Analysis
-
max time kernel
2624741s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system -
submitted
23-12-2023 18:10
Behavioral task
behavioral1
Sample
6240eb972c593af5f5baa0fcaf20e09cf798abc2e226b148ff5d56b8632db31c.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
6240eb972c593af5f5baa0fcaf20e09cf798abc2e226b148ff5d56b8632db31c.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
6240eb972c593af5f5baa0fcaf20e09cf798abc2e226b148ff5d56b8632db31c.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
6240eb972c593af5f5baa0fcaf20e09cf798abc2e226b148ff5d56b8632db31c.apk
-
Size
14.5MB
-
MD5
93a47aaae5bd829dad05c02c7252a676
-
SHA1
b61b94662be0e4a0c2402467862ef0157ca0f81e
-
SHA256
6240eb972c593af5f5baa0fcaf20e09cf798abc2e226b148ff5d56b8632db31c
-
SHA512
6b80e09e6f7fe67ce1169f1f0b347072d17ffc5c2f34a2367349fb5dc202d282733228683e7054d4bd42431b30539b5224da4eb3baedab639b34092ef9584be2
-
SSDEEP
393216:M35GJyKnAoFArC7FPhVAo9uuNwGplMPN5woU3pAerTxAs5DdhtrsXB:MUyAAoCrIeuNj2N5woQKerTxAs5DhCB
Malware Config
Signatures
-
Requests cell location 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation ir.miri.deser Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo ir.miri.deser -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/ir.miri.deser/cache/1582435991586.jar 4378 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ir.miri.deser/cache/1582435991586.jar --output-vdex-fd=87 --oat-fd=88 --oat-location=/data/user/0/ir.miri.deser/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/ir.miri.deser/cache/1582435991586.jar 4267 ir.miri.deser -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock ir.miri.deser -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ir.miri.deser
Processes
-
ir.miri.deser1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4267 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ir.miri.deser/cache/1582435991586.jar --output-vdex-fd=87 --oat-fd=88 --oat-location=/data/user/0/ir.miri.deser/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4378
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/ir.miri.deser/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0117e9ca-cd94-4f58-b86b-422b28c72a59.jobs
Filesize278B
MD53bf21fc66d196ac04ddd472b505d1b0c
SHA1de08dd8407b0eec82e7d6d41aa1886087ce48df4
SHA256104d26116a9b891bbd95e0391c74e36b96b4c240dbb1eb9e73cf1d1657a62f16
SHA5124602d7fe3ef8aa8774f6c702990ee731e13939cfd5f557ecc24357e1b3131cbdf130f76fe12a12d7afc6f4363bd86bb32543c2159bb33baf3c0a1450df60dcbf
-
/data/data/ir.miri.deser/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e63d8674-6a93-4a56-8186-e3c8f508b30d.jobs
Filesize179B
MD5ac58f99a1b179d71e8621412ad31c6a1
SHA1b51fdad95876f5615735c2ab411031ff67d5e946
SHA2569537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b
-
/data/data/ir.miri.deser/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f2264ec8-29ac-4415-9334-f50da939b5ad.jobs
Filesize176B
MD5f56f328eea1d5c96a1b96dbbf59488df
SHA1440c784cacff61932e2f61580b7cfdc3a4943c95
SHA25690949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA51236e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
Filesize
512B
MD5cbc512352f74264efc0776e0d1d4b556
SHA17d1efac8ecde0d0ec7302f7eda32e5f909b0039d
SHA2567d6a53a35b047fb0086169cd218e455f66cc63993d5cfd8177adec25846e7c98
SHA5123b47181aee9831a7942d33bfd8d6cef04ba60577d997cf64248dd409a57e71da6e42f2543a8ce8cc33248f0361ebcd188b3130929220b03e6448f20361c3a0ef
-
Filesize
16KB
MD5b3b93c9bbfd44532f1ee023198f02c80
SHA1ccf54e6e4e15cd32122586cef26341e79d11f598
