Analysis Overview
SHA256
8fd7c3d15717d332fbcfcc655afb89cfcaad2f1e09cbe3d726b1ec47c5278db5
Threat Level: Known bad
The file 8fd7c3d15717d332fbcfcc655afb89cfcaad2f1e09cbe3d726b1ec47c5278db5 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Requests cell location
Acquires the wake lock
Reads information about phone network operator.
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-23 20:54
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 20:54
Reported
2023-12-24 23:20
Platform
android-x64-arm64-20231215-en
Max time kernel
2652877s
Max time network
139s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.askar.cake
Network
| Country | Destination | Domain | Proto |
| FR | 216.58.204.74:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| BE | 66.102.1.188:5228 | tcp | |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |
Files
/data/user/0/ir.askar.cake/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/ir.askar.cake/databases/evernote_jobs.db-journal
| MD5 | b6737c7c4206751113c0372d5d328c25 |
| SHA1 | 8dbdeb279a92d912afddd0f97b82d0b90f559be6 |
| SHA256 | 99109df3979f5d186210666a0e47751b0cea620491aed69acd774b833d57939e |
| SHA512 | 57985fc94577dc71ef5a7057d25b82877ead9aefd71ec1854fadef7f21fa8116b0bd970467d66f0ba4ccd7f61273fe410e999787e774d812457b7a74da5f749f |
/data/user/0/ir.askar.cake/databases/evernote_jobs.db
| MD5 | 171aedf968e17a2744d2585715606cb9 |
| SHA1 | bbeddeb3b89fcf809619c35b4a318a80e7d5b029 |
| SHA256 | d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e |
| SHA512 | 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b |
/data/user/0/ir.askar.cake/databases/evernote_jobs.db-journal
| MD5 | 107092db72625ebf5e8d57accef3f8a8 |
| SHA1 | 6d09bedf454a6491c1215900ab68ed9dfa8caca0 |
| SHA256 | a39e5c173d7efcca09e2554388237a82437aa31478b0823e5162082ce667489a |
| SHA512 | bfd13556983b3c81cfeedda2f5229ea6a91640a5834d68361463099ca97c7f05a0582a9ba5b5173bab78aa633a55b828c6a8b15f9effc9d9c5e31e74e9b158ce |
/data/user/0/ir.askar.cake/databases/evernote_jobs.db-journal
| MD5 | ceee5ef58861eafae5fe2affb96c5b7b |
| SHA1 | 1d5c56171af4936a2f5e2e306821cf32270d9e74 |
| SHA256 | 3d427656871e5cd0d6f309b0aebda751ef3ebb00c175d56b269484e8cf937cdc |
| SHA512 | 2a87a7e3956cb2d3c37b41047090810524b78cc1941e7eefcbd6cd0b6cbc40141a676bc10179c737806580c310644a1b26d52f716ef284a7bd244ba79198680d |
/data/user/0/ir.askar.cake/databases/evernote_jobs.db-journal
| MD5 | 650ca50b0abdd617b7040bfa832c173f |
| SHA1 | a71efe25f42b78f82d696823c02bd651c3a45b69 |
| SHA256 | 8f84b72d2bda4a55405657efa7c1b2b489eaaf3f809b929b235594d94db7ec21 |
| SHA512 | 44d2ab7b0da034d02afdbd651d22e7c32d3f123e0afd4294419d41e2d12d279a0777feaf4a6d66ebac56e0c7453eb2af010d3a80e8b95df89b20bea4e1b14c75 |
/data/user/0/ir.askar.cake/databases/evernote_jobs.db
| MD5 | 5d26b6ab509d6c20280782f8ce2c707d |
