Malware Analysis Report

2025-01-19 06:40

Sample ID 231223-zzd27shafr
Target 919407b73a55683df2089ef62d9902e532cdda36b7c591609fb52ec3f9cc8341
SHA256 919407b73a55683df2089ef62d9902e532cdda36b7c591609fb52ec3f9cc8341
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

919407b73a55683df2089ef62d9902e532cdda36b7c591609fb52ec3f9cc8341

Threat Level: Known bad

The file 919407b73a55683df2089ef62d9902e532cdda36b7c591609fb52ec3f9cc8341 was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Acquires the wake lock

Reads information about phone network operator.

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 21:09

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 21:08

Reported

2023-12-25 00:06

Platform

android-x64-20231215-en

Max time kernel

2655658s

Max time network

156s

Command Line

ir.sast.ghazae.khoshmaze.veje.deabeteha.d

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.sast.ghazae.khoshmaze.veje.deabeteha.d

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
GB 142.250.200.14:443 android.apis.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
GB 216.58.212.228:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
FR 216.58.204.78:443 tcp
FR 216.58.201.98:443 tcp

Files

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal

MD5 993515da05885091f5b470af4a353102
SHA1 6761fb3009a637075f87b99ebaf60726d2907415
SHA256 ff182e37f8333881a743135d29756b46fc93a0b96af1218743d888c6ddd65dc3
SHA512 8dd0e3814cb92af3bd173d73d5d647f7c60b61c64f0cea8674cfff4463e141b69b00487d138e0c0211691bfe1af7de11e66299ec57f13988131233c94d329dc5

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal

MD5 4b417397b366d6bc4448f847e7fa67b4
SHA1 2b2610e4476d93b1540a1e8e93da69d589716566
SHA256 468c223bd2fcaf14de475170a1b0c5b1d121832b97446ec351f87374de254c25
SHA512 dfd8c7cb7f5315b8364115cb336ae9360b32fb603d9e4a6c5f70ad56b14b248bdb3e595b5388da2433a10443a79df9fb4bc72fb8f1fc225a0bb7c036d89ae8c6

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal

MD5 a7fd71171566be6ffea2a5c45e6f7888
SHA1 366996040116ead64c33d2c681bdea0ca961c6e6
SHA256 cd7a7f63c6bdaf20c50dc06dfa3e1adbab43d081fea22f9486f31a66c7d483de
SHA512 09b1233eac02a21de7b7baea6445085f5112bc66765cba6657fb5b44672aea17fb60b2bcd2cabc8e5f309c7b32291fe3aafd5a6b3b61ec123fb9cd182f9f57b9

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/8c3e9565-9688-47dd-ad26-7ea9ae43fc1b.jobs

MD5 473be6c308f460cf04a36deef3efdd34
SHA1 383723b3809750fb6fab27e22ac5e757c42336c0
SHA256 07e004b56255d11b6364596475ff29e70ecd1d22107ac32d78b370f101ae0170
SHA512 351bf933266585009b800a66923c6c704c72dae508aa713923bebdb18d98972f104f93430a1249673d7ffca7d534a5a0c724e9eb772e302da2629eb3e3a41878

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal

MD5 efa75f963942b370b4be43e3f0466ec6
SHA1 185c4c56c32b66a23a59a01cd503ba5081922d9c
SHA256 8369c633d64be169f186ea9684049e5ead91677b53a09be2e9755ce66247e4ed
SHA512 275b3f5561e1de9ce09c7da9e65087877af61752c879696c7a460f5b6ff4c39da1c44c0b5ca6c846a6bf6e32beca068e8345ce81bba36537ed242cd2bd2d796d

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal

MD5 9eda152d61d470eb5084cd8151d8ed8a
SHA1 a99e2b245b3803a67675cac49d6750a9929beb22
SHA256 1368cc626b2382cabc137aa4b7a36c02d13c5a5646cb218d714e1a51a2050d77
SHA512 4fc6c391beab13ef2691a9de59545fc9d134c879a277f763066dce6181b52ad963d47960cd2e06e6200296636bc17e22e8c603ee5fa6f50db80482c346852b99

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db

MD5 163b0e3f017becbc89b9d7f330b78f09
SHA1 1ef9cd8ac8655190468d0ccece0a4738634ab0f9
SHA256 cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36
SHA512 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal

MD5 4894f910c2d6d1df22affb586879705f
SHA1 064c369feb2045089e6b813a1d9597f2372ca526
SHA256 2724b25962ba38220b0afb00d6a89f5329be905336e60eae18be074ef70826b0
SHA512 691ca464b7538ccfb1805ca0ae14f99baa2d1015728f72a0c1cabd5cffc94f0c880c68ec5037950ab7d1daf0acda4da9eaf22bf8ddc49e1326885576c5444da7

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal

MD5 184c8d2e54f561ecc4410b7dc5e7b7ee
SHA1 f51b3f869696544e31c2d04e8e073811ad2196cc
SHA256 ec0aaa1b37bc37e7a87c016a517796b4fcd4365525639269ffcd5528d176d3d6
SHA512 2d9373d7e17ac2bed44f05f02eb80346c7eea423274074ae740ff856476d040c0b8710e9e3221f2910da0e0c3d673666d87abcb39fdf02c8b5e9cc4de52434b3

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal

MD5 8cee3db929e3033a567a3ffc850004cb
SHA1 763b04f2b554329ba9f22c93159030f2bf5a7d69
SHA256 1a3787775c571d0fb6ee246a083cfd8a0dfe4c2fccb104156f01965e07b9c374
SHA512 1124cf4abb25490add7b889233c45311f9a6c7b4093151abb4f7e5f5a55eee4d7c419bf40ccbb3a31459b63cb81c72490cfa7e768a8f46ddd0e27d18b21c1379

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal

MD5 d2ef887e2a83dc07865a192a9fed105a
SHA1 9fded8cf599ec344341ca60c497a963704a7ca72
SHA256 82489bc6a99849ae07d9856bb396b025dd6a92f85ef7064e42f0387456e27e47
SHA512 d7320a84d017ce02b70e54ad50c24cd1654b9e9fe65f52521f5944e0ba1b8e4eafd1d03ba805d04391a45040195b3aa3c385c283732b0260651b62ba95f9b287

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/no_backup/com.google.InstanceId.properties

MD5 9382ee8cb5f40e802a798c37d4e5da10
SHA1 96913c8d9c03d41223653b27468c1b043aef82f2
SHA256 09fc41ca6312fff114f6205b3db278671df2aab104f74a7e7fd5771e19bf1f79
SHA512 34b425d448585aab2a4b006daa4b27204fdfa73f926e7b7a9b851d86f22d908714a151da82901041ad00160e60185ea786785e3d1b2f09439f0839ce358e9561

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-journal

MD5 aaf9a6b3a4ce3fc13662464f3b2b6060
SHA1 0f5d04e4bae9fbfcd7fb995f0cb1ba63dd423149
SHA256 647f39408cc718ad2e6293cad03544b6de72dcd3f4e01e89e91a7f77828c1335
SHA512 a2e49b0bc87b364730a27e761e2bd1473bc603839cd90aeb4cd633865c064586a4dfe26e956ef02c6aa8c1307d15c20c5a135ecce1004298ae6de536d817947e

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb

MD5 e9fc8e5db6dd50102a044d09ea984e72
SHA1 1672584e57948533b14ccf0bc179a9f9332abe29
SHA256 a0665d67456b2c9ec766f9864a103b6aeadb64691408927eba6087b260e1b4df
SHA512 07071d169d85468b8943ce6388d368ae325299f12f25d412050024f83fce4e52a963c7410838006d4bedcb4f7c8fa6d3c351e55ef6d0dd5290a99e9e57e91e93

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e76d4656-dc8a-4ae5-abd8-795fe7ccbadf.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-journal

MD5 a7b0c6fa1606c2ca1fbdf1fb6ec4737d
SHA1 0ea3e94e73fa9c34f4a6664543724ceab9a54a97
SHA256 8a26de90d26355262cc50f6f7f7bba6d065472cb2b285ae8307e41e0cbeabf4f
SHA512 d6ef87a3b1edda33bf07858e38c92210ee38df9855a5460ff80af375d975769b5f7b4a4abe5de0e5a398ba686a18050ff03a5771531b350b54e6c305b9c0bad7

