Analysis
-
max time kernel
2572489s -
max time network
164s -
platform
android_x64 -
resource
android-x64-20231215-en -
resource tags
androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system -
submitted
23-12-2023 17:45
Behavioral task
behavioral1
Sample
5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b.apk
-
Size
17.7MB
-
MD5
d4aca9745b1df836541488f9ba87381e
-
SHA1
9d2430f0cba9aa83b00c4607e2bc2cd91c9a2158
-
SHA256
5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b
-
SHA512
2b5b9864472c5c672b39b9c73c59e90c66bc06a97187ebd682deb830d9d8f21bcf440e1c3d1fe3ffe8202e796ecbb1f564ad7967055a1bbeaeb0ce0ad071e620
-
SSDEEP
393216:lRkM6oA9/wSg90/JJlGKI3QV8D3r13bxsrXIJoJl/AqaIv+EC3I0JAus0L+BQDQg:lt6/ng9OHlGKI3QV8jr1rxWYyboqHq3F
Malware Config
Signatures
-
Requests cell location 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation ir.ghazae.mahale.gelan.d Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo ir.ghazae.mahale.gelan.d -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock ir.ghazae.mahale.gelan.d -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ir.ghazae.mahale.gelan.d
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/20fa790c-e1d5-4525-bd2d-e4262a9ef8ba.jobs
Filesize176B
MD5f56f328eea1d5c96a1b96dbbf59488df
SHA1440c784cacff61932e2f61580b7cfdc3a4943c95
SHA25690949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA51236e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb
-
/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/5bbc94bd-1ce4-4b93-bb1b-243b24f37c8f.jobs
Filesize849B
MD5ff50ebaa538c6930dc2dc44e4058e3c6
SHA1611d2ae70a36040e3a0130b4dbb33b7b63e97ef0
SHA256364d46c2a25e16529b559f5021ddef184632d78f3bf62ef73aa5891b261b5e8f
SHA5126b75f317ee87d304758a4296301cb60cdf7937c76c9ab919a9ed111fe17e6b0c424d98072f08785ddbdcc9bf5cd93faa312f5bc2a3a9a6aa63c6a4720bcbbc32
-
/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/716512be-07d8-41a0-a1eb-14ff90974738.jobs
Filesize179B
MD5ac58f99a1b179d71e8621412ad31c6a1
SHA1b51fdad95876f5615735c2ab411031ff67d5e946
SHA2569537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b
-
/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ea5d29e6-4462-4ec1-a592-d3ad2c3e7643.jobs
Filesize278B
MD5de12fec46371528d2c28321ab2963017
SHA13599fcb2b045797c9e0f12246531b5b8d2820e5f
SHA256ae456ac654ec612b664b053d2b9c4fc88d8cfac99092948c3c296831e1d7c2d7
SHA5120f04402be23a544e353dd37c3bfe6931716cc755abb08970407b61169ccc68a403080e7a2aaa06db41519f0b36e255502374e0ce18c46a9c08fd143ac40ef998
-
Filesize
8KB
MD591ef49ecd0b21d941d21ad9776e5dd0b
SHA100438f73caae37e1f738316ff06e3388d6757799
SHA25699dfe62c80abd9d139e278490e70d45fabd291e6aab5782a14bb14b005fb232c
SHA5129998b2bb36adfcbe6bf9d66a08596f16dc21e36f16cfc48a847160037662e9be61ad0d8b6c3238c582510986839b98434b9b06ffd75b393783d25b35ad44cf93
-
Filesize
8KB
MD52d6a756aa7ec82358635475d8b7e29e2
SHA1ae6eccf474bf8a99c907e54c673ddc2800890644
SHA25637176d8ebfe6f453c4d888d46380e0ce528b2378167fe0282b171831eba1bcff
SHA51220e7c4777cc6ae40355552e83f9c7211939ebb25cf1ce758a6fb333034aeda00522d6d578c333ac04e14646611209f5cbb7cca130398f143eaa4911543e4d208
-
Filesize
8KB
MD5e924b36a5d154a001d0cbc953bd72ff3
SHA18197f894e77ca3b46ac882bfc5079fae7a4d501d
SHA256526b88c7f242d84360723dfcec3226784feaeb02479b98fcc7ef722c6bb5f11f
SHA51282f49b1b2b75e9b3a8066bc2b61e9619d49967b23a8e74a5114341762b79e0f5184b358a4139eff04a6d043f56879f614f09978622610c94d9d7706e37496fbc
-
Filesize
20KB
MD547aba039317d7ed66f698a563b19afc3
SHA1ac753d17e58c4e7bd051eb09575bbfcd04fffa31
SHA256bb5afaaee8a8e5894db55589527ee31a528bca2890419ac4f622dad1980bfd73
SHA51243000ddb2d01a7ba7e985f27e86644cf2e5531be95132c68b3ed553dcca5b7fb38f2089a80d2a7f4940261e09329be95883d6ed15a488363a10a152023d166c7
-
Filesize
512B
MD5973a3fbe7a7b59b9d6eaf7f66cbd75aa
SHA1871a00553021dc0e18aa937e6f7694e243347637
SHA2567050c23a43b861dc34ddc569bc8c027a979ae1b889522bf71074d629ab15c781
SHA512b172ca246322f3eb287049e796011bf026e4d0f266a6da8badd7a6124e93c29a026767342b27de2bbda38d7a430f499815284c7a2ebb345c38d3f83b0d4154a8
-
Filesize
12KB
MD5fb32396a80ad89d1a7dc5966571a5892
SHA1d2a16e2aad82e67c8ddaef16eca535455ca17308
SHA256fbbe950a7004abcb1843d095dc557379ff43ab163e72a7a5b90c14ba5e23ce34
SHA5123c47b3984b63d4b81d188090d41a1be6ee3ca4611f7f581d606fd44eb791f79ab89e801321b382dfe8c1567fae7c78721935d2a644faf90f3fbcc6d10c492e20
-
Filesize
28KB
MD5eda4e5f53129dca7344c7e3f3e6d9513
SHA1ed01e856ac998b6c3de46ac8a2a155f09d6db185
SHA2567c4bbb192102dd3dfc3d30cd5542d9a115cbc6c52369f1630eeb9e5ea81c8e5b
SHA512cf733d69c95b4db67de951dbd2b4f3c9b31008dd0b7f8a1d42bb14820def6b34a5bfa178d1e8cee0dafdf64531751674e7f6398743e915ef469bb97662c063a1
-
Filesize
512B
MD53bfde9dd7f5ed249a00ee70498594b72
SHA12db7f74ab7c74e282b1f98af573180a901ca983a
SHA2563081d90ccaec1bcbd3a5d5119472f3097fef00c57c7002d5c2bbe448f0d1655e
SHA5122c11710c266b434ef84c0558ed101e2fa250c9e93eb9fac5013856a32aefc718ec60b6c178e84f7b9f1e3c8e387c6bb96082c1c5148588eb5f58d8097390dd5e
-
Filesize
8KB
MD5ecda0521912a13be03af6db48293869c
SHA1712533f15c063d076dbdf561408c58836dbd4bff
SHA256291ac53ef9918b783affc98aa282c76338b7cbadb60af8609bc7201e1fd7ed81
SHA5124af43b1d34a3539d627f11203861b40496de71770109cbc1f5eeebdd7b7500bd17b4e6c039cb8103505282bf022c1fdf9dcec322bf136d85937ae3b855f14749
-
Filesize
8KB
MD5be2453edec8021f218b6e3869e8c95b2
SHA1e6e6b9c51a42bb74ad436818dd5093b4e57656c2
SHA256368130a29be97dc82b8f11388af856cd8c097afdc9e08644fafa1adff02ff5ac
SHA5124a27b1fe48fbb62cd80ba338e13c94ac613b646d47adcde2965c35e4c41f4e45b8f30325daad46d9e9a3de359987e966ed7c8755e4f8f18a069f3e506ec83cdb
-
Filesize
12KB
MD5483af3ed49e569f2f05cc9fb1dca3ded
SHA1b85e0e7dcb080ffd3c886139c7f35ebbf5a6ea5e
