Analysis
-
max time kernel
2558468s -
max time network
166s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system -
submitted
23-12-2023 17:24
Behavioral task
behavioral1
Sample
56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6.apk
-
Size
9.6MB
-
MD5
09d65159abefddbdbb34f0a2395f5ac5
-
SHA1
5124ac356ce7723732b8c4e5e458a25cb13089c1
-
SHA256
56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6
-
SHA512
f6ce06f1525cafc279a76e5856f8efd2a73df550b8ae714523b8c57d5845c96cbfd1b8320b3d44299cb0b44d98a7494d3704ff8ffe97dfe797668b0d49abeb93
-
SSDEEP
196608:hkQmTyPTsFe1iffMellHBCT8eiqQyzgW/kw8PO4awyxV+Xh6OapCnv8HrXvA:pay7gjMellHBCT8eDkwQOR38XpnUrXvA
Malware Config
Signatures
-
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation forat.group.noshidani -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/forat.group.noshidani/cache/1582435991586.jar 4634 forat.group.noshidani [anon:dalvik-classes.dex extracted in memory from /data/user_de/0/com.google.android.gms/app_chimera/m/00000000/AdsDynamite.apk] 4634 forat.group.noshidani -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock forat.group.noshidani -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal forat.group.noshidani
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/9a3fc9b0-d739-4157-aeb2-bc9324a24f80.jobs
Filesize278B
MD5fb7d06fee3ee1a0a7f2843977dd95936
SHA1d22530299ba7ab7c7d467b994c7aceafe83d4bd6
SHA2562bac38a9b3c90fa2dfee61261af16a106bbd188375cb8a94c63117a2d61f9075
SHA512755fe950ae6f150af24a5cd693d7448fba0ce8cd5f7c7cc496288ca204423aff8bd8fc904d1ac3d4da2074fc72d69516183d740eb28589bae820c89723340f92
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56
-
Filesize
512B
MD53c1c7093b80bbfcaac08fe14f8cb7961
SHA179acbf6d3914945e99464d1ca3b83ce403e3d474
SHA2563055763f5264b321205e33e2e7994671cfc728e5b1ce15937e03794fdd82b6a7
SHA5121eae033812229db496d95afb8af5ae024e13a309dd48df702e26e532503b92b78d10c6e327aa829d6f74f52cdbae0796a22963d68219bb0c2866f4dc007eec06
-
Filesize
8KB
MD5416acdfe7b80e6686b553f6c75c76193
SHA133961803778d9ed01b7b41b1ac67d65c6c975a28
SHA256e0879af707bad7d20717ae318530b0e0b63765d0c275077a8ba06aa0795c8b33
SHA5125bd57c9e013b28fb80c5c40b4bf67f8fbd8528be645e3ed756df136f58472764e6b930112f493e340d747e1db5944d3bfce9002cbbcef8e0ea58537576f8a162
-
Filesize
512B
MD5e04b8a1becf832d87845f740bb309ec3
SHA15247d4c265ac7d8da27fac91de39ea8ad90730b8
SHA256b4f08ea98825d5e570f6d529963e3c602ad140534094db934f7a8f2c801baf34
SHA5121d4848af0fc9d21eb64819b603069b8526ed8928988738645d86891a500ace75d5acdcca0d7c4b47ec60195a6b65458c7a3584351df5f314c57cb603eb39832c
-
Filesize
8KB
MD54e7d68f89f13f9ee68ca80124e5cdc34
SHA182bd543bfbe1fef5849823ca32bbab3cdd86b381
SHA256bd2f9f4b4779de416c6e9dd5a7083954d4fdf8b9d5da8d05b2f8dcb47f0a103f
SHA512f43fdb3c4838bd154374db012ddcb379fafbf38e0105d20f564889790fe4d4316c4c253ac6d199161900ceeaec87cc9f9f657102eb307c4d89c026a91d85c9b8
-
Filesize
20KB
MD5c43d004752bc17ea1c423999e7621ab2
SHA1f05ff60f579e42d0a12ce67d93403756cee7d2e0
SHA2560222444877c91663c769f7e3855c9345baa2a0750a8c1c8d2ab4d30eb32ddeb5
SHA5125bb608a19278cf28c1b2cde15095b31ede0921bd6d64678e89eadb734b7f7846170a9361e31ef50323ecc3a12028fabf699771b1705935258aff6d07102e0612
-
Filesize
12KB
MD573cac8909a2cc792f806958a631050ce
SHA11c2abf2c0f11f61f45c6a297da329cc23a317389
SHA2565f9dbde559b6bf58f0d16de41582f989d1012d7ee09841c0ae77b63e2cdd28ba
SHA512b2dc9f939d9eac3b272ad7dd81d467b5268795c4941663ec7d1724e2157575833ab9283a2d973d5c961fa650d169e85bc7a915b9244527a1f1a9d7fd34ebad23
-
Filesize
12KB
MD5171aedf968e17a2744d2585715606cb9