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal

MD5 e6ff268d5761fbf434e5fb66dbe211b3
SHA1 0dcda843b29b0f4021a8d0aafdf55020195b1b6d
SHA256 0983cd2f4aaea4640c1a11dadb680f1f10ba076f0514897f861ea3f8aa27b0cd
SHA512 81154b0f1008ea448c6ac155065b13c610a666e80858e60a2f510bc5cbfbb62b29f6c07c833b5de317f9fe24720c822a0c1e708d72635740c6d6f26c1d6258a1

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal

MD5 78b796d97fc1d4ecb239cdbdd3621b4d
SHA1 7ecf6030bcac07157223c1b0e5b9d8ec612f4e01
SHA256 0b8c5d68d4198a5102f13177a802e3be28a6cfcf72e008bf55c19c75de7c5c1a
SHA512 72586893cd3017c1cc5a9207c678a431eb1b04e16cfe21e1653829c27f1c806e78c74825e6fad0fef8998851e0e032d2e04442f33628debca22f40374038e905

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal

MD5 11493a072f79897c143f7d14e65c97ef
SHA1 0482029ec81e5be4091da7f994f8019cb483d571
SHA256 f58d9f4a16ce9fe113bd60a5f45ab889ef1aa17eba87eb3400e012f1e4f18050
SHA512 146a5253c8ab56145a2c32526079408080080017ba4a129c4b4d1d192335be1b9ff79997e06f1f48be6ae77aa692cd91d5c5d912bf0330f7ab9242bebe448c35

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/35fc16f6-34ad-4e24-a9a5-73ca29c99704.jobs

MD5 c1ccc328ededfd6027b4f3af01bef18c
SHA1 da12a4f7ed19710d68b960526537cea191c4a357
SHA256 41e7634bbb679a76d6cd0627b6764ba99701ccd569e946bcf319a36cce682e22
SHA512 c04744dbd4c0fa482f56309e1d2e5de2974395dc0ccefc18de776379dd6ee31852413b347729657dbfe2026326b57f0c0aabbf071a97004c09d4ce589e9ba662

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 21:08

Reported

2023-12-25 00:07

Platform

android-x64-arm64-20231215-en

Max time kernel

2655707s

Max time network

159s

Command Line

ir.sast.ghazae.khoshmaze.veje.deabeteha.d

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.sast.ghazae.khoshmaze.veje.deabeteha.d

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 udp
FR 216.58.201.110:443 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
BE 64.233.184.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
FR 216.58.204.68:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager-journal

MD5 0715a14803372447ed62f0d2e437caf8
SHA1 befd0c0b6f65ce348255d35be54fdf3b928744cf
SHA256 5ac16fbd3109c4453885bee108b303f565c11dd19a415d2150efe8ab9cd14cf7
SHA512 162e77406d7aa93708e3c00f60472d438101135bde29807c7fa3b122061e4a38d6f943f56d4164bcb880fd3698d21c1587fec25c2273b8acfc3e64552afc020e

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager

MD5 17ec2edec4708403eea7bb4e6229f966
SHA1 146df613da2026013c9f6b5a3732b175e07d9d51
SHA256 48d6a54747ccfcb072d90f35d9156b6dee9de2d633b8f3ebe70ae15ee0f416f8
SHA512 89d582cb90cd30073291138f3a2eea543a9560d907b7bbe650122388b56d3b4cac1b4758c31df5606ceb2f3131a80b76ebc7f44115a410874a713be70ad68601

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager-journal

MD5 e85d74fb863cee8b75e04d215b788e46
SHA1 4f94dd26779bd0946ff6263074b3358a8e37ad71
SHA256 e53755dedd9755522e1aeecfaa43ea17568386496a7c6c5c62be1341eeca10c7
SHA512 0c24ef02152bcb7aef32fc44bc8dd10247b929498be2367f5a991541008871869380ad159e52207cf4261aa4da6d3b1bbc90164747585b594a5c8bc0e7e9560f

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager-journal

MD5 3b47850dfaef3b1943a61e4a0ffc141f
SHA1 01307a71861da29859695df5b58b3d6b22bd9061
SHA256 b1d479181210d763dd6a12924b84253ebb7551340aa77ce178d279d3fa882731
SHA512 483f59d677cf0a3a29c3303d4e0bd0eb807d829c25d1ae9c234784e02796342595348f5b2bdcecd591e91195b2e458a131c30e125760299326bb970e5154d3bc

