Malware Analysis Report

2025-01-19 06:34

Sample ID 231223-ww5tzacden
Target 641927a434192face33577742da11e6917014e02be9cf684930984d2e4481823
SHA256 641927a434192face33577742da11e6917014e02be9cf684930984d2e4481823
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

641927a434192face33577742da11e6917014e02be9cf684930984d2e4481823

Threat Level: Known bad

The file 641927a434192face33577742da11e6917014e02be9cf684930984d2e4481823 was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Requests cell location

Checks Android system properties for emulator presence.

Loads dropped Dex/Jar

Reads information about phone network operator.

Requests dangerous framework permissions

Acquires the wake lock

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 18:17

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 18:17

Reported

2023-12-23 18:22

Platform

android-x86-arm-20231215-en

Max time kernel

2548643s

Max time network

129s

Command Line

ir.ziba.pankeik

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Checks Android system properties for emulator presence.

Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.ziba.pankeik/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ziba.pankeik

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
FR 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
FR 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 sdk.cheshmak.me udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 almabala.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
BE 64.233.167.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.4:443 tcp
GB 142.250.178.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
GB 216.58.212.228:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 htejpbbmmogttv udp
US 1.1.1.1:53 kwtxshfrtkgxft udp
US 1.1.1.1:53 zzyxizqlupo udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/data/ir.ziba.pankeik/databases/db_default_job_manager-journal

MD5 f55e53cb4d4f53dfbd0a6d886d2d3b54
SHA1 f04557f4d5609821cd1223752ab7ca1923fc0ada
SHA256 0caa45a269856049d301a7cc5d1ee6acf519eea0f41f26dd2147f08ba6bc5022
SHA512 c326bca43bf4a545413bc8582d0512f17aacfaac018dc52a6b7fc81f6fe552c31f130f231851b9c294ab5cc5988e14c7b12567d788bfda2624283c272cc6d175

/data/data/ir.ziba.pankeik/databases/db_default_job_manager

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.ziba.pankeik/databases/db_default_job_manager-wal

MD5 3b7d8a70c184c853a6a2421422488a98
SHA1 e9f3d456d7f841bf76052779ab1f83634db3fa7d
SHA256 756fa1bc37f7ff00ddaa7217643e8f04e8da9624afcea743709bb16ebb29d1f5
SHA512 cbd74e1cec9e1597c506af2c75dd826d754e353e577399d79dc104b5c76670491426b167e75638650868acc51f8ae0945c82b522c58edab946147739e9b396e4

/data/data/ir.ziba.pankeik/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/34b61d36-5fbb-424a-a96e-c9617dd66060.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.ziba.pankeik/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/b3d316b9-3177-4b25-8951-e7fa83c1abc4.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.ziba.pankeik/no_backup/com.google.InstanceId.properties

MD5 8470ebbee919988b0ca4575e95ecf53f
SHA1 a5d509eae7373841f9ff4e8cc73624d5edffaeb9
SHA256 3b88f17861068213a7004ff383c11128bfe52004ac972574348c3c157c126a55
SHA512 51164163461516e0f6dde9094eb17dc6459f6523b11c6a49652f1a839e2a814f2ecbce7e3ae914d8e20722295e3eaa610add51f07ab7ea96fdd1ab9401ede5c5

/data/data/ir.ziba.pankeik/databases/cheshdb-journal

MD5 2ca10dfa35e61a34704d7afcb9702583
SHA1 9e80c00483bd07ff94252585a3913d8f9ad61d41
SHA256 d8627f5fec7af2d86f64ecca136585f729020c5e698f9b5a1f2c167fed50c485
SHA512 8bac31579cb9c070483b58f55ae6610752289fbb6d33f1d15b056b23d28427436c5dc34d318f52c2be51bc62bd55943731c903c7d733a36410bf3df1bfb6d7a0

/data/data/ir.ziba.pankeik/databases/cheshdb-wal

MD5 163a484fe43efafe77e47365087f973f
SHA1 cc645996609729825595256ebae6043f2343d4ff
SHA256 0e329da29360ab28ce026f34f07dae91a291beb46ee88475bc1939f85225feaa
SHA512 8a1c20545d498d02098eb02e3772b63c7b19a39f1dea519b81a22ab2bff6c5879f5ee87275295796091f842e9be00db2570fc8c97293df9952ea2fadd6eaafb9

/data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db-journal

MD5 84341e99860663d2ef7f3606616e83dd
SHA1 eb5eeed76af858608ae31397a38de9f456034d29
SHA256 da92865394abd75f3166bda5aafcf5e33c9528de31a2502feb463c28e8a3d4b3
SHA512 2ddfdfd5dc0c0f9697e7d22234c1f34648753c1ddb0c15bf204d3e0f207d9b8dcb49105c474653617122fef964c52a2ba8992d8fc0aff5ef0dde0108ac5b89b6

/data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db-wal

MD5 0cce0ed0e9a83087c8016d6da23ec949
SHA1 cb1caff120afa02fe0795f7cfd0acd4241d94f34
SHA256 259d3048d858b8ac08ce344d5c8a68386c15b0956413c88971f48e67967205cc
SHA512 b666a04965483348087af74febb4ff3886a76eba5f815153b195facb45528e56ad05718d9b1938b4a0421717cc5c7671204556b29fd5954a222a026912260f98

/data/data/ir.ziba.pankeik/databases/cheshdb-wal

MD5 2cf7018466b8d9568940114f20b35625
SHA1 345a9d362dcea32ccb0d886819bd97cb066a2381
SHA256 79e9d54d15a84ac8f01c21b53e6f06fe8391293a046611b13a5b049cab014bf2
SHA512 b483268dcb1b69a8512f9c9866f3db2541651aa85980e7394156392543ea703a2eeecd0e2981b6fd9731b5ed99f80907cf92c8dd7b701a472351a7d485e81117

/data/data/ir.ziba.pankeik/databases/cheshdb

MD5 c8be5fc72b34a1cda856c35ff24e48f5
SHA1 05d0059b179d258f94e9d6b21f45a457cecb1e0e
SHA256 ab0509ed47c46ba470646821b8a8c3e8a56c48b1f359521640832027c54332a7
SHA512 79db9af9314c18bd2535a47e1f197d3f013626d866a8240dee2b0a84119124d7b40750065ebee39d3f3169ec2ff38ac189e0c103ba806065cd90544790f3d536

/data/data/ir.ziba.pankeik/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/df680a25-9bdf-48f0-bd06-e24ad803719e.jobs

MD5 6106c4d71a226b0149dc27b97a5ad381
SHA1 7f903f010d172dbe166964e29763bc0497a7ab71
SHA256 217a2f5aed2b133497a2110ff81e82ebf61d7a69d8f17dee18309d179319a429
SHA512 ef5df534549cf0ad60b94b185775dee1629e1cda75929dffafa33ed290b0b165e09cf2e6c7236197000f182792a6bfac84fb5206ca35e6a1e7c6a16e7a767402

