Malware Analysis Report

2025-01-19 06:34

Sample ID 231223-w9xeradafm
Target 6a578d9f7793412cb9155e811f8c913c2f6ea805a5d2e50362dc884097f4e849
SHA256 6a578d9f7793412cb9155e811f8c913c2f6ea805a5d2e50362dc884097f4e849
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6a578d9f7793412cb9155e811f8c913c2f6ea805a5d2e50362dc884097f4e849

Threat Level: Known bad

The file 6a578d9f7793412cb9155e811f8c913c2f6ea805a5d2e50362dc884097f4e849 was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Requests cell location

Acquires the wake lock

Reads information about phone network operator.

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 18:37

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 18:37

Reported

2023-12-24 20:53

Platform

android-x86-arm-20231215-en

Max time kernel

2644100s

Max time network

139s

Command Line

ir.dena.iran2018.daryaei

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.dena.iran2018.daryaei

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
FR 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 64f452f1cbb24013b5895ad2231f7362.s.adad.ir udp
US 1.1.1.1:53 64f452f1cbb24013b5895ad2231f7362.s.adad.ir udp
US 1.1.1.1:53 64f452f1cbb24013b5895ad2231f7362.s.adad.ir udp
GB 142.250.178.14:443 android.apis.google.com tcp
BE 64.233.167.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.4:443 www.google.com tcp
GB 172.217.169.4:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 www.google.com udp
FR 216.58.201.100:443 www.google.com tcp
FR 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 xcwmeem udp
US 1.1.1.1:53 gwlbudh udp
US 1.1.1.1:53 fxbijiulvd udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.213.10:443 semanticlocation-pa.googleapis.com tcp
US 162.243.147.245:80 ip.pushe.co tcp

Files

/data/data/ir.dena.iran2018.daryaei/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-journal

MD5 e4ab705391871043e899323c058f1f90
SHA1 691634462d4a08aac5972fe940e4e232efb6e0c3
SHA256 417e1e643df050ee0a33249a2da8eb833c81d30f36fec89fb15026b23abb81e3
SHA512 8b3642a08d36e2ba985baba87e710b12d2199217241c0dfe5ad754adb6bfcb3062f4f0057ce09ae965a9c146f2f9f3d6e2db440119f1c352e57a7dbf6455548a

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 978fdf85b8448e3a7c9015e51477eb49
SHA1 793bb88398dc9457935a4416638d5ed3974baf19
SHA256 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92
SHA512 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-wal

MD5 8d193b9562a6d0f693035ab0df667ee4
SHA1 a0c518ccbc0dfb894dafa84441eaba5ddfb0f9de
SHA256 1d2aa7399f9fb69e2db5af8f1f3508a414edf02c7c64d4406c10971f1c4c9697
SHA512 378ef2e904628f095dc254034c5a0858f724c46cefb66c4775d98d8ddd314c2bdd221a63c1aafb81a9c20daf5cd536be9e52eb2dcde4fd24c2d4f189b10bd852

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-wal

MD5 703d915749bff7a81f291af67fb4c331
SHA1 1151f6294d7c2ed07111b25a8a354a3be1a5a72c
SHA256 224ff0545f1d4c08a24447d004fd073288e6082ada14b3178c8d42d75658e15d
SHA512 a5a9df6ac8a6c9abd6b1e4ee6a2c4de3226ce451f55edd27c68b8d5ea5e6edd9ea1b1f42ce314864e406afbd59614bdce1e286680e92831f4a0fceb768ceda92

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 1bae7148446b3fbb683ed46f9cf90a65
SHA1 f25115e38c5ebdcac4eb4f6de06062251ab6f8d4
SHA256 a077ad877b424dfb4369a8e43df470f2a7a2e0e00789620959e6a5654df93ec9
SHA512 593a2ba3bffaa6c67bb2479b52176cc0ad8d11d2ff24ec4e7d010253b728b2d849805d91a7c8bb8f49588f80362b74a8b15384b22cf22c3a2f9b4dbe777abbf3