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/c1d09207-37f1-4eca-a41f-c147e65efc35.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager-journal

MD5 16218e4033b19b6a3f8ab94280ab4fb7
SHA1 1d28e98aff2e78f099b4ce393b0d0681acf79a89
SHA256 5191029303f496a82a87e73c982508451370fdae093543638d951976d5a6b10c
SHA512 05852da910e3313040e56d1fa7a656556cb506fbe42b6b1987db31be889fbb158cb12554fabcbc0da02df33a829329e30524a863a6b9d1ab7cb8858c1c121f2e

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/719957bb-d4a9-408e-b14a-f614b016070b.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager-journal

MD5 ddf34dd29b0442b34cb78675c6b89e24
SHA1 869242a03274c4346d29c4f475e67209227bbd6a
SHA256 2165ba236fc26c323bc39681edb91ab76a2457f52231b17522610146a9ddbb77
SHA512 049cba8207bc847a52010755ebb7fc9d1b77451b1b42f42aa4ebd2763a6b43ba6b51cca701a2c00ed2d191395ed2488dcf975466291ec1684bb58a6108785997

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-journal

MD5 341ea95b1a5f754d6daa29055c2b50b2
SHA1 27e738c262960228f5b7d16fdf739f8e2615a976
SHA256 b390b0168aae248175465d605742f1ed12f7a065cc01cee63006bcc43a8931e3
SHA512 30a45f5049de4d2c9e5ea85e1d639966e9bb10d218cd2f3c359f2a697f4c76ce26d372b2e691c0abfc4a6b47d713a7ddeaf8100cd1615b3139775c8d9656e804

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb

MD5 f41f531c07d4141546a531ff9caffdcd
SHA1 9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5
SHA256 bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646
SHA512 e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-journal

MD5 4e886a8cb2a5b3c2998c8cc829250bde
SHA1 e398ff75c10d90ec703473241967b1fac975ac09
SHA256 c9b9d3923263dc33439dcb7ed3528a8d23aed2677a2845771ee19035578e7783
SHA512 a494a1be31921e745351bf469a35613fc192bcb386d397ca53aee54114d516ecce8080666c38e101d78567f9846034b1ad49f2ef2f3e46224becef3bfc79c6a7

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/5cd59d1e-6fce-4a52-82e9-5553a0bc16fa.jobs

MD5 4bc81e68c9781b4bcd6c0ea3bee5f6f0
SHA1 93020c3f06932226ce764b8ef3323349ba5b2d5f
SHA256 5a872627bf4bba467b953be67a0015f4e307137b20d53d8b5a37f851c85d6fad
SHA512 b214cb28936d955f0fd19c09f3dfced052b1abf7e6f535b1b50197aedd74d3a9084380d5aedda7132a5b0c4eaa06987fa9f0fd58bbcfbacce32dad682a539718

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal

MD5 c2f5b2b0fd9ce8174cc10aa0d5c43412
SHA1 314338e63a38ee20f069901602edcd1ec158fa38
SHA256 a15505e28fd15cb83d946884dec02ebee01289277104e361b46518a9bbc7c15d
SHA512 e57f01c6aa5394fd24767fd346e2194560e64d92edafbd4d4f18ab33fdcf95c9c09a76fd901344490489556fff8e1303150b4baf9586c2e75584e3bb7f4fa093

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal

MD5 9fd678f73158f49cf1461b9913d419e9
SHA1 d1e11310fbcaad62781816524c18211f9dd4a166
SHA256 db0405ddf57d15a98b4fc5a371423dc1ad4371df43054d728ffedf5a45ac6237
SHA512 ebd9f3d97d9c488caeeaeff6bb292b951f89263f75c1c3c42e192cad08981e6c22f5d1c1c80aad652fe2f1cf3fd4865bea4ed7d638f13c834b313171613e3422

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal

MD5 bfcd776a5e884203ea979ecbf4f4272b
SHA1 f770262f995657cd08548046cc4bb1c67866d195
SHA256 747ec20aa4179ba8704d35f57fab72d58d8c1cefd88763a2f62e6d19c036b95f
SHA512 18ee1fc35303de83cccf0d9f022badc07bd75c62a573d7c958359ddcd79d888f296e30fe58275a4b66075b6f2e6281c39833acefedbb848adf9fe21dec809a39

