Analysis

  • max time kernel
    2558464s
  • max time network
    164s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    23-12-2023 17:24

General

  • Target

    56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6.apk

  • Size

    9.6MB

  • MD5

    09d65159abefddbdbb34f0a2395f5ac5

  • SHA1

    5124ac356ce7723732b8c4e5e458a25cb13089c1

  • SHA256

    56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6

  • SHA512

    f6ce06f1525cafc279a76e5856f8efd2a73df550b8ae714523b8c57d5845c96cbfd1b8320b3d44299cb0b44d98a7494d3704ff8ffe97dfe797668b0d49abeb93

  • SSDEEP

    196608:hkQmTyPTsFe1iffMellHBCT8eiqQyzgW/kw8PO4awyxV+Xh6OapCnv8HrXvA:pay7gjMellHBCT8eDkwQOR38XpnUrXvA

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • forat.group.noshidani
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5002

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/5f2081bb-4f78-4718-9e3b-6b1395eeb4c6.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/b1697da3-2c8c-4b17-ad54-6d93e1ac65f7.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/eca12631-afac-4b3d-8e78-d3b6dbc392aa.jobs

    Filesize

    278B

    MD5

    e45a3f01c27b2027b9c76321ee40c6b1

    SHA1

    d84b1eebf245a018f83af89d821d2333817fb84c

    SHA256

    2a587ba3b65e55cfbcf73a4f22f8c324d64ddeaba0357f431fecbc0eb949d4cf

    SHA512

    22a60f01d2acbc50071694554115e3ea0465e2449377d7ee571b9b1e1b4dad5635b34bbfb9ec5e170f336aaa248dffffdb0a029f5380fbd423c46f2f7e4e4ed6

  • /data/data/forat.group.noshidani/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/forat.group.noshidani/databases/__pushe_base_lib_db

    Filesize

    12KB

    MD5

    e7318ff2b44d2c64b5dd8a7723830104

    SHA1

    12639941a685cd69714fc8f256bc33a2ebb92cea

    SHA256

    3313a05c0bbdf6daed07605de0d7b391e3e7e878a90b50ba025f201f38aa449f

    SHA512

    361d3db990e47f80211548388934ea395a9f7641ca4d0bb216f68581910c6c6ff98ce578d9c6df3fa17ce88738ae34cbb1b5371947b9d4197a067183432c1d7d

  • /data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    ce4a6cc594ce7bf41be7baf96cfac2ea

    SHA1

    627b4c549ee234363976d49255eaa2afaee08325

    SHA256

    ea971ca3a40d0a86cd880e7ca4e104f124e1a2b7b627f82654922bc2a13ac1a6

    SHA512

    249f29ec02ee46a8601493d6e6850bbcd50245c9130d936bb729dd2f6d4e7d9a80692120c54285823e2203d43ab66b1a61b3975804facb619fcf52373c7ae258

  • /data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    7f0c4fe5d87f8bfa9444ffcfc196b353

    SHA1

    427c23a62331d87d061935b6d2edbc9f0d1fe1bd

    SHA256

    af73714a7941d956d27cbdf6cd6dd92fa83bb73906330a165b468ad77b90010c

    SHA512

    405161bbfafd0abe77a3f2ec2a1a5648de0b3d78fec40717942048b28537534eebd9da40295d1b7d16009a5212828c1cc664418add1bbea01a125a50b59ac3b4

  • /data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    b368105b4624c1a4026c3132fc26f628

    SHA1

    19799531d04083ba1da79f4bce4fe9f40b86f4ec

    SHA256

    afe01e98fb4ba6835c23d6df504dd8452b598a9a3d2b0dcca4d705e1b47b8eea

    SHA512

    303080a8fd5f53ded01adda319494c1a28d108845d7895dab1ef918dc3abea690ffb59022ff2420fd8e83ad164ffb87f645fd5a7512ed0a4f803608a8fe32f27

  • /data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    4b4bcc91986c9006b81980e01b90b666

