Malware Analysis Report

2025-01-19 06:34

Sample ID 231223-wbqvbadgf3
Target 5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b
SHA256 5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b

Threat Level: Known bad

The file 5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 17:45

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 17:45

Reported

2023-12-24 10:02

Platform

android-x86-arm-20231215-en

Max time kernel

2605034s

Max time network

156s

Command Line

ir.ghazae.mahale.gelan.d

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ghazae.mahale.gelan.d

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
BE 74.125.206.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
FR 216.58.201.100:443 tcp
GB 216.58.212.196:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 rntlbjaybstz udp
US 1.1.1.1:53 mkdhqqnqwnzynda udp
US 1.1.1.1:53 sxmehboripj udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

MD5 71b3c20f0147842139a795e3bebda60a
SHA1 64b9ea2d0a18061809ea6bf04a7bba967a0d0b25
SHA256 95ba6d3de7538a5e6550b15c956790890248c81423ff12a438f6755f2576df7d
SHA512 6de9d769bd3f1d2d7b4de263a0cb0e30d8599b99a44a61f97eb27a88761b17b6d31062325e8946b2687fa633112a737d0a4fe72dcdc6e134ba8af6ca18fb77ba

/data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-wal

MD5 815bf130c40620c7ff5a45dac2cbb478
SHA1 60d0ffaa129fdec126a4d201e6121b5648d5d2de
SHA256 0f789832a99f67b6edfcb08f2025a141e72e598bc41f5737b6fd7e2000c41999
SHA512 787d6024d1887f5d759fe659405249e79435d16488105c93d6aec7eb8594c965844a66913ffad9a838679406c7cedb1be210fb82347e7fa7cb01d5063f461924

/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0d77ff4b-b152-41ff-be11-ea2e6f316f25.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6f321194-e629-4b7a-93c8-1a89e482320f.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb-journal

MD5 8bc55f1028d4fb0fbf2b95a1d52fac05
SHA1 9744188ff5ff3050581f008d351891a7df81a464
SHA256 1047372fc2582af958b3be126642a110955a544a0fead132a913dbd1ed13b6cb
SHA512 a2ef1e317a8eafe8339db4784d05ed0a27059c3049fab6d854b7711beebdc8a0d486746dec9753709f7bae3e82e98a506ec6262319ad2cd1d5e27bd44682ee35

/data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb-wal

MD5 a0eecd9a8cef62c95e7563326e632e11
SHA1 e018e14a61ccad8c7f99472453452ea22c6c7c85
SHA256 8b27dba3478981ecc924d558480bf69f457dec887c588c9ec64de7cac4a6321a
SHA512 f012e5789fbf1fc5699ccc4385075228a02c9a13bc77b50e750b2102321ce26e2f0eae0e8443f0437d8c456c414c963f2f8ccd86b6afed1097928c7a4bc77eb1

/data/data/ir.ghazae.mahale.gelan.d/databases/__pushe_base_lib_db-journal

MD5 bbd0a5c41ba7ff21a50f424eeebe7dfa
SHA1 9b9587780b2a97f673b99b445fabb680fcc1a27b
SHA256 91d71a3285689acc3050e938e5ba3fea5f2d4e48522357a788664ebc6a87440b
SHA512 97d519a7186b93c3ed48b352df246961508344975564502da81a695fe217f3c8ccb0a77d8215cae0a30a5e5eeb7458abe9af76c58fa36fa255cccb2ed7939156

/data/data/ir.ghazae.mahale.gelan.d/databases/__pushe_base_lib_db-wal

MD5 a086c050399d29f3ffd54b19926e6e7e
SHA1 53fddc7b20e53c93e5c6c67725b77458e2e0e4f2
SHA256 95255b5b587e41fda10d78283601c63d2b7d1c8cbfd8a17bf177130fe2446a8e
SHA512 31ffec6e7039bb06621e4003af1a33216ffc3204f530505ca6c3cc893be20d5c2c65b6a67dea5a6c769b5bbe015f5d742761b60fdd5d5a412f6867d5a40036bb

