Analysis

  • max time kernel
    2626248s
  • max time network
    150s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23-12-2023 18:13

General

  • Target

    62bfb163d55007771500547ffb6d7493896d5c6b05032ac569d3b1cd0e2cf3c1.apk

  • Size

    7.2MB

  • MD5

    3b2f79fe764223ac02b59d3792034762

  • SHA1

    ee90c81affe9ef440507c4186b752827e84ce9d2

  • SHA256

    62bfb163d55007771500547ffb6d7493896d5c6b05032ac569d3b1cd0e2cf3c1

  • SHA512

    8a9568b3517a7fbd15df0e3dbc3016eab705818894299471b666fdc208cb7c2ac09c01f2dac1173c29eb7ce75448e5c9925df875f57b9c0b6b333fb67686ddbc

  • SSDEEP

    196608:xgzgH+6+za7U3pAeimbmpjD+/enzdhiU1rrsOMgXjl:ESqa7U3pAei6mNDWenzdhtrsXu

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell information.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.teliyam.kerem
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4213
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ir.teliyam.kerem/cache/1582435991586.jar --output-vdex-fd=89 --oat-fd=92 --oat-location=/data/user/0/ir.teliyam.kerem/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4309

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.teliyam.kerem/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6818b172-5212-4135-a790-7854cb1dddc5.jobs

    Filesize

    278B

    MD5

    b71dd15d98a727121b56dc5eb5dc35c9

    SHA1

    3442feeef51194ec56a21a1d10f6ff4473bd0e9e

    SHA256

    00596bf81d67501f12a62d0fc9e7d4bd37cd7cf7d3875db005c240bca067a00b

    SHA512

    7b9203e1b9789ba9f06616d9273fd4148ac7539d9aef65f02d93011a13a5cc63564b5227e141c79eeb1ea54ed4fc6e3e4439127d486647f6f4e572cd3140cf0f

  • /data/data/ir.teliyam.kerem/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/d2e5188d-7532-4a2b-aa44-7e1e9edd7ef0.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/ir.teliyam.kerem/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e7e75c68-b294-47f7-b392-7aca91a6e483.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/ir.teliyam.kerem/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/ir.teliyam.kerem/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/data/ir.teliyam.kerem/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    6be71cb3e8dccfe81fc34228cc4eacb2

    SHA1

    5890cd997b8125e9250bd01fc81844016bc7ac47

    SHA256

    96f91b41f1a05f824bd9dacf11ed1715fcd5a2fe9899fcbc1b6ee73881b40042

    SHA512

    aa2980e5c0903cc4d0f1cdba17101c04f32e7bfa344318be9ae8f14f53b21fb260adcdb0c1fd0aafbbda8d06814ae4cbf616bff1b93cef04c4a5b02f6dd6f106

  • /data/data/ir.teliyam.kerem/databases/__pushe_base_lib_db-wal

    Filesize

    16KB

    MD5

    25d7d15d557b2f432490845f9c5cfa68

    SHA1

    32c7fc5effbfd0e367bd6acd900bdaee5178d73b

    SHA256

    2d6907a4d8270d23b0d4c62cb90484aaa9b017387aaa0f1872066f5adffe795f

    SHA512

    5bd318faa818aab1aa473a558c1eb4510de2a757e5b22dfe6c42ddc803faffa98fc0ec1e5994d2224714c0d2887fe64f4ec5c04b4de8010ed66f31cfb20b7661

  • /data/data/ir.teliyam.kerem/databases/cheshdb

    Filesize

    20KB

    MD5

    703146038468386a261299a7a63b1652

    SHA1

    055dffb92e19a4ddbbb588058f439e12b9483c41

    SHA256

    59ef9874a856c84d6b00df946e7ab70250e23299773a75963e5a99012c27c817

    SHA512

    a339796494cc54dbe3af21e3c49bab805c071ec91a80ac0f3440ab06630763e0e2539a2b962176dca7e476c218834a64b23afdee461c647522fc505fe55b1854

  • /data/data/ir.teliyam.kerem/databases/cheshdb

    Filesize

    20KB

    MD5

    8465f7d10ba54abf92c140bc280d2882

    SHA1

    e050ddc7aea5d3ec58ea68329e6c4e24fc4723b5

    SHA256

    4dc38873e16e61ac26c375665913fc24fd857b51450b30e0cd60833077597367

    SHA512

    7d1c2be616b63fcc5253242fca9962612af38257e3de2f0b96fce59ab1336f05109d5c63d37aa23f54b8ded7b32ff0c32cbd8c918498dd54891a5c6145013341

  • /data/data/ir.teliyam.kerem/databases/cheshdb

    Filesize

    20KB

    MD5

    a39a16dabba9637790c4cfb1ad1c8498

    SHA1

    08182ba06349a92d5c021de21d43a12b3adee26e

    SHA256

    21559b53712439959a98adcae8f6d569fb5228f76e561dd5933556855e28b932

    SHA512

    dc8c7a35597f92ae1e894c3b53a291f65d98b2304c8354aa6b7227bb2ca61da8315f9dc4b1fecb685e622fa0437c44d8913c8abc3d56153c62d7ed5a81076f30