| SHA1 | ef7bae00a8fd792c7721b2bc0fd2564afc1e935d |
| SHA256 | 4a9a2b7a57e04ba957c1ad8721a9ad3e382731cee18544acfe93ae0410fb118d |
| SHA512 | b2a68b44fe131cfb515144f148c56bd31ac80056de8d3141a727940f7c76248951d9e048e66d11f41222806460d05122346124641c26cf3f4cef8c77718db5d8 |
/data/user/0/ir.askar.cake/databases/__pushe_base_lib_db-journal
| MD5 | 73c224cb54ce96d87e72f4d9e54f91f6 |
| SHA1 | ba85800cc842ccc6d7183a350e0971dc0fa209f9 |
| SHA256 | e98bda941023d6d82df0ae000b51038eeaf818cac809a54d69f7c65cc9dbb12d |
| SHA512 | 12b8f9938432ddbdeb7a88949586351a735ea22177c40fbcceecc15784954fd0888eaa52251973af6e7444352a70f8fd8110dfb1edad444e6c7402ce9eef29da |
/data/user/0/ir.askar.cake/databases/__pushe_base_lib_db
| MD5 | f41f531c07d4141546a531ff9caffdcd |
| SHA1 | 9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5 |
| SHA256 | bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646 |
| SHA512 | e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4 |
/data/user/0/ir.askar.cake/databases/__pushe_base_lib_db-journal
| MD5 | 1298db8307bcfc5b985a38b2c45f6efc |
| SHA1 | e97cc9bd5c2c45e85afc85dbb033ccac55428dc8 |
| SHA256 | 5ee8a524a9a346f4a0452c44c1c5fce972bd9da73ffc241a0cd1e662b77452cf |
| SHA512 | 269384664df8598db59f8b77d22e35f8da332a48f73b9391159866665457b9c764cca3d08990955b768ebedc883269f6cd21f2c30b4e6f525226e351646cf13f |
/data/user/0/ir.askar.cake/databases/__pushe_base_lib_db-journal
| MD5 | 5a46046b1bdafd05b045e9b85510c242 |
| SHA1 | caba791b532a191651224b046cbdc097dabeb7a6 |
| SHA256 | 554b89f32d731d54c3b2e3166f0f94b48bf157dffad11a0f322ea81553c42f75 |
| SHA512 | 79f289fde0e4f1c84ed577139f72b29cc6bcb716168e95c6c9b5dcf3c42654defb893039af0316c163767d6262dfb1ef227a64e3a6724dba389c927e25420333 |
/data/user/0/ir.askar.cake/databases/evernote_jobs.db-journal
| MD5 | a134b4483fa522a9aac94cc3b2b9201c |
| SHA1 | a43ace91811f6a09992195e2380077bfb5c61b5c |
| SHA256 | 46ff98b67745a9107697dc7e9b5f65ff4aa839c61733ab01a417f30f0f667141 |
| SHA512 | 204a8e9bfa3ae0564af1a3e4bdd4453f423fa84395c047317b5b144bd7e3e2fede86e22c7ae75008a422005bcf41f8b7ebba2ce15f4f3bc3a024302a90583a2a |
/data/user/0/ir.askar.cake/databases/evernote_jobs.db
| MD5 | 3914b4eee44c78b7752610c6e2a43372 |
| SHA1 | 3c9de888200aa3a1ce0e3a722ead4bf0152fae1d |
| SHA256 | 3b3d8859ae5e75c163673bdf215e46c674d969948b18588439a4357f7f227d34 |
| SHA512 | c1776f1d907a20303253252a8f6a33e5072f34720e71577eb82a842cd1e028de94375c5e3bed2dc3b70a6c3047c169c2cd49ad61733d66b6b2b2a81905f1086d |
/data/user/0/ir.askar.cake/databases/evernote_jobs.db
| MD5 | 36db17a4818e374610dc15a4e6348094 |
| SHA1 | d3f6b961781651018f0d39a1d5e1842d5b3ff760 |
| SHA256 | e64472519cfeb9b0bebb5e4c6c3af311f60c7dc2990c59966bf7fa854f27b6b8 |
| SHA512 | 80986e4accd539dcf8212ea5ea66894d200408be05d8a7bf3a3d7d34375f117ef34bc835e696a8c8bc2ce773ce8972821854b8c142cde86b705376bd8af586aa |
