Analysis

  • max time kernel
    2558468s
  • max time network
    166s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    23-12-2023 17:24

General

  • Target

    56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6.apk

  • Size

    9.6MB

  • MD5

    09d65159abefddbdbb34f0a2395f5ac5

  • SHA1

    5124ac356ce7723732b8c4e5e458a25cb13089c1

  • SHA256

    56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6

  • SHA512

    f6ce06f1525cafc279a76e5856f8efd2a73df550b8ae714523b8c57d5845c96cbfd1b8320b3d44299cb0b44d98a7494d3704ff8ffe97dfe797668b0d49abeb93

  • SSDEEP

    196608:hkQmTyPTsFe1iffMellHBCT8eiqQyzgW/kw8PO4awyxV+Xh6OapCnv8HrXvA:pay7gjMellHBCT8eDkwQOR38XpnUrXvA

Score
8/10

Malware Config

Signatures

  • Requests cell location 1 IoCs

    Uses Android APIs to to get current cell location.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • forat.group.noshidani
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4634

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/9a3fc9b0-d739-4157-aeb2-bc9324a24f80.jobs

    Filesize

    278B

    MD5

    fb7d06fee3ee1a0a7f2843977dd95936

    SHA1

    d22530299ba7ab7c7d467b994c7aceafe83d4bd6

    SHA256

    2bac38a9b3c90fa2dfee61261af16a106bbd188375cb8a94c63117a2d61f9075

    SHA512

    755fe950ae6f150af24a5cd693d7448fba0ce8cd5f7c7cc496288ca204423aff8bd8fc904d1ac3d4da2074fc72d69516183d740eb28589bae820c89723340f92

  • /data/user/0/forat.group.noshidani/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/user/0/forat.group.noshidani/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

  • /data/user/0/forat.group.noshidani/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    3c1c7093b80bbfcaac08fe14f8cb7961

    SHA1

    79acbf6d3914945e99464d1ca3b83ce403e3d474

    SHA256

    3055763f5264b321205e33e2e7994671cfc728e5b1ce15937e03794fdd82b6a7

    SHA512

    1eae033812229db496d95afb8af5ae024e13a309dd48df702e26e532503b92b78d10c6e327aa829d6f74f52cdbae0796a22963d68219bb0c2866f4dc007eec06

  • /data/user/0/forat.group.noshidani/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    416acdfe7b80e6686b553f6c75c76193

    SHA1

    33961803778d9ed01b7b41b1ac67d65c6c975a28

    SHA256

    e0879af707bad7d20717ae318530b0e0b63765d0c275077a8ba06aa0795c8b33

    SHA512

    5bd57c9e013b28fb80c5c40b4bf67f8fbd8528be645e3ed756df136f58472764e6b930112f493e340d747e1db5944d3bfce9002cbbcef8e0ea58537576f8a162

  • /data/user/0/forat.group.noshidani/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    e04b8a1becf832d87845f740bb309ec3

    SHA1

    5247d4c265ac7d8da27fac91de39ea8ad90730b8

    SHA256

    b4f08ea98825d5e570f6d529963e3c602ad140534094db934f7a8f2c801baf34

    SHA512

    1d4848af0fc9d21eb64819b603069b8526ed8928988738645d86891a500ace75d5acdcca0d7c4b47ec60195a6b65458c7a3584351df5f314c57cb603eb39832c

  • /data/user/0/forat.group.noshidani/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    4e7d68f89f13f9ee68ca80124e5cdc34

    SHA1

    82bd543bfbe1fef5849823ca32bbab3cdd86b381

    SHA256

    bd2f9f4b4779de416c6e9dd5a7083954d4fdf8b9d5da8d05b2f8dcb47f0a103f

    SHA512

    f43fdb3c4838bd154374db012ddcb379fafbf38e0105d20f564889790fe4d4316c4c253ac6d199161900ceeaec87cc9f9f657102eb307c4d89c026a91d85c9b8

  • /data/user/0/forat.group.noshidani/databases/cheshdb

    Filesize

    20KB

    MD5

    c43d004752bc17ea1c423999e7621ab2

    SHA1

    f05ff60f579e42d0a12ce67d93403756cee7d2e0

    SHA256

    0222444877c91663c769f7e3855c9345baa2a0750a8c1c8d2ab4d30eb32ddeb5

    SHA512

    5bb608a19278cf28c1b2cde15095b31ede0921bd6d64678e89eadb734b7f7846170a9361e31ef50323ecc3a12028fabf699771b1705935258aff6d07102e0612

  • /data/user/0/forat.group.noshidani/databases/cheshdb-journal

    Filesize

    12KB

    MD5

    73cac8909a2cc792f806958a631050ce

    SHA1

    1c2abf2c0f11f61f45c6a297da329cc23a317389

    SHA256

    5f9dbde559b6bf58f0d16de41582f989d1012d7ee09841c0ae77b63e2cdd28ba

    SHA512

    b2dc9f939d9eac3b272ad7dd81d467b5268795c4941663ec7d1724e2157575833ab9283a2d973d5c961fa650d169e85bc7a915b9244527a1f1a9d7fd34ebad23

  • /data/user/0/forat.group.noshidani/databases/db_default_job_manager

    Filesize

    12KB

    MD5

    171aedf968e17a2744d2585715606cb9

    SHA1

    bbeddeb3b89fcf809619c35b4a318a80e7d5b029

    SHA256

    d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

    SHA512

    78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

  • /data/user/0/forat.group.noshidani/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    99d3cfbb667e9852bbdf50317392aa3e