  • /data/data/ir.teliyam.kerem/databases/cheshdb-journal

    Filesize

    512B

    MD5

    4f23d36b83079dacc4c8134a5fd2f1c4

    SHA1

    bd4756940290b659a71b148bc23f9f9cebd735c1

    SHA256

    6315d65bec788da697c77cdfa8d9500199b652906e5f8521a994e0d517141185

    SHA512

    8c2bdb7064cd53abf9bd0f948e4eb35b0c0794f1c10b21e56925d40b94db85dce8210c9c2253ab76c85c5a964e0a4fab256eb3a6cd5967e9177ba2bd918e2988

  • /data/data/ir.teliyam.kerem/databases/cheshdb-shm

    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/ir.teliyam.kerem/databases/cheshdb-wal

    Filesize

    40KB

    MD5

    aee8a889b76e273689675be9adaec5c9

    SHA1

    472005c307c783250c65473ae31b7e48af9762a8

    SHA256

    a179e4f501c58316a68b5cd9d3ce92b7aac6b98444784ecc1e22def2751dcdcd

    SHA512

    5af94e28b77c71b44f2d6d72419fd90ae2f7898f5a5dda2f908b5e10f1a0c80c4f70576c0c0eed365606d07ac1b614c4c88e0eb8aff0166bf0b97eff593d2a36

  • /data/data/ir.teliyam.kerem/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    29fd35c2a8adac7c8b001bd97fae397c

    SHA1

    d550d3a51fa719efcfc6cbc7c54df3b5aabbd93f

    SHA256

    5d9d12167affec80a9f2189934dc7dcc833ee34ed333dce75ba1d6ef1e4ebd53

    SHA512

    c309cc9b9d0f0d63e475b3ec8c9e06ff7adbb1adaa9078baa6e001b560526547d46ec6cf208b8a20a385eddfc7a6fb3652590d4377eb71297bcdffc97d125d8f

  • /data/data/ir.teliyam.kerem/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    e7d956896291b133c9cf7a3c61ac9f0d

    SHA1

    df579809b4781c73d71c8b10186fb00b879c4d4e

    SHA256

    39976040d014c6160b9a34e839a114b4c9263ad528b69a610be50f97b9c1b740

    SHA512

    beeab7c6267393bd09eb4a22ef0eb852b7033f312ca6d49019e49e06aea6ea4850729fa7872a831a0ff816a4bb03e3c770f7dac2caccee9e5b16be5a58167999

  • /data/data/ir.teliyam.kerem/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    51779d79cdbd83d80e8439cbdf7cdeb5

    SHA1

    c7c515861eba28a86d851e2cea0011f37829f994

    SHA256

    4f5d2b7bbfbad14fa739d5c56e259eb7f1956a1b75186aafd893974acd631324

    SHA512

    0755a85ab4b8d2988670f1d8bd4e285c7b47937ca070424beceb0eccb2098533295d9c2180dbb7324ef1a1cab99750ce5347c42dffd0b9f8abac9603947017ee

  • /data/data/ir.teliyam.kerem/databases/db_default_job_manager

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/ir.teliyam.kerem/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    6233a5682d8128bb1f78992cde76bf21

    SHA1

    2c85b19b85f0a38f3bd3d39a985217f23b08eb8a

    SHA256

    06ed8ba5978215f6c4806aa331c726a353a80fd9428e80f4040b0c63dd0cf769

    SHA512

    9ce2363b2f3ddf42461679eaca42e453fdbf5157ad638d2bf4054089b77c0df562f89c39901754c96f9aff4157ad93eeb6f394410d4e3114446b4c15f85a5e24

  • /data/data/ir.teliyam.kerem/databases/db_default_job_manager-wal

    Filesize

    16KB

    MD5

    febbd2cb1eda1bbfbb70f6a71c192992

    SHA1

    b955f2e24916211a69f5bd536e43d249f2538a81

    SHA256

    a6cd9c60bd59a276dcb7a7b4572f50d5602d3ed3ac6fd2886eace61f5c045aa3

    SHA512

    c6c7c2fcae91fb4aee043487ccf4c1b3725a6de2c08f5670f7f8d1bbc6dde6fe06c461f596c1bd9f210c90c72fdf9c4871611f6a439f67bcb2ca0e429df689db

  • /data/data/ir.teliyam.kerem/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    2f18862d96a0a5727f12bad14a224ed8

    SHA1

    d1c3e32250027e0a98b705e0dc76b0fceae96491

    SHA256

    8814fb71a02786fe71743f9de721fea3e8becc5cadfa24e90b0e25a089fae4e7

    SHA512

    533ded1a45bf0b2bb69cdca32643bbd3db794ef670e7bd49d31d30ab99e9049c2481f43a74baf5c5510dee619cd9b1132af3e9571adfeaf1a28b60cb65bbaf59