/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/d3e55222-9aee-401e-88ed-cc2bdc743e93.jobs

MD5 2638d671e5c086560781de3e20b871b0
SHA1 074180b838696cbcf42739409beb6cb2bb7eb9e0
SHA256 e990f052b8e19672d43e4821cd4234fe882c32a62795198b7197ace701a40c62
SHA512 8ce0a3fa458ab88bcbd55dbd570a322e6ac5bdcec6ce7a861a538582803ea3a0ac95d2514b5b868707cf32debdb650a4fa969fa63cbbe9aaf2a303ffa08939c7

/data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

MD5 ff0395094957b342dd345fd906a92b37
SHA1 59a6df14ce3d4a36d0df51a9b7c4a0fe14e72136
SHA256 852e411235b7bb22637a0d200665bd2abbc2e01e9ee97dc40ce0d66705309336
SHA512 df514fae0f195925ee4090160b93517a21b190e215d1b8fa510f69419462ad369ffc12174a590b3a86cf9ee7a3b1a3a1facff205c2edd3563e996148c126691e

/data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-wal

MD5 f2c5f3f2f0e280208b5eaccd78aa2084
SHA1 24c5e36e05151e9f80835604db2a79891c1029d5
SHA256 44d3636694938b1ca37babc954107ba14b3df761a107267e7e0616512b953a86
SHA512 58f68388b11625bcdccd55aa93c2b826398aed57ae231a6485b9ae6751c161e4f2c8f4925f7ed100864aca0e8518af8dce884c984302ea84e976eb4f522bfe0a

/data/data/ir.ghazae.mahale.gelan.d/no_backup/com.google.InstanceId.properties

MD5 4cc4b5c171349ff124692039e907f6cc
SHA1 2f8c0b10696441d1c4db6ab13b0a565e2e499739
SHA256 b9ea2d070ef5ad34b8f83a30f2681991cc846d45ec3edbf664e60fdfbb55674e
SHA512 c826c344f00b716cfb5e3375c81d9857be9143feacbab9fb4d564e5f1815a5c704206ae071bfcb6bb3635cf87b3c0334cb90789e849c5538fbd9ea89439de7c3

/data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb-wal

MD5 567702046f2abf2dbe1d12872c2ffdb5
SHA1 901eb421c9137a181811383243ac317f8d54b8e9
SHA256 c665012aaa830ff50e8329319810adf4b9861c2c1d885cf03c7433cb31ad268f
SHA512 28f7df918acfa2112d769f0464701167ed5797a82cc22f9c46c5d312a858edffe7c6d21bde2bb0a51ebf5ac7df38580062691a0c0d4883c8384c3d208a9faa0c

/data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb

MD5 87daed9e4813e62a3d4c1636465539ef
SHA1 b10750caab4260dc5b93740f6490b117615c2eda
SHA256 1713043919066412f38d6f4e2c655851fb3a888efeb3cce8701e47eed64fd843
SHA512 cc099efff3fa39009d96dac9c4873a86431b5326c754774a9eeb78bf681843070759879628c3f33f9c0425f2e72bdc0ade1a4874b5d1cfbe0395882a8aa8bf5c

/data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb-wal

MD5 afea1f8ef99fe5a2d8f3f4a909da3309
SHA1 bc18544bc047dfa8cf6722b8b531719586131e5c
SHA256 e845e0af579e189eaf952d846acb1c64b7b3a87a7eb11684cc47728b87d0e79d
SHA512 72fd74ced7c2aaf38522b86a4121188c245f9fddb43b933d74eba7e8ad23df7be81dcd27dc57fbab43793e96cc608f3bf0cdd550afbb798abe32fcc3bdd8688c