/data/data/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db-journal

MD5 66484b7f73a46506f5860835f22c8342
SHA1 7b4d3107ee5dad8eaa90a1bf1650581d78697177
SHA256 27e6dc07116089783eceee9f4efefe84ad85117e760ff9199881d4a21766dcab
SHA512 00a780ef994206d71762d2ea0860d95f48e832345661f1d6d70c3df2e1b4c20776ec9732c7646992269bd65f38f67505593f64b2a3ceaa20b351cdec1c82390a

/data/data/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db-wal

MD5 a4a6756c6bf19a90f5b9d756407b7e35
SHA1 386ef9ff1ba1c5e289535fca864eb48c17817282
SHA256 c20568fdbd0e0c6df23e1fe4270d848ca0dbbd4e2534ad93d3f7ed7188dfcd27
SHA512 f586153a618e843afc5878a1bf08fe3403502895d852de2880207e0603c4bd43e2587920e8a099f0c393692cfa9caf1cf26e23b38bae2e0f67a6770b03029936

/data/data/ir.dena.iran2018.daryaei/files/daryai.db

MD5 06fe7dc230e9deb9a5ccd10511d8bf60
SHA1 4088be49b5310b656115c48a5bcfec759a3f97bd
SHA256 4164f2bdd2ff5b8509b04b24d78ed8e072c06f63dbb8183290ff1a1ee87bb781
SHA512 5d11c5e79dedeb89b2c24d7da697d83dd171de387f158ef293d908c3ec7063ba59137998cc6394c52fc553d289b02906aa9cfa9bc13057b426dabda1fde90f72

/data/data/ir.dena.iran2018.daryaei/files/daryai.db-journal

MD5 b99abf933142c3bc5dbcfdd94a707188
SHA1 fb9094a340470cc5515f27fe8e17af3ca845e896
SHA256 f099608b12d78d01d988816ab2b756b77344709220a24d3df2033ed8a20928b7
SHA512 03ded5aa3a305700986b997ecd8538a12f852ce876f88347b3b59d8f61e946926bffd20f755a0dff08e10c999c5509b175b5f3e2d8ec55748f1463e713587b1c

/data/data/ir.dena.iran2018.daryaei/files/daryai.db

MD5 96134b9869fdbfb6491584a296f45ef9
SHA1 3089cc30719070b354614b87160e4b946ccecfe9
SHA256 b812f2f316cb78784b424c8586c244810ef3fe44bbe870fedc8811d611fcde51
SHA512 bb9c4c0af35f2a2c641d21d13d3ba715e16621c90069c75463339620174881631f347aa4ea5cf9a75c1d3d92e9aa3befec50f75f448e4e33e8d4a97d11fc29c6

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-wal

MD5 2a8e14407dc4919e40fa7f5dc5b823cd
SHA1 45133e69a7a953ffc11355fddcc16ee191d6db1f
SHA256 b9622fde2edcce0b57f89d4edc91295efd90aa8bb8296331e35597cbe28478b0
SHA512 5faf6f8dcafd167e518f98ea0220b57908de5b679f8ed73ea9be68b07164678526d99a51734731cb324f0c3873979c77ce1ac9f76c65dca4c8b9ec5fb01f1f57

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 534dea76496868040da12b269fe877a9
SHA1 7d7c72a7a478122e6cd4d7a14dc2cfc11bcac713
SHA256 ea72a547ae8d0fb8637a15df065eec17618a08e699c11e18519ef048ee66ef5c
SHA512 6c7edee1ce7cb3d183234ef3086ac538f2a90f5efe5c940d5a37d7b5f02b131cd86f36c1fbc439dad42851b75b102ca35fcaf77d4af81e94273cf18a1c538839