/data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db-wal

MD5 c508022b4c29896d202d274bd290ce6a
SHA1 639dce940c36105b6a40beba2ab64e38cb77a2d3
SHA256 17ba3430ac4bd09317b73f4f4b4062fcc35371f656b611ddeb01d51112a4cffe
SHA512 d9cdbb7c34f5005476e5f01690da4204b416ac91b77b50bd52184d6aa64d519d067109ef5db8b18f90972e86f4b5c5489eb9a7c2595b5e943d3beb1e3c363bf4

/data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db

MD5 6d8f55d1af46b4d9a605435ca03a4957
SHA1 ba1e4d2fb88b492fa4d40af52e28f141735a3d9c
SHA256 90d5350cb92cd4d6146577f7e1951b8126bdaf108cdd8231f630c0451d604c3f
SHA512 0266969c701bb7c505be71605ea04cd8a45f5bbf01c1d1b53359a98a9108d0bbb75371f53708b2eb2c466d63254f237509a6f1715b5b93e10e1c61f0348a8339

/data/data/ir.ziba.pankeik/databases/__pushe_base_lib_db-journal

MD5 db8ca85d2e3de367b735cfaf5e56b7ea
SHA1 558b5d78a5c13fa4cb9d5ee611e6d319cd3498fa
SHA256 a3c88c3881a8d1cfe7cb108ba2523a46b780922dae55feb91e4a51fc27d9dcb9
SHA512 299ae3cc56e7c8d7d7ea64f7c2a824809cdfcaba754ad8fc6bb44a7e42b38f37e7b034a36439ef7394c83f958f33f63c814959464fc2305c5f050ca890a62b0e

/data/data/ir.ziba.pankeik/databases/__pushe_base_lib_db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ir.ziba.pankeik/databases/__pushe_base_lib_db-wal

MD5 f65465e8f0ab54b00c1b9bcb75e66451
SHA1 c59fc554bdc972262f5451c68b900eb5313e5e5b
SHA256 3918ab1cb22a906dd88bbb0382901538801cd85f63802764aa65baf5b3bae766
SHA512 a33844bca4ccf172e986b1995bf899788722d951770965df6dbb8ac9ef2b7152c6de8d89dc14e027b71c15425f56da4a81bc7f72761b79e39a7d034f9aea9b6c

/data/data/ir.ziba.pankeik/files/info.db

MD5 e02b005ad5d95800e94497f93524d089
SHA1 0e2be71b6a5e96ac5429b8eb0fa6af354ffd1011
SHA256 6e2730cc4e74f51ded0353619e9cb4343e997ad7b26d4144b62fec97f64ef000
SHA512 edd446b5fd6a951d47bac670eed2d68614a01254f9a0026ea57cb4c8e32bf8fa5c7ff2619cca4d663a7b862b69cafb64d1855ccd8a5fca323c37e3a0cef6bfae

/data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db-wal

MD5 e4c29604df4b1940aa8e7e1a09ec22d3
SHA1 e1d1d2355bb62c8d8c8a5a25d3cff2ef647cdcd2
SHA256 6c0a767726634a0e742a0e390ba923e69c54c419e5b7829bc38043e6cede7780
SHA512 e0fb164c517c215536a104d2eeb622a1d547a1a3572caf1f9e9f9f4afaf6e8ba468392028a3d7367a9cdc9a015856de942a424590134c2c1ff4e6f7eb10d7328

/data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db

MD5 ea915a73eeffe242abec572d1425a3ae
SHA1 baa9ac964ac0a7d4095e169ff123ca4c81d4eca2
SHA256 2870f94faed9d51ce78b97ebf465c5b44237aaf6002b3a589c93b90c0b8c76e2
SHA512 43f1f452126f4fbc35c0ef58270bcf90dfc3a98db1bd022e6fe1901f618c4815ebc0d08cd776fabd3af6d31a3fc18750ce03537292418f5202243ee4da561a1b

/data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db-wal

MD5 98f8de34c6332620b28a0d0e32c493f8
SHA1 02158279ccfaa6c6b0f0f0beee6b6ba79283fd39
SHA256 d7276b0a4a6532aa66d4852731cf99b020aa291de411a436f4dfdd8dfe469eff
SHA512 8154af73d6b0d1de5c20c8d43abf9f3433946b474f84b3b8963dbf15e689c720d369b2100ebac7333fe7ae437dee276eae19e2894d353287ad5ce93ab8ce5328

/data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db

MD5 677bc556e973caa4800858363275bbca
SHA1 a5cd706f364e0b549e157a13177cb76de1db457a
SHA256 fb7772b58d050413f47f3b0d3177e8d7e6c09938d6983b5f343dd4a3e754cdbb
SHA512 14354c1416d02ca2d3b7561b2de823f6112203c228d5a8bb3e0ef78d9f48da56271d63e2fefa510ecc120159cb7b26723b989e4fcd594e505f1a2435896f67cb

/data/data/ir.ziba.pankeik/databases/cheshdb-wal

MD5 e4039d4ebd726dc8e2602a4d646f243c
SHA1 e24340a68627ef86c57d09d311378a07ac2f708c
SHA256 2c017f3e35f93c53fa7767c2126b2ad88fa591755984b723c32a624f1b98c748
SHA512 a957fcadb1ca91f0ab2e503dd800e223e4c97793eb31b039115f75243a0cfef728284d6bd21f50c257e786cc4ddc92866826a702623df73a4fddcb7364e08704

/data/data/ir.ziba.pankeik/databases/cheshdb

MD5 bd3d22bf7a39d8bfd1b22a4031671500
SHA1 ae4c133ae241cddafd9b71cedd5a2db7debd78a2
SHA256 dd656e9ffdf7cc06633b66b880faacfcaa7c5366999d9378145ecce7de6b3e45
SHA512 b63a4cb4e83cb8bc6a33f04ce86dd15cbdb7583d031c32d083d2ca28aeec11bf1b505b60a066bab7550fab24a1952ec56a0b27e6a2a408f6b81fcd814f2945f5

/data/data/ir.ziba.pankeik/databases/cheshdb-wal

MD5 3541d80f8476fd5ba6e89ead85733fc2
SHA1 c8d0c5cdd1e064676d00faaf3ba617c8f624cf20
SHA256 13ef3d44253db788aa308bbce51f7e03c353dadb32fd6ad561ba5bd693dbb799
SHA512 d2f7b579d9b94446ce65d2403b045db8b7f76aa1593db347e1b2c72fafd125c84885a1344052fb5231fcefc84673787f4de469a0eb18e240a8bb0eb5410c082e