/data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb

MD5 59e28f1be2ae347c3951c95abec95892
SHA1 b4c0e9460121eac1df676fbda1384e44e3ff287c
SHA256 de82abe61e2bef73094e825f4c3bbf833b1bc75fd5acf08be968fb364c01d0ec
SHA512 b21c2e51525cf747c31425f79226292424e2ce3ed683bf196c0ec7aaf1c0de1493ea53b9f74020d1445d40dde6f75e421e3c77a1c72b2b4fee80a371e4d41bb8

/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/b34b0326-96a3-489e-b5e6-8cbf45d475cf.jobs

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0fc64b02-d6d3-461b-8e15-fc266d363b30.jobs

MD5 d383a7d70ad40ea2fb92bfa23f6dbeb5
SHA1 50618776155500f953f77099c72b92ea274c9e25
SHA256 d8e41d499415cf343cad2c2924ab1bedff8dfe97c734caa222578a89484c70fe
SHA512 652a301ef048ba4dc5ee6f0736fa50920623c1e6da9a9ded9f641d2db198f04ad08f631aacb7142d285fa662a4b6c92436700b3e6168932ebb608e1cf75ad60a

/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f5441c05-2244-40cd-bcbe-829fb463b1fb.jobs

MD5 f85eb16745338a0b1c944629563dc391
SHA1 e2a824b0174c095dce082ddf6912166b3d511f6c
SHA256 424dfb678db7c91c2073190feeede2253915a23c7489f0cf0faebe72a6cd0ddc
SHA512 3568271c47b31026cc9000ac7786017b47c01ebfa9e870292d2c97b4cf84b5131d37fbad44d13d7abced3febaf6c2e04b4ab5d65b09bf4757290f88cbf7ded13

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 17:45

Reported

2023-12-24 01:00

Platform

android-x64-20231215-en

Max time kernel

2572489s

Max time network

164s

Command Line

ir.ghazae.mahale.gelan.d

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ghazae.mahale.gelan.d

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
GB 142.250.178.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

MD5 3bfde9dd7f5ed249a00ee70498594b72
SHA1 2db7f74ab7c74e282b1f98af573180a901ca983a
SHA256 3081d90ccaec1bcbd3a5d5119472f3097fef00c57c7002d5c2bbe448f0d1655e
SHA512 2c11710c266b434ef84c0558ed101e2fa250c9e93eb9fac5013856a32aefc718ec60b6c178e84f7b9f1e3c8e387c6bb96082c1c5148588eb5f58d8097390dd5e

/data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager

MD5 eda4e5f53129dca7344c7e3f3e6d9513
SHA1 ed01e856ac998b6c3de46ac8a2a155f09d6db185
SHA256 7c4bbb192102dd3dfc3d30cd5542d9a115cbc6c52369f1630eeb9e5ea81c8e5b
SHA512 cf733d69c95b4db67de951dbd2b4f3c9b31008dd0b7f8a1d42bb14820def6b34a5bfa178d1e8cee0dafdf64531751674e7f6398743e915ef469bb97662c063a1

/data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

MD5 ecda0521912a13be03af6db48293869c
SHA1 712533f15c063d076dbdf561408c58836dbd4bff
SHA256 291ac53ef9918b783affc98aa282c76338b7cbadb60af8609bc7201e1fd7ed81
SHA512 4af43b1d34a3539d627f11203861b40496de71770109cbc1f5eeebdd7b7500bd17b4e6c039cb8103505282bf022c1fdf9dcec322bf136d85937ae3b855f14749

/data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

MD5 be2453edec8021f218b6e3869e8c95b2
SHA1 e6e6b9c51a42bb74ad436818dd5093b4e57656c2
SHA256 368130a29be97dc82b8f11388af856cd8c097afdc9e08644fafa1adff02ff5ac
SHA512 4a27b1fe48fbb62cd80ba338e13c94ac613b646d47adcde2965c35e4c41f4e45b8f30325daad46d9e9a3de359987e966ed7c8755e4f8f18a069f3e506ec83cdb

/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/20fa790c-e1d5-4525-bd2d-e4262a9ef8ba.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