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-wal

MD5 a3ff45dabbba70863f4f8b91ff167e23
SHA1 83718f00029494acc4d6569e01d34c79cb2d046e
SHA256 a6254702ff05fe41f2576d32be0dee92a09d1b83867bf1aab23faa440c752edb
SHA512 f36d9d4b87d5c9ef7d867a3603001b855680be94a50b9d5dcd2fccfbafe57a09b2d5c3523ee629d7996e94bdec83656fc40523576e392e7f37f92207907b78aa

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 7f769659c9c7084a338ac615425f634d
SHA1 84d62dba4cca29b72888e86b45868bcf64fd1b86
SHA256 065519c587071042f721504fea206fe3e0c9d692ab8bef2cf8998be31cae1d0d
SHA512 c55112ac964fcaf948ad38f703ebd3e20834519aedc3c438d9474e5830ed9b7839ddfab80f8f2e2636ca1229d3c9aa208cb609f8f47c8634b9879bf9bb27e5ef

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-wal

MD5 b9cc4108eba8c398a235cf1337dc552a
SHA1 0dc003d5cf221eaac032dc9a78f6a2af89ee0d41
SHA256 64079dcafdd53670aaf8363ace38f590d212383718c14f5ba53e2cdc8ce5f98e
SHA512 c4792154d0d80c84889f4cd8c32f92129923026c16c22af743281c509ca8c283753b3eaf49d1b412a8aeeb8d3fab819f26c2cbf524744a2a33d256a59574550e

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 80a7b8a3da6b358e3638257e68863242
SHA1 8ceea928f76dba5ed03ef48c306a8424f39a7e6a
SHA256 15bfaeed327524f242e5872cce393a1a1ffc114ece88182df251643b57e6f94e
SHA512 e1df106faba72a87e55eb78ca63246ea18a42057c9006b0f5eee6a03487b3d79686ac34a742a3134a7649ece8baa620378a8e173c45c4b80545874a8964b206d

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-wal

MD5 b4ead007d22a0a7ef78cbb1bc96616cf
SHA1 5b09dbe687c63ec31e6c12b22c1a1f4b8245fb76
SHA256 254357dd3d02ddf2cf09fe76939221c0e8517c50c98deb5911dfb40ffea859f5
SHA512 79f7faf30756ca766e87dccc425d6c923593c65b55f8b967d249e42a693f1487e0c4bf659df7a02071a5deccc6e6c765d11f6949ddf535c3ca197369914af120

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 8822036d0cfcf7db719141efcdcae7a4
SHA1 cd37c51455d682de03f817d63cc3fd605ba28888
SHA256 220921108ffe976f47454bf1034a640815cb072193a3a599881f495e9d4dcc0d
SHA512 a70dc21911ac3bf2205caf2c42e734d046e47a336ac10a03b29e0cdd3d1c2c156e7b03556dad69a17f775923883aa2bcd8507a7a8999be9539696d9bee871a83

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 18:37

Reported

2023-12-24 06:39

Platform

android-x64-20231215-en

Max time kernel

2592799s

Max time network

138s

Command Line

ir.dena.iran2018.daryaei

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.dena.iran2018.daryaei

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 64f452f1cbb24013b5895ad2231f7362.s.adad.ir udp
US 1.1.1.1:53 64f452f1cbb24013b5895ad2231f7362.s.adad.ir udp
BE 142.250.110.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 64f452f1cbb24013b5895ad2231f7362.s.adad.ir udp
US 1.1.1.1:53 64f452f1cbb24013b5895ad2231f7362.s.adad.ir udp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.206:443 tcp
FR 216.58.201.98:443 tcp

Files

/data/data/ir.dena.iran2018.daryaei/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-journal