/data/user/0/ir.askar.cake/databases/evernote_jobs.db
| MD5 | 659167c09facc11b0689004ea11520ac |
| SHA1 | f07a042a48979c0619d6c85849fe6856d183a268 |
| SHA256 | 31f3cf17106f6bfa3a61ab0d20ff3fa8207298d0d387d0b16b66f178929949e3 |
| SHA512 | 8f99602b641270b3b04965e21d0f455ef314c1aac9c9f7652df5b7caae4d45469868c068f593767d1b18e83b4b8a792b7357e78d4ff836f09e142f09158621e7 |
/data/user/0/ir.askar.cake/databases/__pushe_base_lib_db-journal
| MD5 | a769d6547c9a0df235d69d59c75c1973 |
| SHA1 | 4d870172cdca8b2f07f09ef6fe49a0426b3c6196 |
| SHA256 | 7b9169d5cbe993bdd46014ed99221d80b1542bfc56a632304ad25342d5b64b7f |
| SHA512 | 8b137b27b9c5de45ad2d1bfb455518c5d7cb7e32152b4e312c2afa50c70d50ad2a234bd6c642d119bb3bc38322c2b204697559413cf59615f425261172aa5d9d |
/data/user/0/ir.askar.cake/databases/__pushe_base_lib_db-journal
| MD5 | 3573f042ecc7445967ed47a59ade5782 |
| SHA1 | d7bca26f49fb92b2b305c3da646fe334dd2bef58 |
| SHA256 | a4d48bab2d1f452cd9dbbf50bc6bd31033ede348245d1751d1ca9f28ed66c71a |
| SHA512 | e1fce5b18fcd340e6de5c834ec738f5e87dda54ebc1295ff6a82dd172a2328493d674060d76d53ba5548ee396c3a5d702bbcfc398c4ffc1f40c2980a91f1b094 |
/data/user/0/ir.askar.cake/databases/__pushe_base_lib_db-journal
| MD5 | 03cccf9a163a0993fe27490708a99c0c |
| SHA1 | de1ad8bcc2cb1aa1f877e7f07cf4319874ef60fe |
| SHA256 | f4b1b64d07b20f04f260c9395e6ae1f591aa086271c92bc956b1770d9855370a |
| SHA512 | e37a8a0cb15fe76b8aa7e0c4b8c5d18dd72352af024ad0ff65c64e483fb9968a5763334c50fe84f4705eeca29028f93ff2f0f5c9a1cf131edcb157a92915aaed |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 20:54
Reported
2023-12-26 08:07
Platform
android-x86-arm-20231215-en
Max time kernel
2770923s
Max time network
157s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.askar.cake
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| US | 142.251.168.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ewucbgyzadcaxf | udp |
| US | 1.1.1.1:53 | khcpcozzsksdlye | udp |
| US | 1.1.1.1:53 | aazkipcvrcrucia | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
Files
/data/data/ir.askar.cake/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.askar.cake/databases/evernote_jobs.db-journal
| MD5 | 1e5f47c095954c0f11b22f501d91de32 |
| SHA1 | 04b4045ae0483d1ee1091128cb39128da6c507a6 |
| SHA256 | 302212123fbd03270b16965661d733020e0de84732b95f2b56138a8c3f61d1e6 |
| SHA512 | 1d9015cd689249e3a4f137170d0ef1bc42d23128c2361b992c0724a82cae1d6794b4b2031479db0dbef086b743cfc1b18323b72a700ed2cf934a8bff9c70773a |
/data/data/ir.askar.cake/databases/evernote_jobs.db
| MD5 | 978fdf85b8448e3a7c9015e51477eb49 |
| SHA1 | 793bb88398dc9457935a4416638d5ed3974baf19 |
| SHA256 | 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92 |
| SHA512 | 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38 |
/data/data/ir.askar.cake/databases/evernote_jobs.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/ir.askar.cake/databases/evernote_jobs.db-wal