MD5 483af3ed49e569f2f05cc9fb1dca3ded
SHA1 b85e0e7dcb080ffd3c886139c7f35ebbf5a6ea5e
SHA256 4f7a7f00c936b61ed07251dee384c7dd08aa6c2ac291c27fcef390dcd6592d46
SHA512 3aa6b1710db355168d48a4f3f96ba82a27fd0a43ef038f6f12843016aa230e0c602f204f35d1542df10b7d75d0a15ba9f5ec6b55cb06809e822eef6195e44519

/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/716512be-07d8-41a0-a1eb-14ff90974738.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

MD5 7cfbd55292da9000319f5ea24937f00b
SHA1 ee0d19e9fbe4931245c8c11ae813b4caa30bd842
SHA256 055c124e6db82c9fd81b0d000002e21f982ca24d4ec3d39adce5d935901daaa2
SHA512 aaa377a2cec9b476be08c67344a5ec3efdd8471f9dfb514def460371a246c0b6e299858dfa8595b921c16fc1fd7c48fae8525fb2039ad5953fce47d6da244d23

/data/data/ir.ghazae.mahale.gelan.d/databases/__pushe_base_lib_db-journal

MD5 91ef49ecd0b21d941d21ad9776e5dd0b
SHA1 00438f73caae37e1f738316ff06e3388d6757799
SHA256 99dfe62c80abd9d139e278490e70d45fabd291e6aab5782a14bb14b005fb232c
SHA512 9998b2bb36adfcbe6bf9d66a08596f16dc21e36f16cfc48a847160037662e9be61ad0d8b6c3238c582510986839b98434b9b06ffd75b393783d25b35ad44cf93

/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ea5d29e6-4462-4ec1-a592-d3ad2c3e7643.jobs

MD5 de12fec46371528d2c28321ab2963017
SHA1 3599fcb2b045797c9e0f12246531b5b8d2820e5f
SHA256 ae456ac654ec612b664b053d2b9c4fc88d8cfac99092948c3c296831e1d7c2d7
SHA512 0f04402be23a544e353dd37c3bfe6931716cc755abb08970407b61169ccc68a403080e7a2aaa06db41519f0b36e255502374e0ce18c46a9c08fd143ac40ef998

/data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

MD5 8d25684a0e1ef99ede525d5636411c0b
SHA1 579aed6fe7aebed45dfcee4ac14c349abc665829
SHA256 cdc78813359058bff51f32cf9194df567c069fe7be9ce843fae3ef4d09b24b71
SHA512 9208997b36ffb28fe6791b9daa3272dc054b43ecdc1c61383ee017f40ca5e0f9773d6f9fd7ca37f2bd3427cebe709c7ccb44cd0137addb77cb61529ae45e0368

/data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db

MD5 163b0e3f017becbc89b9d7f330b78f09
SHA1 1ef9cd8ac8655190468d0ccece0a4738634ab0f9
SHA256 cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36
SHA512 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

/data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

MD5 45e62b5c0353016b4267dd357af21dc1
SHA1 9d2088083caa9ea658617b6f1b227d4b2bfb8145
SHA256 27fe32acb1dfd3815681b7017e7aef33a4a7dae2b9eae26c1717cb486d24715c
SHA512 5be41d6088e4b15b4b20939b465acdf6f03c736f0e19ad5922c53a9cb834c27e16d5ccf138d1411c013ea35f8968b3753eebfb07e5ce5814032f4353f52ec42e

/data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

MD5 0b971b695c264945f3b3ba5694960f57
SHA1 c3e518bb474684a96970aa09059fa274c0da1c83
SHA256 1cf06c42c902ece9563b39cfed025b807f805fb2fc03617239c8c4803d703cec
SHA512 f467b7440ba154637cdc94c1eafd8e6f62fcd17881568349518bfd0aa96a5bd86caa92046af4cc14eb9051ead8bd6a3eaeca5c9fb27c2a848a96ccbf90b4513b

/data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

MD5 5b4fd5709d5a1ccaf409685ea44232ee
SHA1 9edc8cede0b30b98e31b1e7cef638076dbba3b71
SHA256 71222504ae0aa9d7891beb793ebef505001bf2f55c965dd412d506bc15dc70ef
SHA512 c28792be5b3ae1197ba6b82c657d99a98408ba9d924640ad5cd36a0fba9f636e52a737fc834ede77132ac840da54fdb33f6d0c4eed57e644dda601ec82c4e827

/data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

MD5 bf33c2d4e83ddd22ad16507190dccefc
SHA1 2a9f91574bd36de976f2c87bedc1116c490040f0
SHA256 9c18009b8f81b5137a07bdf7fc9f8021b05f813ad3dcd0159ce76c1231cd53fa
SHA512 c0c5268813e7b2ea3d1ee32ab5369332e88781ad0aec900bed6f1f60a251931dec0253ea4662ee2ae4bda81868f2b64fcacbbb54f594bde0c191eb3ac73a40a1

/data/data/ir.ghazae.mahale.gelan.d/no_backup/com.google.InstanceId.properties

MD5 08036c740334119d77d1b4e718b03476
SHA1 cb2c99790ebf614df4d05d541795f153977566be
SHA256 9d0c5b060c3337a350ef9919d0e61b7b386f9f00d89efee28d557f89431e4766
SHA512 5655e9fdbf8e437205c5b0e294e1ab600812f5060141bb6b57783cf93126af1be6e2d9d7d107972bf387d7ade729a06c4c2e51c01a08bbf3e78f91043b02c0b0

/data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb-journal

MD5 973a3fbe7a7b59b9d6eaf7f66cbd75aa
SHA1 871a00553021dc0e18aa937e6f7694e243347637
SHA256 7050c23a43b861dc34ddc569bc8c027a979ae1b889522bf71074d629ab15c781
SHA512 b172ca246322f3eb287049e796011bf026e4d0f266a6da8badd7a6124e93c29a026767342b27de2bbda38d7a430f499815284c7a2ebb345c38d3f83b0d4154a8

/data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb-journal

MD5 fb32396a80ad89d1a7dc5966571a5892
SHA1 d2a16e2aad82e67c8ddaef16eca535455ca17308
SHA256 fbbe950a7004abcb1843d095dc557379ff43ab163e72a7a5b90c14ba5e23ce34
SHA512 3c47b3984b63d4b81d188090d41a1be6ee3ca4611f7f581d606fd44eb791f79ab89e801321b382dfe8c1567fae7c78721935d2a644faf90f3fbcc6d10c492e20

/data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb

MD5 47aba039317d7ed66f698a563b19afc3
SHA1 ac753d17e58c4e7bd051eb09575bbfcd04fffa31
SHA256 bb5afaaee8a8e5894db55589527ee31a528bca2890419ac4f622dad1980bfd73
SHA512 43000ddb2d01a7ba7e985f27e86644cf2e5531be95132c68b3ed553dcca5b7fb38f2089a80d2a7f4940261e09329be95883d6ed15a488363a10a152023d166c7

/data/data/ir.ghazae.mahale.gelan.d/databases/__pushe_base_lib_db-journal

MD5 2d6a756aa7ec82358635475d8b7e29e2
SHA1 ae6eccf474bf8a99c907e54c673ddc2800890644
SHA256 37176d8ebfe6f453c4d888d46380e0ce528b2378167fe0282b171831eba1bcff
SHA512 20e7c4777cc6ae40355552e83f9c7211939ebb25cf1ce758a6fb333034aeda00522d6d578c333ac04e14646611209f5cbb7cca130398f143eaa4911543e4d208

/data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

MD5 3c0712bc3bcb308c9265fbd476eb075d
SHA1 cc35162f968aee825151c893eb2280c0f218b3ca
SHA256 5ec4f5add989d9abcb262682df4827c1a3a1f28a7ff583d3175dbcf27a07ffd6
SHA512 9478db5723cc99feeff992b8d6cb27b8070336704070accadbf2c2a5cf193cde594a924f04da7cf1086c6a67b80c6cee720c210faef22dbd38bc8f17babe8f3f

/data/data/ir.ghazae.mahale.gelan.d/databases/__pushe_base_lib_db-journal

MD5 e924b36a5d154a001d0cbc953bd72ff3
SHA1 8197f894e77ca3b46ac882bfc5079fae7a4d501d
SHA256 526b88c7f242d84360723dfcec3226784feaeb02479b98fcc7ef722c6bb5f11f
SHA512 82f49b1b2b75e9b3a8066bc2b61e9619d49967b23a8e74a5114341762b79e0f5184b358a4139eff04a6d043f56879f614f09978622610c94d9d7706e37496fbc

/data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/5bbc94bd-1ce4-4b93-bb1b-243b24f37c8f.jobs

MD5 ff50ebaa538c6930dc2dc44e4058e3c6
SHA1 611d2ae70a36040e3a0130b4dbb33b7b63e97ef0
SHA256 364d46c2a25e16529b559f5021ddef184632d78f3bf62ef73aa5891b261b5e8f
SHA512 6b75f317ee87d304758a4296301cb60cdf7937c76c9ab919a9ed111fe17e6b0c424d98072f08785ddbdcc9bf5cd93faa312f5bc2a3a9a6aa63c6a4720bcbbc32

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 17:45

Reported

2023-12-24 01:00

Platform

android-x64-arm64-20231215-en

Max time kernel

2572506s

Max time network

159s

Command Line

ir.ghazae.mahale.gelan.d

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ghazae.mahale.gelan.d

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
FR 216.58.201.110:443 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
BE 64.233.184.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/user/0/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

MD5 40029c7e5c7645914e898d3396066950
SHA1 18d96942c3618c5523e580984a5c26334925832e
SHA256 9ad86bc3b05c6ce5c4900dbf971c2e5948cfaede2a9bad0d4d7a96255cae0d52
SHA512 c6c2786acc4ed8c59eab9527d09d365a4cd5d6660229036e56f5336e9fd22342ee5b6a954152f644dc2f48e655ff878db03f42c08f85400cc4d5a0545fd08b78

/data/user/0/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

MD5 70be8df96bd8f4f4a1c0786e27f19093
SHA1 fdb33ac4b8d2bebea8a8e5deabac05437f763156
SHA256 ec2ae69cf72b6520c42add6a63f2eaeb592faf981b3392be496cbd2810713886
SHA512 166ff8f4b70c7c1b92fb0f38a6ec351fa3ab281a09a86d1f2e7755c8e86000054b596abb83ec10e141b0ad8bb25ec63623f767c5f58963dea06c297bd3abe7b2

/data/user/0/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal

MD5 ec7177c8491caafbeef5310fd68af760
SHA1 8970cea0f85137b9a2970abd89108f28e1ed96c0
SHA256 5b2617d61b7caa77eef547b3ac5206dd07bf52f3d61d6447c1aa5a2ea0856aca
SHA512 2ec241be536a1452fde8e5d8ff3b2f081c6922341aa8c345d4ff37a8437644bbb96d46ee0e0155111b6dc79d6fd3d9dd5e4cfd123f3f1c3509fafccad126e9cf

/data/user/0/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/414f68d8-500a-4204-8d3c-ba2c384e3f59.jobs

MD5 b35041d098080ec307bae81fd99622c8
SHA1 cbe6a8c1cda4e3984f46da8f6ecca88309b69c40
SHA256 f7cba14cb2bb69950d550f016868b597c8eaaee28fff9e0c2bcf513a44ff16db
SHA512 a0b81cae058ea4dbf4f01e187bb353f7c4284f985d1e77c0e46eabb6a82e2ea2624c411809e6267138544d0f33e35d10728200c302ed67a893e4f0e7149ce97e

/data/user/0/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

MD5 d6f6479430bd71d7044afdfa1e8c923d
SHA1 91556d0c98dd199d3447748eb02d92e85f2c1904
SHA256 e19809e3d610b49cb22780c5850cf1539a8027d8d0944c1210f41e16bf827371
SHA512 8fa8edd677ee028b4346761bd2b1054a851107635d21338563e764cf263a23ea55d3176a344f6c7657138bd345e193b44d128bc7fdfbbbe1ea7ae1d9e57f54d7

/data/user/0/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db

MD5 f41f531c07d4141546a531ff9caffdcd
SHA1 9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5
SHA256 bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646
SHA512 e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

/data/user/0/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

MD5 3115ec78698a80d137ff1c56d20626bb
SHA1 96683f52942b5bccbf33e29f4020e9169c440928
SHA256 e6288056c0b625a45222b860dae8b3da894865fa4837bf95f40155f350399bb3
SHA512 8f43466fec7c118ceab2a7da97ff25579c68756336a56f7b7a1d282097788ff2de2436d1afd4abb8d198e39b7982d8a0938e5915ff171ad0eae7a6670e478310

/data/user/0/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

MD5 c1bc909c14b7d9e5172926a111087eeb
SHA1 5693a76d17c675aae3570ed7c631ebd562930b29
SHA256 65180d80d3353cc519858e9371967abc490beb68abe19f2e816af8776ef40100
SHA512 243546891ce3c27b3d6a235ccfd89cd7076927e075ef2ad69cfe5c8c90f645b3a469669c136a2ab684f93d5375854589911fa71205433f7e9007c1f982f34b5e

/data/user/0/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

MD5 d15aeb89cc0898161e7b2e224f03fb4f
SHA1 87f74154800721c0f9b4338411c44abb4440abb8
SHA256 eb81cd92ac471dd7219ae15e7f58ae20e468ac2dcb109d7036bf718d448d9b6b
SHA512 787a863152524e46d0225200a90d2b5bd9a5ecbd1d1b259dc9ce77d7b28959d62daa5d8afdf10e6224f5172f8d1a14cf53b2fcd29d4915fa1ada1ecbb8a75c4e

/data/user/0/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

MD5 a81b808395215dfc627f457cb9ed71fe
SHA1 65205a8c5e3a2fc92caaec5bc32c5d2d8a9ec636
SHA256 6147649f902c756e446d4a2d36c5069f829e1768747c723ceab4a179eff9b2de
SHA512 442a9e99191896fb2f172a40d8ac8e02629ff6273c6ca3be05876c593a7c4c526c4df2415296f3cf4d15cc0e57fee377a17cadea1c3ef14569d138c5e4798d23

/data/user/0/ir.ghazae.mahale.gelan.d/no_backup/com.google.InstanceId.properties

MD5 38122d677740887eabab4d8bd15cf1dd
SHA1 62d3ac3ddf9a2723c645c33a4672b419583f0704
SHA256 18f12ce986f91e18cd3dfe48067a6d42de74a0e79014a46733f291b32463b0d4
SHA512 f0d51a3e8e387074b124688e8671e7659ab87a39cc8a6f9a89f67c3461928a30f7ff0fef4d72e8b283a63b97235ee449b0dc5898a9ed358dc97c3978bcca17b8

/data/user/0/ir.ghazae.mahale.gelan.d/databases/cheshdb-journal

MD5 0154bbb222d775a33518a9c69e236224
SHA1 0b472e32ed889329aa17292cfc8474c4f816ae13
SHA256 6ceedd43fa003ff68786364bddb657ea23fd830f724c2b6f4750a555a6542c22
SHA512 de50914b5f710800615a12a28e32407711679fe295935ce54d847b400dc5ba540aafce9af3d6dd278bc13d042df9ecd0729ee5557deb4fca4bb42ab613e8a124

