Analysis
-
max time kernel
2626248s -
max time network
150s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system -
submitted
23-12-2023 18:13
Behavioral task
behavioral1
Sample
62bfb163d55007771500547ffb6d7493896d5c6b05032ac569d3b1cd0e2cf3c1.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
62bfb163d55007771500547ffb6d7493896d5c6b05032ac569d3b1cd0e2cf3c1.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
62bfb163d55007771500547ffb6d7493896d5c6b05032ac569d3b1cd0e2cf3c1.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
62bfb163d55007771500547ffb6d7493896d5c6b05032ac569d3b1cd0e2cf3c1.apk
-
Size
7.2MB
-
MD5
3b2f79fe764223ac02b59d3792034762
-
SHA1
ee90c81affe9ef440507c4186b752827e84ce9d2
-
SHA256
62bfb163d55007771500547ffb6d7493896d5c6b05032ac569d3b1cd0e2cf3c1
-
SHA512
8a9568b3517a7fbd15df0e3dbc3016eab705818894299471b666fdc208cb7c2ac09c01f2dac1173c29eb7ce75448e5c9925df875f57b9c0b6b333fb67686ddbc
-
SSDEEP
196608:xgzgH+6+za7U3pAeimbmpjD+/enzdhiU1rrsOMgXjl:ESqa7U3pAei6mNDWenzdhtrsXu
Malware Config
Signatures
-
Requests cell location 2 IoCs
Uses Android APIs to to get current cell information.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo ir.teliyam.kerem Framework service call com.android.internal.telephony.ITelephony.getCellLocation ir.teliyam.kerem -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/ir.teliyam.kerem/cache/1582435991586.jar 4309 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ir.teliyam.kerem/cache/1582435991586.jar --output-vdex-fd=89 --oat-fd=92 --oat-location=/data/user/0/ir.teliyam.kerem/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/ir.teliyam.kerem/cache/1582435991586.jar 4213 ir.teliyam.kerem -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock ir.teliyam.kerem -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ir.teliyam.kerem
Processes
-
ir.teliyam.kerem1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4213 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ir.teliyam.kerem/cache/1582435991586.jar --output-vdex-fd=89 --oat-fd=92 --oat-location=/data/user/0/ir.teliyam.kerem/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4309
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/ir.teliyam.kerem/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6818b172-5212-4135-a790-7854cb1dddc5.jobs
Filesize278B
MD5b71dd15d98a727121b56dc5eb5dc35c9
SHA13442feeef51194ec56a21a1d10f6ff4473bd0e9e
SHA25600596bf81d67501f12a62d0fc9e7d4bd37cd7cf7d3875db005c240bca067a00b
SHA5127b9203e1b9789ba9f06616d9273fd4148ac7539d9aef65f02d93011a13a5cc63564b5227e141c79eeb1ea54ed4fc6e3e4439127d486647f6f4e572cd3140cf0f
-
/data/data/ir.teliyam.kerem/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/d2e5188d-7532-4a2b-aa44-7e1e9edd7ef0.jobs
Filesize179B
MD5ac58f99a1b179d71e8621412ad31c6a1
SHA1b51fdad95876f5615735c2ab411031ff67d5e946
SHA2569537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b
-
/data/data/ir.teliyam.kerem/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e7e75c68-b294-47f7-b392-7aca91a6e483.jobs
Filesize176B
MD5f56f328eea1d5c96a1b96dbbf59488df
SHA1440c784cacff61932e2f61580b7cfdc3a4943c95
SHA25690949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA51236e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
Filesize
512B
MD56be71cb3e8dccfe81fc34228cc4eacb2
SHA15890cd997b8125e9250bd01fc81844016bc7ac47
SHA25696f91b41f1a05f824bd9dacf11ed1715fcd5a2fe9899fcbc1b6ee73881b40042