    SHA1

    e9fb5a310633bf0069665a89cc89a6b4ca799b66

    SHA256

    c39477f1c60919471a1435d6f5e1664ef2c9fa850d86387b653d41f8594d0709

    SHA512

    d2c5d8940fc3152935f0a99c1c1be2310cc700f31dc6b5940ccf30f69d4e6e498026501fbcf070c44a9caa3a0911fa62500c9ae75be1c9fcb9a0f3744fa0a849

  • /data/user/0/forat.group.noshidani/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    c4fe9ca52f603f744505288a2a2cd0b6

    SHA1

    916eeecf68d173848a2dfdb29ef1b98ce7356674

    SHA256

    fc206e61afd0deb03e15aa9c31717d1959696af032250c9c0dbc4e243f21ca6e

    SHA512

    0cc8ff12a1ad287587f1929aa25523964020e6e8d8891a72b5623d00bdf731690fd2a85e37c03b7737ec0447daafc19c9f6865e32ed775c8fd8875fbdc236e9a

  • /data/user/0/forat.group.noshidani/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    568f1633e13261053177679b8530c5f6

    SHA1

    532795ad4efe4515bb447e26c37b18367ae215ad

    SHA256

    8c2218d431865946652a32b23ba1e54ecb381ccb323963fb83c33066ce570f58

    SHA512

    628bdac9b7a5b498f43620cc0c1cfd0108e541541b7f2bc9ee46a36062103d249d832358500b68d0e7f4be2c0e555aa620cf8b89704819a63949c08def71fc93

  • /data/user/0/forat.group.noshidani/databases/evernote_jobs.db

    Filesize

    16KB

    MD5

    58c0b6e45328752b20ac6e719ac034f8

    SHA1

    372b2638afd00bbbc4034657b3df3d2e428fb367

    SHA256

    9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a

    SHA512

    2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab

  • /data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    a5ddba3da97cb65954c04fcdc9e01ae5

    SHA1

    2d39104e888b6ca710042f7687416481a6960ccd

    SHA256

    5b6d5b5e63ae28522d9a5ce49d2d4ce9d850afebccaea0217c29f62156193b7d

    SHA512

    9819bc1f14e7d061444aad598072ffc0e678057ab663a76fb1ab89652c276ffb1457ab460bdeacdf4b9203f517c0a8462c0b6271c9dfffff608d3157212f74dc

  • /data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    3c4e7939555e5dacf2f85e9563863f12

    SHA1

    7f45ea05399e54009723ea4b4c79bb72af5ed6a0

    SHA256

    631d11e5174081c22527ba1728495b592a8ec81b666f26020161ba180df709bd

    SHA512

    80e73fa3f7630a5e0d2621126adac8b773ddbae54b8604e4224108b89b8dafa685d1ffc5802ed5214b7058eaebb46a572a0fa55699af03ae3c7122dbc175bd51

  • /data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    19b40067efd5637bd0dea1d61f4779e8

    SHA1

    a8586478b5a9c1528422c3e49897980b32a0fc65

    SHA256

    4ba2b15d201bc73ce59b86c22411e66d6968dea250786cd6202f06c9b0f588c9

    SHA512

    17fdd6e033d2466910c8e8dc925eb2614358d874b523f76a6b5d799f13588fe70d949ebb07af850047cf154b46686c3130ec2036a0e544da4b3a65b2855e7c0c

  • /data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    e8a17d27b3919efdefd009c58c55a492

    SHA1

    9f5330649ac83fddd589c8b6a6b3b78e528f139c

    SHA256

    b91026835ac9b6068978ec1188b437b53ff88d8d0aaf35eda75eaafb30e3bfde

    SHA512

    9f5473e7accdcf50aa55e6418c391a9b5039e1265e9cc4d2c33cbc0ad1f61818d3baa5997e0a8ae20ca6ee316c42a75f50d4dbf483e340e8f5e6c318fbce7e07

  • /data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    bd51a871f1c31c5ecb840ce6e9d58df0

    SHA1

    8540c20e6ed23ecfca24b0cafd94b30456167322

    SHA256

    6037de82eae235728bc7b4597c30410e2e1a384fe9c77fda8d8589d4cd77b00a

    SHA512

    53fbe01a8dd6cc1eb4f2ba7a850c25e17a49e73fe001ee98c4ee981eeee4c6e1add0d321ffb3ed882382951473385c618aa862ec2b5f12ddb862747e936afc80

  • /data/user/0/forat.group.noshidani/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    dd41c554303d3c60ff3d86ba85927f62

    SHA1

    b464badec02781569cffcc0a69a4f6f87c56763b

    SHA256

    27f69a5a0e0d7fdf73cee0e7a942bce1e0c1a8cef77609c79008c92783afddfe

    SHA512

    f806e2d702dd64e5ebaf7a6ca3d17578e814627ddba2aecb1127014c4384c8889804b6022af472a59fb3123afb82c1f1f5f3ab8effcb8c543a792ad3c59f6df8

  • [anon:dalvik-classes.dex extracted in memory from /data/user_de/0/com.google.android.gms/app_chimera/m/00000000/AdsDynamite.apk]

    Filesize

    2.4MB

    MD5

    22f5f412be1e027b1b27130f2e5b150a

    SHA1

    77d3872dc8d055c0bd8513d5374f5cc5b70f57b0

    SHA256

    7e6ef684cac56dcd6ac78ac8b297af364d050bf2513e22c9cae71ce083a8bd5e

    SHA512

    6c82f6ecffd3cc5820bf30b71d5bb766f5d46ceb4bbfdce261e52c5480952653bd0b551627e5a434f6866f07b85b14ab3bfe4875532528433eca0b2dc56c42eb