/data/user/0/ir.ghazae.mahale.gelan.d/databases/cheshdb

MD5 8a25a017bfe977387529eeaf0c8c33b6
SHA1 7ccb331f0eb51e79d654ceeada862f22d38804ae
SHA256 7ddef498494cd26bffb8c86f4dc886286d538cdac4b331eb74146123c48d8bf7
SHA512 2889961b24ab2d134aa3cf2c7e5eae8c3e006ac4607ab868582ec767c2b7ce3465c238889270daa00d1dce948dd7a9298c0af75dc38b149d29fcf014ca5bae01

/data/user/0/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/834dbafa-5364-4459-b57b-72820f946761.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/user/0/ir.ghazae.mahale.gelan.d/databases/cheshdb-journal

MD5 e1ae7e6ad720f015e715b0eef58e1324
SHA1 f2d63eeb5abbfa063316652d75b60351dc388fda
SHA256 ca9faa667d67e68f16698d5cb53def2181484df4ade544d9e4ede01497bdee69
SHA512 9a90f8c127ba12ad228e7088c657bde64cf17d2bc7895fff5d4ccd23475c901d1bbcad5f5c7b4cf2e35a17956892d3322e59ca4319112fa6acfa8b0f88f402b1

/data/user/0/ir.ghazae.mahale.gelan.d/databases/cheshdb

MD5 b60c053da663a75d575626fc51afdbe6
SHA1 3a6715902fbf3dc961a8971524d09a6057603a85
SHA256 31f0ef9d5744d5e531af819ddf93a7472db86a8fec7e77f47f736f5b1d8c2a16
SHA512 9390de5d9cfee1d714e1525b9a2fda2d1eb4e28c4d8d3b271c8197c826a4d0eb318acc9c8a6c822c7b8f3bca35243b76524d3e1ff493996f226cf40a3159c459

/data/user/0/ir.ghazae.mahale.gelan.d/databases/__pushe_base_lib_db-journal

MD5 87ca6b8baad3e7d6be88e964a860448b
SHA1 2238dcf7daec57cdbb5efa8a9e8e13d389b96adc
SHA256 2ec2820690457f112e81c555af40abf9d1e825012a009799de91960a3e8615b6
SHA512 c956f828104ba33f6c8de101420c9e08917a89d3922cf4926a1ed037d4da30bd08173226a1571a9a70388f690b01a958523372f661455944620a001cb3948501

/data/user/0/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal

MD5 95bc953c1f4e7841a7de88822e62cc87
SHA1 02c95ecaafd2a456d349ca6459b5bfa212115d29
SHA256 e0ff2c6c2a683e46c0ca5d7172b2dc1d356f2bb866b6978ca5059ca6d4b131eb
SHA512 c79c2b0d2a6cca7cb224cb9c7f630fb587634e5ed39e04505690e23068d58c501481b052d771d94701051aed17ef119e98bcc89d4c53cc0c1f36ac9d7ce6943c

/data/user/0/ir.ghazae.mahale.gelan.d/databases/__pushe_base_lib_db-journal

MD5 a9c2179f9b89f060a1d0d71a189315fe
SHA1 d2b7e83ea2e2f75939420926622591ae0c219994
SHA256 4daa0598220688912c496d29a1951a0f87b92061335b324dfc909661d09cd331
SHA512 a629d7a2f0bcd3ecb766deb4e7afac81099786b5fed9d614c66073c59d9a44fcea84e32734b6e7ec77f301cbf245a9d457771cf4d1978510332ce84357c864af

/data/user/0/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/bc7856bc-9114-44c6-b5f4-eb3f7ee0c0fe.jobs

MD5 474d2c16d629810fc5e5eb1847f4d1a7
SHA1 3ee0f050b8e1c9b8e4d15c5db1270d89538bf07d
SHA256 ce5cffe9bc6c892b27159c02f02abd360655c954ae3adf7fbf303bd3b9d7c41f
SHA512 15d1c50050ae96689db0edb05a5f4b86cef1c35536313744d225b9cdab66610e28eb4dbcadbac4d5fe838f1f8c705c6b79a6b9e058d3b6527ea11a7e3aaee619