Analysis
-
max time kernel
2605034s -
max time network
156s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system -
submitted
23-12-2023 17:45
Behavioral task
behavioral1
Sample
5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b.apk
-
Size
17.7MB
-
MD5
d4aca9745b1df836541488f9ba87381e
-
SHA1
9d2430f0cba9aa83b00c4607e2bc2cd91c9a2158
-
SHA256
5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b
-
SHA512
2b5b9864472c5c672b39b9c73c59e90c66bc06a97187ebd682deb830d9d8f21bcf440e1c3d1fe3ffe8202e796ecbb1f564ad7967055a1bbeaeb0ce0ad071e620
-
SSDEEP
393216:lRkM6oA9/wSg90/JJlGKI3QV8D3r13bxsrXIJoJl/AqaIv+EC3I0JAus0L+BQDQg:lt6/ng9OHlGKI3QV8jr1rxWYyboqHq3F
Malware Config
Signatures
-
Requests cell location 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation ir.ghazae.mahale.gelan.d Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo ir.ghazae.mahale.gelan.d -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock ir.ghazae.mahale.gelan.d -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ir.ghazae.mahale.gelan.d
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0d77ff4b-b152-41ff-be11-ea2e6f316f25.jobs
Filesize176B
MD5f56f328eea1d5c96a1b96dbbf59488df
SHA1440c784cacff61932e2f61580b7cfdc3a4943c95
SHA25690949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA51236e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb
-
/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0fc64b02-d6d3-461b-8e15-fc266d363b30.jobs
Filesize1KB
MD5d383a7d70ad40ea2fb92bfa23f6dbeb5
SHA150618776155500f953f77099c72b92ea274c9e25
SHA256d8e41d499415cf343cad2c2924ab1bedff8dfe97c734caa222578a89484c70fe
SHA512652a301ef048ba4dc5ee6f0736fa50920623c1e6da9a9ded9f641d2db198f04ad08f631aacb7142d285fa662a4b6c92436700b3e6168932ebb608e1cf75ad60a
-
/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6f321194-e629-4b7a-93c8-1a89e482320f.jobs
Filesize179B
MD5ac58f99a1b179d71e8621412ad31c6a1
SHA1b51fdad95876f5615735c2ab411031ff67d5e946
SHA2569537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b
-
/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/d3e55222-9aee-401e-88ed-cc2bdc743e93.jobs
Filesize278B
MD52638d671e5c086560781de3e20b871b0
SHA1074180b838696cbcf42739409beb6cb2bb7eb9e0
SHA256e990f052b8e19672d43e4821cd4234fe882c32a62795198b7197ace701a40c62
SHA5128ce0a3fa458ab88bcbd55dbd570a322e6ac5bdcec6ce7a861a538582803ea3a0ac95d2514b5b868707cf32debdb650a4fa969fa63cbbe9aaf2a303ffa08939c7
-
/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f5441c05-2244-40cd-bcbe-829fb463b1fb.jobs
Filesize848B
MD5f85eb16745338a0b1c944629563dc391
SHA1e2a824b0174c095dce082ddf6912166b3d511f6c
SHA256424dfb678db7c91c2073190feeede2253915a23c7489f0cf0faebe72a6cd0ddc
SHA5123568271c47b31026cc9000ac7786017b47c01ebfa9e870292d2c97b4cf84b5131d37fbad44d13d7abced3febaf6c2e04b4ab5d65b09bf4757290f88cbf7ded13
-
Filesize
512B
MD5bbd0a5c41ba7ff21a50f424eeebe7dfa
SHA19b9587780b2a97f673b99b445fabb680fcc1a27b
SHA25691d71a3285689acc3050e938e5ba3fea5f2d4e48522357a788664ebc6a87440b
SHA51297d519a7186b93c3ed48b352df246961508344975564502da81a695fe217f3c8ccb0a77d8215cae0a30a5e5eeb7458abe9af76c58fa36fa255cccb2ed7939156
-
Filesize
36KB
MD5a086c050399d29f3ffd54b19926e6e7e
SHA153fddc7b20e53c93e5c6c67725b77458e2e0e4f2
SHA25695255b5b587e41fda10d78283601c63d2b7d1c8cbfd8a17bf177130fe2446a8e
SHA51231ffec6e7039bb06621e4003af1a33216ffc3204f530505ca6c3cc893be20d5c2c65b6a67dea5a6c769b5bbe015f5d742761b60fdd5d5a412f6867d5a40036bb