SHA512aa2980e5c0903cc4d0f1cdba17101c04f32e7bfa344318be9ae8f14f53b21fb260adcdb0c1fd0aafbbda8d06814ae4cbf616bff1b93cef04c4a5b02f6dd6f106
-
Filesize
16KB
MD525d7d15d557b2f432490845f9c5cfa68
SHA132c7fc5effbfd0e367bd6acd900bdaee5178d73b
SHA2562d6907a4d8270d23b0d4c62cb90484aaa9b017387aaa0f1872066f5adffe795f
SHA5125bd318faa818aab1aa473a558c1eb4510de2a757e5b22dfe6c42ddc803faffa98fc0ec1e5994d2224714c0d2887fe64f4ec5c04b4de8010ed66f31cfb20b7661
-
Filesize
20KB
MD5703146038468386a261299a7a63b1652
SHA1055dffb92e19a4ddbbb588058f439e12b9483c41
SHA25659ef9874a856c84d6b00df946e7ab70250e23299773a75963e5a99012c27c817
SHA512a339796494cc54dbe3af21e3c49bab805c071ec91a80ac0f3440ab06630763e0e2539a2b962176dca7e476c218834a64b23afdee461c647522fc505fe55b1854
-
Filesize
20KB
MD58465f7d10ba54abf92c140bc280d2882
SHA1e050ddc7aea5d3ec58ea68329e6c4e24fc4723b5
SHA2564dc38873e16e61ac26c375665913fc24fd857b51450b30e0cd60833077597367
SHA5127d1c2be616b63fcc5253242fca9962612af38257e3de2f0b96fce59ab1336f05109d5c63d37aa23f54b8ded7b32ff0c32cbd8c918498dd54891a5c6145013341
-
Filesize
20KB
MD5a39a16dabba9637790c4cfb1ad1c8498
SHA108182ba06349a92d5c021de21d43a12b3adee26e
SHA25621559b53712439959a98adcae8f6d569fb5228f76e561dd5933556855e28b932
SHA512dc8c7a35597f92ae1e894c3b53a291f65d98b2304c8354aa6b7227bb2ca61da8315f9dc4b1fecb685e622fa0437c44d8913c8abc3d56153c62d7ed5a81076f30
-
Filesize
512B
MD54f23d36b83079dacc4c8134a5fd2f1c4
SHA1bd4756940290b659a71b148bc23f9f9cebd735c1
SHA2566315d65bec788da697c77cdfa8d9500199b652906e5f8521a994e0d517141185
SHA5128c2bdb7064cd53abf9bd0f948e4eb35b0c0794f1c10b21e56925d40b94db85dce8210c9c2253ab76c85c5a964e0a4fab256eb3a6cd5967e9177ba2bd918e2988
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
40KB
MD5aee8a889b76e273689675be9adaec5c9
SHA1472005c307c783250c65473ae31b7e48af9762a8
SHA256a179e4f501c58316a68b5cd9d3ce92b7aac6b98444784ecc1e22def2751dcdcd
SHA5125af94e28b77c71b44f2d6d72419fd90ae2f7898f5a5dda2f908b5e10f1a0c80c4f70576c0c0eed365606d07ac1b614c4c88e0eb8aff0166bf0b97eff593d2a36
-
Filesize
8KB
MD529fd35c2a8adac7c8b001bd97fae397c
SHA1d550d3a51fa719efcfc6cbc7c54df3b5aabbd93f
SHA2565d9d12167affec80a9f2189934dc7dcc833ee34ed333dce75ba1d6ef1e4ebd53
SHA512c309cc9b9d0f0d63e475b3ec8c9e06ff7adbb1adaa9078baa6e001b560526547d46ec6cf208b8a20a385eddfc7a6fb3652590d4377eb71297bcdffc97d125d8f
-
Filesize
8KB
MD5e7d956896291b133c9cf7a3c61ac9f0d
SHA1df579809b4781c73d71c8b10186fb00b879c4d4e
SHA25639976040d014c6160b9a34e839a114b4c9263ad528b69a610be50f97b9c1b740
SHA512beeab7c6267393bd09eb4a22ef0eb852b7033f312ca6d49019e49e06aea6ea4850729fa7872a831a0ff816a4bb03e3c770f7dac2caccee9e5b16be5a58167999
-
Filesize
8KB
MD551779d79cdbd83d80e8439cbdf7cdeb5
SHA1c7c515861eba28a86d851e2cea0011f37829f994
SHA2564f5d2b7bbfbad14fa739d5c56e259eb7f1956a1b75186aafd893974acd631324
SHA5120755a85ab4b8d2988670f1d8bd4e285c7b47937ca070424beceb0eccb2098533295d9c2180dbb7324ef1a1cab99750ce5347c42dffd0b9f8abac9603947017ee
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD56233a5682d8128bb1f78992cde76bf21
SHA12c85b19b85f0a38f3bd3d39a985217f23b08eb8a
SHA25606ed8ba5978215f6c4806aa331c726a353a80fd9428e80f4040b0c63dd0cf769
SHA5129ce2363b2f3ddf42461679eaca42e453fdbf5157ad638d2bf4054089b77c0df562f89c39901754c96f9aff4157ad93eeb6f394410d4e3114446b4c15f85a5e24
-
Filesize
16KB
MD5febbd2cb1eda1bbfbb70f6a71c192992
SHA1b955f2e24916211a69f5bd536e43d249f2538a81
SHA256a6cd9c60bd59a276dcb7a7b4572f50d5602d3ed3ac6fd2886eace61f5c045aa3