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal

MD5 19bfcfa13ee96002be6678a63dbf8fbe
SHA1 7d5768b18552abf016265919bc54d55d69cf0b2d
SHA256 a9d407ce0581c8f9455dd85727cc7ba4d65160b39f9de9ba81331878b1bdf536
SHA512 ac387acb45dd5618842bfae2c4b7490a5bd08cfa8f79da7b2dd169d365ca408d29d9e779851c83ae4ea15932b40f63556bb681e260b88e1ad211f53a603100b1

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/no_backup/com.google.InstanceId.properties

MD5 555c3e558c84d63f995ec3f3ffbcbf99
SHA1 71a118b0e62affe53a67e63fd35c3128aa9adf2b
SHA256 6bc8718941113131f1628b44fd723ebd66f1bec5bcb6aecd2a42238a39347f7b
SHA512 8a8a45ee0b055dea7c8705a69ce8f5b6074f85fb1486d4d3c57c7fea588c59e15c073d5e36e9b255b9b0c8de573ceec15f231803d5d51273376596aa66384bd3

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-journal

MD5 4cb6ea8afdf1582fa698db6359dad429
SHA1 6ac1b130cf756cb2ecf53e49af084385d685dfda
SHA256 13c98350a4b2d83e4db5d552ac5066323e10931b48a364be82d6548c3efb63e4
SHA512 5d947b5e6539c71612e8b0087ed4b54e20937ea3d461efbfac0352800f21547ead6010f3497e5268bed152388f2d2d0964d781538fe44486ff2d61c8559600e8

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb

MD5 c85348cdccc800854cfe00d487654f67
SHA1 fde47a26452e41db87fa6afc8866117c6062dc32
SHA256 c54843beb7028ceb3a8da776adfa1a53c63824160a5023cac27f3576272739f6
SHA512 31c6e200e6a0ff761b55c70a585523c4138770c682f30fbc1fcdf62f18cb1e5dcd53ca640284b50ceac98e07925445b2ad9f9f6bcd5ac60d680ab84a7b1e4e7c

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-journal

MD5 e60d1f4a46dfdf4857fa78a31f680f6b
SHA1 270bdfe64cd6ecc476c5d9f261c588111e913211
SHA256 05a2050065b5b1466f05644e37be0d55777d92467810148e6d636cf70e726563
SHA512 988cd3056aabb1508728cfef41675ab4f60f7177f472eb54d74873537f38f39b8d9b23660dcf2783148fe3a74042701a5fd10e182386b0ce6baf159733c5c3b0

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb

MD5 452119a2e83570ac61fa6d88cd9f4af7
SHA1 0efeeb1216fcc268d2b03391ec5e8e43b1987c6e
SHA256 8e7a5cbae4f9c5632b23f6ab6979bbf67a173f92ca23f9ef921671c4fe4638a0
SHA512 d185eedbc108e5d0a501b57aac668234129673de1492627de13e6d147e1dd8848a8b667f90781494044a730c1da28e6a506c62c06294501e086e41e35e07d53d

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal

MD5 c13f54a00c5e2e3197357d122c23913e
SHA1 db3e0d3700bbaab323d14bd80e63ca7ceb671cb9
SHA256 6382d5ceb9a05bc267d1aa05f90587488e0c06a5eef236b952c6d3b0b516fdc0
SHA512 ef386242a777e685efd6f8c53c56c30e8e4094e591811b1e0d61813c0f62a3c84838d41b2846f524bf6754adea02759734a4e1e8dfd3938f864858ebb7556493

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal

MD5 77046b03fbf0f111f9edbca7c35bcd34
SHA1 c2094793b149662a69e054dba86c2f2651e14ffe
SHA256 d73ae0dd0e8663b080a8299a3f3232401358856608a9d72909bb8bfb891047b0
SHA512 c11f1da6462b79a0e4b3d5999c2caa81a0d139d8355589982ec235121c16f7607c2b387fa48da8c7e818d182b51b0009764ff28c11d403aba20df96039bc9861

