Analysis Overview
SHA256
710a155f9b7a1c2b5b12753f437677804bcb2daa2de3a19788cde780ea1bb13b
Threat Level: Known bad
The file f7afedc2b2ddaed4272534494f4d5d6e_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks memory information
Checks CPU information
Declares services with permission to bind to the system
Reads information about phone network operator.
Queries the unique device ID (IMEI, MEID, IMSI)
Requests dangerous framework permissions
Acquires the wake lock
Looks up external IP address via web service
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-04-18 09:07
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. | android.permission.BIND_WALLPAPER | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-18 09:07
Reported
2024-04-18 09:10
Platform
android-x86-arm-20240221-en
Max time kernel
32s
Max time network
135s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | wtfismyip.com | N/A | N/A |
| N/A | wtfismyip.com | N/A | N/A |
Reads information about phone network operator.
Processes
com.livewallpaper.snow.baransoft
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | 8e41215e06a14154b677d0212838fb2b.s.adad.ir | udp |
| US | 1.1.1.1:53 | 8e41215e06a14154b677d0212838fb2b.s.adad.ir | udp |
| US | 1.1.1.1:53 | 8e41215e06a14154b677d0212838fb2b.s.adad.ir | udp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | 8e41215e06a14154b677d0212838fb2b.s.adad.ir | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| BE | 74.125.71.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | kvxanyjsfs | udp |
| US | 1.1.1.1:53 | arlszhtmvasux | udp |
| US | 1.1.1.1:53 | zzrdenzu | udp |
| US | 1.1.1.1:53 | ca.pushe.co | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.178.10:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | wtfismyip.com | udp |
| CA | 198.27.70.99:443 | wtfismyip.com | tcp |
Files
/data/data/com.livewallpaper.snow.baransoft/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal
| MD5 | 441d8fd9808f6a0c0d2486641319c8ba |
| SHA1 | 6d9608a4c8be2e6fba4623aa2ef95e8b9f55d285 |
| SHA256 | 340433eafa49c4f5d80117dd728ec2400d109d71f69b8076449682be5cab52af |
| SHA512 | 5ab5c904759c0d7b259394acd16683449b3fb0baf6b0f991bc3c06b3844f7819b4e7342d564de11cd1b3a109fe3ed15ff18af7a8dc22daa62689bd06c04aeaa6 |
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-wal
| MD5 | 8ecb0c4372cd6fed905a6887e7d1c200 |
| SHA1 | 224b5f39fe1b7f8a69972b0b531dd4be2c5af1b8 |
| SHA256 | 23f13e2b43fc365566365ffa15bd26d6d7f9831fded5bd01352f072f226f78a9 |
| SHA512 | 6c2b8f53533e85ebf4fb3b2b68f7d3b4230daa3077673d9bb9b53bcfa13c79a5ab6be10a14deada9e7497c0102f765e182e4ee8b26f58c6f20ad11afd7e92aa9 |
/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal
| MD5 | 2d82ad30484546916a31c2a55758d9dd |
| SHA1 | 83bde9a0e6ab693ff5adea0810ca7ec2b8286852 |
| SHA256 | b8fc5ead2e780d9fe7fc559bf4ef26064534bfc9ffbf351c6bc6d867d809b1c7 |
| SHA512 | 497a7f65c57b79f02fa0b5d03cd8e819f6b441c0278f41728d45651aba77dee7ba017a66a18ceea649d8be3fd06cc24785bfb1ec4500cd05271d4c3d48866836 |
/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-wal
| MD5 | 41fb9687fa44c130efeac6419e688b70 |
