Analysis

  • max time kernel
    2572489s
  • max time network
    164s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    23-12-2023 17:45

General

  • Target

    5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b.apk

  • Size

    17.7MB

  • MD5

    d4aca9745b1df836541488f9ba87381e

  • SHA1

    9d2430f0cba9aa83b00c4607e2bc2cd91c9a2158

  • SHA256

    5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b

  • SHA512

    2b5b9864472c5c672b39b9c73c59e90c66bc06a97187ebd682deb830d9d8f21bcf440e1c3d1fe3ffe8202e796ecbb1f564ad7967055a1bbeaeb0ce0ad071e620

  • SSDEEP

    393216:lRkM6oA9/wSg90/JJlGKI3QV8D3r13bxsrXIJoJl/AqaIv+EC3I0JAus0L+BQDQg:lt6/ng9OHlGKI3QV8jr1rxWYyboqHq3F

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.ghazae.mahale.gelan.d
    1⤵
    • Requests cell location
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5077

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/20fa790c-e1d5-4525-bd2d-e4262a9ef8ba.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/5bbc94bd-1ce4-4b93-bb1b-243b24f37c8f.jobs

    Filesize

    849B

    MD5

    ff50ebaa538c6930dc2dc44e4058e3c6

    SHA1

    611d2ae70a36040e3a0130b4dbb33b7b63e97ef0

    SHA256

    364d46c2a25e16529b559f5021ddef184632d78f3bf62ef73aa5891b261b5e8f

    SHA512

    6b75f317ee87d304758a4296301cb60cdf7937c76c9ab919a9ed111fe17e6b0c424d98072f08785ddbdcc9bf5cd93faa312f5bc2a3a9a6aa63c6a4720bcbbc32

  • /data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/716512be-07d8-41a0-a1eb-14ff90974738.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ea5d29e6-4462-4ec1-a592-d3ad2c3e7643.jobs

    Filesize

    278B

    MD5

    de12fec46371528d2c28321ab2963017

    SHA1

    3599fcb2b045797c9e0f12246531b5b8d2820e5f

    SHA256

    ae456ac654ec612b664b053d2b9c4fc88d8cfac99092948c3c296831e1d7c2d7

    SHA512

    0f04402be23a544e353dd37c3bfe6931716cc755abb08970407b61169ccc68a403080e7a2aaa06db41519f0b36e255502374e0ce18c46a9c08fd143ac40ef998

  • /data/data/ir.ghazae.mahale.gelan.d/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    91ef49ecd0b21d941d21ad9776e5dd0b

    SHA1

    00438f73caae37e1f738316ff06e3388d6757799

    SHA256

    99dfe62c80abd9d139e278490e70d45fabd291e6aab5782a14bb14b005fb232c

    SHA512

    9998b2bb36adfcbe6bf9d66a08596f16dc21e36f16cfc48a847160037662e9be61ad0d8b6c3238c582510986839b98434b9b06ffd75b393783d25b35ad44cf93

  • /data/data/ir.ghazae.mahale.gelan.d/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    2d6a756aa7ec82358635475d8b7e29e2

    SHA1

    ae6eccf474bf8a99c907e54c673ddc2800890644

    SHA256

    37176d8ebfe6f453c4d888d46380e0ce528b2378167fe0282b171831eba1bcff

    SHA512

    20e7c4777cc6ae40355552e83f9c7211939ebb25cf1ce758a6fb333034aeda00522d6d578c333ac04e14646611209f5cbb7cca130398f143eaa4911543e4d208

  • /data/data/ir.ghazae.mahale.gelan.d/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    e924b36a5d154a001d0cbc953bd72ff3

    SHA1

    8197f894e77ca3b46ac882bfc5079fae7a4d501d

    SHA256

    526b88c7f242d84360723dfcec3226784feaeb02479b98fcc7ef722c6bb5f11f

    SHA512

    82f49b1b2b75e9b3a8066bc2b61e9619d49967b23a8e74a5114341762b79e0f5184b358a4139eff04a6d043f56879f614f09978622610c94d9d7706e37496fbc

  • /data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb

    Filesize

    20KB

    MD5

    47aba039317d7ed66f698a563b19afc3

    SHA1

    ac753d17e58c4e7bd051eb09575bbfcd04fffa31

    SHA256

    bb5afaaee8a8e5894db55589527ee31a528bca2890419ac4f622dad1980bfd73

    SHA512

    43000ddb2d01a7ba7e985f27e86644cf2e5531be95132c68b3ed553dcca5b7fb38f2089a80d2a7f4940261e09329be95883d6ed15a488363a10a152023d166c7

  • /data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb-journal

    Filesize

    512B

    MD5

    973a3fbe7a7b59b9d6eaf7f66cbd75aa

    SHA1

    871a00553021dc0e18aa937e6f7694e243347637

    SHA256

    7050c23a43b861dc34ddc569bc8c027a979ae1b889522bf71074d629ab15c781

    SHA512

    b172ca246322f3eb287049e796011bf026e4d0f266a6da8badd7a6124e93c29a026767342b27de2bbda38d7a430f499815284c7a2ebb345c38d3f83b0d4154a8

  • /data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb-journal

    Filesize

    12KB

    MD5

    fb32396a80ad89d1a7dc5966571a5892

    SHA1

    d2a16e2aad82e67c8ddaef16eca535455ca17308

    SHA256

    fbbe950a7004abcb1843d095dc557379ff43ab163e72a7a5b90c14ba5e23ce34

    SHA512

    3c47b3984b63d4b81d188090d41a1be6ee3ca4611f7f581d606fd44eb791f79ab89e801321b382dfe8c1567fae7c78721935d2a644faf90f3fbcc6d10c492e20

  • /data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager

    Filesize

    28KB

    MD5

    eda4e5f53129dca7344c7e3f3e6d9513

    SHA1

    ed01e856ac998b6c3de46ac8a2a155f09d6db185

    SHA256

    7c4bbb192102dd3dfc3d30cd5542d9a115cbc6c52369f1630eeb9e5ea81c8e5b

    SHA512

    cf733d69c95b4db67de951dbd2b4f3c9b31008dd0b7f8a1d42bb14820def6b34a5bfa178d1e8cee0dafdf64531751674e7f6398743e915ef469bb97662c063a1

  • /data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    3bfde9dd7f5ed249a00ee70498594b72

    SHA1

    2db7f74ab7c74e282b1f98af573180a901ca983a

    SHA256

    3081d90ccaec1bcbd3a5d5119472f3097fef00c57c7002d5c2bbe448f0d1655e

    SHA512

    2c11710c266b434ef84c0558ed101e2fa250c9e93eb9fac5013856a32aefc718ec60b6c178e84f7b9f1e3c8e387c6bb96082c1c5148588eb5f58d8097390dd5e

  • /data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    ecda0521912a13be03af6db48293869c

    SHA1

    712533f15c063d076dbdf561408c58836dbd4bff

    SHA256

    291ac53ef9918b783affc98aa282c76338b7cbadb60af8609bc7201e1fd7ed81

    SHA512

    4af43b1d34a3539d627f11203861b40496de71770109cbc1f5eeebdd7b7500bd17b4e6c039cb8103505282bf022c1fdf9dcec322bf136d85937ae3b855f14749

  • /data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    be2453edec8021f218b6e3869e8c95b2

    SHA1

    e6e6b9c51a42bb74ad436818dd5093b4e57656c2

    SHA256

    368130a29be97dc82b8f11388af856cd8c097afdc9e08644fafa1adff02ff5ac

    SHA512

    4a27b1fe48fbb62cd80ba338e13c94ac613b646d47adcde2965c35e4c41f4e45b8f30325daad46d9e9a3de359987e966ed7c8755e4f8f18a069f3e506ec83cdb

  • /data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

    Filesize

    12KB

    MD5

    483af3ed49e569f2f05cc9fb1dca3ded

    SHA1

    b85e0e7dcb080ffd3c886139c7f35ebbf5a6ea5e

    SHA256

    4f7a7f00c936b61ed07251dee384c7dd08aa6c2ac291c27fcef390dcd6592d46

    SHA512

    3aa6b1710db355168d48a4f3f96ba82a27fd0a43ef038f6f12843016aa230e0c602f204f35d1542df10b7d75d0a15ba9f5ec6b55cb06809e822eef6195e44519

  • /data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

    Filesize

    20KB

    MD5

    7cfbd55292da9000319f5ea24937f00b

    SHA1

    ee0d19e9fbe4931245c8c11ae813b4caa30bd842

    SHA256

    055c124e6db82c9fd81b0d000002e21f982ca24d4ec3d39adce5d935901daaa2

    SHA512

    aaa377a2cec9b476be08c67344a5ec3efdd8471f9dfb514def460371a246c0b6e299858dfa8595b921c16fc1fd7c48fae8525fb2039ad5953fce47d6da244d23

  • /data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db

    Filesize

    12KB

    MD5

    163b0e3f017becbc89b9d7f330b78f09

    SHA1

    1ef9cd8ac8655190468d0ccece0a4738634ab0f9

    SHA256

    cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36

    SHA512

    6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

  • /data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    8d25684a0e1ef99ede525d5636411c0b

    SHA1

    579aed6fe7aebed45dfcee4ac14c349abc665829

    SHA256

    cdc78813359058bff51f32cf9194df567c069fe7be9ce843fae3ef4d09b24b71

    SHA512

    9208997b36ffb28fe6791b9daa3272dc054b43ecdc1c61383ee017f40ca5e0f9773d6f9fd7ca37f2bd3427cebe709c7ccb44cd0137addb77cb61529ae45e0368

  • /data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    45e62b5c0353016b4267dd357af21dc1

    SHA1

    9d2088083caa9ea658617b6f1b227d4b2bfb8145

    SHA256

    27fe32acb1dfd3815681b7017e7aef33a4a7dae2b9eae26c1717cb486d24715c

    SHA512

    5be41d6088e4b15b4b20939b465acdf6f03c736f0e19ad5922c53a9cb834c27e16d5ccf138d1411c013ea35f8968b3753eebfb07e5ce5814032f4353f52ec42e

  • /data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    0b971b695c264945f3b3ba5694960f57

    SHA1

    c3e518bb474684a96970aa09059fa274c0da1c83

    SHA256

    1cf06c42c902ece9563b39cfed025b807f805fb2fc03617239c8c4803d703cec

    SHA512

    f467b7440ba154637cdc94c1eafd8e6f62fcd17881568349518bfd0aa96a5bd86caa92046af4cc14eb9051ead8bd6a3eaeca5c9fb27c2a848a96ccbf90b4513b

  • /data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    5b4fd5709d5a1ccaf409685ea44232ee

    SHA1

    9edc8cede0b30b98e31b1e7cef638076dbba3b71

    SHA256

    71222504ae0aa9d7891beb793ebef505001bf2f55c965dd412d506bc15dc70ef

    SHA512

    c28792be5b3ae1197ba6b82c657d99a98408ba9d924640ad5cd36a0fba9f636e52a737fc834ede77132ac840da54fdb33f6d0c4eed57e644dda601ec82c4e827

  • /data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    bf33c2d4e83ddd22ad16507190dccefc

    SHA1

    2a9f91574bd36de976f2c87bedc1116c490040f0

    SHA256

    9c18009b8f81b5137a07bdf7fc9f8021b05f813ad3dcd0159ce76c1231cd53fa

    SHA512

    c0c5268813e7b2ea3d1ee32ab5369332e88781ad0aec900bed6f1f60a251931dec0253ea4662ee2ae4bda81868f2b64fcacbbb54f594bde0c191eb3ac73a40a1

  • /data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    3c0712bc3bcb308c9265fbd476eb075d

    SHA1

    cc35162f968aee825151c893eb2280c0f218b3ca

    SHA256

    5ec4f5add989d9abcb262682df4827c1a3a1f28a7ff583d3175dbcf27a07ffd6

    SHA512

    9478db5723cc99feeff992b8d6cb27b8070336704070accadbf2c2a5cf193cde594a924f04da7cf1086c6a67b80c6cee720c210faef22dbd38bc8f17babe8f3f

  • /data/data/ir.ghazae.mahale.gelan.d/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    08036c740334119d77d1b4e718b03476

    SHA1

    cb2c99790ebf614df4d05d541795f153977566be

    SHA256

    9d0c5b060c3337a350ef9919d0e61b7b386f9f00d89efee28d557f89431e4766

    SHA512

    5655e9fdbf8e437205c5b0e294e1ab600812f5060141bb6b57783cf93126af1be6e2d9d7d107972bf387d7ade729a06c4c2e51c01a08bbf3e78f91043b02c0b0