    SHA1

    83f0c4f65d0ecb506ed027db66977b466b17fd55

    SHA256

    0f9d64888ecaf71be9d17f91307837d1946cd7cd4c85f07d897880c2aa0f365c

    SHA512

    9b5d8397e683cc557bf602f532482daa4308ca87c7a3cf6358f1a2612ee32d6822ff532977eba0554578d0d69bb142d7afb9342fc405304771ede3ae9dd75aee

  • /data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    3c3b1560402d935a7218852359956b1f

    SHA1

    6a160e6bf81b0f67e0e75c0b0cf0c8343b852b64

    SHA256

    a10d3bf774340daf1bd639ef61b56de247da16e0dca34db3e039771b2129b39b

    SHA512

    08e7e8e9a3b127d742c4107caacb9fa8dd398f442bf9a0964408741179f1f27defeda8facd11446fc76671b8f3a8ddf1a17b967b0343d6aa5e2a594827bbe543

  • /data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    37662fad3804cffde1cd4aa48f4be2f7

    SHA1

    b62ff11d7bd1d79c0c85607e62b41781b4fbb114

    SHA256

    e4786fd04a5fb6dae68d3b267493b5030ce56e8bbcefd543598cdac7573d7ae3

    SHA512

    8d69ce18895b91a20cc288507aa5adeca650a9ee83cebd4b00e51b262b1ae99f30dd0b95b1900b23a2e3d9c3f19490f6d33d017f4b66df7014360f08ecb932b9

  • /data/data/forat.group.noshidani/databases/cheshdb

    Filesize

    20KB

    MD5

    d919172b0e451df1bb3fe6fbf27e65e0

    SHA1

    460640866b0c49e6500e30e162674a2ee46956de

    SHA256

    b14f8fe8336ca8ec3a4f350feda4816e1c126353ceb0d0db817aa3e3a2152737

    SHA512

    204a04a1134d95bcb2b75b41139f6e11ec5f6e0cd814c5e5b9920e327514a3cde45b98abc67975ff76cf9657b2348430f1eeafc47ea94b1ac38cefbf0f3342b6

  • /data/data/forat.group.noshidani/databases/cheshdb

    Filesize

    20KB

    MD5

    b9abf3251243d72e16790fccc94b7da9

    SHA1

    7917fed77734c20053e628e3f7cff69aed23b6e5

    SHA256

    47aa4692297303082f1cb491354692bd9d6952c548c1ea6d727c8b8553789ac0

    SHA512

    2176b17afff17a64a87dedf931ccea6a06708f9329a2b649c94904ee3f038de297bdfe5f044f05f4cea2ef2b5e33d4140bd2d9062bc1998125b23c8f7ec2214a

  • /data/data/forat.group.noshidani/databases/cheshdb

    Filesize

    24KB

    MD5

    259a1e4e7ebc4b0d0341ffcf0c3bc2ea

    SHA1

    9b8da5a0b24833a3e84567d9d8ee0d2f54d7b48c

    SHA256

    4f4987ac3d84abad3490459fa7a32b7bfadaae5f329e15dcff36e07d34faaeb1

    SHA512

    dc1296e2b0b18dd83a3782acb700e155ea9a60ef193bfa8c98999e7cc3c5b73a97c20a974cc956ab438aeeba812ec2d2f401fb2e714bb9bb5fb421fa4b7a2313

  • /data/data/forat.group.noshidani/databases/cheshdb-journal

    Filesize

    512B

    MD5

    5052fb6693d0e9ab22963edabb0489b2

    SHA1

    c982841893f51c155173374700654886c70d601a

    SHA256

    532a339f779fd741faa584d38b87a9122dd7eaef8a073d4a4a0124958ef19b94

    SHA512

    93c6e3912207cfcf7c50f0bee243e8bfd3332c2e911eb52bfff2246ad17ffef8d75e2a53304a94217dc2652ad0ff9c875212e5e3ffd56f56ac47787dbc537780

