Analysis

  • max time kernel
    2624741s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23-12-2023 18:10

General

  • Target

    6240eb972c593af5f5baa0fcaf20e09cf798abc2e226b148ff5d56b8632db31c.apk

  • Size

    14.5MB

  • MD5

    93a47aaae5bd829dad05c02c7252a676

  • SHA1

    b61b94662be0e4a0c2402467862ef0157ca0f81e

  • SHA256

    6240eb972c593af5f5baa0fcaf20e09cf798abc2e226b148ff5d56b8632db31c

  • SHA512

    6b80e09e6f7fe67ce1169f1f0b347072d17ffc5c2f34a2367349fb5dc202d282733228683e7054d4bd42431b30539b5224da4eb3baedab639b34092ef9584be2

  • SSDEEP

    393216:M35GJyKnAoFArC7FPhVAo9uuNwGplMPN5woU3pAerTxAs5DdhtrsXB:MUyAAoCrIeuNj2N5woQKerTxAs5DhCB

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.miri.deser
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4267
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ir.miri.deser/cache/1582435991586.jar --output-vdex-fd=87 --oat-fd=88 --oat-location=/data/user/0/ir.miri.deser/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4378

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.miri.deser/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0117e9ca-cd94-4f58-b86b-422b28c72a59.jobs

    Filesize

    278B

    MD5

    3bf21fc66d196ac04ddd472b505d1b0c

    SHA1

    de08dd8407b0eec82e7d6d41aa1886087ce48df4

    SHA256

    104d26116a9b891bbd95e0391c74e36b96b4c240dbb1eb9e73cf1d1657a62f16

    SHA512

    4602d7fe3ef8aa8774f6c702990ee731e13939cfd5f557ecc24357e1b3131cbdf130f76fe12a12d7afc6f4363bd86bb32543c2159bb33baf3c0a1450df60dcbf

  • /data/data/ir.miri.deser/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e63d8674-6a93-4a56-8186-e3c8f508b30d.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/ir.miri.deser/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f2264ec8-29ac-4415-9334-f50da939b5ad.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/ir.miri.deser/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/ir.miri.deser/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/data/ir.miri.deser/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    cbc512352f74264efc0776e0d1d4b556

    SHA1

    7d1efac8ecde0d0ec7302f7eda32e5f909b0039d

    SHA256

    7d6a53a35b047fb0086169cd218e455f66cc63993d5cfd8177adec25846e7c98

    SHA512

    3b47181aee9831a7942d33bfd8d6cef04ba60577d997cf64248dd409a57e71da6e42f2543a8ce8cc33248f0361ebcd188b3130929220b03e6448f20361c3a0ef

  • /data/data/ir.miri.deser/databases/__pushe_base_lib_db-wal

    Filesize

    16KB

    MD5

    b3b93c9bbfd44532f1ee023198f02c80

    SHA1

    ccf54e6e4e15cd32122586cef26341e79d11f598

    SHA256

    2286b3576b2ab1324ee2b213983ae21c0d40ef3a4ce7b1181f8f2cb0a8f9dc76

    SHA512

    11c19d4d77b91d9255ffa980d7de983e52695ae703f83b9f55aa54617f69aa2a3a9c6c7623f746949a2155151d813ed36f9ab0e2956dab555df855d3f40ece37

  • /data/data/ir.miri.deser/databases/cheshdb

    Filesize

    20KB

    MD5

    806a860f7d04fc9585e786a47fcdda79

    SHA1

    2ae25ffd2f0d3c87fb643af690e21d30ff15aced

    SHA256

    209f2514ee91363ba0ee84f9591eff0150388c3faef8d33d1e2e08772bd7ef37

    SHA512

    10ad8fc55aebbf27f09a930d2a80d2066e518d72e09f7eaaea1570c51159d55c647159fce1085e474ab2f0822ede2b5cfbbb9375323dff5f706864e9305e99f7

  • /data/data/ir.miri.deser/databases/cheshdb

    Filesize

    20KB

    MD5

    c93782377b29f01d1ab25c93ca94d47d

    SHA1

    f250ae4a68a7b70b0cd02e3704b7ba7de9d939cc

    SHA256

    52ed0a6e9c5f29f9b29f7f9fdde0e8ff247a1c2749949a814da6bac2eae99659

    SHA512

    396e54ce136afb3e41e9a46978a9885196eae02a252a5963f80c80868a0dfc50c90c83d5302d8686ab2e98ea95e772dbc3ddd75b5ba40fce3f32666cfdaccc3a

  • /data/data/ir.miri.deser/databases/cheshdb

    Filesize

    20KB

    MD5

    7f967d01f0eeecf1df1c3581d01e582f

    SHA1

    3c9a585693f9341ed821bcf47eadf1979d1f633d

    SHA256

    ddb7fdf1438cdacc13190617eb9aa9b9e124b58b7042ed30ac80dbc16a616968

    SHA512

    1d39ddbb7fc787a83ede001429fde44d1fc5cd0c1d742c70d0c962e2b9c2b5bcb61b5001ccc5c741794c98a53b4e914b150491785c46c51b0caff8372c47bb96

  • /data/data/ir.miri.deser/databases/cheshdb-journal

    Filesize

    512B

    MD5

    1525fb59602eb8ad3a06c28a0bc3af16

    SHA1

    fcfa80a5ed5ec5406107c1788e9948cf8bf8c617

    SHA256

    99e61559fdca35d2ebebd52aeb61443632713e5bfcfc1a40f1315d917f6f71c3

    SHA512

    d2bba3e30cce202ecc6f798ea1b596b396ba8b5b98d4ba6e1bce38c604b4798aeb212926abc0413acbd47cccea7a951b1d7693a7b4e64f64538427c57217fbc5

  • /data/data/ir.miri.deser/databases/cheshdb-wal

    Filesize

    40KB

    MD5

    6014e3198f884285d9d66c832daa6223

    SHA1

    3cd804096e5d486956d68462177fc047fdb2f6e0

    SHA256

    78f5de7effdf41fefa9931e88df790c2e0381c6b3296fc731f3032532c156e1d

    SHA512

    30b0da2bdb92b9a122b1fbb9a63c38d4e09b1c4344dc59349192a8583cfe166dea98d123dfe1aec5ae3312b7bb485321bb76ed6bb0bb86c3bd3b3869d33f8556

  • /data/data/ir.miri.deser/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    95be956422467b3aca33935298c3b405

    SHA1

    6bd36920864b7914bbdbe9300a1e131ae4fb877c

    SHA256

    87414e55f72b968054b85962e6832856cc48284e13bdef8480f7b920e38027ca

    SHA512

    e5f3fea4e0a4ff098de2809ca6057a30380bec0262ebd8b076f10906969880dc4b04c6bfa507252210786388c1e1bd8b073ad3646fb431b0e9c3020cd1e2b0a2

  • /data/data/ir.miri.deser/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    2eb980dcfe5ca9463690bc83ba3171d4

    SHA1

    8c9e1663776cee0c84b0ccc4fdf66b5bd19aaad3

    SHA256

    7b080c89adcd4ce5785a282290f089f8eeaf0552f666cac22da2eb59b022bfb7

    SHA512

    33082d0a593fe896a3f6043498a781e85a482a38065c7a18fe16d6595035c645b9300689c339302742daaba8b84d838995e8cb043e7a5eb4bebda9dc3ec1b476

  • /data/data/ir.miri.deser/databases/db_default_job_manager

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/ir.miri.deser/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    3050142b84e6a85574629c7aca1d0f17

    SHA1

    33d49592617b65432300202149b888d40fcf3085

    SHA256

    867498fec700d093f634a7c2a456e9532182780b581f5584c398628ec567e02e

    SHA512

    0e2f2560f1414d5a269846a35bfdcf8d3418c721124315a7734fd25180f17da23de8bb0da530e7c3978343a0471b81721b740f3611a2f9b4af006083e3a11b77