| MD5 | b096a737ead0e02422d8936184a2e081 |
| SHA1 | 23fd27c8a8050ba47851f8285239aba1ce42fb1f |
| SHA256 | bcf90bb85e00059d93afc5c967bb5c6d2ac54c7f555cf5ab384d98c8eaddc582 |
| SHA512 | 5e1569c1527cd370bf6dd9bb90883bee8ff9e01eecd82c3a085c2e327581ef23e1118ee7b45a023b5073e16621092911332ea2098c8aea572a1518eceff7a425 |
/data/data/ir.askar.cake/databases/evernote_jobs.db-wal
| MD5 | f926f3945467b85460cfbffd02ade474 |
| SHA1 | 3ccc862be6d7a0c7bf781d0c37d12022bb27e7f7 |
| SHA256 | de61b4967e14af9b239b6417f6f0a95b1a0f946b271d4459f6fb085670d4ab75 |
| SHA512 | 56051e0532702a275d0cf8b5cac305198ab71c77b0cd954029d4d16df9289456610c2d7d13202452200a738c18ca542bc560455b362bf6488eeca908a248418f |
/data/data/ir.askar.cake/databases/evernote_jobs.db
| MD5 | dd80a1e16595f48304807b969b80470b |
| SHA1 | 5812ce2bd03b63bc71252a6a0739403a5ae36f3e |
| SHA256 | af9adf38951d882ee9d11195dc94961740adff7d7aae5adc28ab82914653a4f1 |
| SHA512 | 3ad309c97a5f2e75d035e1416224b3ccaa9f027a803bfec5eb5e70811e1d5c59a655fc4661d6606624aae7da7f3539e3a6a7c8c3e93f587ed72dd667b89a5d71 |
/data/data/ir.askar.cake/databases/__pushe_base_lib_db-journal
| MD5 | 899d6fcee557844d3f2c85822bb4d8c1 |
| SHA1 | 7e5fffd4169af65206dc8404938f58b6b50d5323 |
| SHA256 | 33658de0bfb780eeed4bb454c19bb867dd0882968f60cc77b1f2e83ae821c4f1 |
| SHA512 | 1a8d02224eca65d491f689df1a55b5f7f8b1136a5b68cc5108f5fc75fd373a63b50482dbb36a063a5b68fbfd04453d5119557d0b8344d37051bd78e1a7f99895 |
/data/data/ir.askar.cake/databases/__pushe_base_lib_db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.askar.cake/databases/__pushe_base_lib_db-wal
| MD5 | 8e1700892dc6a0ad68e31a43a6928551 |
| SHA1 | 318df2e4f97592f789835366a7dca84b78dd275d |
| SHA256 | 146215c74d3316156e2e9a2df810fd361da381685cb23efb12a5067b5bbd19bc |
| SHA512 | 0a30082fd5893f05dd5d76269320a9d1b03c4dd8729f9e897567baef0c921b985c4491014b5f705c0f75f9335422fb706d9299964308538b7420da58e6d5db02 |
/data/data/ir.askar.cake/files/db.db
| MD5 | 348c4ddff34bcbf8ed2194e2c4992747 |
| SHA1 | c781f34c23bccbada8c05b4d26d1b30002a45502 |
| SHA256 | a72fcbf49135ef4647e79ce7f3a63fe952ddb6d3a94270f411b2a11c2b420afc |
| SHA512 | d5231712bf1938675315c190dea7ebcc133da197608e5869cdc1fc3959485664683ce1e5bbca99ed00ec505a6cca04a84069816276c2419d64bf78669b307291 |
/data/data/ir.askar.cake/files/db.db-journal
| MD5 | c445cc9b4c1b9055e19922f69a6f2b60 |
| SHA1 | 5f27a231bf2b26124467f8ec831bfcf364cb45a8 |
| SHA256 | eef134af767f697a36d6d4e60016a54da4968b8b6260b2dbbb501948d4356b67 |
| SHA512 | e8a16d91f50ee3a4305ee53c5ea9f9c1923c3f74b721c9a26be455986fdb73f85440a4b84f31e8695e662572cb2970a15b2aeabeefa07ab201c7f32b58ba504b |
/data/data/ir.askar.cake/files/db.db
| MD5 | 80b145c9e8bac452b0085a44fae4187c |
| SHA1 | dd9e9a9ac4fc9bc5299d93e24abca8147caa78f4 |