SHA2564f7a7f00c936b61ed07251dee384c7dd08aa6c2ac291c27fcef390dcd6592d46
SHA5123aa6b1710db355168d48a4f3f96ba82a27fd0a43ef038f6f12843016aa230e0c602f204f35d1542df10b7d75d0a15ba9f5ec6b55cb06809e822eef6195e44519
-
Filesize
20KB
MD57cfbd55292da9000319f5ea24937f00b
SHA1ee0d19e9fbe4931245c8c11ae813b4caa30bd842
SHA256055c124e6db82c9fd81b0d000002e21f982ca24d4ec3d39adce5d935901daaa2
SHA512aaa377a2cec9b476be08c67344a5ec3efdd8471f9dfb514def460371a246c0b6e299858dfa8595b921c16fc1fd7c48fae8525fb2039ad5953fce47d6da244d23
-
Filesize
12KB
MD5163b0e3f017becbc89b9d7f330b78f09
SHA11ef9cd8ac8655190468d0ccece0a4738634ab0f9
SHA256cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36
SHA5126a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd
-
Filesize
512B
MD58d25684a0e1ef99ede525d5636411c0b
SHA1579aed6fe7aebed45dfcee4ac14c349abc665829
SHA256cdc78813359058bff51f32cf9194df567c069fe7be9ce843fae3ef4d09b24b71
SHA5129208997b36ffb28fe6791b9daa3272dc054b43ecdc1c61383ee017f40ca5e0f9773d6f9fd7ca37f2bd3427cebe709c7ccb44cd0137addb77cb61529ae45e0368
-
Filesize
8KB
MD545e62b5c0353016b4267dd357af21dc1
SHA19d2088083caa9ea658617b6f1b227d4b2bfb8145
SHA25627fe32acb1dfd3815681b7017e7aef33a4a7dae2b9eae26c1717cb486d24715c
SHA5125be41d6088e4b15b4b20939b465acdf6f03c736f0e19ad5922c53a9cb834c27e16d5ccf138d1411c013ea35f8968b3753eebfb07e5ce5814032f4353f52ec42e
-
Filesize
8KB
MD50b971b695c264945f3b3ba5694960f57
SHA1c3e518bb474684a96970aa09059fa274c0da1c83
SHA2561cf06c42c902ece9563b39cfed025b807f805fb2fc03617239c8c4803d703cec
SHA512f467b7440ba154637cdc94c1eafd8e6f62fcd17881568349518bfd0aa96a5bd86caa92046af4cc14eb9051ead8bd6a3eaeca5c9fb27c2a848a96ccbf90b4513b
-
Filesize
8KB
MD55b4fd5709d5a1ccaf409685ea44232ee
SHA19edc8cede0b30b98e31b1e7cef638076dbba3b71
SHA25671222504ae0aa9d7891beb793ebef505001bf2f55c965dd412d506bc15dc70ef
SHA512c28792be5b3ae1197ba6b82c657d99a98408ba9d924640ad5cd36a0fba9f636e52a737fc834ede77132ac840da54fdb33f6d0c4eed57e644dda601ec82c4e827
-
Filesize
8KB
MD5bf33c2d4e83ddd22ad16507190dccefc
SHA12a9f91574bd36de976f2c87bedc1116c490040f0
SHA2569c18009b8f81b5137a07bdf7fc9f8021b05f813ad3dcd0159ce76c1231cd53fa
SHA512c0c5268813e7b2ea3d1ee32ab5369332e88781ad0aec900bed6f1f60a251931dec0253ea4662ee2ae4bda81868f2b64fcacbbb54f594bde0c191eb3ac73a40a1
-
Filesize
8KB
MD53c0712bc3bcb308c9265fbd476eb075d
SHA1cc35162f968aee825151c893eb2280c0f218b3ca
SHA2565ec4f5add989d9abcb262682df4827c1a3a1f28a7ff583d3175dbcf27a07ffd6
SHA5129478db5723cc99feeff992b8d6cb27b8070336704070accadbf2c2a5cf193cde594a924f04da7cf1086c6a67b80c6cee720c210faef22dbd38bc8f17babe8f3f
-
Filesize
2KB
MD508036c740334119d77d1b4e718b03476
SHA1cb2c99790ebf614df4d05d541795f153977566be
SHA2569d0c5b060c3337a350ef9919d0e61b7b386f9f00d89efee28d557f89431e4766
SHA5125655e9fdbf8e437205c5b0e294e1ab600812f5060141bb6b57783cf93126af1be6e2d9d7d107972bf387d7ade729a06c4c2e51c01a08bbf3e78f91043b02c0b0