MD5 a7db15f2f322fc305a3b2f21f20efe63
SHA1 ab15c4040f44c3f4babdd9eee4c452657706fa0c
SHA256 d6ad2cf15094c122a846e4854359a0a87dc98a5a89762a82620a2143e453f3bf
SHA512 6e2c1a483bcede3d70d493df9c555c9f5c8b82edf4eb420399f00a5ffe124de06d3909d2117bfbddc22ba20bb44e685d5246c33535a2e3c38148606f7314033a

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-journal

MD5 6f18965548daabbe039ed4f871798a20
SHA1 47672289ee48cbda9682fd035da1b9ee668e9e65
SHA256 504d7750e62f2b9741a9ec7488e0b5ba6d4a58ab49c8e01d61d50a98e5ed1736
SHA512 9746e6b2c14151d40944f10738455a6813c6799e7a114f2ed47434cec9b7348d081bafa677b9904a9ec971a39252c905cae93e76e3131afdbe7f6a3cf63214e4

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-journal

MD5 b67643fbd7873725d5aed555fdcc8233
SHA1 22b186a83112be01ec267e477deceba26b1147c5
SHA256 b59882783429c5b54488ab84984052f221037546981e4b80ff1861e229f1b117
SHA512 9677c6044f5576be51c84b3c092f16da0700c55b20e7ac9ed5324a70a3c1df853d5b2133e0aec23cfa3578a608614ce4300798b4747faa05289b6ee9973c5f7f

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-journal

MD5 5a6bd9317351547a910fd9bd31977339
SHA1 4283cb0a1753c275a6146c8646e84f7734549357
SHA256 6aca0bef1178ef3445b6f6d4b10d640d19f3446726a9b3fa04a77851bb6df3d9
SHA512 1944e5040fc23f2574e86fbe33b3ec2d39ffb426a2b1b21511b22807cda9375f80a5975cb098f0c27fba26ec18bfb070d696b3882e312948aa34b27c6b2714f7

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 dbb1e9aac05f6425e4d7eaebbdeef66b
SHA1 e6677e29e31699507f49894230beee6d719ed43e
SHA256 912af481991edfe22dc305f60fc5464289d31a05056511a9743204ee97d1f9c4
SHA512 9e0f6de32ae815265be2ef23d092868d9906f154ea49739bf817886820c77449384db63338168d745b773a0f66561782e14c9b1548fa4d3bfb6a24288d276299

/data/data/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db-journal

MD5 1b9beb3a85fbc8e5a6e8d955dd6cdd0e
SHA1 689304e227399bff2f1b6de32838be3135ffce5e
SHA256 6a9baebdd7ee51922b592ee699a6aca74a0e28c95774e2150348e6902d1e1bc4
SHA512 200263301eff7bbf7fbce2e67d951b39198c43047f5026dcd96c50e271827fca1b75650be6a225a3c20cd553c6b6d903e7ae8542bdc2d13dbe9e8d5ff7e8a134

/data/data/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db

MD5 abe9fa56c177c65db8c072e6d81fc41c
SHA1 abe9e9bb6f7294324f549af4435f58578ae69f2f
SHA256 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a
SHA512 bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a

/data/data/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db-journal

MD5 6200a5751ed7eef627928ed8648f725d
SHA1 74bf18e3bc312f1ef9a9a772a1ffeb1a1573cd80
SHA256 aaeea0b6a8b5243a3010cf8bdfba02f819a01b2bcd0be2f10392f6e443a4c83e
SHA512 397f5738c5d0fe70bf26afcdc8e48c26abb7f0c06a2ae9e47ce6c98483601efd4d0d3359755936abb5d124a68c4f16d75c4fb5984fe1d8225f5f2069781d2041

/data/data/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db-journal

MD5 94798703171b96ceac5251fb42d3b184
SHA1 c14a7dc18b85690eafdb950062a0adec49756c7a
SHA256 19ba8b33c7e1497d25a5e122fa42923a41f81fd63697bae7e18635b04e84231f
SHA512 e4d6a29020b756b6d029788d1a15809fa5c0c421e27bf23cbad39dbd29832bdf4cfb084b13fc8733eefb6d8dd4d764830e1755ed27ff4934ca94800f11317d0c