/data/data/ir.ziba.pankeik/databases/cheshdb

MD5 47aa47eecd8e308af0a268a61d17acc4
SHA1 e890b2ba3e8c3b36f277baec8c532c6b2ca1982f
SHA256 67a9a09bb849654f6d3cf8b88c79267ce68819809a0895fe91d16fc77fdf7919
SHA512 5c748f72cddf64b6c85ce032dce22c6aaecc7a76723d9f2df4d20a5c832a1009ef1390a33cbbb715651df94947f0df194dd3381be00628669c5cd15264b42741

/data/data/ir.ziba.pankeik/files/info.db-journal

MD5 c723e1f164b9c204ecd0388da3ae75ca
SHA1 03899e70034c24e00201fba7c125fa8266b583de
SHA256 bd99cf6973a226e3b5543e3a963d556cb84a8ef3c57008f1a27b5cbb956c77a4
SHA512 82144c9987e4cffb15e18f0d38327ee9721b48906cf4fa1c6102dddb35e0071800605185b0985c087de231ae6619da13a284f6ba0512aa31adf4c4af5bcd962c

/data/data/ir.ziba.pankeik/files/info.db

MD5 4f4f0a964e38f5e6326ef848d4a80c99
SHA1 11eb5ab21ad35fccd28e33c021692b45988aa484
SHA256 ba3d6343f4105cd357a9edda1454e50cdceefd5ff539bec15b3643b43573070a
SHA512 e860820e45060779f47592ac8773481c69346ad47d6e2e07757270f8c01e7cfc5337962192ffbc3cd9e1418a6b97e5999c34966328f628d67866d961c8870b1c

/data/data/ir.ziba.pankeik/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.ziba.pankeik/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/ir.ziba.pankeik/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 18:17

Reported

2023-12-23 18:20

Platform

android-x64-20231215-en

Max time kernel

2548498s

Max time network

162s

Command Line

ir.ziba.pankeik

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.ziba.pankeik/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ziba.pankeik

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
FR 216.58.201.100:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.16.238:443 tcp
GB 172.217.169.66:443 tcp

Files

/data/data/ir.ziba.pankeik/databases/db_default_job_manager-journal

MD5 b8b7e7f6aaa656967255ea8e3e930ab6
SHA1 202241fe60d75ada2ad6dcb32889531e6cea02cd
SHA256 aaba8c314344a9e00b372da49fc47150bf43a5780b3d551c54ee365215a6b4fd
SHA512 874617e480a0e34baac3d3029a9071abe3c8b03a6720e03b5f9673a6fe22691922bb3020832b5bc08a1498e269b2395e037f9919e107a130682440ce99a39eff

/data/data/ir.ziba.pankeik/databases/db_default_job_manager

MD5 eda4e5f53129dca7344c7e3f3e6d9513
SHA1 ed01e856ac998b6c3de46ac8a2a155f09d6db185
SHA256 7c4bbb192102dd3dfc3d30cd5542d9a115cbc6c52369f1630eeb9e5ea81c8e5b
SHA512 cf733d69c95b4db67de951dbd2b4f3c9b31008dd0b7f8a1d42bb14820def6b34a5bfa178d1e8cee0dafdf64531751674e7f6398743e915ef469bb97662c063a1

/data/data/ir.ziba.pankeik/databases/db_default_job_manager-journal

MD5 963b939d266a0945f4c702c555a31d2f
SHA1 576f32fe0df108d357cf76543c982af8a57b5c90
SHA256 79a163276c7687fde9f299bae461900bbb0fe18ad28ef13fdfbaf998926da12a
SHA512 2a2537f0b5dcf11e03da79ecd2cb184fcf21fdcfe5f6c005cc4890b333aa29e94905af2d6f3eba4d4d215e6681478349e52bf793f095a7fb906608344e8f1625

/data/data/ir.ziba.pankeik/databases/db_default_job_manager-journal

MD5 bbf1e501718f10a883e0f84abf72a884
SHA1 145c1f366a45b438459e4f66e1da8a43c9ba4286
SHA256 45ba00f7f1a5b622b04a4fa18ebf03089dad4f65071720e6d0259d5dab330edc
SHA512 5da68908b878fb7c58ad7d917e19a36c1343dd668cd72a9a79db18468a77dc63cb5aba2ba07f3b33541d2919e62900f8de057cc1666b0be3f3e259d052a77ae9

/data/data/ir.ziba.pankeik/no_backup/com.google.InstanceId.properties

MD5 277a7e5fd7f7f98f85466c49b62fcc79
SHA1 f1c1b51536d8e080abba74ce04b82a99a7cc14c4
SHA256 4ac68271842b0422cf7f7f3f58fb3b424818340ae874a28a183d0bc14bd2d501
SHA512 acdc735f753dfb78bbac0b55990edcf53d48c7d0f806dc78e3e091cec2f2d3da2d08ec5f85cdcd2f0222d15f2aa0f41c787bc5c2bdd419bc7e5c0fe3d1def37f

/data/data/ir.ziba.pankeik/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/81adc0d3-7f37-4497-a68f-63cc951c408e.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.ziba.pankeik/databases/db_default_job_manager-journal

MD5 b259764a66c266c0de2a13639b90af3b
SHA1 bac724739c03cab95c224e9aec229d1676105e1e
SHA256 2f9759920d68170c878765320373f96c530b28a1204d6e657f5d65542d5e9089
SHA512 8b8b4f3463823c302d4701aca6204888646b4ef91586928d50df5aa666ca63bcad806c31e298655163fcee3487d6be81c3f69642ce1b22d66362102408875beb

/data/data/ir.ziba.pankeik/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f6f58864-cf9e-4484-a716-64f7114639c9.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.ziba.pankeik/databases/db_default_job_manager-journal

MD5 6ff19d6c2be6c6c0256afbc3b71986ba
SHA1 f782f36157b596c593bd55b5f8cebd66a90240f1
SHA256 af152786ab5ca3bb515227e9ac4c0a46550c6379923fa6b604fd9e125f497a11
SHA512 a064730ef2815b2f44b99d8b62615b5df33c57f8a8f2b9974d3ef96d7f3bbf823a5ba66ed48ddb2e2685fa965966b2ff0a0268ebf0a6efb3b91570f6ac3bb594

/data/data/ir.ziba.pankeik/databases/cheshdb-journal

MD5 65c803ab0aa98d608101bb9b692da91f
SHA1 a0cfc8b41fe4f638c7804d0a443f9eb90747ca22
SHA256 4e5733427bf9e9c55debc6de4de638df3d0936558fecf7e7e345874f444a0e70
SHA512 6cc65dea891d4119d128673d5d66808283261066c250dfeea28de07f105d9bb6520c75fbdddded1262e94b114f0c1f8a481620cfcea2206af421668bd6b88497

/data/data/ir.ziba.pankeik/databases/cheshdb

MD5 163b0e3f017becbc89b9d7f330b78f09
SHA1 1ef9cd8ac8655190468d0ccece0a4738634ab0f9
SHA256 cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36
SHA512 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