  • /data/data/ir.teliyam.kerem/databases/evernote_jobs.db-wal

    Filesize

    32KB

    MD5

    867e34c879e9ddd4d9ba8bbfa675589e

    SHA1

    e743116a9915023597ade5c2a2c496bde6816f4a

    SHA256

    a5e42e5b9ede4d56b32f910bb007321f21aa9b450c071929796994247588f9dc

    SHA512

    ae323b5dbc08a1584617b709f5050ed8da0152410be297ddcbea630f2b973acaaf80ac9de628ee1c5526a6dc39b1ee2d5207b4f032b7cf725e7f06e8112b98c8

  • /data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    600465857fbffb58e2442ee0d9d9ad0b

    SHA1

    0e804db16038cb28fe23327fb4838d022523fb57

    SHA256

    2fb570016bce47fd9a39cc91d0356c49249679c8c7cae2bf771d426ca013f11c

    SHA512

    6d7b541c35b832e1bf009a0567a487c8d24f4bf98c8f57173f0d66820ba08e2f8eb237aa2c7611d97e65a2aa595ba19e6d20cf2589d0a27bedfd22df91f85395

  • /data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    720589f0f2f8201900329edafc42a113

    SHA1

    3dfa3a3e1bc6f006b0488abc3a0143af6abc1c27

    SHA256

    543aea7cbf3be4c12119572af98ea6fda72e8cf886edd19a6ba8a80263e16c59

    SHA512

    bc4da98c2bc11dacf7e5b8edf23ba5a123faadb5a02cbdc4f082109619ca956c93b3f2d1a5b44aa039ccb0e0915ecddbfb2bd71307df7fd4fba6d38ee9cb63ea

  • /data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    26a38dcc423ae6bda1b836a9ccdd219d

    SHA1

    ceb6b44bfd061945c92dbae78cfd0162b87a524b

    SHA256

    e9f8d80a692db31a060655be969415a9e2022d2834c814cfcade7f592784901c

    SHA512

    cb1bb07709a11bbe3da47290bb9e414e685eec9afd0c3da9df432e426bb9279c1c3057f29d116d9c16f4c577d53be368ec0d364182bf0da17e3708c0ed4c4109

  • /data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-wal

    Filesize

    32KB

    MD5

    12e2863deced1ab281b568c68f601d6f

    SHA1

    c8b59446f3d85a6a5a319e3fa03c9fb706fe9422

    SHA256

    7f819447c403250738767d13943c5a8923752a4a41c30089ca4392aa68594753

    SHA512

    dca473af09b8ee4fbe83ca6ed1153f5ce6abe29e219492caa8d785357d009f8a963ed3cfdd33b993d3e5db76c2d69b9164c79631de675b6fb3edf558b2725c0e

  • /data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    c258c471c6dca0125ee5242fdbfe461c

    SHA1

    3971eba195479c6c42ccdd5fd169ced14f63e11b

    SHA256

    a6d9226737c3277b85285c0786f9558f9c3349971db6c188124f01997b0b4651

    SHA512

    1cf1ed2f18a821d7e6884f6ddcd5ddc13b68ebb0696f61b94fa59995eb19a225518f026f1e5dc33d34f759ff5304318958326713425a240f54a5f322ac3e4630

  • /data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    0fa8522233e788a78989f9100b320cfd

    SHA1

    585ce4b0c069f6e9f52c2661a4ef1557dc871d82

    SHA256

    cc26e315a01ebabec7e40172346f84d97023f5b66162b18ce4a7a9352d6171d6

    SHA512

    8c4f8b5570862c76ea8e15ccff344aec41f79bf8027bc5ce067b3864a712b4172b55e3bd8dbc74b9aa3c410d97c760cd2d3d5a4684e148a2ccc73a8e61c35996

  • /data/data/ir.teliyam.kerem/files/info.db

    Filesize

    1024B

    MD5

    e8394f4aad6ba804336d4dc1273b931a

    SHA1

    62d13d65ce6d72e05e7b71ab680106c9dc19ac6e

    SHA256

    1fb4e2d455b31069032fa51f56c68ba41850b4cc7002b22e01a906c65c86a1fe

    SHA512

    51e93d0ed188855fec15e708abb5f70c8231b1361f2628367c9016984f7baeecb4cfeb95fbabfbd1f6fdaa1eb3501df477639278d935f3d33a12ac0691f18db6

  • /data/data/ir.teliyam.kerem/files/info.db-journal

    Filesize

    1KB

    MD5

    8a61e1301a53309d6bab671b16cd4920

    SHA1

    010c29d8cb54d7b780082afdcd81a205752e164a

    SHA256

    90ceb8b1f9fe6c40a8f2790af056294d53e966d6b79bc21e44e94379d3cf1e6c

    SHA512

    889de37bad265ca0eb23463ba1baf879bab73044ac7a320f008af7919630bea942a60932e7a3219c308a506f8430d09e4e449442f849270e077aeef2abe223dc

  • /data/user/0/ir.teliyam.kerem/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    2048eb6124a452540ee51dae4145aadf

    SHA1

    d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451

    SHA256

    105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864

    SHA512

    bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d

  • /data/user/0/ir.teliyam.kerem/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56