7dc156ae39741ee13925b0d08ffd61
SHA2565ff046b5de5e29f34f2830dd2b861cb3d26d1101e23856b2d9b84397d3068295
SHA5128deaddf03a9bb95477bc3df635b56b058eae4c9f6e2272be75fe91c709b6b7a42ba4a3a5160a0fb1c22d759b0b2f222ff868974562cf775ac6505d1096c26e52
-
Filesize
20KB
MD5f14eed4598e8aff9e5cb7a7dac16a0b2
SHA1e0025fb4c04149fe73dcdaeeebf9de5323ca2285
SHA25612e43edc281cb3811d5acdd062a33df99a370552a110fa49f55d66807e87313b
SHA512aed0c40819b2034e8b0debb2d3a380011a61001a8b9f6b89e7aff95569f9454b6efdbde696bf8e7805c6734e38fb2872b25753380d7edd3229496249c969c986
-
Filesize
12KB
MD5ea628e04765adaf4238a5dcdff4bbd51
SHA1a801947619ea8c368efe9c006a324dc6339ac60b
SHA256885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe
-
Filesize
512B
MD5d079ff2d7a5bd1bf72de1bf68c4a9b58
SHA1bea107dc0d034fdfa7b9cb77e27e30ad94b93c74
SHA256fafaec52a18ece35be99587b2a9566d43543f8ecd66376a80fb603363c723ee8
SHA51289526f8cc1334d08f288c9c7b0c57ba6d363d2d9856bc14cc12bc375d949588b8cdf697bfb3119d21caf9a326a8299e3f23b23271015816e6c7cd96f4e47986c
-
Filesize
8KB
MD5c5856a125a87d8129593648ee6862dd9
SHA184cb749426def27816db4f8cc3938acf5f4d6c11
SHA2561cabff7302f37a51de74d5c4e421be5c05ff4e577c047eb69fccad00d221d949
SHA51261ebc017a3aa4861630f84f11cf10cc0d356d23ba8f31b4ec94aa4722fa6f9049401ea17625de4ceb26f6ac95fe117d9dd569a4d54c86257adde9978b6f862e1
-
Filesize
8KB
MD5d0583b25c9d6c1098098a99f887ef6d9
SHA1defc285a2d191b84773917dde1d3bda3057b7774
SHA2560be2944a99c609aa00e0abeab469a343153c30bcf4a689354e8e47a2ee49abc1
SHA5123ef34aaf2cafed6afbeddbe75667995aaf508186ff731953629ecec1e6f128ee6c0d0a55a5108b0e8f7889876bb9253e1fcd53d6a80129e426bff2c8a5690798
-
Filesize
8KB
MD5fd5e7d5b55ee0a018784940e0027fd20
SHA196308c895891cc2d2b78289076365723e1fba949
SHA25621ddce2adbea36453e81362ced2f7420f0bb098da00391a5c930e4d38c571a61
SHA512e5a730a5502747ba67edeae7888651f7776eb43aab4210c61fd4cb3aba5d23ef7bb7b9bc586832a5936ac0ebeebb8b7b1d9e81b0a8ebb67699e0c7b0633ba5ca
-
Filesize
7KB
MD57e56dea727b1546a8eecdb7f42123d5e
SHA1e157c2fe3657a3b493392cfe9d3fc584774d00ce
SHA256112bb8dde0c603efde1a37bbf39c097e714842e10430652a6210b472a3edd070
SHA512a88dceda15419140e58f0e60695225f9e91638c9f4fa7e33a43e2faa1d98621ec4d1b93220d91c780339963ade4eaaf29e67edb18fc57e824e34bf15e55b895c
-
Filesize
8KB
MD5322e9cee937330a155aafed531ec3931
SHA189a2755aff96a294e0f95555760953b7451de2e3
SHA2569632c2e8bbb6af07d7b44b68ae8b2f7c0ca2a997fed1ee7bde44f702a9e39121
SHA5126f7372461a2fad9c8ed8c51bc3023a731ad829b0ea18559ed2a4cb8dcd3db4d35fe4ab4a4cb97e5611e38e7b9191db6deb1e20896c4d4ae9ac9a536735789a62
-
Filesize
158KB
MD5426179142a16f9ccf11b14af2c4b9814
SHA15ef5bcd7454f56017adc4d62e480de8540970301
SHA2564b4d274ee8b5c46e4fb929fa1b1d272c388cd36256a69bb6beaaf6bfb698a0fc
SHA5120c874897956081b92557259a8f99eeda8bd9db475aa909731f2da7b21e42ce7c14768115600646cc0984ecbd7f845c3d8092526f685cdffc35b876f257483b52
-
Filesize
2KB
MD5b807ce457e00ae5e5ca718be79074eed
SHA1a3e5cdf160a0038bd85f55052f3a77848c0a984b
SHA256fd3e79d47718693b5d26b32480f3b88b536cccfd46603112a0acb646bac6367f
SHA5120a4aa63e5efc76b2790d4fc5478f8856a50918f75cbf126531cd97cc9c8980012d5e8fe36a941d91ab72b7a1e4e8461c20df045680f30facde543ee57551be91
-
Filesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56