/data/data/ir.ziba.pankeik/databases/cheshdb-journal

MD5 5c103d78f32f9557cb2e570c2cca9457
SHA1 2ea446c1ee3406a5401636c8e4aeba95fff7d9c7
SHA256 d90999e6f26e2c3c3dff79b0346be282a84eaa2fcb46602073c7f3553350e23f
SHA512 808095aadd1d3c3f5364d3ca5ea75a5375849da29f5f1578401c27d51e09935f3276a46b37ad47f621e2ab9543c523940ca2f9701a8156c710a9514d6a718dce

/data/data/ir.ziba.pankeik/databases/db_default_job_manager-journal

MD5 f8f5b2be70eb8c7e211b5a25f54227d7
SHA1 1f03b7b5fd49eda70dc6ccdaad84d4e067243774
SHA256 c9748c4d03a176b58fce734ba3ff34cdc56bd2adc6e6aea8aedc7196347f57f3
SHA512 414ccbac0cfe162058acca3e37c894f7dd60c06a92d83a65c13aa8ef06b7f4afb17b0c6832f8ed8558418de09caafd62dd1ddf631e74592635843b07d72a2fb8

/data/data/ir.ziba.pankeik/databases/cheshdb-journal

MD5 69fe1f07dff96f1e944dfb99d2d8b428
SHA1 7c41db5939c4be2702821cc8263ae520e865c970
SHA256 f3582bc2e0229a25a9ef48995778dbee54166e22813b2fff2dfdf34387b42e6c
SHA512 73c6f61bbfa7fffc930ef9d3da06ad0e8a7bf2d1ba6720a236cfadac7fdc5687705f51dc2bbdcba9482ee28a0ed733ce3136973597299ad47087b8bd7d7f9be0

/data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db-journal

MD5 e6dbe7ded939b901366b156fb45e1362
SHA1 fa22c45d43dff042cbe8e4c44a248abcf6164470
SHA256 b698455d21c550c6e3ffde76dd8caf571e7a44357d78c6c12d9b790e7928659b
SHA512 144b701095616d06b62bcc867acd1f00e915b2b264394ce4acdefc66b9c88db26833ccd0266c0ce0e5b1df57b05b12200c249000b56f123478d33da4e839f777

/data/data/ir.ziba.pankeik/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/8ba26e1a-55df-4865-ad9a-f17e07e99091.jobs

MD5 6595d0e4c03570ac4ffe89571715ea3c
SHA1 555490ab55155f12a239f9c43996b85b8b134214
SHA256 03e1c64ade3536e3f625ad4b7c057145f31b3120a94cddfd52c9a062d52f4138
SHA512 95be8e98c41650a33f22bcd9a4ac3c0503209265289bc50aa5d9b90f567f3d7e0c1a002fcc04eaa7c47e7b0518864d11ab87ad4ac21ec1b15c1bf8fe4f95d5fa

/data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db

MD5 4234b2d0093a0af00700f645e623f18a
SHA1 7e361dd722445c48414e2d324c598618440be5bd
SHA256 a691d2e9f44ac9166a92364c06fe01a4a341ef504af59653ea8fb0fb5ff19879
SHA512 536d70ff33f14bed8f75eb28ad7dac78300af6c732ebb359d5263b6de5a6e39af2d75b95a89a17b4dd667e4780430d3f09636a7ba7ae135be377ccec7f1694e8

/data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db

MD5 9ef585326638adad0a02b93a241f2179
SHA1 f4303992a9cdcf5ab78177b7c0fea4e664f6ffab
SHA256 a84f2b911df14933feee7942d4f9c6c6694d0f8615b4aa4f83a1480be89007f1
SHA512 2cb5de97127001598a581a6296a350aa715e68cfe4d4e049afec22b69ac05330e7fc88dcda72ffb4f06e1d8c35d1c865cf5ef703a901dbf7991dbd3113e10d3d

/data/data/ir.ziba.pankeik/databases/__pushe_base_lib_db-journal

MD5 c448a06a9751ec012d886e597f35c565
SHA1 0b9ccea0e70cc1ff84eccb63416b6ee236c73035
SHA256 12c652d4021c8f4ba2e5530f9e596946895263ae7d5e25f47553e50794c2669f
SHA512 297fc822fe3482d67b042c00db50d0184fc05602afe11a41e228ed273c87bf3c5e82088e2c8c28c9bdfdb9351fc34f60775160132e006b404e7f28e4916a96c7

/data/data/ir.ziba.pankeik/databases/__pushe_base_lib_db

MD5 abe9fa56c177c65db8c072e6d81fc41c
SHA1 abe9e9bb6f7294324f549af4435f58578ae69f2f
SHA256 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a
SHA512 bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a

/data/data/ir.ziba.pankeik/databases/__pushe_base_lib_db-journal

MD5 3d8e61478e7cb612215aca56cfe63de5
SHA1 c17d26eea683053816fb341a330bd19a1cee6c8c
SHA256 94dcc88d3c5f818d627b8a85c6bde28ff9b0bb48fe9092fe5c64961334fde06a
SHA512 3522194ea21aa72f1dc51647330921cf6bd6cd77592e9ee9b51b116df869aaa419a896c119d5997e52220246e36df827e6f33e6d2fa47db1510bac47c0122943

/data/data/ir.ziba.pankeik/databases/__pushe_base_lib_db-journal

MD5 8b5d23473b7aa3ad132d1421f7f65f73
SHA1 b0bd61f291896cf4020fa6507d879f8f27f6177b
SHA256 104e3d39aeaf11c7def5f306b538beda49f480261859c2855d1bc0c479db22e7
SHA512 2e3d6659b93d7ba941ebebbd93b52e65db464114f4894101edd6e548563e80e52e17aca01d33fa5761a12997bdcfe29859e3661e3be2a358c0876128d1af3b8d

/data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db

MD5 2849d1268835afe0ff4e115d583f84e8
SHA1 09568c09a2d312bdcd7e6b47b2784f5a905b2e70
SHA256 78a22aa4653caf062b3cfa6a7c2a245172ce28ccec9f9fe888a5c7306a3dbf4f
SHA512 dbb0fc4497649112049c3a5f8573686d1050498fe9ec62809ae86d3625eff53e456c8b973f0166b0c78cd7d2b6bf26b093b78bb1705af89dd82b851ba7de62f2

/data/data/ir.ziba.pankeik/files/info.db

MD5 d558deba7e272863a1d7eb446026866e
SHA1 68e4a073d09bf453f44a0dc3d14dfd43b0d4a8d6
SHA256 765a4ec48748f1247f1806f31d2ed1f75f5c4b46dc1f10ab3ddb5e2a365067ea
SHA512 de02777849e150157692e14b5bf570796328415dd93a73be5b6178dfeb355e3d98adcdc51ffc91ac33d428c67d89a40fe12a1ba2eebbbe9afbbcb98941d08b3d