SHA2562286b3576b2ab1324ee2b213983ae21c0d40ef3a4ce7b1181f8f2cb0a8f9dc76
SHA51211c19d4d77b91d9255ffa980d7de983e52695ae703f83b9f55aa54617f69aa2a3a9c6c7623f746949a2155151d813ed36f9ab0e2956dab555df855d3f40ece37
-
Filesize
20KB
MD5806a860f7d04fc9585e786a47fcdda79
SHA12ae25ffd2f0d3c87fb643af690e21d30ff15aced
SHA256209f2514ee91363ba0ee84f9591eff0150388c3faef8d33d1e2e08772bd7ef37
SHA51210ad8fc55aebbf27f09a930d2a80d2066e518d72e09f7eaaea1570c51159d55c647159fce1085e474ab2f0822ede2b5cfbbb9375323dff5f706864e9305e99f7
-
Filesize
20KB
MD5c93782377b29f01d1ab25c93ca94d47d
SHA1f250ae4a68a7b70b0cd02e3704b7ba7de9d939cc
SHA25652ed0a6e9c5f29f9b29f7f9fdde0e8ff247a1c2749949a814da6bac2eae99659
SHA512396e54ce136afb3e41e9a46978a9885196eae02a252a5963f80c80868a0dfc50c90c83d5302d8686ab2e98ea95e772dbc3ddd75b5ba40fce3f32666cfdaccc3a
-
Filesize
20KB
MD57f967d01f0eeecf1df1c3581d01e582f
SHA13c9a585693f9341ed821bcf47eadf1979d1f633d
SHA256ddb7fdf1438cdacc13190617eb9aa9b9e124b58b7042ed30ac80dbc16a616968
SHA5121d39ddbb7fc787a83ede001429fde44d1fc5cd0c1d742c70d0c962e2b9c2b5bcb61b5001ccc5c741794c98a53b4e914b150491785c46c51b0caff8372c47bb96
-
Filesize
512B
MD51525fb59602eb8ad3a06c28a0bc3af16
SHA1fcfa80a5ed5ec5406107c1788e9948cf8bf8c617
SHA25699e61559fdca35d2ebebd52aeb61443632713e5bfcfc1a40f1315d917f6f71c3
SHA512d2bba3e30cce202ecc6f798ea1b596b396ba8b5b98d4ba6e1bce38c604b4798aeb212926abc0413acbd47cccea7a951b1d7693a7b4e64f64538427c57217fbc5
-
Filesize
40KB
MD56014e3198f884285d9d66c832daa6223
SHA13cd804096e5d486956d68462177fc047fdb2f6e0
SHA25678f5de7effdf41fefa9931e88df790c2e0381c6b3296fc731f3032532c156e1d
SHA51230b0da2bdb92b9a122b1fbb9a63c38d4e09b1c4344dc59349192a8583cfe166dea98d123dfe1aec5ae3312b7bb485321bb76ed6bb0bb86c3bd3b3869d33f8556
-
Filesize
8KB
MD595be956422467b3aca33935298c3b405
SHA16bd36920864b7914bbdbe9300a1e131ae4fb877c
SHA25687414e55f72b968054b85962e6832856cc48284e13bdef8480f7b920e38027ca
SHA512e5f3fea4e0a4ff098de2809ca6057a30380bec0262ebd8b076f10906969880dc4b04c6bfa507252210786388c1e1bd8b073ad3646fb431b0e9c3020cd1e2b0a2
-
Filesize
8KB
MD52eb980dcfe5ca9463690bc83ba3171d4
SHA18c9e1663776cee0c84b0ccc4fdf66b5bd19aaad3
SHA2567b080c89adcd4ce5785a282290f089f8eeaf0552f666cac22da2eb59b022bfb7
SHA51233082d0a593fe896a3f6043498a781e85a482a38065c7a18fe16d6595035c645b9300689c339302742daaba8b84d838995e8cb043e7a5eb4bebda9dc3ec1b476
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD53050142b84e6a85574629c7aca1d0f17
SHA133d49592617b65432300202149b888d40fcf3085
SHA256867498fec700d093f634a7c2a456e9532182780b581f5584c398628ec567e02e
SHA5120e2f2560f1414d5a269846a35bfdcf8d3418c721124315a7734fd25180f17da23de8bb0da530e7c3978343a0471b81721b740f3611a2f9b4af006083e3a11b77
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
64KB
MD5cd909825e7a18554c54b66144e544a6f
SHA129eb2bffb8255a4f543ac74821638ba28fe166ca
SHA25655affa19450dc80f74dcc843a0534b0554e5cfbff07fba4a1821bd6b708ee7be
SHA51260143e31f56db4bb76c8031f13ed8a62a14ca0fa96f5667a4d24d9429751e56cc68e3a37726f7fe0b617da2b1fa4e8703975a4190472b5af819108c89b8f2e91
-
Filesize
512B
MD5587fe8f3c71ad157395ea9acdebf3774
SHA17deef0cd31ac465d82c69666d76ee8c4fbd68921
SHA25678e9382839d11b2eb691ac3daf6c8f784568c24d60b543cd4214076e1f992be0
SHA512defd72fec79f90cda5258a05e1d9c6be973bee4edefdce08ab40faa231affae2fec8763916853d7aa4934f2623e3c72f4c604c606f4167ace9a5b6af2063e832
-
Filesize
36KB
MD5390c33299fe7067f5b667ee66dac9ad2
SHA1de5929c3693364283f4b47d5ec29c725f9aaffeb
SHA256dbecdef51a36b8c2ffd841cf107c18a8672d4d03f7e83622ddeb6b6abea9f9d1