| SHA256 | fe1992ddd23bd2f52f4583349b6c2c41a7b575f0ea9f9bcf1a3206c462e35e92 |
| SHA512 | cc96e6c924b69ab9bf9a1a9efc24b8613ecd9881add1f3d57f81aad70d4dd7161d58aec885ccfed4b4b82c4b6de0abe72597ebc9ba6bd0685c6de62cd58d2748 |
/data/data/ir.askar.cake/databases/evernote_jobs.db-wal
| MD5 | 8c1248e951d1fe3ff194cad42d0bc7a4 |
| SHA1 | c352989cdf48774a0fb9ea7c4daa16c05a209ab3 |
| SHA256 | 7c616ff923d7314e9986af5fd7715fc2a4b40d5f76bb91a40eb7cc0790a7a6ac |
| SHA512 | e7c34538a2398f8091ec96aa141d80341f9754b1dee06f50550fc75ed91f4f2e7ca452458379cfb9fa777463986fb7ae0e569d19614186e4a48e3c3c73dd7bc5 |
/data/data/ir.askar.cake/databases/evernote_jobs.db
| MD5 | ce6937ae1c3f804780f80b3c7703e26c |
| SHA1 | e38765c0d5da43efb14402137833ad4bfd399aac |
| SHA256 | 9df0f05bab85f951c61383c3ad5623376434cb3134711b6aa6150a12cefc60ef |
| SHA512 | 21f6c71af52aec4d5e9d3f249a820af3b9c4bac4517169c01004d8c77d823595ff35bc99e82a902e9f4671abb5f51954fd12b5a554df79f586b906354e97ae62 |
/data/data/ir.askar.cake/databases/evernote_jobs.db-wal
| MD5 | 1786fa604f978f9da16fe54617f2a4ce |
| SHA1 | 5bf24e78203b7a5dd9cde7e9a7346f4e8c278f45 |
| SHA256 | 86ef144f116f495ab96afcde0d74c70fbce7364a2fd493fa2945641aa332c977 |
| SHA512 | a59bb7ba43ff5d5102e12f96d55135b39f22332275fafe7aa8eaa93963bb371883fbeda1e682916117d6bf9ac96d1b5436a45b7082faee54814c579f6aa78eb0 |
/data/data/ir.askar.cake/databases/evernote_jobs.db
| MD5 | 534247bf009c842c91bd0bfaccc4b12a |
| SHA1 | c7154f0f0ff7b6f403272e8d9a6f9fcd14d2c99a |
| SHA256 | cc6a68638ff5ff25a4e9b5c14433ab78039a084610b0738b222d04af11bf528b |
| SHA512 | 233ebf6cc7e410b4e4c13eb5866a829d927e5af53f844382fe4301617ab6ae8d92931a010a22c7b91ab5d0ec6f7f6215819929753328c2747687e53cef3c5577 |
/data/data/ir.askar.cake/databases/evernote_jobs.db-wal
| MD5 | af9b65c2f2337e5ba6131e955d635340 |
| SHA1 | 0a57f8ffc377e9f6b646b1fb8f8d8213f12d766e |
| SHA256 | e9211f3a3d11bfdcc13231642ad255970062fb012cce965d3df9ea37041c8d68 |
| SHA512 | 0547c7a1b9631200f2bbb8352431db5806ff61da64881b05b1434e08b1e2af169688dda7ee14c625d8367cc64538ff5e03561be447245ef7d4985e498667e6be |
/data/data/ir.askar.cake/databases/evernote_jobs.db
| MD5 | a9a020e839251cb760d52109a2d6dd9f |
| SHA1 | 86565340eb49443aa9981f7abd7e513accb6736c |
| SHA256 | 29a55e03f0e18eaecb1b7e9e14bc4e0b4bb04e309a46fbc868f1eae526a5f12d |
| SHA512 | 026fb02d8e8ff26e40d9a2dcbc908935a6d6b867d6e6bde4bad266bcc7db09f7e0ef724d1e9bc2b0e76b07561ff3364abd6e47f7aa7142666f3b1ccc53d51e66 |
/data/data/ir.askar.cake/databases/evernote_jobs.db-wal
| MD5 | 0f278153b1941c0234a76a97d94e5702 |
| SHA1 | 47438c07394d9bdd81ddbc8c4ef8e2b0e2f25976 |
| SHA256 | ccd8609ee225aaa76ef9eea50b52c60ed7f9a9c2a5eaa0c27c2d4618ec6dfa05 |
| SHA512 | cd74f38e9eafdae9e10bbdf4f4e5c0b0af2f5a85af128efd297c0b85eca950687841bdda27cf445594d4d1896feb2bfbe468d870e5b605d1e87f139ca6e96673 |
/data/data/ir.askar.cake/databases/evernote_jobs.db
| MD5 | 74ac17778840c49f10e1ea6d7be2e290 |
| SHA1 | 42c430b3a75a2e061adb83a5c16c6bdce487a645 |
| SHA256 | 5c5c23e931e6ad54a5ea20790b05877a9fd0d246270ff9069a961094a6cee953 |
| SHA512 | 5cf281c9b76c67693a01138c1dc7e60a6bed727223c452a1269cce9b968604c770e396f54c3b8dd0dc5f5d0c531c9e0b4befb45bf8dd2edb2c703b3de58e1cf8 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 20:54
Reported
2023-12-24 23:20
Platform
android-x64-20231215-en
Max time kernel
2652877s
Max time network
147s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.askar.cake
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | srv.magnetadservices.com | udp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| IR | 178.216.250.25:80 | srv.magnetadservices.com | tcp |
| US | 1.1.1.1:53 | server.magnet.ir | udp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| IR | 178.216.250.25:443 | server.magnet.ir | tcp |
| BE | 64.233.167.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| FR | 216.58.201.100:443 | tcp | |
| FR | 216.58.201.100:443 | tcp | |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| GB | 172.217.169.46:443 | tcp | |
| GB | 142.250.200.2:443 | tcp |
Files
/data/data/ir.askar.cake/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.askar.cake/databases/evernote_jobs.db-journal
| MD5 | 19111108dc95106b7f6de5bd1689d565 |
| SHA1 | b0ed8151f23514713393c6d43570ca9c11c079a0 |
| SHA256 | d6b060f1c40a8593bb7fd806f41d19d52e3697af822a5b0b6966208d9bbd04fa |
| SHA512 | 15ca2ab6b5ada7876b8ad7ee5744497c285c9c4ca8aa45bfecc7dae243af55d7c0a07df3bf39c830a4b48dedf9ce5984504c9cd6d49e209da9d2968b2e8ee631 |
/data/data/ir.askar.cake/databases/evernote_jobs.db
| MD5 | 00e829076f54c72b50b63fd6de296a03 |
| SHA1 | fbeb1b8be863931f98a7c29224a03b89f9616ab2 |
| SHA256 | c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df |
| SHA512 | 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc |
/data/data/ir.askar.cake/databases/evernote_jobs.db-journal
| MD5 | c6ea224c034b5983f42a72f2e62aa3a0 |
| SHA1 | d87b1a4cc21bfe2f3a541fb53551bc8988063ed7 |
| SHA256 | 51fa632f1e2a17f827fe9d927806d9cc968f7b5326fc7658a37e1e56295b9df8 |
| SHA512 | 5bd6d782431388b2a24bcc1f38e3e6a5fbb09f95c4cf14eb03ec914ef0ea32905185b8700f460c8aa44789be40c1f8d09942b9ce82617eb0a374905b3283d951 |
/data/data/ir.askar.cake/databases/evernote_jobs.db-journal
| MD5 | 3037bae6728fd218a5985fe87b46ceda |
| SHA1 | 56871d6e7c5daf9d64c078fcd806cde728942159 |
| SHA256 | db7df47688f9bd2fc19d61f9f879863eb15bd55e5e14f415dfcf38b637fdb900 |
| SHA512 | bdd9fd9100589b0353f287f7f3316d3fb6e08a3232b59af94eae7836a855bf2ee9394a01315f124835b6262fd806092661840eace1661b37706c7d3846c7d169 |
/data/data/ir.askar.cake/databases/evernote_jobs.db-journal
| MD5 | 9137b134da5dc7d3deedcfa71e80d228 |
| SHA1 | bd5b22f3af66ec6691b4991b7afc2f5b46003d3c |
| SHA256 | d8fc573a1dc08639458876cb3a35acf49c02c16866dcaa1bbad248e9a9b60938 |