/data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db

MD5 4f99f6780d89e9ba2dd31a0ac56beca8
SHA1 6c0f437257a0b3757e92938fbe90d5ccaba2419f
SHA256 4ead79d4ed4c5e637e714abbdaa2845b1753bb0115b11de0b758d06bcbf47434
SHA512 9090d5c63341e9b00f71cacdbbe6c80e7b5d9cfd5ed6a5465492f2e5d47841e051d013365a6f652f4b267cdb088b06cfe6494db20e47dd954d987d6869a1d674

/data/data/ir.ziba.pankeik/databases/google_app_measurement_local.db

MD5 16d25bafaad6d158417c16a475df3342
SHA1 19f5f3ca61d8e6187df7e380d2101d29617b6096
SHA256 fdf55fb5d0d0c487f44f35136c21584ba466445659653dccbf647d68b789d051
SHA512 f197c7ab1d5fbe0baa123a69dc07daa3b1f5e083993745fa190547601ef4109853f6476efc9ce00cb6d5ee60f1a204157be5081cd312b93caef3dc97574fbadd

/data/data/ir.ziba.pankeik/databases/__pushe_base_lib_db-journal

MD5 95e4d19407576157329c53f9f02cbcca
SHA1 ab0286af48e7873079014a607420b760ff51e173
SHA256 e8a9e937f2044e9e3f6ed7030b8d6b4a20e3e6dca99958bd3e940c8510da15f4
SHA512 0ce443898f98f675d9813ad6ba473dde62d5efce4eda6cdfde958b9b34e07161c40e4eb9661ce51c1da844eed5a886fb6e2db544f91a15eeffa202ac6da8096c

/data/data/ir.ziba.pankeik/databases/evernote_jobs.db-journal

MD5 79f8152cbaf3bc229a29a2337446fb01
SHA1 eddaab8ecdd1f6777f7a4b065da66795c4ad68b0
SHA256 40e5151a399fd6ecf0eea0fabc0be6a60b36fc48bf5dc1b02755e6eb488b1f40
SHA512 92fb4f95aad5ba54b07ebc298180ae99155b2310e22107180cf2823c5bb8058894bdd0b5ddbad318b8d53a4077f8b27f77ca81f0055f9673a7f0eb3a1c3b2c13

/data/data/ir.ziba.pankeik/databases/evernote_jobs.db

MD5 12627a2ec645c4a4bc50dba5903afd59
SHA1 504005c938517e61bcf68b65a055c2faba635c2e
SHA256 f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903
SHA512 7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd

/data/data/ir.ziba.pankeik/databases/evernote_jobs.db-journal

MD5 d3ddf8ad35f3fef8c9013a2cab2dc59c
SHA1 c4919dbb18c9a18f83e1995e2857ab2fb60c840f
SHA256 ef82e60331417cb918fa212b57ca63b5f985554a1ed878c1670057878584ef9c
SHA512 4bb2ad1bff964b01f22a781e7464d402b06618fe2a8e0254dcdad981dc7cfdb2704718f93cecfe986a1479aaca8728c0329970ba39d7ffa7c6010cec6f8995d8

/data/data/ir.ziba.pankeik/databases/evernote_jobs.db-journal

MD5 515e338f0624672aa1d070cdfe2d25c8
SHA1 95c8e31bc410a476baa8d381fad91a0c1c29cfb5
SHA256 c02b261d8f81aa9e7f399f799700d382766e1522eeafc1626763b26e39a29361
SHA512 743ee7210e69c0f06de524041f3ab8a978fffb07cef25698b0b81b748b7d45729f77d9af710b6512d358739f47feec24b44c64d2e9b567ce0f48956f217bb1d8

/data/data/ir.ziba.pankeik/databases/evernote_jobs.db-journal

MD5 40013f722cf08c934419f83576cf9ebc
SHA1 df60d5b814926a816263fbfec863bb3deb10e7aa
SHA256 b3c4c86365c839047048c20c8ce6bcbf204ca84f9e20227a2675d85fe8ffaa32
SHA512 3a886486fea594b17665543399548c14cfc5be1a89d5106a89fd896faac97876094e95f73e9696d1040ef519061fe85d90751ef6cb0b0512c30dc2ec7ff5397c

/data/data/ir.ziba.pankeik/databases/evernote_jobs.db-journal

MD5 9bceac57095c1d30f7b38998e5982f57
SHA1 2b8ed6fbe6456ace7450a2a3b255cc65485ab6d0
SHA256 9db00395902e426a184cffd9de6fca516c09e516049289fd04d58d55ee374143
SHA512 9aa46cc9f0f2ede34a352f9085e6ea5cca43a06ef9f1e288f2ac6e1992d86ca7200ffa4dce97fb0391c3965277eede349c745cb0f2673c7dc976ad6ed529a04c

/data/data/ir.ziba.pankeik/databases/evernote_jobs.db-journal

MD5 aa4987c8c13a7c79ef5b4ec02170b220
SHA1 1b6c133b10da7b9a524ccbf0810266178c1f945d
SHA256 e4782201c40b15caa197cf93fe1e01055a6af1d02917c0e9a0afb21ca356b875
SHA512 899d12a289012928bf41144513037f8f8663cf563978127818a5c6adde88aed11a2a1dfd210692fa7c29ab45fb0570b62861c4978c7cdfa65f9136044679e405

/data/data/ir.ziba.pankeik/databases/cheshdb-journal

MD5 2a53afe0e80f7a4011ee34096c3d0b42
SHA1 99011e0bf945ed0c8c59e32ef69a417adabcf524
SHA256 0b106f9adb29c8614997e195ff048b68dc69d36d4cfcc19feb9382174bf0411f
SHA512 27a00b12dae007fc78c8f822cc6acd314e38a3c13a61573abe3c0e9fe999e2c8dc50fa73b4a27a2ee4d5b0d8332ee95183c6a6021a3d3bc6b36a962b723ce849

/data/data/ir.ziba.pankeik/databases/cheshdb

MD5 12711729a8084d21010a51ac09be6fbb
SHA1 d9ea1ff61b19fc62b2fb6f1ccce65477d838f027
SHA256 1b10d60038cf3971ca5310ab16e7f63b56866522b37ff27e641a2d46595a979d
SHA512 259209e664e46c090d72e3323a3fc736ffaeba7199f2267acad4e778ec3ad7f12fdcf2b80032faa5d42e8205f6150bedc2b0e109ab5524f1b04a1678eed0e85b

/data/data/ir.ziba.pankeik/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.ziba.pankeik/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/ir.ziba.pankeik/databases/__pushe_base_lib_db-journal