| SHA1 | 0671d7a9df2a10ca6a64bc6a35c7fc6533ac2adf |
| SHA256 | bcbf501ca90a9bbc6bdee1c837bb205593a3cbb5dd0de6d1766af862d3cae37d |
| SHA512 | 7fa8b90c4e29f64cf603a210b493b2136d8d581899132e8a8eb675ab078c2b66dc75fd194fe0fad495bd307d1eb7fb1ab50989386d6d1ba2df3a200586e36816 |
/data/data/com.livewallpaper.snow.baransoft/files/unsent_requests
| MD5 | 98c901301164ba9ef317df066ba2676b |
| SHA1 | a4a19ec53f01561f86bb48cbc0cf7adef366288d |
| SHA256 | 09a1d0c22f132804ffc3249983df0fff2d59955c0d61ec76f2a76af6480e2d84 |
| SHA512 | 486335f7dab0d54eaafa7f4a29a57b55b20d7cbf7ad3f5d3831732dbadc03b7c9c522e531ae9c710815170e3c5ca3dfc4ba6a5694ad0d5105f3f1059177f69c8 |
/data/data/com.livewallpaper.snow.baransoft/files/unsent_requests
| MD5 | 6e50748e05fb1681a6bbe17d598a658d |
| SHA1 | 66b98fbb53c9aac457b1ae5661f9de0b23066fcb |
| SHA256 | fcdfb4046d47bf026bee379337ec1912b6347c5abaa6ee2d0b6b89368034d73c |
| SHA512 | b3edb80de18ad88f01100e6ac0f0b2fdb4a59790047766ecd120b18bd1d90bcdc6d67079237ba15bf8d18c762a927ac72619826d2dcba848c7f7df86660f7cbb |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-18 09:07
Reported
2024-04-18 09:10
Platform
android-x64-20240221-en
Max time kernel
40s
Max time network
156s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | wtfismyip.com | N/A | N/A |
| N/A | wtfismyip.com | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Processes
com.livewallpaper.snow.baransoft
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | 8e41215e06a14154b677d0212838fb2b.s.adad.ir | udp |
| US | 1.1.1.1:53 | 8e41215e06a14154b677d0212838fb2b.s.adad.ir | udp |
| US | 1.1.1.1:53 | 8e41215e06a14154b677d0212838fb2b.s.adad.ir | udp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | 8e41215e06a14154b677d0212838fb2b.s.adad.ir | udp |
| BE | 142.251.168.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ca.pushe.co | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | ykiyklnz | udp |
| US | 1.1.1.1:53 | nszqcsjn | udp |
| US | 1.1.1.1:53 | joqnnsdnc | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | wtfismyip.com | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| CA | 198.27.70.99:443 | wtfismyip.com | tcp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 216.58.212.226:443 | tcp | |
| GB | 216.58.213.4:443 | tcp | |
| GB | 216.58.213.4:443 | tcp |
Files
/data/data/com.livewallpaper.snow.baransoft/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal
| MD5 | bccd81dc4a61f71781a07f70cc55fb98 |
| SHA1 | e259bf4b473e855a7c1e1b100379da8f1b3ef275 |
| SHA256 | fc63a6beb2d62785dd3a182000552f03c0bd60b083d0979f64b438ff4a5029cc |
| SHA512 | e56dcbaf703338192610272b30b07dbd04f2aa7afb98e8ca16c0fad2f271958dce6d17790582a91124decf5fb526126de84fa55c46c9c0b1be3a4afb19279185 |
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db
| MD5 | 0f02a773ffa26b97048b4cb732da2473 |
| SHA1 | 4b0f32407a2ae06f9be10f3045170d26ac04ba93 |
| SHA256 | 540ca6503cbe0971e6b23f9868819d6a764ba967c0951c1fe46dea375daf9c8a |
| SHA512 | 9ab269f768b095253c5406b304fd4f079cf3c64f5ab3b9ee1c248d035e2ee8dd91cd4c174e693d72beb2643f91cf48e265d4ae05df851bcfa1332a79643a1fb5 |
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal
| MD5 | 53bd1e8785e5722c46f3b27874ba2639 |
| SHA1 | babda9a457783f5586bbe17b78f57a026aaeba89 |
| SHA256 | bbce0b171ea834ea072b69242fe9525daa0f903e6c17361245e5f390fe8ea399 |
| SHA512 | 05357fda3477bd18608b6d23c67bb3d7a93fbe039cd2b6d93c1a56b38f7161005da4965ca1f6f51dbdd99a8bcede701cefc593fbd35eeebcd27e2494ce2a3755 |
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal
| MD5 | 5d0bebd9b42de28cf176f8aa6bc68a6f |
| SHA1 | 7987f60cd8b8c819f9a9766804863338d27c3048 |
| SHA256 | 529909d7e2b25eab2a682461b13401f5183b078e96ca34d05bac762a18de854b |
| SHA512 | 8aa0c4e552688e53ac2f1f345931e7fd8a3b8dc25eed090b003f1a3e13f0ad555a2521a3f92b6152ed293c7a4a89f75f5a31004024e7f8c15035305609bee345 |
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal
| MD5 | ba56587d16951b9705b01a265cd4f31c |
| SHA1 | a62dbf3abe007a6e1c3fd03124165500d20f5034 |
| SHA256 | b593af539dd412126f05d74e17c063ea8ba2418fab8569892e893beb544da5c7 |
| SHA512 | 7a343310b8a303fbea998aeb0c817f456ef1fc01415e7f9ade7b9501be8fab4f790e01b43d43efa4c0fe8c37b20b2af7e4c624ec9f8e2b9de7e527d5da60a639 |
/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal
| MD5 | 6eedbe54e2ff486ca6a30b421c36b485 |
| SHA1 | d59a8f6fd45bc2ac27d08ca041f6289f040700f1 |
| SHA256 | f5ff615105369cad55c730359113c170fad77a090f27e064f41e887d34ff2715 |
| SHA512 | 36b60253f458fcb74338a3b01d93e715db3a4a95ac7ca842b099a94fe25477a3d5fffc0b67afd81dc87d4752190758bb4e9eaf380b87432010a7b9f6a875e933 |
/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db
| MD5 | ae279242f3e8471545a195087d7bf638 |
| SHA1 | 697b7bbb5bb1e57968d1dea8072039833ea7d291 |
| SHA256 | 2bed06e4104057ddc60f11648e99b5b38c83fd41e4c831118c048cdb6e77b1a4 |
| SHA512 | 57e23b9ad0dd9320f67c952b28699d16abb92e947d0570f4fd16cba22554df51175c860ef5ab3e67a03046749bed9910c2643f290b7e491541c545994b33cc28 |
/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal
| MD5 | b0cbabc3b7db5bca65a576dcb6b8a519 |
| SHA1 | dc42842eceb69829df0b7e4848cf44f73c5be854 |
| SHA256 | dce41bbdd0011723ff0c7ede4cedfc489d7ae18f760650d1908b520acf618a23 |
| SHA512 | 0eeb890e348e38ee0b06230ffd357baf2ebb4c05304cb884c4ed07e3ce10feb2028b1e4f345005ce962b1603780eece2ebc4899698a4b02d7462e4054db96382 |
/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal
| MD5 | 5f8ad2dc3eb0cdc2bc2c408359414534 |
| SHA1 | d27c039da8471b8ca59ac02b58d0db123c3cfe5b |
| SHA256 | af9e93937a8cbec3726e25c99254fa5864ca85c96e12709a1c753241aa46453e |
| SHA512 | b57b684068b5575204f32465b165989b59a2d0f430d918db240f69d9843a45ba1651a00bac29fc9249b7fdae02a0083614262254050a0c7ef76378a76c44741c |
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal
| MD5 | 912363ea6d70b23c9204f795bf9e9a61 |
| SHA1 | 5c64dde34e0b4517cbe6b39febfbe4ed03430876 |
| SHA256 | ce83e777df9004890ab3032c72199ce074831609a88bf7f9d95441182fd0c930 |
| SHA512 | 75c9d09aac6266bc6e4b35fa39faf48264dffb2782201e44ab9d73b48906f510160a968c43791cc0aae0f79dd47931c7f0bedeafc0d354b0e6a8ebfcba4a3e24 |
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal
| MD5 | a8d524e9523fbbf9a06bce654f8dd349 |
| SHA1 | 6d2aa75cc20105cc206d6b5559d664b7dcbebc97 |
