Analysis

  • max time kernel
    2548643s
  • max time network
    129s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23-12-2023 18:17

General

  • Target

    641927a434192face33577742da11e6917014e02be9cf684930984d2e4481823.apk

  • Size

    9.5MB

  • MD5

    790c5d08427133b278814a634a66b373

  • SHA1

    ad04de30db0853f03d0481f3d9d7767b2ecce29d

  • SHA256

    641927a434192face33577742da11e6917014e02be9cf684930984d2e4481823

  • SHA512

    6b074c3e676741ce8b5d7214fe620c5849f066f2bfeb6857f7674caecb43f04fde153f27ced60eeb5979feb5750c272ce49ba2a4bd95039bb3d3b8caa7ee81ef

  • SSDEEP

    196608:Fdk710HuHigflHUXdBP2zsU3pAeaoQA6tDGDKHlexSKdhiU1rrsOMgXjF:nbHuHig+BPksU3pAeaoS42HYQKdhtrsy

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Checks Android system properties for emulator presence. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • ir.ziba.pankeik
    1⤵
    • Requests cell location
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4269

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.ziba.pankeik/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/34b61d36-5fbb-424a-a96e-c9617dd66060.jobs

    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

  • /data/data/ir.ziba.pankeik/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/b3d316b9-3177-4b25-8951-e7fa83c1abc4.jobs

    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

  • /data/data/ir.ziba.pankeik/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/df680a25-9bdf-48f0-bd06-e24ad803719e.jobs

    Filesize

    278B

    MD5

    6106c4d71a226b0149dc27b97a5ad381

    SHA1

    7f903f010d172dbe166964e29763bc0497a7ab71

    SHA256

    217a2f5aed2b133497a2110ff81e82ebf61d7a69d8f17dee18309d179319a429

    SHA512

    ef5df534549cf0ad60b94b185775dee1629e1cda75929dffafa33ed290b0b165e09cf2e6c7236197000f182792a6bfac84fb5206ca35e6a1e7c6a16e7a767402

  • /data/data/ir.ziba.pankeik/cache/1582435991586.jar

    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/ir.ziba.pankeik/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/data/ir.ziba.pankeik/databases/__pushe_base_lib_db-journal

    Filesize

    512B

    MD5

    db8ca85d2e3de367b735cfaf5e56b7ea

    SHA1

    558b5d78a5c13fa4cb9d5ee611e6d319cd3498fa

    SHA256

    a3c88c3881a8d1cfe7cb108ba2523a46b780922dae55feb91e4a51fc27d9dcb9

    SHA512

    299ae3cc56e7c8d7d7ea64f7c2a824809cdfcaba754ad8fc6bb44a7e42b38f37e7b034a36439ef7394c83f958f33f63c814959464fc2305c5f050ca890a62b0e

  • /data/data/ir.ziba.pankeik/databases/__pushe_base_lib_db-shm

    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

  • /data/data/ir.ziba.pankeik/databases/__pushe_base_lib_db-wal

    Filesize

    36KB

    MD5

    f65465e8f0ab54b00c1b9bcb75e66451

    SHA1

    c59fc554bdc972262f5451c68b900eb5313e5e5b

    SHA256

    3918ab1cb22a906dd88bbb0382901538801cd85f63802764aa65baf5b3bae766

    SHA512

    a33844bca4ccf172e986b1995bf899788722d951770965df6dbb8ac9ef2b7152c6de8d89dc14e027b71c15425f56da4a81bc7f72761b79e39a7d034f9aea9b6c

  • /data/data/ir.ziba.pankeik/databases/cheshdb

    Filesize

    20KB

    MD5

    c8be5fc72b34a1cda856c35ff24e48f5

    SHA1

    05d0059b179d258f94e9d6b21f45a457cecb1e0e

    SHA256

    ab0509ed47c46ba470646821b8a8c3e8a56c48b1f359521640832027c54332a7

    SHA512

    79db9af9314c18bd2535a47e1f197d3f013626d866a8240dee2b0a84119124d7b40750065ebee39d3f3169ec2ff38ac189e0c103ba806065cd90544790f3d536