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal

MD5 f693e7699da158a17db02ee92ce55029
SHA1 6eb8c707f3d134df8ae57446e6cc1a25c5cb6a7d
SHA256 9676b976c6039ea27eef5cfcb757ac47ace8be7c27e6265f659525d28970afdc
SHA512 725f8d7961c56bc26f193c07f4f4bb5330fb97739486a4d743065f255a2ce6b718f592c0a060a5a6ac581988d9b99302514cae76280812be4b7eb7cdfc41152a

/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0e92fb83-3d7c-4bc2-a63e-67913db166b5.jobs

MD5 1180ece1e903467fb838e0d333680b2d
SHA1 73bff79d90128018e9c00abe57796b5b2b5769a8
SHA256 cfaaa466d9dafe34fb3a1cd9150ff2617d4f48e2e12ad7e949caa6160a42593b
SHA512 b0c28d57239191671f06f0006e4beca99e0c0fc9109b69efa516bff3ede3db8e150e1f1a92635fe9d2214fee1a0788559abe3b47f77990f29dcd20633f9785fa

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 21:08

Reported

2023-12-26 09:35

Platform

android-x86-arm-20231215-en

Max time kernel

2776194s

Max time network

138s

Command Line

ir.sast.ghazae.khoshmaze.veje.deabeteha.d

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.sast.ghazae.khoshmaze.veje.deabeteha.d

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.169.14:443 android.apis.google.com tcp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 www.google.com udp
FR 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 zlzovwdsxbylhyf udp
US 1.1.1.1:53 lbthtijdaaqm udp
US 1.1.1.1:53 wudibkls udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager-journal

MD5 026769a3b7acc464ff493087926377f8
SHA1 d18a25caeb1eacad501144b2b67786e79385b1c7
SHA256 5795254332b71ff489b814057cd506fb9764a20e94ee7a9bb0c2df84eb207c1c
SHA512 1a29d50ab71d1fc0de52ee140917a577075e060ab8927221feb24d9316320e71568409df613b2fb831d92fcbec455c9494b478b4bbb54e1824cf1bc18bcb6982

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager-wal

MD5 0e184ae455470b1c25f88cdcfbf9224b
SHA1 0aebdf960ee6f7fcb316a50a9e59382cede5f1eb
SHA256 7480eccbc09cfe992b996d00c69698334399c5032a7a180f4caeba188900e85c
SHA512 eb8883a229e8c6d933c9cf48d7623f11f231870b5be4320cb4158185329a21712945cf14f705b862fc637c6f237425f94098e01055bc8f8d6e1236c878326b67

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/28ffff39-9b37-485e-bacb-40171f94448f.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/4c066bcc-881a-4c24-9df6-2e873374f412.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-journal

MD5 b862a4027cbb67b4c4e4e867ee709a40
SHA1 b1d67f19c7bdf8f5e77251044df49573e56653d5
SHA256 ec2fbcb735cb590c096624036f43e163c02ddac736c4116b283114319dba9bce
SHA512 42f30096c2af4b19719ccb03db1ee626d2f594900606aba816a850784b523d0b0092643c6df85895688d60cfaf4947d216c88aa6df692074d965b18d99870750

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0c0cc2e8-42ae-413b-a224-f7c87cc946f9.jobs

MD5 ab5e87c894e654e49a848a50b54b2216
SHA1 7f662d996328bb823b32310751be69687016818f
SHA256 85299f75d5b1ad3ef0670add90c97ed3a66fadaae6a35dd442d50c0673175d99
SHA512 43eea58752cccb2026f0e1692cbbd6b258962b40ca295e8cbf46e2cf071d0acdd248a3dafa8207b2690c6f2a119c8a35ec6d0487edd8fa8012ce86fa45a1ac6c

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal

MD5 d5ca1eb3756c43d7ecac0b134b8e3a5b
SHA1 5184716704b9f25a6c61eb41c40b804e623f9869
SHA256 551b0e3cda26b675c4429f9b1c5de118f7d9a2c09d46a7d8028dbfa7bf545428
SHA512 ccde5c566eae9a14509e7eefe6205278d5d0e97f53bb0ea7780b5cdf2b8cca102b255b28ee8590a067ce45fab765b5a33c34ab102e6422d3b58ae71419b87448