| SHA256 | de48e8717706dca2ed7d76b3e3e4a71ac43d131cc96b4ecfb6e87ce988992d6e |
| SHA512 | 81f8ef4bcb3ef27c5e2644d3697639b55734c438ab3b6ea2b3f9989b68b33147aa3f26df476b36e17ea5735ea3b0cb8f5591fe9dc54eda6e33818f5ac4f1eafe |
/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal
| MD5 | eda98296a6085aec0319e8da50031c02 |
| SHA1 | b4a800c2e69db42574df65aa0b788a0c35825e36 |
| SHA256 | 132dd5feb1266ec9f251560b899bc488da23406fa7945e01a05e593ec98f49fd |
| SHA512 | f496e00e066dcea879d0b5c983c5851e29381ca8bec248466174e305e200551350b185ec94d7db2d6a23597f753d9ef35545bf3e969ab06aadbf780ea6d803a7 |
/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal
| MD5 | 8e8172a27264e369210d4edc88f90b7a |
| SHA1 | f3ac0b6a351da6b2415037ee17902dfe8b7edb0b |
| SHA256 | 914d3e6c9ce70c9da8e6daf6047dd97cedf0f7b480fab62878d03acabf3d4fa7 |
| SHA512 | 729def483edf6f836506edc4705b31554f47732b344c86f0e924ea97224c34508abcc6d215ece47fbec5782f3042bf1671b5dea86a737b1ef63679d27c5d1e7d |
/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal
| MD5 | 369aaad5607fb82f8b4282534b037a75 |
| SHA1 | 261f9f64e438560b1cd801365e027d20cbf86d81 |
| SHA256 | f008a54da327b34f3a6e0f027c95467139023a1da00a25f45e3c874bdf43c3e5 |
| SHA512 | 39e8ae154fb4fba495c92287345aee75e851a93a4b633c9370bdf46014f4fcb32b46aa941b583eba61e09c6bb313944d3a448e0906ee702dd1f7fbbe67fa9f22 |
/data/data/com.livewallpaper.snow.baransoft/files/unsent_requests
| MD5 | ec8468aceeec21eacf86f946bf54f0f0 |
| SHA1 | ee342743de85d732bc496dd41ea7af76b2007bed |
| SHA256 | db0aa65218291d9ac6b40a7e71d16d4f8467874210a9c55eb8ec6e3e431378d4 |
| SHA512 | 6fb7b84a89a17d09b017f907c017ef95aa266078b7fc9f7edb6c24534832ce003dd078332e40ad7ba910feafae60e3adea16aa1c7edd4aed4b4706a19a349704 |
/data/data/com.livewallpaper.snow.baransoft/files/unsent_requests
| MD5 | b62bf0a1388030382f041c8b92b89294 |
| SHA1 | 2e3505e56e26d6c3cd11a7bcc8e25d03b3e30ac2 |
| SHA256 | a32fe93b6fb6ac27fc162256cc26fd9a0857274cf0274cf780f0d85d5646b81c |
| SHA512 | a1cf77ec1cac633e535243106ac3da237e1bdc50c5ef5afa7fd1cec4212ad62a037c070f9241f722fd49229ac83380c605957212f4d234272d2233a8d866f3c4 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-18 09:07
Reported
2024-04-18 09:10
Platform
android-x64-arm64-20240221-en
Max time kernel
138s
Max time network
168s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | wtfismyip.com | N/A | N/A |
| N/A | wtfismyip.com | N/A | N/A |
| N/A | wtfismyip.com | N/A | N/A |
Reads information about phone network operator.
Processes
com.livewallpaper.snow.baransoft
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | 8e41215e06a14154b677d0212838fb2b.s.adad.ir | udp |
| BE | 74.125.71.188:5228 | tcp | |
| US | 1.1.1.1:53 | udp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | kqybmqaq | udp |
| US | 1.1.1.1:53 | cvjzakmacbouto | udp |
| US | 1.1.1.1:53 | pihvtgwbp | udp |
| US | 1.1.1.1:53 | ca.pushe.co | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | wtfismyip.com | udp |
| CA | 198.27.70.99:443 | wtfismyip.com | tcp |
| CA | 198.27.70.99:443 | wtfismyip.com | tcp |
| GB | 172.217.16.228:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.226:443 | tcp | |