/data/data/ir.dena.iran2018.daryaei/files/daryai.db

MD5 06fe7dc230e9deb9a5ccd10511d8bf60
SHA1 4088be49b5310b656115c48a5bcfec759a3f97bd
SHA256 4164f2bdd2ff5b8509b04b24d78ed8e072c06f63dbb8183290ff1a1ee87bb781
SHA512 5d11c5e79dedeb89b2c24d7da697d83dd171de387f158ef293d908c3ec7063ba59137998cc6394c52fc553d289b02906aa9cfa9bc13057b426dabda1fde90f72

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-journal

MD5 6b3bcd19509d4d6a32adf9c1ca6cbfe1
SHA1 c83412d83a7dcfcb27e90f7c38206f8271181062
SHA256 7ee931890e0b1610dc34261b403541811747020b56664c3a57668379786108f9
SHA512 67e9ff22bb1dcd38f49e2d456e3a674514dde2d65b7b050049dabbee28374f4129f919f109626d4c62db2236585a3a9902ee88fef621f2d52bf6d2137848d94d

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 34be10ad0d7c3aed50c3d9b7fa680e69
SHA1 bb08f20d3bf537664f6ad40fbeeede323e5913e1
SHA256 c427997dd53b426ab4c51e773f22d64888d8aadb81a2ec33ff69ceb9f106667d
SHA512 3275b53fdb0609a84032411235fa0978a1718272321050ced7980688a71082ac320804c6e347d5ddc6c6e59db549e6a6426a43902bcbc2dd77f33a58025d2c4d

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-journal

MD5 4ec9bd06b3807333ddb6b32c2a80d2d2
SHA1 8c60a299c40c4e8a0de40ba94a062030a2efccea
SHA256 d75d268dd5164f49670671d682061de5746f2303d30e77d12824a5415b6fb7cb
SHA512 79e514079ac7c5e9fdebb541993140e2d264acb94b2b0b60299bc996544ba53da7eab1f7fd2e7d551ca947c1ef921122aabed9522094b2460e7e138efbf48cdb

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 7bbfe6d85f94d09962113b7d0ee8f222
SHA1 eb343cf3ab0395834955bdf90bc696367555f187
SHA256 f0cc180a82964dbda7fac88bfc346a7c9bcba9a0d8b1d8e12e2573a0d80184b8
SHA512 f6ce2c4205565765d6ff90e7621280bb510c3fa5b17f181d47d89fda5b6c1c880f04a5c9d79651079a22497e3b79ef04fe3a8993fa7d574445e96dbc63a6208f

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 651751d8f1d5bf8480e36f37d58d8c6d
SHA1 a834bdff890f94ea7e0cea554aa0c81dc9f499c2
SHA256 6a30b20b1044de7a283fc2c1bb6607e5a542e8e40f4d3cd326c3bf6146dcfd19
SHA512 eb166b8358d01ac7bb5355aed90ff2b17b8c726c077491042ab18557f4ea4dfadd0925c6886e04d99863952cf18fccb31ce53919d985abbf363b057f1e3a1e3a

/data/data/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 955a8114dca8b4925cabf112b8b00371
SHA1 e557f30a6c1ea3a50f76b793811e465b713da49b
SHA256 8ecc92472550d096f0028e4228ce956f84acae6af501b4396127463773ecd4d7
SHA512 76c25b7363b759ee94b9e054fbca1a9da34e465e91aeceb3650abed722a2557ad08983db4e6eee1bb19aa09e578bd62e0ffc7e4dda6ec2c8c132710eb8ed69cc

/data/data/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db-journal

MD5 7096f05bc3fb39161c7123ae0d19e175
SHA1 ae10ebc8e71faae63f2bc9a2b691a03e747b64cf
SHA256 4c03f9e8ba074d6b76168363ff697b2bb9dfe6b011b8fcbe0811e188ad09c231
SHA512 60b67ec36c663f800fc754c3c221df858ff48d5e4e3cde8bc28609e0751400f57a9c0b61c7892dbe14fc4037d99f71c46347d6ed892fa45cabdb37af273489d5

/data/data/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db-journal

MD5 ddfd562516a6cd26c96b3581dc51d38b
SHA1 b49b8e9af44834d27e35c3575959287a5d2bb7d2
SHA256 dd8ac9b9fd66e5dff0cf74ff5450138673efceceb76865e33b48099ebe0672a4
SHA512 76edfc5d01465f1285540aebe240ad89200984452ba8e8bbaa3f099d4b83ded40028c26ec6cf59500a1fa1df694e3e80b11cfae587bf51929d464398a79579b0

/data/data/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db-journal

MD5 2f42aba9038a63120313dccd0b27bbc4
SHA1 147123ac3f3a5a89e1a56a74532d274f68c873a9
SHA256 193816b33502e3ccd9cf1e90606a4dda8f0e4b221861b53a2c41159810285619
SHA512 00a04a4df2cfb3ea8bdaf2597659d8fa3ed69f68c230aff8a66bb73c3d26f0e3734f2965668873ed4dfbf99e65c54a3c033468dc2a37d98e236df007205d1582

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 18:37

Reported

2023-12-24 06:39

Platform

android-x64-arm64-20231215-en

Max time kernel

2592815s

Max time network

143s

Command Line

ir.dena.iran2018.daryaei

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.dena.iran2018.daryaei

Network

Country Destination Domain Proto
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 64f452f1cbb24013b5895ad2231f7362.s.adad.ir udp
BE 142.251.5.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/data/user/0/ir.dena.iran2018.daryaei/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-journal

MD5 73f821a839473631e4bfee86694f86db
SHA1 2a630e9d391d300fc4d52875cab960dff1bf30e8
SHA256 c7b33f591b1f5613959a963d869d6c633ed46ca5c472d6b474d58fbe7b9522f6
SHA512 b2dd7988204f4dd21f76c7616b04cb1f824de3cfcd219890e8cff8e9647a0b9fecb4c69d18079bd8a9b030d5515118ace281abf9275e22fe857d633aa0752758

/data/user/0/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-journal

MD5 8ff114fe35356ce66be7133a96c73307
SHA1 1dd68f5629185c13d6c296bd1fd338c117031dca
SHA256 2303420918a3deca1e20247d8d44b05b3edcdf623c4e5ab751e25b72265374a4
SHA512 f9485aec76ce1337481d03c49a2173c0221f414cea88267dd847f4ccf3d3cf06468b853e2708544534a72d07de8765c3e2ff5a36ab6cf46737c3b5403b6c3f63

/data/user/0/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-journal

MD5 e2045bb5f7b1d911d5f9ced5e2750e80
SHA1 8f1a6693461515137db90b0285d2e4a43629a8fe
SHA256 0add222b901f69a4ad974eedf8b6df0b76e89640dceb90d88f63af899c8c1c6f
SHA512 23187ed1e58571f9fefe3a2bd8755d74b2794aa42c7cf87759b9051ccb13e294c80f6aa12ab8f6c9684ec8c4c65401b0bf9d72ca5b69f1caac57cd48a2444eb8

/data/user/0/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-journal

MD5 3dcfe3f60f6eaa2cf9252fae7fb22fe9
SHA1 84bd1e36db96c0db016f405b27bd0700162879d7
SHA256 7b58ef84030b5b220d8fee4114521d5d353a45bfdf0d7df38e3de7154bcb145f
SHA512 803d61d07e51f5f2fa11a85fdbe1c395d3845a56edf62093a8d301bfdf52cd19a5e837348b259ecc560b3d0b4a05c778866788bb917ef7d3274399f06e0350b0