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-wal

MD5 76c75954c88d47aa753f7efae664910d
SHA1 099a17b31b54701aad6ba5532ab248cd18c4db24
SHA256 32229f56e70b17afb544286c428bc37abb22d190b3839294c7dff1b15df4dafa
SHA512 1b685173291dce457cfe7b4670668e67340cdb455628e5cf2575ab5ab04a755bec0614488cd2b5002bff590976ccfd3e94a38a40e01af71cfaab7eada2ff8a26

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/no_backup/com.google.InstanceId.properties

MD5 f329997b3ffa7d3caeddf3f2d06184fb
SHA1 ed64ac857d2edf4077632910774b26b0967144fc
SHA256 369395e168aaabe8f5349ca679a601dfb2fdc1ca469bbd11503628170f9a4545
SHA512 cc488d9470af1b9ce47c732be52988b93d1894c133557b3e8de80e583880a6824f7fa6db17ba0c0cac4c94fc5111822a9cda01cd393b8115323ae7be9baecf81

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-wal

MD5 67190d7c7e116d6dedc9e8a751f06471
SHA1 5a3a8d2eb9402a02332b06aea77a03d2a471218e
SHA256 4de648061731e8518f94d1d11489697ce3e945042c0759720c7a40cfdad7555a
SHA512 f6c78be8eff21d0f5b441858375696eebeb999a8f9ddccab0ec873cd75cbfe8a0ce301aca2814f124c721753a75d6ac337a08d4dbba68da1732596fbccce1d93

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb

MD5 dcbf59e7d1dbd836ca7927a718b30a6d
SHA1 57869a1fe0a819228171c173ef57dbf28ffc8f22
SHA256 1b8bc16b0106ab24278ee9b955e87fca9fbc602849ba36fd746fb754340799a5
SHA512 2d1a98a305565e88100c47e768ab01a9f562c80fc0ba6019a2cb1758bfa2122dbee5ab8f1f46ae7415ba5ff7413e22b5ceabf0d141d6ae17a52ce8f4e56867c9

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-wal

MD5 85783dd393fdfbdc75249c7b27a90751
SHA1 f3a4048a3e4b8575985d640efb3f41f885607734
SHA256 795bd59e6dfdf59450be747a5cab451246ac4316b7ff82c8b565b54145f27376
SHA512 c8f796995c32cf13f468622822f75a906f705f730b02b3502337ef82eaa7340df9d35a1695509fa53d4b0e2ac1fb4111a7775dc500a6d68027d61458bc1786f2

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb

MD5 b4e876a5ba2d80db4d3336ec720bc3ae
SHA1 1f1dfbfe96b8367b5d6f34e17533227b634bb1fe
SHA256 df7dfa0d56b54ba4e0663f8c53dfd52ffe29b8c8b2d7293fe0ebe1387987fe93
SHA512 41b012476846e5aeea3fe6439562f3fc2ec09c09c3074e2631a5818bbee6a71d31379aa4bc93607e715b67850943b1f907969f2f063d861bcf57319dbe595780

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6b35ef60-fe75-45dc-bb26-b87d3c33181a.jobs

MD5 e64fb7e0f7d9293419cc1f0181015209
SHA1 df26bc97435d7253297332fc88414a999e81a1bd
SHA256 6150413c5cdeba79a92a6a4bb0045b0c18e6e4e1c946d4e4616c4a0db69ae790
SHA512 96c2fa63866b052da8c1dbaadf8495adec70dc3738f6c8ba1667e3a42a9ba5306af253c09f7bf638f65225e7a8655b29fb5546c7d3b4aaf3cba5e57dfd0b8051

/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/b004e652-128c-41d9-b7b6-306f04817ff9.jobs

MD5 77c0286730d5af980369c0e1a8a004cb
SHA1 5b079ea2d7e79a0a0f7c618c4cfeacbcd382b5d3
SHA256 eac47f0b23397ad192024b9c62247390f35a9d86743a096916f2983f2b09f72a
SHA512 ac292ef7a184eb844ae15b831f29aa299dee16073721012ec2ecf457e47f92341a92a68caeb32d02b7ac34ec43a1527943ec7ae7d0841eb8951badc791216c12