  • /data/data/ir.miri.deser/databases/db_default_job_manager-shm

    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/ir.miri.deser/databases/db_default_job_manager-wal

    Filesize

    64KB

    MD5

    cd909825e7a18554c54b66144e544a6f

    SHA1

    29eb2bffb8255a4f543ac74821638ba28fe166ca

    SHA256

    55affa19450dc80f74dcc843a0534b0554e5cfbff07fba4a1821bd6b708ee7be

    SHA512

    60143e31f56db4bb76c8031f13ed8a62a14ca0fa96f5667a4d24d9429751e56cc68e3a37726f7fe0b617da2b1fa4e8703975a4190472b5af819108c89b8f2e91

  • /data/data/ir.miri.deser/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    587fe8f3c71ad157395ea9acdebf3774

    SHA1

    7deef0cd31ac465d82c69666d76ee8c4fbd68921

    SHA256

    78e9382839d11b2eb691ac3daf6c8f784568c24d60b543cd4214076e1f992be0

    SHA512

    defd72fec79f90cda5258a05e1d9c6be973bee4edefdce08ab40faa231affae2fec8763916853d7aa4934f2623e3c72f4c604c606f4167ace9a5b6af2063e832

  • /data/data/ir.miri.deser/databases/evernote_jobs.db-wal

    Filesize

    36KB

    MD5

    390c33299fe7067f5b667ee66dac9ad2

    SHA1

    de5929c3693364283f4b47d5ec29c725f9aaffeb

    SHA256

    dbecdef51a36b8c2ffd841cf107c18a8672d4d03f7e83622ddeb6b6abea9f9d1

    SHA512

    4a9ddc310a342158b5ecf18c382e9dc0425415aba07524c62e75e38254210128bea0355150351f91e5e54dc9b68ff49fcee913b844758f94aea9ad27b769ded0

  • /data/data/ir.miri.deser/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/ir.miri.deser/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    1662b773014b2c1fa7d68fcbe5dbf1a8

    SHA1

    f761838542e5ca60a93eb0843bfc73bc144dcc87

    SHA256

    cc5b70e52032bcc6a40a18528b6eed7d2482e5e48dadf61a68de6c5715aaa48b

    SHA512

    f8e844984396fb691347c9fc639bd7decee8a54cc0f3fed253dc0e33309c457b25165b153bc4802930ea2feac21e8ee5f50b5f424043913a5766d843ee7edb58

  • /data/data/ir.miri.deser/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    720589f0f2f8201900329edafc42a113

    SHA1

    3dfa3a3e1bc6f006b0488abc3a0143af6abc1c27

    SHA256

    543aea7cbf3be4c12119572af98ea6fda72e8cf886edd19a6ba8a80263e16c59

    SHA512

    bc4da98c2bc11dacf7e5b8edf23ba5a123faadb5a02cbdc4f082109619ca956c93b3f2d1a5b44aa039ccb0e0915ecddbfb2bd71307df7fd4fba6d38ee9cb63ea

  • /data/data/ir.miri.deser/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    e54fb41d9ae991a8824c70b3cf35bbd9

    SHA1

    bcdfd90a38ad5805dcc1fcdad148c266efbfc90d

    SHA256

    5e73381bb9b075acd2325da3b511aa6a05901897b0b61ede8b764b80c5075166

    SHA512

    653d3300d6c94e1cf3cbbcce4f8a7f3b0b0f8e70208afd09748e668262e52951e820287b836e965eb3d29132698e61bca2a302a63b4ab5b7525e78c19bab1a2a

  • /data/data/ir.miri.deser/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    2ec433569467123a7b536c6aaa764967