MD5 018eed0ff4eac8ed1681f2230bf2bd31
SHA1 f1cae56a4b8b9fb635bef19bffc9c951d089484c
SHA256 882f437c69222683115309d13357f76f9421c740657f6f690f94808dfce21227
SHA512 9928d01d6b07d1fd581588886fab3cfb51c82914847cdf1d04fc81241f50dbefbf5860027ead6b77422a4506daf084aec1f9990539a078d03956bf8fa33e2bc0

/data/data/ir.ziba.pankeik/databases/__pushe_base_lib_db-journal

MD5 fa44bc1a9f1416ae6420ce6c97cb325f
SHA1 ed2b1220ed1d9e35320e871a184ce51d85791c43
SHA256 6b8df87b2e1abe3d677faba5b6a08caa2a6abf7add2c7be1cf9277bc6854551b
SHA512 6231010dec5a689a5fe90ddbc98301adfe5bc343ddee0572c0c3fc8f85ede7ead7720b305111422ccc903d7d6d03c9b72936ff8d063d1031fdf6b4813506611e

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 18:17

Reported

2023-12-23 18:20

Platform

android-x64-arm64-20231215-en

Max time kernel

2548576s

Max time network

150s

Command Line

ir.ziba.pankeik

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.ziba.pankeik/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ziba.pankeik

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 udp
GB 172.217.169.14:443 tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
BE 108.177.15.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/user/0/ir.ziba.pankeik/databases/db_default_job_manager-journal

MD5 aa9b12d638c9a04209c64f5a14dd289b
SHA1 aacf8d4f4a09f450dc4562edae6e327ce13ba0cb
SHA256 edbdf5afd68c586aa05be1cd51a13aa9cecc52ab797097e44bf3021c19b2b58a
SHA512 75bb3685e565055dae9e7c9ea728a199445a9204823f0f9ea3e9c6c91c7774c9ed6cab52fe4bb2abc78ef923328fabd83584174d8b427f764caa1c0ffc657db4

/data/user/0/ir.ziba.pankeik/databases/db_default_job_manager

MD5 04e6a5b7244b8701dbdbad0d53187662
SHA1 b7e3c666423f87c601966a454a9558c1cf209ca4
SHA256 a734dd2c471cd8f4a8fe4ccd07bc792b0b8185072cba46b3e4396637facd4723
SHA512 eb14b0199b40bbe48081fb89f0fa36812e63772d12c4a95fcfb0480483237875ac12bf21789b1bdb1e3e0c3d7f801d61a6e0875e86c8ff7416a529cdaeb95c9c

/data/user/0/ir.ziba.pankeik/databases/db_default_job_manager-journal

MD5 748e2fd9fe13eed4c24b4ab96b2382a4
SHA1 1e976de69b446a3c170077a1baf6a877ddfc9ef0
SHA256 22ba815891b5ed9b3cb9d08782f94430194874aed85e4d2a580aa07181188fe8
SHA512 d41a3f5e2c20880911bf71ab259827781beb7ee5524b0b5d631b40e55f9f21ff1fc0844b6478b4e42cefdd044fbe7e570389e178a945574a09176caca8f1d468

/data/user/0/ir.ziba.pankeik/databases/db_default_job_manager-journal

MD5 2927a94e4e22272888081d7975fd13fd
SHA1 ca342766a228dfe1a453537591b23aaf47078495
SHA256 8dfa4ae5fe7fca81d8a78d8525c055a21e43e2847d6ad567130fbff9d022092d
SHA512 566a531847b6eb1aca12fc825361b1f49f3f953a5ca27644c88552c22ec48c41c6f3f752e6d85aa469af55728068e14d3d98c14c9e62275bedcc318356fd3896

/data/user/0/ir.ziba.pankeik/no_backup/com.google.InstanceId.properties

MD5 310ba9eb0f3f27d30ae54ad38462118a
SHA1 690bec2c84e77b6021ad4a4a7e8ca03ff2157616
SHA256 5d2da9f94d916bccb320ca18ebedc52d497ac89462daf97010c58476bda0d20a
SHA512 dfb13a0a2130074a0390239c7b0a375ca8e3dd2d179cbe6258457170cbe40c444cc1e2da1f6b3cbfb4aadab7f572e09431ad107ed9c236f05c00a6e938ae5361

/data/user/0/ir.ziba.pankeik/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/7ea12f36-ab41-43d4-a9c4-35a846509482.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/user/0/ir.ziba.pankeik/databases/db_default_job_manager-journal

MD5 d1a7899252079f281ca4fdd06de7eb6d
SHA1 f406946d301c30e0c06e5099d597c7ba9fcf546d
SHA256 67a4e02029cd86020f60716bf393570bf06ea71847b28b9ca8c812bce217a760
SHA512 12c836d0a14667f7f5a7ca913790805e58f269aac83f6322a5dfe089f42bdecc65d9a7ea101eb3afbc356f4cafa0c040441c8cab5a84e35c0edc54001afa4015

/data/user/0/ir.ziba.pankeik/databases/google_app_measurement_local.db-journal

MD5 90659ce0e6aeebc155c46d7ba3a53fba
SHA1 717b29504b47b4fe1159e44b321b2eadaa755cf3
SHA256 b788b2379d5b7c591b905d51b5840bc7f6d0cd37c061916f720b34086b63d4b0
SHA512 57c11af905da5553fd04322b451a6e5a80117f573c00e2c689df225b246573a74e0ec8d25db3bb735d3aa1e48017df6b402558352cd91d1d89d872e834cf4121

/data/user/0/ir.ziba.pankeik/databases/google_app_measurement_local.db

MD5 2e8d2b7e3b1a8758ee427d301314b7ef
SHA1 32bcf7c03fd4934e1224feaf2114df2ae56d0551
SHA256 67b1e827a498e60301f0b57d15e0e342027c49266e8be14c7441dc7f774c299d
SHA512 2a7acd5dff858b159ad5ddd05f8392dda9a0d2185dd5b2b4b20ab660d8946bd3686cdaaaeff7317d717a23a2da1d86e5e42e0221e20e55cc020a2d9a16b0869f

/data/user/0/ir.ziba.pankeik/databases/google_app_measurement_local.db-journal

MD5 c531933b91d3b39fe8700d25973075ba
SHA1 bd494e4bf37d507ac159c7fc0c864f9be5a50fa7
SHA256 a40286e751094cc564dcfac8baa5d6312943b0299185b94e53d34ac55af9bba6
SHA512 68c5d0c29245a95dd8c882120862f70d4b672325579985b8d749e862417e7ea94bb1e0da925bdd77e1891c302619dc581cbed088d0788c6015a38954564c7cf2

/data/user/0/ir.ziba.pankeik/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/4f8a0ece-8dc7-40c0-b9fc-67100682a027.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/user/0/ir.ziba.pankeik/databases/db_default_job_manager-journal