| SHA512 | c9d938aa002fe7422585526dee77ebf3f6d098009ad43a5816db1625312884d76335123a993fa118875e541f218a8253a6ffe590f1b5553f1074df5db86e4428 |
/data/data/ir.askar.cake/databases/evernote_jobs.db
| MD5 | 8b1713cbf810a704eedb019c70ce498f |
| SHA1 | 9e12dc5b6f95db98c91e6784803411c14f90b7d8 |
| SHA256 | b1fa586fed0e01c81d8bbd860291b4690cec16a8c152dc3a919452388a4b367e |
| SHA512 | 95b504b0caf4c6733db7f2edfdc5a6df13ec228cd3fe7b2aac7be2f4d28c1e7651a7adcdbe0e723a10c43c4b17186c08678953275074ebc5be1b511ac8f82409 |
/data/data/ir.askar.cake/databases/__pushe_base_lib_db-journal
| MD5 | 6b4016253b170ef4392721f9e708d6ba |
| SHA1 | 4dc78843fbf5c4cb6a8d2285bdda1c358334446d |
| SHA256 | 4c0cd0934c069511e0d4fa09e2c80dc14661038f1349625b8ace281bb3cd3a8e |
| SHA512 | 981c03dc62e0bd5426e400e569c65579196ee3963437d850e1bd09dd5c3b8e56c6565e1409501ed25d2608569b5bce9d7e41450f95e564aab8d02bd0cc654efe |
/data/data/ir.askar.cake/databases/__pushe_base_lib_db
| MD5 | 163b0e3f017becbc89b9d7f330b78f09 |
| SHA1 | 1ef9cd8ac8655190468d0ccece0a4738634ab0f9 |
| SHA256 | cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36 |
| SHA512 | 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd |
/data/data/ir.askar.cake/databases/__pushe_base_lib_db-journal
| MD5 | d37ce6aefd1deeff6649ded0b46fcfc2 |
| SHA1 | f724c5741bdefafeb412ec106067c0e71cace625 |
| SHA256 | a90a4288bbeb511c7b7e522277fc4840445e30832448304700c10930370e69f9 |
| SHA512 | 3a5fc7f1db4483db5202fe2f5bec73c333e9277d455d5ab1604fbb8019474b6ffd3e218c34c898cecf9fa380386f7065f9e64fdfa901110009a56efd3f8b7dbf |
/data/data/ir.askar.cake/databases/__pushe_base_lib_db-journal
| MD5 | 6d5710050317d5ff7efb6c3e5bb4cd96 |
| SHA1 | 399040ebbc188ddd3b3fbd3a3fde89a8e0496c29 |
| SHA256 | 1b4554fb2ef8a7be61962f572ad0a6cef402751743e8fe92c75578bd1fb995a1 |
| SHA512 | 7764b3a694152818b123e6a799e6aca1e107ae13dbe65302f7a451d54d36718ad016c8dc2ab291eb06be529ce0de906de6266a7dfedb6ad7419d572539be9a67 |
/data/data/ir.askar.cake/files/db.db
| MD5 | 348c4ddff34bcbf8ed2194e2c4992747 |
| SHA1 | c781f34c23bccbada8c05b4d26d1b30002a45502 |
| SHA256 | a72fcbf49135ef4647e79ce7f3a63fe952ddb6d3a94270f411b2a11c2b420afc |
| SHA512 | d5231712bf1938675315c190dea7ebcc133da197608e5869cdc1fc3959485664683ce1e5bbca99ed00ec505a6cca04a84069816276c2419d64bf78669b307291 |
/data/data/ir.askar.cake/databases/evernote_jobs.db-journal
| MD5 | bbc79ee0f1358c3e6b48e480e71c90ef |
| SHA1 | 9ce3b35949f99be0b9a279dbf2073e0c9413d887 |
| SHA256 | 26525c098bbcb34462cddc0341bf3fb65bd70bfe6097ab1030b690d78d1b3596 |
| SHA512 | fc899b6434a4fb5f408b240389ae772a200189f77c601db9577d1f10cc9d56114cef85ddefed45098b76556bd72ddc1030aa7d886c986ea965b390ea2bd9a3f8 |
/data/data/ir.askar.cake/databases/evernote_jobs.db
| MD5 | 5bfad5e1773c7d3acb61c08486dea65d |
| SHA1 | 4c95e976fbb8535c73057094a2071549283aae5a |