| GB | 142.250.200.14:443 | tcp |
Files
/data/user/0/com.livewallpaper.snow.baransoft/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal
| MD5 | a681f861a4f6f71e53b3754433e8e813 |
| SHA1 | 21a225bdcbc0352e9565e091157f0b8bcedbefe0 |
| SHA256 | 98c0606a8378f43ed74600bd887017631093a9743dc4fd16711cc92bb5cd7ca5 |
| SHA512 | 5cfbcf2ed623e140d9e87dc7d25d79152b6e853502c61a6a36984296d19f8d798ac12b27608220350995b2783280a0755c75dafd91ffd279687f742f0af42632 |
/data/user/0/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db
| MD5 | de1d74a02bc2df69d7b305d3814f951c |
| SHA1 | c911d42734fcee485c8181af54d97428c38889ca |
| SHA256 | 5ea8f1b42cd5fd54efe3e8325f50e73c3e27af31fcf765d613747b65994c00ec |
| SHA512 | 015e8621afbb7b361518ec3b26d944858b73725891ddf2430e79e7f8dfa85a6831815fd1783fa3adcb534b6fe7039d48c150cf2e5adadccd6358db15ea3e5083 |
/data/user/0/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal
| MD5 | 033f7d323507ba8dc862fd38bb2bc5b4 |
| SHA1 | 3e32e7119151bf6efa7b32093053a34f6ded739e |
| SHA256 | 676850073ab30f69693412dd83fd24dfe89ab8aa0b8f346f1b17a7745967138f |
| SHA512 | 8425fa9826f4a7349ccd6f01813e664039a8cdb9d5fb3311531384ab0a292b3a5b098d9d5ac9dc77b5fc5beb6c42e6fe73befb896a10cfd8ebab1d29bf76af1e |
/data/user/0/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal
| MD5 | 5f4d536aabf51116576eb09258ea09b7 |
| SHA1 | acfae9b2d5aeedefcc90a7e39d9b079282345eb4 |
| SHA256 | ca4a82535f99ce629eed7a92b51e68f98c91f6d6214ca09bc2b3b34de716fcbb |
| SHA512 | da72353e527cb6f50ab6e218a193fad2f12a1a1570b3fd927f1aee1ea4b22869e06999c27bd76f1473114f6f35a4bc5254207bee1e414013c4feab016093583b |
/data/user/0/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal
| MD5 | 130b70f7f531ed1fe35ae445b53c672c |
| SHA1 | a0f66bbd58b8c12aec6357ea14cac3e7c1fbc009 |
| SHA256 | ec52aa26e8d790208fecdee0508140eaedffd8237a67fed1abf0cab24d9709f5 |
| SHA512 | 4c1e73d56e645830f9e5dd82c646281f2a897d89aedc890279e8ed735d9f0fda82d19bfd82b61a839b0eb88ac53b5a7fe386cb396b95329efcebb4699663ece5 |
/data/user/0/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal
| MD5 | 7dd12b3f019500f7c338dfb709de7a58 |
| SHA1 | b614e68251c43985f15ab56c11e0ae20da361394 |
| SHA256 | 4770f11cc78f5a1461af93a6f649cb31240b1f593aa68e769cf5c28993056f20 |
| SHA512 | 65c29af356e08d4301da407a98c9452dbb890d66a06b7bb55781bbcae86cae630349fc918e66997f4c5e93508d9939b399f59a59276490a6b5e38fa2dfceeecc |
/data/user/0/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db
| MD5 | 9ed060b96c0c822fb2815199868eafba |
| SHA1 | 4202258b05a6bdeed7bd6287d23312f8dc0653a5 |
| SHA256 | 0deca22c229081b448aeb022415d68e03eeb802596b317f7db82a21dba6ea0b4 |
| SHA512 | 11f4641192ddbf538e2dc203ca0295d816e07856e20b6096276d94472f71373d508dca162b6081126967962cdcf9474e5cb6a117f6fea6529913abd19acbe4e7 |
/data/user/0/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal
| MD5 | da82846e52ae6c9eaa4d080fdf8f6d55 |
| SHA1 | e4888c8dd2a08bd611f7455b1d3e38de1f9f5a79 |
| SHA256 | 6d3e245ff4bee92f2977b83b6dee69a8bbd2689486fce2410dfbef555e087b1d |
| SHA512 | 89243ef86d3c6ada6f208acbefb812ce4adeb412fea71dbcd2a1ff19a4264f88ca00eed2a9aeeddb55d84995eaefcb95e2f793a61ae8322ef659f28f616fc561 |