  • /data/data/ir.ziba.pankeik/databases/cheshdb

    Filesize

    20KB

    MD5

    bd3d22bf7a39d8bfd1b22a4031671500

    SHA1

    ae4c133ae241cddafd9b71cedd5a2db7debd78a2

    SHA256

    dd656e9ffdf7cc06633b66b880faacfcaa7c5366999d9378145ecce7de6b3e45

    SHA512

    b63a4cb4e83cb8bc6a33f04ce86dd15cbdb7583d031c32d083d2ca28aeec11bf1b505b60a066bab7550fab24a1952ec56a0b27e6a2a408f6b81fcd814f2945f5

  • /data/data/ir.ziba.pankeik/databases/cheshdb

    Filesize

    20KB

    MD5

    47aa47eecd8e308af0a268a61d17acc4

    SHA1

    e890b2ba3e8c3b36f277baec8c532c6b2ca1982f

    SHA256

    67a9a09bb849654f6d3cf8b88c79267ce68819809a0895fe91d16fc77fdf7919

    SHA512

    5c748f72cddf64b6c85ce032dce22c6aaecc7a76723d9f2df4d20a5c832a1009ef1390a33cbbb715651df94947f0df194dd3381be00628669c5cd15264b42741

  • /data/data/ir.ziba.pankeik/databases/cheshdb-journal

    Filesize

    512B

    MD5

    2ca10dfa35e61a34704d7afcb9702583

    SHA1

    9e80c00483bd07ff94252585a3913d8f9ad61d41

    SHA256

    d8627f5fec7af2d86f64ecca136585f729020c5e698f9b5a1f2c167fed50c485

    SHA512

    8bac31579cb9c070483b58f55ae6610752289fbb6d33f1d15b056b23d28427436c5dc34d318f52c2be51bc62bd55943731c903c7d733a36410bf3df1bfb6d7a0

  • /data/data/ir.ziba.pankeik/databases/cheshdb-wal

    Filesize

    40KB

    MD5

    163a484fe43efafe77e47365087f973f

    SHA1

    cc645996609729825595256ebae6043f2343d4ff

    SHA256

    0e329da29360ab28ce026f34f07dae91a291beb46ee88475bc1939f85225feaa

    SHA512

    8a1c20545d498d02098eb02e3772b63c7b19a39f1dea519b81a22ab2bff6c5879f5ee87275295796091f842e9be00db2570fc8c97293df9952ea2fadd6eaafb9

  • /data/data/ir.ziba.pankeik/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    2cf7018466b8d9568940114f20b35625

    SHA1

    345a9d362dcea32ccb0d886819bd97cb066a2381

    SHA256

    79e9d54d15a84ac8f01c21b53e6f06fe8391293a046611b13a5b049cab014bf2

    SHA512

    b483268dcb1b69a8512f9c9866f3db2541651aa85980e7394156392543ea703a2eeecd0e2981b6fd9731b5ed99f80907cf92c8dd7b701a472351a7d485e81117

  • /data/data/ir.ziba.pankeik/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    e4039d4ebd726dc8e2602a4d646f243c

    SHA1

    e24340a68627ef86c57d09d311378a07ac2f708c

    SHA256

    2c017f3e35f93c53fa7767c2126b2ad88fa591755984b723c32a624f1b98c748

    SHA512

    a957fcadb1ca91f0ab2e503dd800e223e4c97793eb31b039115f75243a0cfef728284d6bd21f50c257e786cc4ddc92866826a702623df73a4fddcb7364e08704

  • /data/data/ir.ziba.pankeik/databases/cheshdb-wal

    Filesize

    8KB

    MD5

    3541d80f8476fd5ba6e89ead85733fc2

    SHA1

    c8d0c5cdd1e064676d00faaf3ba617c8f624cf20

    SHA256

    13ef3d44253db788aa308bbce51f7e03c353dadb32fd6ad561ba5bd693dbb799

    SHA512

    d2f7b579d9b94446ce65d2403b045db8b7f76aa1593db347e1b2c72fafd125c84885a1344052fb5231fcefc84673787f4de469a0eb18e240a8bb0eb5410c082e