-
Filesize
20KB
MD587daed9e4813e62a3d4c1636465539ef
SHA1b10750caab4260dc5b93740f6490b117615c2eda
SHA2561713043919066412f38d6f4e2c655851fb3a888efeb3cce8701e47eed64fd843
SHA512cc099efff3fa39009d96dac9c4873a86431b5326c754774a9eeb78bf681843070759879628c3f33f9c0425f2e72bdc0ade1a4874b5d1cfbe0395882a8aa8bf5c
-
Filesize
20KB
MD559e28f1be2ae347c3951c95abec95892
SHA1b4c0e9460121eac1df676fbda1384e44e3ff287c
SHA256de82abe61e2bef73094e825f4c3bbf833b1bc75fd5acf08be968fb364c01d0ec
SHA512b21c2e51525cf747c31425f79226292424e2ce3ed683bf196c0ec7aaf1c0de1493ea53b9f74020d1445d40dde6f75e421e3c77a1c72b2b4fee80a371e4d41bb8
-
Filesize
512B
MD58bc55f1028d4fb0fbf2b95a1d52fac05
SHA19744188ff5ff3050581f008d351891a7df81a464
SHA2561047372fc2582af958b3be126642a110955a544a0fead132a913dbd1ed13b6cb
SHA512a2ef1e317a8eafe8339db4784d05ed0a27059c3049fab6d854b7711beebdc8a0d486746dec9753709f7bae3e82e98a506ec6262319ad2cd1d5e27bd44682ee35
-
Filesize
8KB
MD5567702046f2abf2dbe1d12872c2ffdb5
SHA1901eb421c9137a181811383243ac317f8d54b8e9
SHA256c665012aaa830ff50e8329319810adf4b9861c2c1d885cf03c7433cb31ad268f
SHA51228f7df918acfa2112d769f0464701167ed5797a82cc22f9c46c5d312a858edffe7c6d21bde2bb0a51ebf5ac7df38580062691a0c0d4883c8384c3d208a9faa0c
-
Filesize
8KB
MD5afea1f8ef99fe5a2d8f3f4a909da3309
SHA1bc18544bc047dfa8cf6722b8b531719586131e5c
SHA256e845e0af579e189eaf952d846acb1c64b7b3a87a7eb11684cc47728b87d0e79d
SHA51272fd74ced7c2aaf38522b86a4121188c245f9fddb43b933d74eba7e8ad23df7be81dcd27dc57fbab43793e96cc608f3bf0cdd550afbb798abe32fcc3bdd8688c
-
Filesize
40KB
MD5a0eecd9a8cef62c95e7563326e632e11
SHA1e018e14a61ccad8c7f99472453452ea22c6c7c85
SHA2568b27dba3478981ecc924d558480bf69f457dec887c588c9ec64de7cac4a6321a
SHA512f012e5789fbf1fc5699ccc4385075228a02c9a13bc77b50e750b2102321ce26e2f0eae0e8443f0437d8c456c414c963f2f8ccd86b6afed1097928c7a4bc77eb1
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD571b3c20f0147842139a795e3bebda60a
SHA164b9ea2d0a18061809ea6bf04a7bba967a0d0b25
SHA25695ba6d3de7538a5e6550b15c956790890248c81423ff12a438f6755f2576df7d
SHA5126de9d769bd3f1d2d7b4de263a0cb0e30d8599b99a44a61f97eb27a88761b17b6d31062325e8946b2687fa633112a737d0a4fe72dcdc6e134ba8af6ca18fb77ba
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
76KB
MD5815bf130c40620c7ff5a45dac2cbb478
SHA160d0ffaa129fdec126a4d201e6121b5648d5d2de
SHA2560f789832a99f67b6edfcb08f2025a141e72e598bc41f5737b6fd7e2000c41999
SHA512787d6024d1887f5d759fe659405249e79435d16488105c93d6aec7eb8594c965844a66913ffad9a838679406c7cedb1be210fb82347e7fa7cb01d5063f461924
-
Filesize
512B
MD5ff0395094957b342dd345fd906a92b37
SHA159a6df14ce3d4a36d0df51a9b7c4a0fe14e72136
SHA256852e411235b7bb22637a0d200665bd2abbc2e01e9ee97dc40ce0d66705309336
SHA512df514fae0f195925ee4090160b93517a21b190e215d1b8fa510f69419462ad369ffc12174a590b3a86cf9ee7a3b1a3a1facff205c2edd3563e996148c126691e
-
Filesize
28KB
MD5f2c5f3f2f0e280208b5eaccd78aa2084
SHA124c5e36e05151e9f80835604db2a79891c1029d5
SHA25644d3636694938b1ca37babc954107ba14b3df761a107267e7e0616512b953a86
SHA51258f68388b11625bcdccd55aa93c2b826398aed57ae231a6485b9ae6751c161e4f2c8f4925f7ed100864aca0e8518af8dce884c984302ea84e976eb4f522bfe0a
-
Filesize
2KB
MD54cc4b5c171349ff124692039e907f6cc
SHA12f8c0b10696441d1c4db6ab13b0a565e2e499739
SHA256b9ea2d070ef5ad34b8f83a30f2681991cc846d45ec3edbf664e60fdfbb55674e
SHA512c826c344f00b716cfb5e3375c81d9857be9143feacbab9fb4d564e5f1815a5c704206ae071bfcb6bb3635cf87b3c0334cb90789e849c5538fbd9ea89439de7c3