    SHA1

    dbd901ac28a6e2cb02c898efd90eb2f1d076af92

    SHA256

    72ac2ed19a9c771b5beab786278997255a988d808c44d101939abd2dee9e8104

    SHA512

    8977a29c4e7fe2d9a8b7b97d75a40255ac45d5080cb60eab2b752419f4d4ac900cb21e2c9ec4f1f582925fad4d697c7a6805e45ba659b498939bb93e23479f9c

  • /data/data/ir.miri.deser/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    1427e34af463071fb17eddcb00112557

    SHA1

    17d88914498c9bedefc44562b967ab2b50f92194

    SHA256

    237c4edde7f1f7733594f63db318bac8e132f2c4132bb32265243e7b5f963020

    SHA512

    3b7633a069beffeabe453c05277fd09406fcc6579ef8ad5821cc8e655680f8525a5c8c9c73988903d1728fccb4badc95ba473e005ed6f815adf92ef51d6cbfad

  • /data/data/ir.miri.deser/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    74e69a563225cf64ee2aada86b429781

    SHA1

    5a30886d7dd11f102534304866b6ad4f5366c155

    SHA256

    276b4b3826465561d90862423025cf3cf624eb1cbcf702d3f963b96f5aa2f5ee

    SHA512

    935f431dcc7cc894dce2c0860805fbced3aa149e70a9b66743753692537810d00d693e0d4d8db8e8d72860acbc19268adf9e92633e4ce00d455c740887c2e88d

  • /data/data/ir.miri.deser/files/info.db

    Filesize

    8KB

    MD5

    ab458c88bd657e78457ac69e2717bfcf

    SHA1

    f286911ab67de7911394926da7ca0e5fe5013071

    SHA256

    41cf31695b5bca3b0d08f42f95c1a81182fab9ecebd41e4bb03a8917b92d64d5

    SHA512

    47abe4526fac8a5004561cd629bd06a13e821ed908f6e1d26e85f9dcfcdc8299008157dcc77fe6ec93599d01fa54934261ccbd35a9ef184876ec6285468c0043

  • /data/data/ir.miri.deser/files/info.db

    Filesize

    1024B

    MD5

    188e9889c2f31f3da3db067daaa11095

    SHA1

    9240db2635e9cf9cc30e74fb38e670dd15a8de10

    SHA256

    b8d73be28c100da0ba7092bcb85582552e47d3422709448bbd486775160ecb14

    SHA512

    1d4469d337a6d495c8646b4d7ba926fc05df758c02580eb72ea238d7bea9324e7f7cadca7cd4636f33a68ee7d56c6ba39ec24d0410f82aa93c226aa3d4b0efdb

  • /data/data/ir.miri.deser/files/info.db-journal

    Filesize

    1KB

    MD5

    006808582f9e1c00afd9f44f12b2c78d

    SHA1

    6f213e5706ce7f9ecb257417d4c3298bd8a3038c

    SHA256

    5d8bc35fc52a9adcd6cd86a473d065d49b766c773d82d9c105b9005c52c25244

    SHA512

    237ad648e8cb5bed76eec25365787a053c6adac0412ef72db5d404f77cd9b7db4b7f866458d5d1457c4077f6bf0a66cd83fe971a7ead0737e5a34f041f6dd69c

  • /data/data/ir.miri.deser/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    2af08cd3427366fef0a01db6968f62db

    SHA1

    d826816e3a26e9c83cbd74f3b9450014969c9a4a

    SHA256

    dbfbb1012427e028a1e549fe7d7d03d807a3eabb19c4c3686e5bbf3782677e94

    SHA512

    509349bfd09f61cebb977121ee7be526072728e2b1ef9c8f0a0bf15650ad4596cec691f94fe482844d2ddd9b13bd3f4780b2ddc966647d2a81954e1f78e8c9cc

  • /data/user/0/ir.miri.deser/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    2048eb6124a452540ee51dae4145aadf

    SHA1

    d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451

    SHA256

    105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864

    SHA512

    bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d

  • /data/user/0/ir.miri.deser/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56