MD5 590949e623b80612606ab3c26f5da880
SHA1 e4c8cb540b7d751585487f4112adf88630c5fc6c
SHA256 4d8a54a6a4f41d698f4cb05e39c9c3f36cd9dfed315c25d48d36fb90f98f0a92
SHA512 975345c22f34857919ad20f182cd1f2c7469bbc57548252aa0a9ea698d8eeb35887010c97c2d40cc69fa1261881f458afbf773086cf36daa9e4323e18c7f7798

/data/user/0/ir.ziba.pankeik/databases/google_app_measurement_local.db-journal

MD5 10380bdfd9b59a243b938d00173d1aff
SHA1 8803a254c55eda274720566526d96e3c601b7519
SHA256 03c8775c87c210a8ee756b3b1fdd80c25ffbaf6f0679118d2ed6ae07692feec2
SHA512 1f81e939d6b1a92b1e0a056525be6a08a42fa226bd7965132bc104301aaa0aafb0c7aabebeeb7d9861db1a5173730a385504e7cd96556d33a420f5f105934ef7

/data/user/0/ir.ziba.pankeik/databases/cheshdb-journal

MD5 9f4a5e78b8942bf44378ad6116ff52fd
SHA1 f5cda1a47d5a943540f5bb098b29d2a0b58e294b
SHA256 424f5881c4809272d06c83877f8af550f650347a378b6f98c0b65ffd80d5eabe
SHA512 0e0218af8f9342198b0701c36214eb0629c3f7a8550c345511e0f23680a61bedc94a276ef8507ec4f0a53d1856c8814ecf90f53e0d6eca78dcdf588c80cfa5f3

/data/user/0/ir.ziba.pankeik/databases/cheshdb

MD5 0660d3ef5f0245096a9fa0f61d6a8666
SHA1 282222362a5a05e3153b7f6b49ef35c667b19542
SHA256 1091580378b83e0ab3222d05659ab9aef1d2c65d766d5e04735b628d7a760ba2
SHA512 18bbe88051278314b76611bd68156ce60a9c3af3818d39991fa58d28bd9bcb8476eb00ef52ad8ae7d16c1d7ffcd9f2e8a858e2fd806ae59b5d85a8c3a9ca12a7

/data/user/0/ir.ziba.pankeik/databases/cheshdb-journal

MD5 25b5c41500a121712dca4d24a8bd8d83
SHA1 06a75d3ab29def39795efa3eb42875afb7c82c58
SHA256 dfdd09da95c16a484f623c9024a0fff8182b37ef92816c590a8e1c1c03859984
SHA512 f3564a37c7d76b3644d2831e73ea8f47514f50bffc9c63f822f1a1a19c99ef38afc3de9475e5ab2c1d1227da6b6cde214ab6cc4d1849eef8ce13f95ef8006025

/data/user/0/ir.ziba.pankeik/databases/google_app_measurement_local.db-journal

MD5 165940335b4460c53a19291a96276dc2
SHA1 fa83d69f25dc58d553c1d127b37861fa8f70e706
SHA256 e6cf463cdd36051190b523d806b5b8236465bbe6dd223ebc03d902e7b247bff5
SHA512 2d6dba4e4237006f0bfaa38fed3183b69f8014378871bd80a4da9aafa350f51676d89b81acceeb07173f4e6990b7f084d438df5c580cae82bb395b2c98973ef9

/data/user/0/ir.ziba.pankeik/databases/cheshdb-journal

MD5 44f5f8702bb5c6783c97a83769bbcd6f
SHA1 ea75b144691f3d6498b66ae03d13d2b988193349
SHA256 90ff5220c213db8a00ea6c946392a0da05e0077f82a3b525c0a8e8a2e9b969a3
SHA512 90fa0125e8aed84d5d5f495f893c1bf770cbac955a3462d0e1273b748b28ae6ee6a96862f28c5be8434c3fcf7d0c18094a21ae21921fbd6e6208309a889c4d6b

/data/user/0/ir.ziba.pankeik/databases/db_default_job_manager-journal

MD5 2368a17bc983b5c5284992b9166c89a3
SHA1 eb0cf13e704deb802755f5e4c1515e808644c18b
SHA256 af09635a356eacc202bb967b91b86a8552ca75dd4b488b148bb08eefb0fa1baa
SHA512 6b8cac2bc6f48304d959c14183c10e88116b4271f9eefd3954e9608908b84d4411110bba8ea811f8d5511bc49ab6c3217618da1dc15a6107d04f608af804eba2

/data/user/0/ir.ziba.pankeik/databases/cheshdb-journal

MD5 80ef86b97e2c12900be2139e437fef05
SHA1 0274c69592e0f8efe44771086c22bab9618c4f69
SHA256 8269f360b667ba8f148aca5d450d261acf80fc0edbe0f227bbd5dd912ceb49b6
SHA512 ef2472590cd22d857aa22796e4798cc98cdcfb6f6750c9c6cf825dc414fe218dab2bc3a0503be21c3155e155cfdac73fc4497dce362e84e2e1842b115d149914

/data/user/0/ir.ziba.pankeik/databases/google_app_measurement_local.db-journal

MD5 ac6b3eda3aaf9f9b3ec8f92d119130c0
SHA1 823d30b0f85b168e4751f208c2e4b789bafc963b
SHA256 a230aa3a993814e846c6792c9415ccdd58a1e77ddb8c75c8b731fe5bcf737b88
SHA512 7309d3317c68c698d8ff970b0a25150694bc1a6058a93ae122559e5998c3d2b08fd6bd1aae9de7c5af25357a4064b53209a3e954af09e909e83330a6e21e5c9f

/data/user/0/ir.ziba.pankeik/databases/google_app_measurement_local.db

MD5 d9abcc1a64fbafde24b5d0c395b7f62d
SHA1 c344c27f848dfd442ec4e9ab37626a0a869e6f23
SHA256 805160b37565eb7b036b822bcfd4d49218b757ad4270ae56b4aa1940b830ffca
SHA512 40963d2ca7c7162bc72f88f58d47e0cdf8a0b1eba569f1c9b4401b9f63154ad0f9b55e3a4d39b334e69cf1ad3587326e3d8562e7c83b9f83a7ca2d6b88b27f06

/data/user/0/ir.ziba.pankeik/databases/__pushe_base_lib_db-journal

MD5 70b7d6ce068a22d9bd31c80801c03724
SHA1 3cecbef6347391162edde48cfe23bfe811e43376
SHA256 40892cbf4bb53ad2d565acd922b06e5fc5308872e5965091031736d55ab4b952
SHA512 a61e57ffbec680309633997d3016e58c0e44fea16248ac23d1b2060468c8a53bebb70ec8eb74b869e346f6891bc380c814b745981814670bb2f3279eaa6fc0a6

