Analysis

  • max time kernel
    2605034s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23-12-2023 17:45

General

  • Target

    5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b.apk

  • Size

    17.7MB

  • MD5

    d4aca9745b1df836541488f9ba87381e

  • SHA1

    9d2430f0cba9aa83b00c4607e2bc2cd91c9a2158

  • SHA256

    5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b

  • SHA512

    2b5b9864472c5c672b39b9c73c59e90c66bc06a97187ebd682deb830d9d8f21bcf440e1c3d1fe3ffe8202e796ecbb1f564ad7967055a1bbeaeb0ce0ad071e620

  • SSDEEP

    393216:lRkM6oA9/wSg90/JJlGKI3QV8D3r13bxsrXIJoJl/AqaIv+EC3I0JAus0L+BQDQg:lt6/ng9OHlGKI3QV8jr1rxWYyboqHq3F

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.ghazae.mahale.gelan.d
    1⤵
    • Requests cell location
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4259

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0d77ff4b-b152-41ff-be11-ea2e6f316f25.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0fc64b02-d6d3-461b-8e15-fc266d363b30.jobs

    Filesize

    1KB

    MD5

    d383a7d70ad40ea2fb92bfa23f6dbeb5

    SHA1

    50618776155500f953f77099c72b92ea274c9e25

    SHA256

    d8e41d499415cf343cad2c2924ab1bedff8dfe97c734caa222578a89484c70fe

    SHA512

    652a301ef048ba4dc5ee6f0736fa50920623c1e6da9a9ded9f641d2db198f04ad08f631aacb7142d285fa662a4b6c92436700b3e6168932ebb608e1cf75ad60a

  • /data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6f321194-e629-4b7a-93c8-1a89e482320f.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/d3e55222-9aee-401e-88ed-cc2bdc743e93.jobs

    Filesize

    278B

    MD5

    2638d671e5c086560781de3e20b871b0

    SHA1

    074180b838696cbcf42739409beb6cb2bb7eb9e0

    SHA256

    e990f052b8e19672d43e4821cd4234fe882c32a62795198b7197ace701a40c62

    SHA512

    8ce0a3fa458ab88bcbd55dbd570a322e6ac5bdcec6ce7a861a538582803ea3a0ac95d2514b5b868707cf32debdb650a4fa969fa63cbbe9aaf2a303ffa08939c7

  • /data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f5441c05-2244-40cd-bcbe-829fb463b1fb.jobs

    Filesize

    848B

    MD5

    f85eb16745338a0b1c944629563dc391

    SHA1

    e2a824b0174c095dce082ddf6912166b3d511f6c

    SHA256

    424dfb678db7c91c2073190feeede2253915a23c7489f0cf0faebe72a6cd0ddc

    SHA512

    3568271c47b31026cc9000ac7786017b47c01ebfa9e870292d2c97b4cf84b5131d37fbad44d13d7abced3febaf6c2e04b4ab5d65b09bf4757290f88cbf7ded13

  • /data/data/ir.ghazae.mahale.gelan.d/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    bbd0a5c41ba7ff21a50f424eeebe7dfa

    SHA1

    9b9587780b2a97f673b99b445fabb680fcc1a27b

    SHA256

    91d71a3285689acc3050e938e5ba3fea5f2d4e48522357a788664ebc6a87440b

    SHA512

    97d519a7186b93c3ed48b352df246961508344975564502da81a695fe217f3c8ccb0a77d8215cae0a30a5e5eeb7458abe9af76c58fa36fa255cccb2ed7939156

  • /data/data/ir.ghazae.mahale.gelan.d/databases/__pushe_base_lib_db-wal

    Filesize

    36KB

    MD5

    a086c050399d29f3ffd54b19926e6e7e

    SHA1

    53fddc7b20e53c93e5c6c67725b77458e2e0e4f2

    SHA256

    95255b5b587e41fda10d78283601c63d2b7d1c8cbfd8a17bf177130fe2446a8e

    SHA512

    31ffec6e7039bb06621e4003af1a33216ffc3204f530505ca6c3cc893be20d5c2c65b6a67dea5a6c769b5bbe015f5d742761b60fdd5d5a412f6867d5a40036bb

  • /data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb

    Filesize

    20KB

    MD5

    87daed9e4813e62a3d4c1636465539ef

    SHA1

    b10750caab4260dc5b93740f6490b117615c2eda

    SHA256

    1713043919066412f38d6f4e2c655851fb3a888efeb3cce8701e47eed64fd843

    SHA512

    cc099efff3fa39009d96dac9c4873a86431b5326c754774a9eeb78bf681843070759879628c3f33f9c0425f2e72bdc0ade1a4874b5d1cfbe0395882a8aa8bf5c

  • /data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb

    Filesize

    20KB

    MD5

    59e28f1be2ae347c3951c95abec95892

    SHA1

    b4c0e9460121eac1df676fbda1384e44e3ff287c

    SHA256

    de82abe61e2bef73094e825f4c3bbf833b1bc75fd5acf08be968fb364c01d0ec

    SHA512

    b21c2e51525cf747c31425f79226292424e2ce3ed683bf196c0ec7aaf1c0de1493ea53b9f74020d1445d40dde6f75e421e3c77a1c72b2b4fee80a371e4d41bb8

