Analysis

  • max time kernel
    2572506s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    23-12-2023 17:45

General

  • Target

    5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b.apk

  • Size

    17.7MB

  • MD5

    d4aca9745b1df836541488f9ba87381e

  • SHA1

    9d2430f0cba9aa83b00c4607e2bc2cd91c9a2158

  • SHA256

    5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b

  • SHA512

    2b5b9864472c5c672b39b9c73c59e90c66bc06a97187ebd682deb830d9d8f21bcf440e1c3d1fe3ffe8202e796ecbb1f564ad7967055a1bbeaeb0ce0ad071e620

  • SSDEEP

    393216:lRkM6oA9/wSg90/JJlGKI3QV8D3r13bxsrXIJoJl/AqaIv+EC3I0JAus0L+BQDQg:lt6/ng9OHlGKI3QV8jr1rxWYyboqHq3F

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.ghazae.mahale.gelan.d
    1⤵
    • Requests cell location
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4637

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/414f68d8-500a-4204-8d3c-ba2c384e3f59.jobs

    Filesize

    278B

    MD5

    b35041d098080ec307bae81fd99622c8

    SHA1

    cbe6a8c1cda4e3984f46da8f6ecca88309b69c40

    SHA256

    f7cba14cb2bb69950d550f016868b597c8eaaee28fff9e0c2bcf513a44ff16db

    SHA512

    a0b81cae058ea4dbf4f01e187bb353f7c4284f985d1e77c0e46eabb6a82e2ea2624c411809e6267138544d0f33e35d10728200c302ed67a893e4f0e7149ce97e

  • /data/user/0/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/834dbafa-5364-4459-b57b-72820f946761.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/user/0/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/bc7856bc-9114-44c6-b5f4-eb3f7ee0c0fe.jobs

    Filesize

    849B

    MD5

    474d2c16d629810fc5e5eb1847f4d1a7

    SHA1

    3ee0f050b8e1c9b8e4d15c5db1270d89538bf07d

    SHA256

    ce5cffe9bc6c892b27159c02f02abd360655c954ae3adf7fbf303bd3b9d7c41f

    SHA512

    15d1c50050ae96689db0edb05a5f4b86cef1c35536313744d225b9cdab66610e28eb4dbcadbac4d5fe838f1f8c705c6b79a6b9e058d3b6527ea11a7e3aaee619

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    87ca6b8baad3e7d6be88e964a860448b

    SHA1

    2238dcf7daec57cdbb5efa8a9e8e13d389b96adc

    SHA256

    2ec2820690457f112e81c555af40abf9d1e825012a009799de91960a3e8615b6

    SHA512

    c956f828104ba33f6c8de101420c9e08917a89d3922cf4926a1ed037d4da30bd08173226a1571a9a70388f690b01a958523372f661455944620a001cb3948501

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/__pushe_base_lib_db-journal

    Filesize

    8KB

    MD5

    a9c2179f9b89f060a1d0d71a189315fe

    SHA1

    d2b7e83ea2e2f75939420926622591ae0c219994

    SHA256

    4daa0598220688912c496d29a1951a0f87b92061335b324dfc909661d09cd331

    SHA512

    a629d7a2f0bcd3ecb766deb4e7afac81099786b5fed9d614c66073c59d9a44fcea84e32734b6e7ec77f301cbf245a9d457771cf4d1978510332ce84357c864af

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/cheshdb

    Filesize

    20KB

    MD5

    8a25a017bfe977387529eeaf0c8c33b6

    SHA1

    7ccb331f0eb51e79d654ceeada862f22d38804ae

    SHA256

    7ddef498494cd26bffb8c86f4dc886286d538cdac4b331eb74146123c48d8bf7

    SHA512

    2889961b24ab2d134aa3cf2c7e5eae8c3e006ac4607ab868582ec767c2b7ce3465c238889270daa00d1dce948dd7a9298c0af75dc38b149d29fcf014ca5bae01

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/cheshdb

    Filesize

    20KB

    MD5

    b60c053da663a75d575626fc51afdbe6

    SHA1

    3a6715902fbf3dc961a8971524d09a6057603a85

    SHA256

    31f0ef9d5744d5e531af819ddf93a7472db86a8fec7e77f47f736f5b1d8c2a16

    SHA512

    9390de5d9cfee1d714e1525b9a2fda2d1eb4e28c4d8d3b271c8197c826a4d0eb318acc9c8a6c822c7b8f3bca35243b76524d3e1ff493996f226cf40a3159c459

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/cheshdb-journal

    Filesize

    12KB

    MD5

    0154bbb222d775a33518a9c69e236224

    SHA1

    0b472e32ed889329aa17292cfc8474c4f816ae13

    SHA256

    6ceedd43fa003ff68786364bddb657ea23fd830f724c2b6f4750a555a6542c22

    SHA512

    de50914b5f710800615a12a28e32407711679fe295935ce54d847b400dc5ba540aafce9af3d6dd278bc13d042df9ecd0729ee5557deb4fca4bb42ab613e8a124

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/cheshdb-journal

    Filesize

    12KB

    MD5

    e1ae7e6ad720f015e715b0eef58e1324

    SHA1

    f2d63eeb5abbfa063316652d75b60351dc388fda

    SHA256

    ca9faa667d67e68f16698d5cb53def2181484df4ade544d9e4ede01497bdee69

    SHA512

    9a90f8c127ba12ad228e7088c657bde64cf17d2bc7895fff5d4ccd23475c901d1bbcad5f5c7b4cf2e35a17956892d3322e59ca4319112fa6acfa8b0f88f402b1