/data/user/0/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal
| MD5 | 554e99391e8cc7064ca1ab0d2574f365 |
| SHA1 | 720190539bfbffd4971c1d7b6c697d8763710fd1 |
| SHA256 | 497e4d1770fd9c45df05411b21f2997d1d30901948583bedfadfd6887eaf691a |
| SHA512 | 1178e9e351cb0bab608339465dfe3a483dc276221c58b2229898c6b5fdd06d8c3c36e0398d44fd1962fbd319550b2be64dbc147cc36030ed8640c267306c1fb7 |
/data/user/0/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal
| MD5 | 517e4d71e912d9b3f33af2978a23e4be |
| SHA1 | 3629fd5eb4259855da0d63234615622c510635cd |
| SHA256 | 4cda3de92458636217f3914fafffb7cda67bfae4881f5430225c258c0f2d3162 |
| SHA512 | 6b391cb255007c57c874c87f200f47d5763b7948997709af30fe52acebd33984aebfc03281a7b0582ade6a2f7df5103fed0e677d5687a99b408bb068ec1a941f |
/data/user/0/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal
| MD5 | 1939c39de9f42ac0880e96ed1e364d8e |
| SHA1 | dbb293c5baf45d486e509053aec49e2e848b88dc |
| SHA256 | 223fce0cdbd75c885216bd38b76d1562e4a321ff7f40ee371456a96c74120799 |
| SHA512 | d91382af29ec66e0c4ee14bb28a4eeac098f44c8bce13e225b1a17c44f08db1c1458c739a772c9dc3fd8abc2508c1e9536556290881501651fbc4304328491ff |
/data/user/0/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal
| MD5 | 40afa191a386b9fdbf9def9d853efa33 |
| SHA1 | 55c2ae0a196d56b1010e4dd1f6a0462784eb8e44 |
| SHA256 | 9e62360162b11dd8bdf3386c2c1dc5037d9aabc96edb73c3732eaa43a94baf8e |
| SHA512 | 917e3c81fb027b8230cde55d527d8aabf0ef28b581850861c2116d1df7a8cc3b67722c53526d5456ff04c59837390ca5b235b8086d6d3d4a6cfe46f8694b25a3 |
/data/user/0/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal
| MD5 | c60968e4d0ca479c6d3b2e55c3dd59e1 |
| SHA1 | cdf365df64c67521c1a280efb1438a53548a4bc7 |
| SHA256 | 1d9dda4e1171eac71e897b4ccbfde1c3a5d65a906e17215d7514abd26e530e11 |
| SHA512 | 616a93a7dfd64af73df507ed7766089a078da6e67a8b5875dc484f890e3cd3ca58691f7bd53dcbbac022f693f99e5a0884dc3595a468ce95bf624b77c7cdb7d4 |
/data/user/0/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal
| MD5 | 8378096dee9156ba769e3b7cdccdd2bb |
| SHA1 | a74f1d11bd019dc5e13db7a52788f27429610cf6 |
| SHA256 | b68c046a9e5b73a4c0200be241d186d58812211233d7c35e9ea43bf0199a595c |
| SHA512 | 406a0a1480cf52cd37a7847d32a4bff316c4fa8c6edd4dfe8063dcf87adc7bbf31ff0d57d4341e3d6c5ec685d657ebed7b52ccbb9965fc3680bce8266b226e41 |
/data/user/0/com.livewallpaper.snow.baransoft/files/unsent_requests
| MD5 | 721f65621cb8012f4c358b7fe76a436c |
| SHA1 | db89fa0599f47dbefef1d6b10e2dfed90f1ff5ef |
| SHA256 | 07723e66b49e2529c02fa4d0ce43e3c71d67ea0d854014aca4f24846956abd02 |
| SHA512 | 417c89d040f66842dafe8c270436a48263e7b7b55503831befc36a83c781cbb785ec390a77c23d2ca38f20f48f842f2265f15fc46251b44579eff953bb56414b |
/data/user/0/com.livewallpaper.snow.baransoft/files/unsent_requests
| MD5 | 11bc68369137d001daea0a8b63611eff |
| SHA1 | 479e3bdc58e8a8cdd73da47198a7ad67ed063808 |
| SHA256 | 9c53533b23c0dd16633628a243ed0eb132fe4442eb96044db9249a86433661ac |
| SHA512 | fe5d349a36d344cc0a1ebbd6e6540f9a2771b3c68f85ddcacd02706357745fbda6b20d70c1b002f586170fbd1457c51725f556f0f8d69a8b9f8e1b09f330e8af |