| SHA256 | f27ebb6b87a3e09875dd458c6eb271fdbce01b1330133c24d88df0e316bf58ef |
| SHA512 | 34c2c504b7cd85e58f97c30124398a54c37633334e3dfb7d7a670971845636c9e5c91309b136de94ebaf2a21e10e648ae2aef68b8a490276567e0f590c7d8efa |
/data/data/ir.askar.cake/databases/evernote_jobs.db-journal
| MD5 | a210bdf6a0466604b5aa2f6440270b20 |
| SHA1 | ba15efdc360cadf1eaece624f82c5d79a1a23ab2 |
| SHA256 | 85ccd9c4712d23ffabe57c912c02a8efec78b1c5c3ea339f69a771f4df21012c |
| SHA512 | 5207ff3cf9ea9555fa63a7bbef6e685f2a71b1fb1b8d0ce23d2098d136e20ee7599c6ee79160023ccfdd26d8d6e0bd91eccd3c1a4912ed7241bf23b8b88c47c6 |
/data/data/ir.askar.cake/databases/evernote_jobs.db
| MD5 | 636a002f001ac176827fed9fbabab608 |
| SHA1 | 93cbbf53b9f64b56b00714207808c3df82666801 |
| SHA256 | c804efbca75edd3822849c036d7e4c6f703edaffde76afa791e5a99dcf7ca93b |
| SHA512 | 709e0581c0af9f54a008126614d151ffbb542afd9815694daebb499ac67c405da89dc68660304378007a6c8c99cde35e06bead7ce2810de4a1527fb15df4ad79 |
/data/data/ir.askar.cake/databases/evernote_jobs.db
| MD5 | 0538fbba5eedba398878e466ca1df197 |
| SHA1 | 93bd28d7a5460ec98873258ff5752c0352dde9a5 |
| SHA256 | 148ac3000cb18ebf6c318686c11ac788138803628c0062a8d390df874d03c95e |
| SHA512 | 6ad8ad6b3ff14aff1347a3998bbeb00006ec80448dcaedbae9c059181824a354d9eacd768a0afad0def432f060a1e5af9ad24492dfbc5fe9db4238447ab7daa5 |
/data/data/ir.askar.cake/databases/evernote_jobs.db
| MD5 | 1acbe0b8a460f427d43726cf9b8dbd20 |
| SHA1 | 6c46ae4088d9e25bfb46aa608295e6e1841104e6 |
| SHA256 | bb109609b5a4a6885bd4357af94d5d32bd2528011f359ce6ba67f4d0ea8d296b |
| SHA512 | bc9e246580b50b5118650013de8e1399733a36c1d23056b52ba227fddde486028eb9cd05397e9eebe427324cefd214acfc74e3db4728badeee57b116d9d1af0b |
/data/data/ir.askar.cake/databases/__pushe_base_lib_db-journal
| MD5 | 7aa7e433b36316ac0f39c7b4161804e0 |
| SHA1 | 39c7ded76ff2ac1a97e40d049a23057faa45ff81 |
| SHA256 | 9ff49394d641cf10e7242fdf417e1135717b04f425d933c39166e8fe3b54fa7d |
| SHA512 | 9d932bd411ab05c9e842a7d99cd5c50139316efab443b3687caa709e8b28a095ac21be4fa95a95838ef988c8d8efbfeb5c96586599e6cfe8e69a7f2743fe7d1a |
/data/data/ir.askar.cake/databases/__pushe_base_lib_db-journal
| MD5 | bf1de51cc42c1dd280a0b1e09dae6ac1 |
| SHA1 | 8be7ec59aa700add31f54b5928a34e25205028f5 |
| SHA256 | 103469bf4336d2342b8e0fc38d0c22dc84f600b396a8fbe1ad71ca657211cd5f |
| SHA512 | 0d08e054aeb9a859df26a87cc5c215b48c69f600f6daf7f4380f41ea431577a954b175b57ad8b55f628207144fc0dab3d1fbcfb9bb939aba45b6b3f9ce4bf9b8 |
/data/data/ir.askar.cake/databases/__pushe_base_lib_db-journal
| MD5 | 67d7f66a3c26b1ce052cd1dd171335e1 |
| SHA1 | ecf4180c5af40640dbd5583e521e396ae28293b7 |
| SHA256 | bbacca4bb9a01b9feb32b9aa725d96c9052abd1170acbd23b440f6c214459bca |
| SHA512 | 2e8859f9062fb944f8f6dec3adbd83b15cd02f017c740a2c891324eafcd2b6cd1de37d2ec19c071bdf3dcfd7f9453e89cb4aa59a05ac67fc29d46700bb86a803 |