  • /data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb-journal

    Filesize

    512B

    MD5

    8bc55f1028d4fb0fbf2b95a1d52fac05

    SHA1

    9744188ff5ff3050581f008d351891a7df81a464

    SHA256

    1047372fc2582af958b3be126642a110955a544a0fead132a913dbd1ed13b6cb

    SHA512

    a2ef1e317a8eafe8339db4784d05ed0a27059c3049fab6d854b7711beebdc8a0d486746dec9753709f7bae3e82e98a506ec6262319ad2cd1d5e27bd44682ee35

  • /data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    567702046f2abf2dbe1d12872c2ffdb5

    SHA1

    901eb421c9137a181811383243ac317f8d54b8e9

    SHA256

    c665012aaa830ff50e8329319810adf4b9861c2c1d885cf03c7433cb31ad268f

    SHA512

    28f7df918acfa2112d769f0464701167ed5797a82cc22f9c46c5d312a858edffe7c6d21bde2bb0a51ebf5ac7df38580062691a0c0d4883c8384c3d208a9faa0c

  • /data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    afea1f8ef99fe5a2d8f3f4a909da3309

    SHA1

    bc18544bc047dfa8cf6722b8b531719586131e5c

    SHA256

    e845e0af579e189eaf952d846acb1c64b7b3a87a7eb11684cc47728b87d0e79d

    SHA512

    72fd74ced7c2aaf38522b86a4121188c245f9fddb43b933d74eba7e8ad23df7be81dcd27dc57fbab43793e96cc608f3bf0cdd550afbb798abe32fcc3bdd8688c

  • /data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb-wal

    Filesize

    40KB

    MD5

    a0eecd9a8cef62c95e7563326e632e11

    SHA1

    e018e14a61ccad8c7f99472453452ea22c6c7c85

    SHA256

    8b27dba3478981ecc924d558480bf69f457dec887c588c9ec64de7cac4a6321a

    SHA512

    f012e5789fbf1fc5699ccc4385075228a02c9a13bc77b50e750b2102321ce26e2f0eae0e8443f0437d8c456c414c963f2f8ccd86b6afed1097928c7a4bc77eb1

  • /data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    71b3c20f0147842139a795e3bebda60a

    SHA1

    64b9ea2d0a18061809ea6bf04a7bba967a0d0b25

    SHA256

    95ba6d3de7538a5e6550b15c956790890248c81423ff12a438f6755f2576df7d

    SHA512

    6de9d769bd3f1d2d7b4de263a0cb0e30d8599b99a44a61f97eb27a88761b17b6d31062325e8946b2687fa633112a737d0a4fe72dcdc6e134ba8af6ca18fb77ba

  • /data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-shm

    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-wal

    Filesize

    76KB

    MD5

    815bf130c40620c7ff5a45dac2cbb478

    SHA1

    60d0ffaa129fdec126a4d201e6121b5648d5d2de

    SHA256

    0f789832a99f67b6edfcb08f2025a141e72e598bc41f5737b6fd7e2000c41999

    SHA512

    787d6024d1887f5d759fe659405249e79435d16488105c93d6aec7eb8594c965844a66913ffad9a838679406c7cedb1be210fb82347e7fa7cb01d5063f461924

  • /data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    ff0395094957b342dd345fd906a92b37

    SHA1

    59a6df14ce3d4a36d0df51a9b7c4a0fe14e72136

    SHA256

    852e411235b7bb22637a0d200665bd2abbc2e01e9ee97dc40ce0d66705309336

    SHA512

    df514fae0f195925ee4090160b93517a21b190e215d1b8fa510f69419462ad369ffc12174a590b3a86cf9ee7a3b1a3a1facff205c2edd3563e996148c126691e

  • /data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-wal

    Filesize

    28KB

    MD5

    f2c5f3f2f0e280208b5eaccd78aa2084

    SHA1

    24c5e36e05151e9f80835604db2a79891c1029d5

    SHA256

    44d3636694938b1ca37babc954107ba14b3df761a107267e7e0616512b953a86

    SHA512

    58f68388b11625bcdccd55aa93c2b826398aed57ae231a6485b9ae6751c161e4f2c8f4925f7ed100864aca0e8518af8dce884c984302ea84e976eb4f522bfe0a

  • /data/data/ir.ghazae.mahale.gelan.d/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    4cc4b5c171349ff124692039e907f6cc

    SHA1

    2f8c0b10696441d1c4db6ab13b0a565e2e499739

    SHA256

    b9ea2d070ef5ad34b8f83a30f2681991cc846d45ec3edbf664e60fdfbb55674e

    SHA512

    c826c344f00b716cfb5e3375c81d9857be9143feacbab9fb4d564e5f1815a5c704206ae071bfcb6bb3635cf87b3c0334cb90789e849c5538fbd9ea89439de7c3