  • /data/data/forat.group.noshidani/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    a8cc5b8486da42757acf506123d7624b

    SHA1

    cfc19d9e33d81209a938bfd61c6513f88090f56c

    SHA256

    14a7db7f496492b3f42b6369062e35110b25a15e8ead6836b77808de6244f330

    SHA512

    33badfbe360d336389d6a0d7c45822b289506894296a852933de57948875c1e03b195fe902366f00def653cc51b0898fdf9ce1cbb7b9960b6474d76a41334914

  • /data/data/forat.group.noshidani/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    5ef0abe1c44b5075e05dbd7b959e22f6

    SHA1

    71ab4355bf04e0319abbc85224ae5e8846553c93

    SHA256

    dd3a860d51f2b955d1e7358a6d42c03beb9891dd618b04dac72c2f21dd165afa

    SHA512

    b3b1ce4a2af5eeec32429d9d46d0e3aa70a6fa3738bb7152a1a3ca55933e138bed1560fd326e6c6f5850513d48e762a39ae7ab83151c8812203de795518dd26f

  • /data/data/forat.group.noshidani/databases/cheshdb-journal

    Filesize

    8KB

    MD5

    7c11285e10966cbb329292520b7fef83

    SHA1

    37e2faacb95d22640f87a036e5701f3641381ee2

    SHA256

    7adb24c282a00cf1bfe37334f55d928b2fcc45f7242bbba9886589263523a4b5

    SHA512

    cb472584a57d1838d54a525eceeea792a86ee67defeeaa0c3633e01bb55cc2ea5a3ef21488c14cbe9cae60cee79026a649c26a72066f624ba645abb04a27c916

  • /data/data/forat.group.noshidani/databases/cheshdb-journal

    Filesize

    512B

    MD5

    27476d17f22d0eec323130dcbe7481be

    SHA1

    84539432fac48a56a62243e26f751f322a48e0c2

    SHA256

    2cc52c94dc1a4f84dcd49d049b700da31d9fc3eddf5e56e1e3bc6b1bb623bab3

    SHA512

    abafe5d90557c58788fc3e1695583a1a4b50ef98975d4027e7e74bcf1b3bec4485244f948a9248927816b6e2064d254e84f3d2c16c2f5d02e8ac1037d48e7685

  • /data/data/forat.group.noshidani/databases/cheshdb-journal

    Filesize

    12KB

    MD5

    64311faef2848fe367d32f977645fa39

    SHA1

    b7a9bcaa8f8fe0f77137f2fee7860bcb25980528

    SHA256

    7bce0b2bf986fc1ce3afc1e867255766d326d3533b5c9de25d4ab038770cf5dd

    SHA512

    e8e073126baa4f741ea3e3d2b09baadf0c8baf238eb72fd17ffeef67d08a27fc88920a06826faac5a04e2bb81229cbd47bd421da4ec01896a3ee9abe65bb1569

  • /data/data/forat.group.noshidani/databases/db_default_job_manager

    Filesize

    28KB

    MD5

    eda4e5f53129dca7344c7e3f3e6d9513

    SHA1

    ed01e856ac998b6c3de46ac8a2a155f09d6db185

    SHA256

    7c4bbb192102dd3dfc3d30cd5542d9a115cbc6c52369f1630eeb9e5ea81c8e5b

    SHA512

    cf733d69c95b4db67de951dbd2b4f3c9b31008dd0b7f8a1d42bb14820def6b34a5bfa178d1e8cee0dafdf64531751674e7f6398743e915ef469bb97662c063a1

  • /data/data/forat.group.noshidani/databases/db_default_job_manager-journal

    Filesize

    12KB

    MD5

    7d881347bf41181973952b2a77268295

    SHA1

    cfbc94bed44dd3e8878f475205775b9fa95c936d

    SHA256

    8fd8bf1b580c4342fb6887d60504be7753a322c55c36a3ec492cadfb2a1b92d3

    SHA512

    062a02c3cf7ba8d89166a01d0f8e262c25069563ba988619a0dcee9ea9034aa8690f36bf37bab75c3987af246059ef2b1d5bede28ec7ac11d62e63b3cdb3f2a6

  • /data/data/forat.group.noshidani/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    a03a49c88177391c58cf76c5f1d54a5d

    SHA1

    737b8cb4aef94d023cbf712315f1c51a2375b819

    SHA256

    b0ca5a5bbeee16acccd7aa7db245d8b8d5a688465202137a09bfbec4273219b6

    SHA512

    06ffe4470ea900b8ce8470c2447f34a9fb5fcc75e908bd37c5dfc16ae87aa1400fdf2bebf8faa19b5303bd6a57418a1bca2cb6267307f0e6dc1e61aca2fdfb86

  • /data/data/forat.group.noshidani/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    2ff0ad6ac54d69130f5135774cd1985d

    SHA1

    a927833e80e3f5a9650a3c8bc11f6a67f946d490

    SHA256

    59993ede50db7014bfc2828ca6bfcb6e2c56c35db152eed36db823f78dbe2d30

    SHA512

    1e694fe83585ad39ee7932c9e44b98fc24a89d72fe066c646c5bb5f2c213c54ffd6448067efaf8e834036e15e80ac033216e4be702ddd2a4a9f94627bc05848c

  • /data/data/forat.group.noshidani/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    6773dc2a0cb4eeb527d2169ec936ed8b

    SHA1

    28e2cf3fd111eeb5ac2981da2e9b73355c149441

    SHA256

    3ffad11ae1aa6f4dcdebaf2847a75b0941b7e83ae893ea815e3bacf2a22218f9

    SHA512

    1cc70dd05da60217e35f1479364f428323273729f16fe1d4cd90fcdcdea1bfcb7ea9f0de29338751f5d36cc7363ba48ae0f66f640e404e121f110bceed60aace

  • /data/data/forat.group.noshidani/databases/db_default_job_manager-journal

    Filesize

    12KB

    MD5

    85f3f71daedc072016c38dcb22eefac3

    SHA1

    fda44add4c7dc156ae39741ee13925b0d08ffd61

    SHA256

    5ff046b5de5e29f34f2830dd2b861cb3d26d1101e23856b2d9b84397d3068295

    SHA512

    8deaddf03a9bb95477bc3df635b56b058eae4c9f6e2272be75fe91c709b6b7a42ba4a3a5160a0fb1c22d759b0b2f222ff868974562cf775ac6505d1096c26e52

  • /data/data/forat.group.noshidani/databases/db_default_job_manager-journal

    Filesize

    20KB

    MD5

    f14eed4598e8aff9e5cb7a7dac16a0b2

    SHA1

    e0025fb4c04149fe73dcdaeeebf9de5323ca2285

    SHA256

    12e43edc281cb3811d5acdd062a33df99a370552a110fa49f55d66807e87313b

    SHA512

    aed0c40819b2034e8b0debb2d3a380011a61001a8b9f6b89e7aff95569f9454b6efdbde696bf8e7805c6734e38fb2872b25753380d7edd3229496249c969c986

  • /data/data/forat.group.noshidani/databases/evernote_jobs.db

    Filesize

    12KB

    MD5

    ea628e04765adaf4238a5dcdff4bbd51

    SHA1

    a801947619ea8c368efe9c006a324dc6339ac60b

    SHA256

    885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

    SHA512

    c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

  • /data/data/forat.group.noshidani/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    d079ff2d7a5bd1bf72de1bf68c4a9b58

    SHA1

    bea107dc0d034fdfa7b9cb77e27e30ad94b93c74

    SHA256

    fafaec52a18ece35be99587b2a9566d43543f8ecd66376a80fb603363c723ee8

    SHA512

    89526f8cc1334d08f288c9c7b0c57ba6d363d2d9856bc14cc12bc375d949588b8cdf697bfb3119d21caf9a326a8299e3f23b23271015816e6c7cd96f4e47986c

  • /data/data/forat.group.noshidani/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    c5856a125a87d8129593648ee6862dd9

    SHA1

    84cb749426def27816db4f8cc3938acf5f4d6c11

    SHA256

    1cabff7302f37a51de74d5c4e421be5c05ff4e577c047eb69fccad00d221d949

    SHA512

    61ebc017a3aa4861630f84f11cf10cc0d356d23ba8f31b4ec94aa4722fa6f9049401ea17625de4ceb26f6ac95fe117d9dd569a4d54c86257adde9978b6f862e1

  • /data/data/forat.group.noshidani/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    d0583b25c9d6c1098098a99f887ef6d9

    SHA1

    defc285a2d191b84773917dde1d3bda3057b7774

    SHA256

    0be2944a99c609aa00e0abeab469a343153c30bcf4a689354e8e47a2ee49abc1

    SHA512

    3ef34aaf2cafed6afbeddbe75667995aaf508186ff731953629ecec1e6f128ee6c0d0a55a5108b0e8f7889876bb9253e1fcd53d6a80129e426bff2c8a5690798

  • /data/data/forat.group.noshidani/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    fd5e7d5b55ee0a018784940e0027fd20

    SHA1

    96308c895891cc2d2b78289076365723e1fba949

    SHA256

    21ddce2adbea36453e81362ced2f7420f0bb098da00391a5c930e4d38c571a61

    SHA512

    e5a730a5502747ba67edeae7888651f7776eb43aab4210c61fd4cb3aba5d23ef7bb7b9bc586832a5936ac0ebeebb8b7b1d9e81b0a8ebb67699e0c7b0633ba5ca

  • /data/data/forat.group.noshidani/databases/evernote_jobs.db-journal

    Filesize

    7KB

    MD5

    7e56dea727b1546a8eecdb7f42123d5e

    SHA1

    e157c2fe3657a3b493392cfe9d3fc584774d00ce

    SHA256

    112bb8dde0c603efde1a37bbf39c097e714842e10430652a6210b472a3edd070

    SHA512

    a88dceda15419140e58f0e60695225f9e91638c9f4fa7e33a43e2faa1d98621ec4d1b93220d91c780339963ade4eaaf29e67edb18fc57e824e34bf15e55b895c

  • /data/data/forat.group.noshidani/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    322e9cee937330a155aafed531ec3931

    SHA1

    89a2755aff96a294e0f95555760953b7451de2e3

    SHA256

    9632c2e8bbb6af07d7b44b68ae8b2f7c0ca2a997fed1ee7bde44f702a9e39121

    SHA512

    6f7372461a2fad9c8ed8c51bc3023a731ad829b0ea18559ed2a4cb8dcd3db4d35fe4ab4a4cb97e5611e38e7b9191db6deb1e20896c4d4ae9ac9a536735789a62

  • /data/data/forat.group.noshidani/files/db.db

    Filesize

    158KB

    MD5

    426179142a16f9ccf11b14af2c4b9814

    SHA1

    5ef5bcd7454f56017adc4d62e480de8540970301

    SHA256

    4b4d274ee8b5c46e4fb929fa1b1d272c388cd36256a69bb6beaaf6bfb698a0fc

    SHA512

    0c874897956081b92557259a8f99eeda8bd9db475aa909731f2da7b21e42ce7c14768115600646cc0984ecbd7f845c3d8092526f685cdffc35b876f257483b52

  • /data/data/forat.group.noshidani/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    b807ce457e00ae5e5ca718be79074eed

    SHA1

    a3e5cdf160a0038bd85f55052f3a77848c0a984b

    SHA256

    fd3e79d47718693b5d26b32480f3b88b536cccfd46603112a0acb646bac6367f

    SHA512

    0a4aa63e5efc76b2790d4fc5478f8856a50918f75cbf126531cd97cc9c8980012d5e8fe36a941d91ab72b7a1e4e8461c20df045680f30facde543ee57551be91

  • /data/user/0/forat.group.noshidani/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56