  • /data/data/ir.ziba.pankeik/databases/db_default_job_manager

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/ir.ziba.pankeik/databases/db_default_job_manager-journal

    Filesize

    512B

    MD5

    f55e53cb4d4f53dfbd0a6d886d2d3b54

    SHA1

    f04557f4d5609821cd1223752ab7ca1923fc0ada

    SHA256

    0caa45a269856049d301a7cc5d1ee6acf519eea0f41f26dd2147f08ba6bc5022

    SHA512

    c326bca43bf4a545413bc8582d0512f17aacfaac018dc52a6b7fc81f6fe552c31f130f231851b9c294ab5cc5988e14c7b12567d788bfda2624283c272cc6d175

  • /data/data/ir.ziba.pankeik/databases/db_default_job_manager-wal

    Filesize

    64KB

    MD5

    3b7d8a70c184c853a6a2421422488a98

    SHA1

    e9f3d456d7f841bf76052779ab1f83634db3fa7d

    SHA256

    756fa1bc37f7ff00ddaa7217643e8f04e8da9624afcea743709bb16ebb29d1f5

    SHA512

    cbd74e1cec9e1597c506af2c75dd826d754e353e577399d79dc104b5c76670491426b167e75638650868acc51f8ae0945c82b522c58edab946147739e9b396e4

  • /data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    6d8f55d1af46b4d9a605435ca03a4957

    SHA1

    ba1e4d2fb88b492fa4d40af52e28f141735a3d9c

    SHA256

    90d5350cb92cd4d6146577f7e1951b8126bdaf108cdd8231f630c0451d604c3f

    SHA512

    0266969c701bb7c505be71605ea04cd8a45f5bbf01c1d1b53359a98a9108d0bbb75371f53708b2eb2c466d63254f237509a6f1715b5b93e10e1c61f0348a8339

  • /data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    ea915a73eeffe242abec572d1425a3ae

    SHA1

    baa9ac964ac0a7d4095e169ff123ca4c81d4eca2

    SHA256

    2870f94faed9d51ce78b97ebf465c5b44237aaf6002b3a589c93b90c0b8c76e2

    SHA512

    43f1f452126f4fbc35c0ef58270bcf90dfc3a98db1bd022e6fe1901f618c4815ebc0d08cd776fabd3af6d31a3fc18750ce03537292418f5202243ee4da561a1b

  • /data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    677bc556e973caa4800858363275bbca

    SHA1

    a5cd706f364e0b549e157a13177cb76de1db457a

    SHA256

    fb7772b58d050413f47f3b0d3177e8d7e6c09938d6983b5f343dd4a3e754cdbb

    SHA512

    14354c1416d02ca2d3b7561b2de823f6112203c228d5a8bb3e0ef78d9f48da56271d63e2fefa510ecc120159cb7b26723b989e4fcd594e505f1a2435896f67cb

  • /data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    84341e99860663d2ef7f3606616e83dd

    SHA1

    eb5eeed76af858608ae31397a38de9f456034d29

    SHA256

    da92865394abd75f3166bda5aafcf5e33c9528de31a2502feb463c28e8a3d4b3

    SHA512

    2ddfdfd5dc0c0f9697e7d22234c1f34648753c1ddb0c15bf204d3e0f207d9b8dcb49105c474653617122fef964c52a2ba8992d8fc0aff5ef0dde0108ac5b89b6

  • /data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    0cce0ed0e9a83087c8016d6da23ec949

    SHA1

    cb1caff120afa02fe0795f7cfd0acd4241d94f34

    SHA256

    259d3048d858b8ac08ce344d5c8a68386c15b0956413c88971f48e67967205cc

    SHA512

    b666a04965483348087af74febb4ff3886a76eba5f815153b195facb45528e56ad05718d9b1938b4a0421717cc5c7671204556b29fd5954a222a026912260f98