/data/user/0/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 c3706af7b4938e68e35a9d3d62d36268
SHA1 6c657ff2dff899429262ee9a1ccbc91438b2700d
SHA256 773109b84fb7af2d3bdb61c31c2fbb058902b27ce3c1e55aed51a2ac001e77f5
SHA512 972c3e1110c73021187b24c1f43e743a7840df833e2a6e886377ec2dad22a6d9c5ae487c0d2489cb771b7bba23dfb2cda77dca4f7dd29b3e06038c3b1977219a

/data/user/0/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db-journal

MD5 383b96fa3b0d73a4465a2c0f83a9ba04
SHA1 6e04adc60019ce11f41d373fba9c069811937e18
SHA256 eec4a179a48364708e7c939f80afa11c95c510f8ef944b231f73b0b70ef17047
SHA512 611506df2b49202c49cf8eae3e4aa2ead19b02e4b7f9ee70ea157511e8223dab248d14f11581b91fc9b0d2e67641bc5c5b468b659f57df3292e2770176cb61fe

/data/user/0/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db

MD5 2cdf77d5c14dd3f313b60c691579a0b9
SHA1 6a74a7a3170cabead82152871c90749afdd6f310
SHA256 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0
SHA512 eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c

/data/user/0/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db-journal

MD5 db12cbec84190d88dcf2894644f34095
SHA1 165d87b51c08e10d4525db1e2967963bf92f9e01
SHA256 5644845eec09fbd39a5e696458510ec643e3460a47a3591315f312f18bcf0688
SHA512 789c3e9cb4649fd0d8be571ed60c807980015459353da49385bd440744e61b582df2f49320cf1714ab21a38a5fbeb00457a08eed0502a5678a0f52e104469cad

/data/user/0/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db-journal

MD5 3585ad234315f92a63f4b14c18e207b9
SHA1 a5dba4655b98f520565ce3e0241902b3805aa0ed
SHA256 04f9a08e19fadd8b38fc6eef831f046d3ef4ee648cfd762900df9f9b972cc782
SHA512 d12a96559e9aa8cbc650bb8af22f56eeb77fa34081c250b5718dcfee396162b52c930e5a51660eb7c1cfbf6f80b39e799c8a10011e1ce6a8e77fee252c9e58ac

/data/user/0/ir.dena.iran2018.daryaei/files/daryai.db

MD5 06fe7dc230e9deb9a5ccd10511d8bf60
SHA1 4088be49b5310b656115c48a5bcfec759a3f97bd
SHA256 4164f2bdd2ff5b8509b04b24d78ed8e072c06f63dbb8183290ff1a1ee87bb781
SHA512 5d11c5e79dedeb89b2c24d7da697d83dd171de387f158ef293d908c3ec7063ba59137998cc6394c52fc553d289b02906aa9cfa9bc13057b426dabda1fde90f72

/data/user/0/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-journal

MD5 84662045f971d6b33b47ccb77506da15
SHA1 6d5564e65992fa15cda6f899527edcd784cba66e
SHA256 543885350f38ca3df7bfc87ac342528707f56558785785b8ef308ee2671b1927
SHA512 68533f80a4ac62171a7560063cd3767c23c7cb23814e899cf37b3d4cec6fac8924fc29badd9eb7fc818f67df3902f76252a5c818e0167ea5cb20a2dabb56edcb

/data/user/0/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 3f89084cba531362bea884a5e9ab74cd
SHA1 6cd2f95cdbe50e14eb1353f5aead38b088d50624
SHA256 6e80f909dde2fd7751adfb66a421b42ef1447ab6439f3523a1b0a38fc8917886
SHA512 269fec26da15336cf0c5c294a856f3b85df1f09d9a5062d3fbec3651d2caf40707303027d0d5e441d1758b4d95dad0ef9a7dea97399757264fe439264c118945