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager

    Filesize

    12KB

    MD5

    171aedf968e17a2744d2585715606cb9

    SHA1

    bbeddeb3b89fcf809619c35b4a318a80e7d5b029

    SHA256

    d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

    SHA512

    78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    40029c7e5c7645914e898d3396066950

    SHA1

    18d96942c3618c5523e580984a5c26334925832e

    SHA256

    9ad86bc3b05c6ce5c4900dbf971c2e5948cfaede2a9bad0d4d7a96255cae0d52

    SHA512

    c6c2786acc4ed8c59eab9527d09d365a4cd5d6660229036e56f5336e9fd22342ee5b6a954152f644dc2f48e655ff878db03f42c08f85400cc4d5a0545fd08b78

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    70be8df96bd8f4f4a1c0786e27f19093

    SHA1

    fdb33ac4b8d2bebea8a8e5deabac05437f763156

    SHA256

    ec2ae69cf72b6520c42add6a63f2eaeb592faf981b3392be496cbd2810713886

    SHA512

    166ff8f4b70c7c1b92fb0f38a6ec351fa3ab281a09a86d1f2e7755c8e86000054b596abb83ec10e141b0ad8bb25ec63623f767c5f58963dea06c297bd3abe7b2

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

    Filesize

    8KB

    MD5

    ec7177c8491caafbeef5310fd68af760

    SHA1

    8970cea0f85137b9a2970abd89108f28e1ed96c0

    SHA256

    5b2617d61b7caa77eef547b3ac5206dd07bf52f3d61d6447c1aa5a2ea0856aca

    SHA512

    2ec241be536a1452fde8e5d8ff3b2f081c6922341aa8c345d4ff37a8437644bbb96d46ee0e0155111b6dc79d6fd3d9dd5e4cfd123f3f1c3509fafccad126e9cf

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db

    Filesize

    12KB

    MD5

    f41f531c07d4141546a531ff9caffdcd

    SHA1

    9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5

    SHA256

    bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646

    SHA512

    e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    d6f6479430bd71d7044afdfa1e8c923d

    SHA1

    91556d0c98dd199d3447748eb02d92e85f2c1904

    SHA256

    e19809e3d610b49cb22780c5850cf1539a8027d8d0944c1210f41e16bf827371

    SHA512

    8fa8edd677ee028b4346761bd2b1054a851107635d21338563e764cf263a23ea55d3176a344f6c7657138bd345e193b44d128bc7fdfbbbe1ea7ae1d9e57f54d7

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    3115ec78698a80d137ff1c56d20626bb

    SHA1

    96683f52942b5bccbf33e29f4020e9169c440928

    SHA256

    e6288056c0b625a45222b860dae8b3da894865fa4837bf95f40155f350399bb3

    SHA512

    8f43466fec7c118ceab2a7da97ff25579c68756336a56f7b7a1d282097788ff2de2436d1afd4abb8d198e39b7982d8a0938e5915ff171ad0eae7a6670e478310

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    c1bc909c14b7d9e5172926a111087eeb

    SHA1

    5693a76d17c675aae3570ed7c631ebd562930b29

    SHA256

    65180d80d3353cc519858e9371967abc490beb68abe19f2e816af8776ef40100

    SHA512

    243546891ce3c27b3d6a235ccfd89cd7076927e075ef2ad69cfe5c8c90f645b3a469669c136a2ab684f93d5375854589911fa71205433f7e9007c1f982f34b5e

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    d15aeb89cc0898161e7b2e224f03fb4f

    SHA1

    87f74154800721c0f9b4338411c44abb4440abb8

    SHA256

    eb81cd92ac471dd7219ae15e7f58ae20e468ac2dcb109d7036bf718d448d9b6b

    SHA512

    787a863152524e46d0225200a90d2b5bd9a5ecbd1d1b259dc9ce77d7b28959d62daa5d8afdf10e6224f5172f8d1a14cf53b2fcd29d4915fa1ada1ecbb8a75c4e

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    a81b808395215dfc627f457cb9ed71fe

    SHA1

    65205a8c5e3a2fc92caaec5bc32c5d2d8a9ec636

    SHA256

    6147649f902c756e446d4a2d36c5069f829e1768747c723ceab4a179eff9b2de

    SHA512

    442a9e99191896fb2f172a40d8ac8e02629ff6273c6ca3be05876c593a7c4c526c4df2415296f3cf4d15cc0e57fee377a17cadea1c3ef14569d138c5e4798d23

  • /data/user/0/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    95bc953c1f4e7841a7de88822e62cc87

    SHA1

    02c95ecaafd2a456d349ca6459b5bfa212115d29

    SHA256

    e0ff2c6c2a683e46c0ca5d7172b2dc1d356f2bb866b6978ca5059ca6d4b131eb

    SHA512

    c79c2b0d2a6cca7cb224cb9c7f630fb587634e5ed39e04505690e23068d58c501481b052d771d94701051aed17ef119e98bcc89d4c53cc0c1f36ac9d7ce6943c

  • /data/user/0/ir.ghazae.mahale.gelan.d/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    38122d677740887eabab4d8bd15cf1dd

    SHA1

    62d3ac3ddf9a2723c645c33a4672b419583f0704

    SHA256

    18f12ce986f91e18cd3dfe48067a6d42de74a0e79014a46733f291b32463b0d4

    SHA512

    f0d51a3e8e387074b124688e8671e7659ab87a39cc8a6f9a89f67c3461928a30f7ff0fef4d72e8b283a63b97235ee449b0dc5898a9ed358dc97c3978bcca17b8