SHA5124a9ddc310a342158b5ecf18c382e9dc0425415aba07524c62e75e38254210128bea0355150351f91e5e54dc9b68ff49fcee913b844758f94aea9ad27b769ded0
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD51662b773014b2c1fa7d68fcbe5dbf1a8
SHA1f761838542e5ca60a93eb0843bfc73bc144dcc87
SHA256cc5b70e52032bcc6a40a18528b6eed7d2482e5e48dadf61a68de6c5715aaa48b
SHA512f8e844984396fb691347c9fc639bd7decee8a54cc0f3fed253dc0e33309c457b25165b153bc4802930ea2feac21e8ee5f50b5f424043913a5766d843ee7edb58
-
Filesize
16KB
MD5720589f0f2f8201900329edafc42a113
SHA13dfa3a3e1bc6f006b0488abc3a0143af6abc1c27
SHA256543aea7cbf3be4c12119572af98ea6fda72e8cf886edd19a6ba8a80263e16c59
SHA512bc4da98c2bc11dacf7e5b8edf23ba5a123faadb5a02cbdc4f082109619ca956c93b3f2d1a5b44aa039ccb0e0915ecddbfb2bd71307df7fd4fba6d38ee9cb63ea
-
Filesize
512B
MD5e54fb41d9ae991a8824c70b3cf35bbd9
SHA1bcdfd90a38ad5805dcc1fcdad148c266efbfc90d
SHA2565e73381bb9b075acd2325da3b511aa6a05901897b0b61ede8b764b80c5075166
SHA512653d3300d6c94e1cf3cbbcce4f8a7f3b0b0f8e70208afd09748e668262e52951e820287b836e965eb3d29132698e61bca2a302a63b4ab5b7525e78c19bab1a2a
-
Filesize
36KB
MD52ec433569467123a7b536c6aaa764967
SHA1dbd901ac28a6e2cb02c898efd90eb2f1d076af92
SHA25672ac2ed19a9c771b5beab786278997255a988d808c44d101939abd2dee9e8104
SHA5128977a29c4e7fe2d9a8b7b97d75a40255ac45d5080cb60eab2b752419f4d4ac900cb21e2c9ec4f1f582925fad4d697c7a6805e45ba659b498939bb93e23479f9c
-
Filesize
4KB
MD51427e34af463071fb17eddcb00112557
SHA117d88914498c9bedefc44562b967ab2b50f92194
SHA256237c4edde7f1f7733594f63db318bac8e132f2c4132bb32265243e7b5f963020
SHA5123b7633a069beffeabe453c05277fd09406fcc6579ef8ad5821cc8e655680f8525a5c8c9c73988903d1728fccb4badc95ba473e005ed6f815adf92ef51d6cbfad
-
Filesize
4KB
MD574e69a563225cf64ee2aada86b429781
SHA15a30886d7dd11f102534304866b6ad4f5366c155
SHA256276b4b3826465561d90862423025cf3cf624eb1cbcf702d3f963b96f5aa2f5ee
SHA512935f431dcc7cc894dce2c0860805fbced3aa149e70a9b66743753692537810d00d693e0d4d8db8e8d72860acbc19268adf9e92633e4ce00d455c740887c2e88d
-
Filesize
8KB
MD5ab458c88bd657e78457ac69e2717bfcf
SHA1f286911ab67de7911394926da7ca0e5fe5013071
SHA25641cf31695b5bca3b0d08f42f95c1a81182fab9ecebd41e4bb03a8917b92d64d5
SHA51247abe4526fac8a5004561cd629bd06a13e821ed908f6e1d26e85f9dcfcdc8299008157dcc77fe6ec93599d01fa54934261ccbd35a9ef184876ec6285468c0043
-
Filesize
1024B
MD5188e9889c2f31f3da3db067daaa11095
SHA19240db2635e9cf9cc30e74fb38e670dd15a8de10
SHA256b8d73be28c100da0ba7092bcb85582552e47d3422709448bbd486775160ecb14
SHA5121d4469d337a6d495c8646b4d7ba926fc05df758c02580eb72ea238d7bea9324e7f7cadca7cd4636f33a68ee7d56c6ba39ec24d0410f82aa93c226aa3d4b0efdb
-
Filesize
1KB
MD5006808582f9e1c00afd9f44f12b2c78d
SHA16f213e5706ce7f9ecb257417d4c3298bd8a3038c
SHA2565d8bc35fc52a9adcd6cd86a473d065d49b766c773d82d9c105b9005c52c25244
SHA512237ad648e8cb5bed76eec25365787a053c6adac0412ef72db5d404f77cd9b7db4b7f866458d5d1457c4077f6bf0a66cd83fe971a7ead0737e5a34f041f6dd69c
-
Filesize
2KB
MD52af08cd3427366fef0a01db6968f62db
SHA1d826816e3a26e9c83cbd74f3b9450014969c9a4a
SHA256dbfbb1012427e028a1e549fe7d7d03d807a3eabb19c4c3686e5bbf3782677e94
SHA512509349bfd09f61cebb977121ee7be526072728e2b1ef9c8f0a0bf15650ad4596cec691f94fe482844d2ddd9b13bd3f4780b2ddc966647d2a81954e1f78e8c9cc
-
Filesize
20KB
MD52048eb6124a452540ee51dae4145aadf
SHA1d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451
SHA256105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864
SHA512bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d
-
Filesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56