/data/user/0/ir.dena.iran2018.daryaei/databases/evernote_jobs.db-journal

MD5 9e31b9f081994ec84c54f19c03bf528f
SHA1 e2f309c70fcba7240b48b532b121ea43a8856bd1
SHA256 12ecb0df6582601684ade9d2041d9aae5c97a88ca4e489d2f8621bcdf4ae6242
SHA512 6ce2a4e45f96fc55e31a705a7b4e31e2a4e9f950a171167e665978c503b085d6ff483dde804019ddf17cc8cb14e707a98d9759c0c3f48dd0d1c913f048c4edda

/data/user/0/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 cbb57bc0ab6cdee6b740b3e612dc2bf3
SHA1 48fdecddc99ed6bf69a2a53a1e602d443d0fb39a
SHA256 76fb63b09a5aea33f45eac48ebba98b6ca77895cdaa9a1502fd2e4f23d1ca25c
SHA512 1350304e90634f0344b4b1f0622eeacd2b151671ffefecb9377882359eff7359c9efabdea489edc851b42c622c0c93003969c591a32e7101d12ea0fc5d3cc8a0

/data/user/0/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 df294e40d6c83a00c279150fd1ef0624
SHA1 fda16dd8ccf62ce3281e691814d3b8a8b7892411
SHA256 0a0b432b989ee19a4ba25fdc8b291fbff05f9e182c0f7f32b07fb9acea3c2275
SHA512 9d41e09e77795ad1123807ed4dd4c9b4025eb3a098c11057ebb66b386ce97db3da4a74677dea013be58fe7605b0809f845aa6650609988f8948ce37894fe400e

/data/user/0/ir.dena.iran2018.daryaei/databases/evernote_jobs.db

MD5 06788bb3ef113ff25b4a4e16bc4afc74
SHA1 8fda347dadfc0f46e174c47cbdefe940acf65f75
SHA256 de30bb2c6cb2afe8ab22d2d50397982a0af4b9e44bddb24a9004db96198662e7
SHA512 0481b7988998f4c9b494f4e7fefce5fd6d37f932ac7cbe2e303fb7fc8c3c573ff15e765df26a8c3bbe02cea41b1cf0d568c2acb7c26ec288875d58d13bcb152d

/data/user/0/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db-journal

MD5 3dd8d73b82c9ab118b4be21f8ab5fd55
SHA1 bc3b05a99925fc6214345dd929a9ee1f5ec524f2
SHA256 e9614a4e075caa7c18fa97c5eb4c18177b7bf0d23a8832da08c5d5fdba1b4a52
SHA512 36e94f1a5d462a3380c8a2ebdb29ba8d9adb45ef5098619f99f63dcd62de6228361792b5322aee995ba1ae2bad79d735fe192a302cc1675527b28de0a987aa31

/data/user/0/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db-journal

MD5 4673e64149de3d5c5fbdeb091e4f8c32
SHA1 ab52cbc0d948fddde41253abfcd697c001ff649d
SHA256 218550f3f1c204bb13bb2e331291d731d9e05eb7c618beb79b1b6c6b90938858
SHA512 c56136166d065230ff4847a736c2aa88ac229f508553ceafd970d1fb2e74296b9381fc9a04d60368c9fcc91c6b267e07d133ab43b7e51545d09843c8ab1ca688

/data/user/0/ir.dena.iran2018.daryaei/databases/__pushe_base_lib_db-journal

MD5 eb312ee0b64954321cbbed4fca38dcb8
SHA1 9e4f4fae417916b818f03eff4fac9f621f91e57f
SHA256 2709ea7218f9728ba82e1bc453711f4b411d8f105f72a38b77760b494e93a5cf
SHA512 dc049b12aa912233c22bd971afb8d10441ebdb0e34221b0668d028252b572d69e18784b91436674293f6de15f78700039ff2612aa9b61c294407e06ed5c3426a