  • /data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    c508022b4c29896d202d274bd290ce6a

    SHA1

    639dce940c36105b6a40beba2ab64e38cb77a2d3

    SHA256

    17ba3430ac4bd09317b73f4f4b4062fcc35371f656b611ddeb01d51112a4cffe

    SHA512

    d9cdbb7c34f5005476e5f01690da4204b416ac91b77b50bd52184d6aa64d519d067109ef5db8b18f90972e86f4b5c5489eb9a7c2595b5e943d3beb1e3c363bf4

  • /data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    e4c29604df4b1940aa8e7e1a09ec22d3

    SHA1

    e1d1d2355bb62c8d8c8a5a25d3cff2ef647cdcd2

    SHA256

    6c0a767726634a0e742a0e390ba923e69c54c419e5b7829bc38043e6cede7780

    SHA512

    e0fb164c517c215536a104d2eeb622a1d547a1a3572caf1f9e9f9f4afaf6e8ba468392028a3d7367a9cdc9a015856de942a424590134c2c1ff4e6f7eb10d7328

  • /data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    98f8de34c6332620b28a0d0e32c493f8

    SHA1

    02158279ccfaa6c6b0f0f0beee6b6ba79283fd39

    SHA256

    d7276b0a4a6532aa66d4852731cf99b020aa291de411a436f4dfdd8dfe469eff

    SHA512

    8154af73d6b0d1de5c20c8d43abf9f3433946b474f84b3b8963dbf15e689c720d369b2100ebac7333fe7ae437dee276eae19e2894d353287ad5ce93ab8ce5328

  • /data/data/ir.ziba.pankeik/files/info.db

    Filesize

    5.7MB

    MD5

    e02b005ad5d95800e94497f93524d089

    SHA1

    0e2be71b6a5e96ac5429b8eb0fa6af354ffd1011

    SHA256

    6e2730cc4e74f51ded0353619e9cb4343e997ad7b26d4144b62fec97f64ef000

    SHA512

    edd446b5fd6a951d47bac670eed2d68614a01254f9a0026ea57cb4c8e32bf8fa5c7ff2619cca4d663a7b862b69cafb64d1855ccd8a5fca323c37e3a0cef6bfae

  • /data/data/ir.ziba.pankeik/files/info.db

    Filesize

    1024B

    MD5

    4f4f0a964e38f5e6326ef848d4a80c99

    SHA1

    11eb5ab21ad35fccd28e33c021692b45988aa484

    SHA256

    ba3d6343f4105cd357a9edda1454e50cdceefd5ff539bec15b3643b43573070a

    SHA512

    e860820e45060779f47592ac8773481c69346ad47d6e2e07757270f8c01e7cfc5337962192ffbc3cd9e1418a6b97e5999c34966328f628d67866d961c8870b1c

  • /data/data/ir.ziba.pankeik/files/info.db-journal

    Filesize

    1KB

    MD5

    c723e1f164b9c204ecd0388da3ae75ca

    SHA1

    03899e70034c24e00201fba7c125fa8266b583de

    SHA256

    bd99cf6973a226e3b5543e3a963d556cb84a8ef3c57008f1a27b5cbb956c77a4

    SHA512

    82144c9987e4cffb15e18f0d38327ee9721b48906cf4fa1c6102dddb35e0071800605185b0985c087de231ae6619da13a284f6ba0512aa31adf4c4af5bcd962c

  • /data/data/ir.ziba.pankeik/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    8470ebbee919988b0ca4575e95ecf53f

    SHA1

    a5d509eae7373841f9ff4e8cc73624d5edffaeb9

    SHA256

    3b88f17861068213a7004ff383c11128bfe52004ac972574348c3c157c126a55

    SHA512

    51164163461516e0f6dde9094eb17dc6459f6523b11c6a49652f1a839e2a814f2ecbce7e3ae914d8e20722295e3eaa610add51f07ab7ea96fdd1ab9401ede5c5

  • /data/user/0/ir.ziba.pankeik/cache/1582435991586.jar

    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56