SHA512c6c7c2fcae91fb4aee043487ccf4c1b3725a6de2c08f5670f7f8d1bbc6dde6fe06c461f596c1bd9f210c90c72fdf9c4871611f6a439f67bcb2ca0e429df689db
-
Filesize
512B
MD52f18862d96a0a5727f12bad14a224ed8
SHA1d1c3e32250027e0a98b705e0dc76b0fceae96491
SHA2568814fb71a02786fe71743f9de721fea3e8becc5cadfa24e90b0e25a089fae4e7
SHA512533ded1a45bf0b2bb69cdca32643bbd3db794ef670e7bd49d31d30ab99e9049c2481f43a74baf5c5510dee619cd9b1132af3e9571adfeaf1a28b60cb65bbaf59
-
Filesize
32KB
MD5867e34c879e9ddd4d9ba8bbfa675589e
SHA1e743116a9915023597ade5c2a2c496bde6816f4a
SHA256a5e42e5b9ede4d56b32f910bb007321f21aa9b450c071929796994247588f9dc
SHA512ae323b5dbc08a1584617b709f5050ed8da0152410be297ddcbea630f2b973acaaf80ac9de628ee1c5526a6dc39b1ee2d5207b4f032b7cf725e7f06e8112b98c8
-
Filesize
16KB
MD5600465857fbffb58e2442ee0d9d9ad0b
SHA10e804db16038cb28fe23327fb4838d022523fb57
SHA2562fb570016bce47fd9a39cc91d0356c49249679c8c7cae2bf771d426ca013f11c
SHA5126d7b541c35b832e1bf009a0567a487c8d24f4bf98c8f57173f0d66820ba08e2f8eb237aa2c7611d97e65a2aa595ba19e6d20cf2589d0a27bedfd22df91f85395
-
Filesize
16KB
MD5720589f0f2f8201900329edafc42a113
SHA13dfa3a3e1bc6f006b0488abc3a0143af6abc1c27
SHA256543aea7cbf3be4c12119572af98ea6fda72e8cf886edd19a6ba8a80263e16c59
SHA512bc4da98c2bc11dacf7e5b8edf23ba5a123faadb5a02cbdc4f082109619ca956c93b3f2d1a5b44aa039ccb0e0915ecddbfb2bd71307df7fd4fba6d38ee9cb63ea
-
Filesize
512B
MD526a38dcc423ae6bda1b836a9ccdd219d
SHA1ceb6b44bfd061945c92dbae78cfd0162b87a524b
SHA256e9f8d80a692db31a060655be969415a9e2022d2834c814cfcade7f592784901c
SHA512cb1bb07709a11bbe3da47290bb9e414e685eec9afd0c3da9df432e426bb9279c1c3057f29d116d9c16f4c577d53be368ec0d364182bf0da17e3708c0ed4c4109
-
Filesize
32KB
MD512e2863deced1ab281b568c68f601d6f
SHA1c8b59446f3d85a6a5a319e3fa03c9fb706fe9422
SHA2567f819447c403250738767d13943c5a8923752a4a41c30089ca4392aa68594753
SHA512dca473af09b8ee4fbe83ca6ed1153f5ce6abe29e219492caa8d785357d009f8a963ed3cfdd33b993d3e5db76c2d69b9164c79631de675b6fb3edf558b2725c0e
-
Filesize
4KB
MD5c258c471c6dca0125ee5242fdbfe461c
SHA13971eba195479c6c42ccdd5fd169ced14f63e11b
SHA256a6d9226737c3277b85285c0786f9558f9c3349971db6c188124f01997b0b4651
SHA5121cf1ed2f18a821d7e6884f6ddcd5ddc13b68ebb0696f61b94fa59995eb19a225518f026f1e5dc33d34f759ff5304318958326713425a240f54a5f322ac3e4630
-
Filesize
4KB
MD50fa8522233e788a78989f9100b320cfd
SHA1585ce4b0c069f6e9f52c2661a4ef1557dc871d82
SHA256cc26e315a01ebabec7e40172346f84d97023f5b66162b18ce4a7a9352d6171d6
SHA5128c4f8b5570862c76ea8e15ccff344aec41f79bf8027bc5ce067b3864a712b4172b55e3bd8dbc74b9aa3c410d97c760cd2d3d5a4684e148a2ccc73a8e61c35996
-
Filesize
1024B
MD5e8394f4aad6ba804336d4dc1273b931a
SHA162d13d65ce6d72e05e7b71ab680106c9dc19ac6e
SHA2561fb4e2d455b31069032fa51f56c68ba41850b4cc7002b22e01a906c65c86a1fe
SHA51251e93d0ed188855fec15e708abb5f70c8231b1361f2628367c9016984f7baeecb4cfeb95fbabfbd1f6fdaa1eb3501df477639278d935f3d33a12ac0691f18db6
-
Filesize
1KB
MD58a61e1301a53309d6bab671b16cd4920
SHA1010c29d8cb54d7b780082afdcd81a205752e164a
SHA25690ceb8b1f9fe6c40a8f2790af056294d53e966d6b79bc21e44e94379d3cf1e6c
SHA512889de37bad265ca0eb23463ba1baf879bab73044ac7a320f008af7919630bea942a60932e7a3219c308a506f8430d09e4e449442f849270e077aeef2abe223dc
-
Filesize
20KB
MD52048eb6124a452540ee51dae4145aadf
SHA1d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451
SHA256105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864
SHA512bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d
-
Filesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56