SHA1bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA51278a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b
-
Filesize
512B
MD599d3cfbb667e9852bbdf50317392aa3e
SHA1e9fb5a310633bf0069665a89cc89a6b4ca799b66
SHA256c39477f1c60919471a1435d6f5e1664ef2c9fa850d86387b653d41f8594d0709
SHA512d2c5d8940fc3152935f0a99c1c1be2310cc700f31dc6b5940ccf30f69d4e6e498026501fbcf070c44a9caa3a0911fa62500c9ae75be1c9fcb9a0f3744fa0a849
-
Filesize
8KB
MD5c4fe9ca52f603f744505288a2a2cd0b6
SHA1916eeecf68d173848a2dfdb29ef1b98ce7356674
SHA256fc206e61afd0deb03e15aa9c31717d1959696af032250c9c0dbc4e243f21ca6e
SHA5120cc8ff12a1ad287587f1929aa25523964020e6e8d8891a72b5623d00bdf731690fd2a85e37c03b7737ec0447daafc19c9f6865e32ed775c8fd8875fbdc236e9a
-
Filesize
8KB
MD5568f1633e13261053177679b8530c5f6
SHA1532795ad4efe4515bb447e26c37b18367ae215ad
SHA2568c2218d431865946652a32b23ba1e54ecb381ccb323963fb83c33066ce570f58
SHA512628bdac9b7a5b498f43620cc0c1cfd0108e541541b7f2bc9ee46a36062103d249d832358500b68d0e7f4be2c0e555aa620cf8b89704819a63949c08def71fc93
-
Filesize
16KB
MD558c0b6e45328752b20ac6e719ac034f8
SHA1372b2638afd00bbbc4034657b3df3d2e428fb367
SHA2569d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a
SHA5122d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab
-
Filesize
512B
MD5a5ddba3da97cb65954c04fcdc9e01ae5
SHA12d39104e888b6ca710042f7687416481a6960ccd
SHA2565b6d5b5e63ae28522d9a5ce49d2d4ce9d850afebccaea0217c29f62156193b7d
SHA5129819bc1f14e7d061444aad598072ffc0e678057ab663a76fb1ab89652c276ffb1457ab460bdeacdf4b9203f517c0a8462c0b6271c9dfffff608d3157212f74dc
-
Filesize
8KB
MD53c4e7939555e5dacf2f85e9563863f12
SHA17f45ea05399e54009723ea4b4c79bb72af5ed6a0
SHA256631d11e5174081c22527ba1728495b592a8ec81b666f26020161ba180df709bd
SHA51280e73fa3f7630a5e0d2621126adac8b773ddbae54b8604e4224108b89b8dafa685d1ffc5802ed5214b7058eaebb46a572a0fa55699af03ae3c7122dbc175bd51
-
Filesize
8KB
MD519b40067efd5637bd0dea1d61f4779e8
SHA1a8586478b5a9c1528422c3e49897980b32a0fc65
SHA2564ba2b15d201bc73ce59b86c22411e66d6968dea250786cd6202f06c9b0f588c9
SHA51217fdd6e033d2466910c8e8dc925eb2614358d874b523f76a6b5d799f13588fe70d949ebb07af850047cf154b46686c3130ec2036a0e544da4b3a65b2855e7c0c
-
Filesize
8KB
MD5e8a17d27b3919efdefd009c58c55a492
SHA19f5330649ac83fddd589c8b6a6b3b78e528f139c
SHA256b91026835ac9b6068978ec1188b437b53ff88d8d0aaf35eda75eaafb30e3bfde
SHA5129f5473e7accdcf50aa55e6418c391a9b5039e1265e9cc4d2c33cbc0ad1f61818d3baa5997e0a8ae20ca6ee316c42a75f50d4dbf483e340e8f5e6c318fbce7e07
-
Filesize
8KB
MD5bd51a871f1c31c5ecb840ce6e9d58df0
SHA18540c20e6ed23ecfca24b0cafd94b30456167322
SHA2566037de82eae235728bc7b4597c30410e2e1a384fe9c77fda8d8589d4cd77b00a
SHA51253fbe01a8dd6cc1eb4f2ba7a850c25e17a49e73fe001ee98c4ee981eeee4c6e1add0d321ffb3ed882382951473385c618aa862ec2b5f12ddb862747e936afc80
-
Filesize
2KB
MD5dd41c554303d3c60ff3d86ba85927f62
SHA1b464badec02781569cffcc0a69a4f6f87c56763b
SHA25627f69a5a0e0d7fdf73cee0e7a942bce1e0c1a8cef77609c79008c92783afddfe
SHA512f806e2d702dd64e5ebaf7a6ca3d17578e814627ddba2aecb1127014c4384c8889804b6022af472a59fb3123afb82c1f1f5f3ab8effcb8c543a792ad3c59f6df8
-
[anon:dalvik-classes.dex extracted in memory from /data/user_de/0/com.google.android.gms/app_chimera/m/00000000/AdsDynamite.apk]
Filesize2.4MB
MD522f5f412be1e027b1b27130f2e5b150a
SHA177d3872dc8d055c0bd8513d5374f5cc5b70f57b0
SHA2567e6ef684cac56dcd6ac78ac8b297af364d050bf2513e22c9cae71ce083a8bd5e
SHA5126c82f6ecffd3cc5820bf30b71d5bb766f5d46ceb4bbfdce261e52c5480952653bd0b551627e5a434f6866f07b85b14ab3bfe4875532528433eca0b2dc56c42eb