/data/user/0/ir.ziba.pankeik/databases/__pushe_base_lib_db

MD5 3cd9e0f51794ba56c6b658620c4a776e
SHA1 1a4c8b4baebf348297d3ffad7dc164208c50243d
SHA256 501b7371cfad19d926f53de991d54259fa0674618efcf344ccb0f2787d9a21b7
SHA512 36191d3e6b6a1cc90a5bb8cb49eb4269a563fad34c1f523ebb3eecdc98b4783e067296beee01959b46188621c2ba5732ead240c70daecc52fb3bf577e6e4d6fd

/data/user/0/ir.ziba.pankeik/databases/__pushe_base_lib_db-journal

MD5 056c6ba0095654f5912db9f0351e98bc
SHA1 7accccdaf4757a7386c0529965760bb8fa432b38
SHA256 72da1e68660ff1a4b0744012b647fc57e8408ddba31f32ddc4148ece6e7b2842
SHA512 08d7d6c062afc8f9e730fd9c93acabd6c65865125a141f55556421e9ef034f60feb5cf1175e3adecfa7186d3c560afc9881215e445cf2ee76f20ee5bf9ada7b4

/data/user/0/ir.ziba.pankeik/databases/__pushe_base_lib_db-journal

MD5 a318fe70ad17895a70e5d504bd1e090e
SHA1 893f82a945b0edf01464aa83ca512762f53ac0f1
SHA256 22e3b8e22392c65e697dfeb5c92ba9e5db41fa863a4e45ad7b564cba614ab256
SHA512 3917be53053a52efa787655aa59ff11cf76f8eb0cadff736b80d39e8b188947b94ac423147a7d4a903791b8baaef11fe617a24eb10bdd12094fe78ca67a448ac

/data/user/0/ir.ziba.pankeik/files/info.db

MD5 d558deba7e272863a1d7eb446026866e
SHA1 68e4a073d09bf453f44a0dc3d14dfd43b0d4a8d6
SHA256 765a4ec48748f1247f1806f31d2ed1f75f5c4b46dc1f10ab3ddb5e2a365067ea
SHA512 de02777849e150157692e14b5bf570796328415dd93a73be5b6178dfeb355e3d98adcdc51ffc91ac33d428c67d89a40fe12a1ba2eebbbe9afbbcb98941d08b3d

/data/user/0/ir.ziba.pankeik/databases/google_app_measurement_local.db

MD5 8b8bc89a31ca1faea6978894523ed5cb
SHA1 f50aa0ba969d3105320d56674645d184a1ea4ed8
SHA256 a88761750de6db2c4de1c98d1429ed0a127f815763e2a40194102fe79fd5d6b1
SHA512 32389ed26a712d3560109b7890f211faaed7f0c710d684ce6fbd23155ed286ff378e236e5cf7f61902fef6b4e752f7dd610f731bf391ebbbbbc0656c5eefe1b3

/data/user/0/ir.ziba.pankeik/databases/evernote_jobs.db-journal

MD5 e700a99793aa335e969a36d65b6036d3
SHA1 329ed711c58ab378a287751f0065e9ed1fd8d2d9
SHA256 ced24ed4ac312d9e553cd451ba0750fc87a3cc3043295b2d453753f298170542
SHA512 b38103136adaad8f9deb0da80eb50cf80a6c0d34e655f9431c17baf214a9887a31187c7b7066d495f5fa05c5ab0d5f3fd198446a455d426c9fe17d09ec43405f

/data/user/0/ir.ziba.pankeik/databases/evernote_jobs.db-journal

MD5 ac0abac3da4762ea0ebbdb067586de2f
SHA1 de44fe11f258ed31e2d2aabb8a20f2f164885b4c
SHA256 6b112dc821abf17f265c35bd877dc89f7bdf0892e2d5c223444d6c6a2f33ae1e
SHA512 d622a50d64e287dd3b6ca8654df0b0fe6c40049c127ae942870f07157d78cec2b054cf88ea96737b7dc14de749dd1b3254817eb5fd16a55cbf258f387697e487

/data/user/0/ir.ziba.pankeik/databases/cheshdb-journal

MD5 8fda11da41309f0a5e41c302df212eda
SHA1 94b0c1385da51364b3acd85b051a64f8685004c2
SHA256 b5e12afe35e25c35618c1a98ccbd473f5fe8f2c118dd5a6b51d44aad9d21e872
SHA512 25412463fb7503d3bc0ee62b3a5ed9e3f6fc6c135285d78fb855d75242193bf8e6b4a70f3279503a3b2dc1832a06efd97565b6832aec51cd7d5b714d7e038f8a

/data/user/0/ir.ziba.pankeik/databases/cheshdb

MD5 53170b035463428f46dc9bf3c573cff2
SHA1 3f3e36c6fd1a657ce2956af3cd5e1829887b4e63
SHA256 3d8459e64e9ff67d4113769e7df2bbf19abde06cece13ed7ba845d3c34e73968
SHA512 77a241a6a0a33a2eeb9942f1d98a2c0d058a139fbd3ee2d1ffc7aa27555654b022ef63e25d24ab7b7020f2cdf23526842103f25039363dc07a986023c68af6c5

/data/user/0/ir.ziba.pankeik/databases/cheshdb

MD5 8e5a009945cceb6376f21ca9b6f2804f
SHA1 69325788581216ef55b2ebe0cc93e8fd626b99c9
SHA256 0f004072cd000f4a1b50b5a470297f2b3aff33162e8f62b11eba6700a15908d5
SHA512 7c0c7e4f0da57deebb856f85ac42211f97a756a2df543ceceea3170ee28fab8744a289935771969108617f43e7beff6d6ee4b3d6a16f3efb9de6944d2c9e73b7

/data/user/0/ir.ziba.pankeik/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.ziba.pankeik/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/ir.ziba.pankeik/databases/__pushe_base_lib_db-journal

MD5 a02a4788b8a9fcb8b90e8725e26827ae
SHA1 81bff4c85110e17897ce6b82cedb938aa75c54b5
SHA256 79e182a4fb36e56e60486099d83e4d5d118ec739b093a2ebb9b65ffb39af7c2f
SHA512 54af2e62e26562120995874f898e1401fe69717ec2845263f8121f03c5b46ededcd61bdd620b8a8cdd7b5e869e99f3ca7bd2532a641489d7344a11c8c2e93fc6

/data/user/0/ir.ziba.pankeik/databases/__pushe_base_lib_db-journal

MD5 2b187398b3c4d2841000326c2370d648
SHA1 9033b2fda60fc04c11e291dfa7c4a553898ce420
SHA256 e57067463785111355d4479c7598ca1f081913f27dc86485eaeeab8db0e0f3bc
SHA512 5dc60a6bb6c3e7b379665b41a330897e0f4919155f212f90b911f757a66645c06a0bc9b47fff7407c60b71216c9322d11ad74ece3e8c1c622f90554f5fc2d0ba

/data/user/0/ir.ziba.pankeik/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff