Malware Analysis Report

2024-09-09 16:13

Sample ID 240426-vmn97agb83
Target 013f27aedaa260dd3a876637d8094207_JaffaCakes118
SHA256 71bb4b9db79d5b32cb425e68fe2b6181c1f2dbfd6d9bdb605ce0831abfd2c879
Tags
irata banker collection discovery evasion persistence credential_access impact
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

71bb4b9db79d5b32cb425e68fe2b6181c1f2dbfd6d9bdb605ce0831abfd2c879

Threat Level: Known bad

The file 013f27aedaa260dd3a876637d8094207_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

irata banker collection discovery evasion persistence credential_access impact

Irata payload

Irata family

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Obtains sensitive information copied to the device clipboard

Checks CPU information

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Queries the mobile country code (MCC)

Queries information about the current nearby Wi-Fi networks

Reads information about phone network operator.

Checks if the internet connection is available

Requests dangerous framework permissions

Acquires the wake lock

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-26 17:06

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-26 17:06

Reported

2024-04-26 17:09

Platform

android-x86-arm-20240221-en

Max time kernel

17s

Max time network

131s

Command Line

ir.dariadar_iran2018.torshi

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

ir.dariadar_iran2018.torshi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
BE 173.194.76.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 tcp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 bayan313.ir udp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 1.1.1.1:53 gqqvedpyosjvkmp udp
US 1.1.1.1:53 egznvllferr udp
US 1.1.1.1:53 ctawdzkunrzwacd udp
US 162.243.147.245:80 ip.pushe.co tcp

Files

/data/data/ir.dariadar_iran2018.torshi/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal

MD5 d2624630b36f84ec1eb775619cbe4d40
SHA1 3f85fd62b359ef3d3ab8aba1f24126d2b1751032
SHA256 b6ad51e70f56d64913524308572d680e98c088af64eed5fd203262d536c65b82
SHA512 8713fedd1b56c07797d6fd02e4076769fb01717230c61c541f6d6c93e883b0b42470f5ccb89062fd344de345a16d23fe6a381c5d900856189c2ff565a987bb24

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db

MD5 978fdf85b8448e3a7c9015e51477eb49
SHA1 793bb88398dc9457935a4416638d5ed3974baf19
SHA256 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92
SHA512 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-wal

MD5 6bd511fe83657851003b989e7d4dfc4c
SHA1 2a911d5781adcbc56967a7c6c59e24aa96f057d3
SHA256 40e4b953ac5f94faee4bd680b7cc975cddb88fd0efc5aab8614b9b4be8ffabc4
SHA512 2666c4265bff731206c1e2c107e571678675f8dc8de6e1107d38632713980ba1daaece3ebf55cc6301a7a1c753d1b1af6b4eaef5ce5f7b1ce8970157fcd63908

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-wal

MD5 b14e8aecd750dc3e1240405fe62ee226
SHA1 0cbcb769ba42b1b0c44aa9498884164f05352cd6
SHA256 33ec1c86081e9c51604a60d319c69829096fcc268366b5f7e96f2cff0ec71419
SHA512 20c62d57cb438d44c53308ca68052ca015be65f769504c750dd04eee8f87041416228b10a7f0792c8c61370fb40c670ca18d046538f0e120f4180d3e6b02d92d

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db

MD5 91ff8d9d3d986a8b8df41ee4bc38d40d
SHA1 ae406415cac6206eda6aff4b9a6714b72dfce469
SHA256 6b0432db07c0541bfebc45223a7b5d098545195cab42e851573e81681edf92d1
SHA512 73d8b876a9a03074559699d51eb4c2c933578e47b169da63cdcb1ee06515893c1fcf8d6b161c9aa5630bc407744346b553ffc41fb50b8844601396da2dc79b08

/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal

MD5 c7953f7c0f37a98a641223da648bfeab
SHA1 5c9fb117e53f02284242f9a21464e843ac8dd5b0
SHA256 27a1df11381073c23724a79c9abb8fe1857c8d9bdd9febb2550dd404dc763daa
SHA512 0a46292013a1f9469010cf58417cfad3c5da6f0e8b16052e8675f947249df75fba7b8a3cf8f2f0df94fcae9a949fba3673ee162bed4035845cad30f079fbbf3b

/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-wal

MD5 60bd78e6808e7138455886557bab80d3
SHA1 1fc61f4d0612b910ea84ccfba5d3c197da0d2622
SHA256 95ec8d1dfaf52c9847a05b20b1ff5dad46c7768c009a27b3a953c9562247138e
SHA512 573f0be563b59d30c58378c5a58941f62207929cd5071f7c9023cb2c4dc8304d6b738f248bdaa932792e4f76273448ec937ef1a5bb914fffaaa09b5a1d19ab36

/data/data/ir.dariadar_iran2018.torshi/files/4_5942895236148625435.db

MD5 a19c2ee959de591882abee257ee26220
SHA1 8fad45232d955a6f33ee61dfafa3479439e9aa95
SHA256 59923c6db0056021b64d30de21dcb397e00eea13b152e23b18d8dee365f9d5d0
SHA512 ff1a2704d225452873abc5b4a1945a860fb56bbec4d1b17fd1178058a78a9be3647e3aae92cd412985b2703ecf3a2db7240601a7890e217e063c00200bd45d44

/data/data/ir.dariadar_iran2018.torshi/files/4_5942895236148625435.db-journal

MD5 5d90cefe9239a12f76e7f4872ff07325
SHA1 a03ca91f2c4916527f4d2d047b8a579ba7d20bee
SHA256 8191395185d15f43b87d785e1729a8dd48a532ac195d2f5116736692fc3744e7
SHA512 d738de49a6705c78af9bcc1d2fa3e9093470b514bba361a435e0715215f60ea4e0269eebc624f07d037ba2d115ffa417cbc2fdecc459bdda7e2216974151ce94

/data/data/ir.dariadar_iran2018.torshi/files/4_5942895236148625435.db

MD5 18a180bc6e9ad79c5998b84f699c2338
SHA1 dbbc483aaa42ff5300a4bc969f9c7c6bd16adb77
SHA256 d02a4deee22bdf28892dc68896be9ad28bcd29da74aee0d1131c707058b2aaea
SHA512 890abcda9ee5c63eb5f71f8f57adc4d1721b68b9d335ecac287332ab1880d4ed4a2c708753c4236b1f6b595aee477abd207b1e4b421946bff383c89217bcd577

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/1.jpg

MD5 8a591d1d652673aa1e9551a2f9b38b5e
SHA1 9795f3658da39244fe86b15e54d252f21b1fb44f
SHA256 665b6af4c7f437310192b67c861e6873f9ba38d9ca1296a062a3c6b7ff2f0c7e
SHA512 3d27f2185ceda7e99e4044f784e0cb9fb2780fe60ff0d4381e30e2d7698e1db6542176c550ea56950b86bc92e7839e1ff011e20eea4d3b43d0f34d9bae73c2bb

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/2.jpg

MD5 6f9605393f308393f80c6a4ae655994c
SHA1 ccd32dbed41aa506bd010a98436180fb3a3a580f
SHA256 c070d00213311032276f33224558080b43145e2eeaf236037e981afd89409ba9
SHA512 5559ea44c11517710440dba08562cdf5b0740f6be7ff072e6c96657a677cab3c1a5c81e986159f014bf8c8f1054f3ab65f1da02db61e53570db062621802374c

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/3.jpg

MD5 340193296068da8dc7f7f911969bec0a
SHA1 2344e82f0aec3a9d824d0514524bc26426de06b0
SHA256 5c1b26b61b9a05ee3538883782c0c71f0242e8752cfaf6cc630b12c488b90b81
SHA512 3a8cc4a0c17d17b8c239fafc93bc8a27473d22c848bc88dc6cea305f42eec6669a4a4be04ca885e63ac45d5181866cbfb70d44cbada888466a8d28e5b55afb38

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/4.jpg

MD5 543344d007873bf40e78370ed7971035
SHA1 623db729be3ee81f1aa85468999579976faefb77
SHA256 00f2a5834bfbcb56e8e582ae1daf881424cae9e30a5ffe59b1325879ced7876f
SHA512 57a0132b47c07379719002cd03f007424ea51507973eed62ad507b6b2824a439ad9ede2b99830ef5f86943ea88bfdd0f348a98f29afd43b9f6ab4d3b1ca86e8d

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/5.jpg

MD5 fa56ea4497f8a0273f4224b975eac2c8
SHA1 8cfe496b44424566df59d368ac8aafceb449927b
SHA256 add570765cd8a7a600bbb8a18d56a44bfba158e649fcc4fd7cdb2cf9742a42a1
SHA512 298b1679abd0f46a972025f9670450b82b1c8abaf9551da3196e7b51afc176fb3e17596b7c47df85323e6e095d69c533283f47042c1ff8deaf5930445e9151bb

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/6.jpg

MD5 80ea011c7a8a8dd9365bb37c35f43152
SHA1 f05e6718cbfbac12299ede3b0226e3fd86055a76
SHA256 3ffb4ae4bab230d3b52b45b55c4ce5f8118db9c436f79b4fc0995ec6a88f1098
SHA512 28a787c977362aae63db2cf6312037efa5876e475ab95e9dace956518cf46f09729bd2f7b28a752a2eaf9750cabe01924187c3c27876cc48b73b2879b5dca1d8

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/7.jpg

MD5 cd19be2e2be6b3606019c3e3e03b1d3d
SHA1 367fd9ed0fa5059f53f9607499f2449f9b7d3e70
SHA256 ab69dd5f9a6971deac63708035a4380b74e8113c696d4967f2aa81e0b8be240a
SHA512 5198a2256934ee937f512c7a016d0f67ee1bebe914f206596245feb37ac31f4000561b69af6e9a8639e6348c4babb4cba2018ebe99d4fc626189938a58eb33cf

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/8.jpg

MD5 f8bdb1601eda2e6ba23d6028fe096ff0
SHA1 81e852ce080733070355b43752f9b54648e1efb4
SHA256 72f199f552feac75398d6efb1b6d684006b060c790af636aa2709cf083b19960
SHA512 70f6df390f62906f6a0f8574373644929338cdfa3f7df7f24e95049dacac09802a38247ca6f7954087bb62bc691bd609e911b5faffb762d80cc376d7896cf84c

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/9.jpg

MD5 10f7a9fae6a1fd97469df5ec50b7fd14
SHA1 82d09f983006a39ff63bc447e9f27f9ecf9d21d5
SHA256 55f8948bbcf3320e846f0f1b302d23b866a2ab7b5225486662b54ec40d7424e2
SHA512 9e0ea9fe8baac48bbfcb1ed788045a1106c7c718af4a656e8f5c46e7924ab78defbc000b89705f970d1fd0a5ad231501abba0156e912305030269979040aae0c

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/10.jpg

MD5 33e3f224a3b555eca2018318104af0cc
SHA1 db2c6a290cf6b48eda0c2971c3f73c7dfdbeb0a4
SHA256 8b76ac4252194bb308650bf3cbf1b87dec25f89fea8ea6682778662742fe7987
SHA512 b80ad1415f077d5aee81174671c7ee449dfce5749574c8aed9771a54ad37aba1927c2968cb8e555905ab23826fb7c4b529c117eec06e115ac21614603c241084

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/11.jpg

MD5 6faf6324b46dd9fd30bf5643b466bb52
SHA1 0f7c6896defe7b827b0f39f6cb466714153a55bd
SHA256 b60317d3d489845d7b3459f200424c0743cd346d0330881df31efb1cbca6b7fb
SHA512 5356202425ed2611d5954e9d3a443adea711a26247c4a41c9120a035e919ff056d39575b4b885ae023499f5abc3d4229ff5f16d1163b6d760593c60c0039bb0f

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/12.jpg

MD5 ef0881e2d2a6444249f489d75df01b7f
SHA1 b9844a0cd4f5f2a074fc3f9c4960f3a04e863c10
SHA256 26612d75530e83e0f3935b58aea0c0eb9c8c733118eebb7af12564946be200f5
SHA512 e772f10dbd9cd7a449cdfa84ea9607f4973263886e60a7edb86becef3d838bf63ade30760409236c954073b7adf53a3d7684f47f7b38670add798bc89a53a965

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/13.jpg

MD5 2b174b476cef5686db3c0c27c953374a
SHA1 51ee9ce515793dfd8326ae8f658b9ae402b94994
SHA256 0396823bc0c6c2f2b96fbddb8b0c305df671e2d76873d004f5226ca410fbd7ac
SHA512 6a076bbe7a4e908ac47a2ac704537dec8176dca0eccd9b6351a5d5ae08fafab1cd75f6cf8a17b85d83017d452cc917ac6496053eb485e966433d22705a9f11d0

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/14.jpg

MD5 751ddbb053a031d15eb3463d0256c2bf
SHA1 da241acd53250396d6af5ede400f8e56bde82788
SHA256 ca2867c61525ab2487693a8718ffdefa32dfb63b1f508e49647db2c556d84adf
SHA512 017716d337676dfc6255e7d7023ce47ce3ed533cebd121c511fd5ac71d6537f124ebcd4c169ea297f9611b5b93e449f8fae52fb8aa4598b640065ffd37d87cd6

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/15.jpg

MD5 621438bd8b57d903ebca7dfddeb71bcc
SHA1 0e17fe13a66d7bf5f0452ac9bd12e66cf9419eb1
SHA256 3d41cb42eb81da79432a093e5b18d239810ab7e0a78b657a1302139ea99a2bfa
SHA512 58350f17f34da15bf04f942007d91ae7efab97cfd5802ce6ee7558c915c99c84c5d025e79dfaa2a35b60406a5d12d585a4e268adaaea16c3a03c2760f6f28f64

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/16.jpg

MD5 46f772dfa86553d90eb2fe66eea07573
SHA1 257433856c6e4c89a58cefca159363e953a80c00
SHA256 ed0becdc74d2cd02ac10b76d6f91cc4f5f173efa40e93503eee821ea9e626e23
SHA512 78f4fcc3aff819db02c4fbc38be1f09d2c8bb3d18daa45bdf5c9ddab8f2a80385fa30fa146e001fce97ef3cc50f39b0c3fd55d71da069823a20dcb004ea5869b

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/17.jpg

MD5 a4ce1d9f76869fe7e210d361cb86ab91
SHA1 6b53a4f9ed0eb7bb1497d7e14bcdf26308e8184b
SHA256 fb7867fe2ceeef8d49d643aae4fcc52cf4b20a3f1819482c16aa4ab075b3babe
SHA512 928fed3cc2172aee088bac02e4358583e48d82a4052121e9914fcbf24a8f85979928635e34eb0a99a7b411389eab9fa68f55d00bd5e7b51d83c5e1fabd6ecce2

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/18.jpg

MD5 653539559dd6d69900d5b9fd4b656ef7
SHA1 710f53ae799cdde1d6d23abd97e34adae84686bf
SHA256 8e3bb4807d2f5662f5be4f9b0950c8372ebf745c52386dd991178b0daf516749
SHA512 68c8acdace94af0c9451144d7d78f32b9940320a5deec1df1b8090c6c437d2f07814ff672bd1c2d0c10e7746bb2b8c69870c62eb1e8c4e00d3692dba31fe9143

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/19.jpg

MD5 9c05da31c8d7179f1b2e25d18439b22e
SHA1 4df2b743c623318c91d33a6ea99dfd9efb176927
SHA256 d06767c3b9f663d457ac4f12c91e3f0ca1f9065ebfea0f7de479033e0f5016cd
SHA512 2c396e859460e9728b6dd2cc4f6271dbba01d12132442a240eb047748b4531d564c636ba5ae951c0c331062ed465273ec1720e254623ba18c7aef1e2b0eba112

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/20.jpg

MD5 de86a0c25747a960e5d0dbaa39dd1a06
SHA1 2549192bea7eb0d04f7941050e4e89a7f901eba0
SHA256 9fa34a8f2b58b83f16d79166087a76666f9bf9b3582df0192d2a58ae78ba2190
SHA512 a4ba51ce7f5789f3ec484c28d5b0bb5e6d6fd5a056b042bbd95d5001503b7115eb46060beb3931209a7177f36375335f1493d823855aa65fa0e5cd1bd173cbc0

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/21.jpg

MD5 8eae0c4333cc0dfee661eaa2b3bf4964
SHA1 b2b5fc4cfb11548d5b36f2e33211da64c31c1c8f
SHA256 984060cb7d5b0164b7f5ad557383420753c69665d461a5ec3cf9405bcb43b674
SHA512 45ebe119adc27eaa1947860e8c8e58cd9f476d1b50f5f16e45250d66a3d0cf3d65c0fdd891c35cf3112ca8cc833a1a0848108de1bc608bc9deb2919ebf25272e

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/22.jpg

MD5 0600307eda72c9b66963a7e36a2b1ed7
SHA1 48007d9343dad91f62da0761b679ffa6f775431d
SHA256 d4b79433ee76c4fee4610064f86f6d9b1a6155177c91658f13628afeac4335ee
SHA512 97e0c2f2fb7e8535eb5447418f122fc57926a8eaf99702ffb08c55a1f11b36c978b51fb41d393da9b3aef14d36e443345fcfc528a20defd585da4d974c08bbcb

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-wal

MD5 c8c68e8cee599c897e4b3b5a72993bfb
SHA1 54f42b0e535dbc863b223d5306ee2bbc6d35eaf0
SHA256 f3117e6f99e1e87cd763b678c13f036725a5b2e9dfd61210ca6d865f48c91a55
SHA512 d995b94ac9d266ad784ccdb0aa184916fbc2be4830bdcf7be4b83226343b7de9113c80491cee50443f19b8f6816e3ed96f87681a04440ea4918b9e012229ac78

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db

MD5 86a876a8ab9a34eab90144bbb0811909
SHA1 f38c7f33bbfa4c8c05622a5968df3775e541fdd9
SHA256 2d3805aa0a8540fd80b63ad249bcde086e55aa39223ab99db24e90bc233befb0
SHA512 aba6628904461b37b25e8e2aa30fe5aabb6e0692c73c09c7d1e9b9aa5a2c6ac2b33df3f8e513c219a902cd367353ec1aada562ab6fe0abac591bc27e472bde95

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-wal

MD5 2530e5ebe361a38e743e4c2bc5721048
SHA1 ef7b2dfe42eec24c59c4bd950511e664adf0dbe4
SHA256 a23dec523f8c421689832cce3d0df1ea2d4b3d7858e7f74a3e84f0b93b49c0c1
SHA512 40b6127499f16d525282bb6aa9480844be3b8d59f6763757e89e0b59ae32158b17944ccd82a50cf2550f1aaefc398319f2b06c32e8041ee62e4aedf3dc6d078c

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db

MD5 1188c81863ea1d388374816acddec88d
SHA1 01ca91fa133d7928f576944c59a4db18e34ec227
SHA256 40d67802885ec395040ad23c275df636f822019ad84154419cff3f581c67e410
SHA512 7f6b0be4912dc9b8d014f18ed3911fff726a92278299ac1325edfcadc70582418dedc687ea145889ca2c0a35f167e0823b42344979485fff5fd870ceaea485bb

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-wal

MD5 a098786f2011e551f50a96a92d99fd05
SHA1 61c4b76d564ba154d0678f894c505f8294b8f486
SHA256 c1e336fc480c68112138e82239b7c9705410f9f535af3142053b302877ae6877
SHA512 63eb00c708de60b89655064aa2af654f71698fb4998abc4bff253f97c3daafb9083fb232a3ae49309acefee6c84c40cf1b9f54bec6ff215846642241c6e627ac

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db

MD5 a0c6ff9927105b61c913aa724cfd143b
SHA1 ebac17bdbd979c79d778e8219d36d9bc14a3b38a
SHA256 bf63ebd36bbbe92c22dd9dcbe9711edc1aa6166a2b519b7f8f6de451df421f71
SHA512 1a2f13fe0d10154f13e8158af0afbf61de1d8ab7fe2677b4ad0a6ccca32f13f7a69e33afc08da2bcf7ae03df4ebe998d9bc039563a3671633d759dd8bed70f9d

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-wal

MD5 64dd54a6b936f1de9ef01193ae31221c
SHA1 b582f29a6855c8e20078aac3fb13e7ce5cd2f6f8
SHA256 3dc005d6f044650ec47d57b86a31dc20a6ea5a10e16c8040e300fcaacac98850
SHA512 d41e12956713a6678ea038b754f80b378f678ebfdf0de1cfed7305e455495d5b2d495dc8c23aaaf9cf763b15bbcc51b61a52c38f038ddebd1aa0495ea31362b2

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db

MD5 52b244c5f0b1de26f999e7701102f076
SHA1 60d8b9e5b7973c519b601ebed82e451ad9a48c0e
SHA256 80076a4650a937d2530399780ebcd3fa356beedf08c30a36d144016dfb02e80e
SHA512 3ce7ae0fbb9442c2f145eee7d3bb17da192d755b3266ded46b3922661967c212bc5b307878c058a5be4403c3e31fac6860906426b4543bf4dc50baa0ada1e54b

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-26 17:06

Reported

2024-04-26 17:09

Platform

android-x64-20240221-en

Max time kernel

147s

Max time network

163s

Command Line

ir.dariadar_iran2018.torshi

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Processes

ir.dariadar_iran2018.torshi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
BE 108.177.15.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.71.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 1.1.1.1:53 bayan313.ir udp
US 1.1.1.1:53 oqxqhmzvfot udp
US 1.1.1.1:53 szczhgw udp
US 1.1.1.1:53 bdclyzebk udp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 142.250.200.36:443 www.google.com tcp
GB 172.217.169.78:443 tcp
GB 142.250.200.34:443 tcp

Files

/data/data/ir.dariadar_iran2018.torshi/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal

MD5 225566251aace90cf0d0d232db3b7e08
SHA1 526abbc2cbf11cd22c3c120e5b18e5518aaf0904
SHA256 d2e6822b5bf1698c33e3ae8baff07f3bc55e68242d0c7b2a32a2ce39174bb904
SHA512 9675880fe59e6612d41f007d802b7ed8d08d515799c2b2e07f3551904a79c88a3070bdf44b082d2302feb6f79e01de59a149c57cbbc21c340ec22d276a716ceb

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db

MD5 00e829076f54c72b50b63fd6de296a03
SHA1 fbeb1b8be863931f98a7c29224a03b89f9616ab2
SHA256 c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df
SHA512 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal

MD5 1dbc97beb8b52908466498bfe0d16f48
SHA1 337e91a8a5f5a943a548914205802e1ba626004a
SHA256 e2b7fa9d57d959fe575ddb0add48f9e6d86d8937b50da5ed971c3d2c4c83cd77
SHA512 33d6898383f40af340330f928a9f9a54741c2dc7145eaf70ac536bd169e358fb8d2ca4ddc6f75d82265c63838b5e5239fbbfcaae3db508fa5610410fc67de457

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal

MD5 597374594587b7861d315b6972146c70
SHA1 527e860367c353d4c0dfc56ff621a047392b7875
SHA256 110bfbb1512d0ee6f6971a8672d416a888d62cc9483193826549672119702625
SHA512 e80574927179837c46336b037911394fd59a4a1ba1f86d288f2adf4dca6fa1ebe68b84495543221f55b918b7623c9d1232f859854a2afd86e8ae88766540c429

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal

MD5 d40db740f70bb2bede44a3658b808c92
SHA1 0617d50af2f7d596d3bbedd0bc7ad66bc4b79d20
SHA256 9c4171183e1c9dacae9e769ab2bad90f86faf71d2b9080697a5a2be68934127d
SHA512 a96eed68cec19fa6697a688b848ec43e8ff57a29e758bd0165e6802c1ba4394e6267c669a24d6b95294fd48b6e78dca7483c9590b80d3a1a97107ebb03adb069

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db

MD5 9723abf7d0fec221b7062d82d39f15e2
SHA1 5be8907dc7dc319c37213c477eee83c059e8faf6
SHA256 db977c510eb449571e22669fc460a0faf620ced8f274a7774602d6069d7c9688
SHA512 bcb9645f507bc6a22208c15189d93c2488eb25e4888978dc1b34befb55ce3bc9e22c7c2b9848fa2f3bf75b8284300f8c618b98c1d2f1f379fe0f23c175bb775a

/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal

MD5 cea5972f5ec21bc5f3d497bacc70851d
SHA1 93aaa86567286413751c1bceb0a61199cfe0ca26
SHA256 dce11c692a43d8c8720747aead25075bc283f16e48ffc14a74a7a12a25577fa9
SHA512 bccf0dc14eb9e401139c77f4cfd205377e3ff95e11d5f8d1d700fec7f0bb0980e5e6c577c992e2475fd53f6521aca57390f4e5e3f2c135d07a65a6965c699b92

/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db

MD5 63203db6bd8faf07010a8540c4f45283
SHA1 101f9ea5a3854df3acd0942c7d02ffec0eded454
SHA256 d54c6e8784f4dd94952485b9318770d747c94374860ebbbfa9f3c448c9b6ff19
SHA512 b95bcb8878fd3d6e78927aff51d335091f6ec96d08eff5c06dc8f7dcf081411c6ad5e35a434e1a658eaf9ae7f8bf5f01fd38ce25605637f3ece939c0664e4ff8

/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal

MD5 b6ec8323e98df9eedcb563862ecb3e50
SHA1 acd2c37ed00ce18db19d85aed526504ab5cd7272
SHA256 aa1735e51ecfdf8613c15b31434e74dc20f2681156c9c02a3a074f64d2c2c7f0
SHA512 73afe3642d5d70325b8f37fb2746783171268abc71c6882a6d4141e84e623aefca07d588fbc30fa172a531f36949843ac46e69c139d734df98411a711ecb9fd1

/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal

MD5 f1474a241940a22cc4d9adc4aca7c87e
SHA1 3b572c0fdadac9aef5500c16125af5bf42be487c
SHA256 a529c74907c9511940dead0c5c3676812c5b4c0ffc2ff5702304f8838fb0f848
SHA512 1c355de29417516e0ad88a77ecd3348a3f3e9cdd315c0978252cabf89571df441573bbf0806a3e0781ffee0203996979ccc7d3f6fbe2cb7ad04a559d5fcd3f40

/data/data/ir.dariadar_iran2018.torshi/files/4_5942895236148625435.db

MD5 a19c2ee959de591882abee257ee26220
SHA1 8fad45232d955a6f33ee61dfafa3479439e9aa95
SHA256 59923c6db0056021b64d30de21dcb397e00eea13b152e23b18d8dee365f9d5d0
SHA512 ff1a2704d225452873abc5b4a1945a860fb56bbec4d1b17fd1178058a78a9be3647e3aae92cd412985b2703ecf3a2db7240601a7890e217e063c00200bd45d44

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/1.jpg

MD5 8a591d1d652673aa1e9551a2f9b38b5e
SHA1 9795f3658da39244fe86b15e54d252f21b1fb44f
SHA256 665b6af4c7f437310192b67c861e6873f9ba38d9ca1296a062a3c6b7ff2f0c7e
SHA512 3d27f2185ceda7e99e4044f784e0cb9fb2780fe60ff0d4381e30e2d7698e1db6542176c550ea56950b86bc92e7839e1ff011e20eea4d3b43d0f34d9bae73c2bb

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/2.jpg

MD5 6f9605393f308393f80c6a4ae655994c
SHA1 ccd32dbed41aa506bd010a98436180fb3a3a580f
SHA256 c070d00213311032276f33224558080b43145e2eeaf236037e981afd89409ba9
SHA512 5559ea44c11517710440dba08562cdf5b0740f6be7ff072e6c96657a677cab3c1a5c81e986159f014bf8c8f1054f3ab65f1da02db61e53570db062621802374c

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/3.jpg

MD5 340193296068da8dc7f7f911969bec0a
SHA1 2344e82f0aec3a9d824d0514524bc26426de06b0
SHA256 5c1b26b61b9a05ee3538883782c0c71f0242e8752cfaf6cc630b12c488b90b81
SHA512 3a8cc4a0c17d17b8c239fafc93bc8a27473d22c848bc88dc6cea305f42eec6669a4a4be04ca885e63ac45d5181866cbfb70d44cbada888466a8d28e5b55afb38

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/4.jpg

MD5 543344d007873bf40e78370ed7971035
SHA1 623db729be3ee81f1aa85468999579976faefb77
SHA256 00f2a5834bfbcb56e8e582ae1daf881424cae9e30a5ffe59b1325879ced7876f
SHA512 57a0132b47c07379719002cd03f007424ea51507973eed62ad507b6b2824a439ad9ede2b99830ef5f86943ea88bfdd0f348a98f29afd43b9f6ab4d3b1ca86e8d

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/5.jpg

MD5 fa56ea4497f8a0273f4224b975eac2c8
SHA1 8cfe496b44424566df59d368ac8aafceb449927b
SHA256 add570765cd8a7a600bbb8a18d56a44bfba158e649fcc4fd7cdb2cf9742a42a1
SHA512 298b1679abd0f46a972025f9670450b82b1c8abaf9551da3196e7b51afc176fb3e17596b7c47df85323e6e095d69c533283f47042c1ff8deaf5930445e9151bb

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/6.jpg

MD5 80ea011c7a8a8dd9365bb37c35f43152
SHA1 f05e6718cbfbac12299ede3b0226e3fd86055a76
SHA256 3ffb4ae4bab230d3b52b45b55c4ce5f8118db9c436f79b4fc0995ec6a88f1098
SHA512 28a787c977362aae63db2cf6312037efa5876e475ab95e9dace956518cf46f09729bd2f7b28a752a2eaf9750cabe01924187c3c27876cc48b73b2879b5dca1d8

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/7.jpg

MD5 cd19be2e2be6b3606019c3e3e03b1d3d
SHA1 367fd9ed0fa5059f53f9607499f2449f9b7d3e70
SHA256 ab69dd5f9a6971deac63708035a4380b74e8113c696d4967f2aa81e0b8be240a
SHA512 5198a2256934ee937f512c7a016d0f67ee1bebe914f206596245feb37ac31f4000561b69af6e9a8639e6348c4babb4cba2018ebe99d4fc626189938a58eb33cf

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/8.jpg

MD5 f8bdb1601eda2e6ba23d6028fe096ff0
SHA1 81e852ce080733070355b43752f9b54648e1efb4
SHA256 72f199f552feac75398d6efb1b6d684006b060c790af636aa2709cf083b19960
SHA512 70f6df390f62906f6a0f8574373644929338cdfa3f7df7f24e95049dacac09802a38247ca6f7954087bb62bc691bd609e911b5faffb762d80cc376d7896cf84c

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/9.jpg

MD5 10f7a9fae6a1fd97469df5ec50b7fd14
SHA1 82d09f983006a39ff63bc447e9f27f9ecf9d21d5
SHA256 55f8948bbcf3320e846f0f1b302d23b866a2ab7b5225486662b54ec40d7424e2
SHA512 9e0ea9fe8baac48bbfcb1ed788045a1106c7c718af4a656e8f5c46e7924ab78defbc000b89705f970d1fd0a5ad231501abba0156e912305030269979040aae0c

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/10.jpg

MD5 33e3f224a3b555eca2018318104af0cc
SHA1 db2c6a290cf6b48eda0c2971c3f73c7dfdbeb0a4
SHA256 8b76ac4252194bb308650bf3cbf1b87dec25f89fea8ea6682778662742fe7987
SHA512 b80ad1415f077d5aee81174671c7ee449dfce5749574c8aed9771a54ad37aba1927c2968cb8e555905ab23826fb7c4b529c117eec06e115ac21614603c241084

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/11.jpg

MD5 6faf6324b46dd9fd30bf5643b466bb52
SHA1 0f7c6896defe7b827b0f39f6cb466714153a55bd
SHA256 b60317d3d489845d7b3459f200424c0743cd346d0330881df31efb1cbca6b7fb
SHA512 5356202425ed2611d5954e9d3a443adea711a26247c4a41c9120a035e919ff056d39575b4b885ae023499f5abc3d4229ff5f16d1163b6d760593c60c0039bb0f

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/12.jpg

MD5 ef0881e2d2a6444249f489d75df01b7f
SHA1 b9844a0cd4f5f2a074fc3f9c4960f3a04e863c10
SHA256 26612d75530e83e0f3935b58aea0c0eb9c8c733118eebb7af12564946be200f5
SHA512 e772f10dbd9cd7a449cdfa84ea9607f4973263886e60a7edb86becef3d838bf63ade30760409236c954073b7adf53a3d7684f47f7b38670add798bc89a53a965

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/13.jpg

MD5 2b174b476cef5686db3c0c27c953374a
SHA1 51ee9ce515793dfd8326ae8f658b9ae402b94994
SHA256 0396823bc0c6c2f2b96fbddb8b0c305df671e2d76873d004f5226ca410fbd7ac
SHA512 6a076bbe7a4e908ac47a2ac704537dec8176dca0eccd9b6351a5d5ae08fafab1cd75f6cf8a17b85d83017d452cc917ac6496053eb485e966433d22705a9f11d0

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/14.jpg

MD5 751ddbb053a031d15eb3463d0256c2bf
SHA1 da241acd53250396d6af5ede400f8e56bde82788
SHA256 ca2867c61525ab2487693a8718ffdefa32dfb63b1f508e49647db2c556d84adf
SHA512 017716d337676dfc6255e7d7023ce47ce3ed533cebd121c511fd5ac71d6537f124ebcd4c169ea297f9611b5b93e449f8fae52fb8aa4598b640065ffd37d87cd6

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/15.jpg

MD5 621438bd8b57d903ebca7dfddeb71bcc
SHA1 0e17fe13a66d7bf5f0452ac9bd12e66cf9419eb1
SHA256 3d41cb42eb81da79432a093e5b18d239810ab7e0a78b657a1302139ea99a2bfa
SHA512 58350f17f34da15bf04f942007d91ae7efab97cfd5802ce6ee7558c915c99c84c5d025e79dfaa2a35b60406a5d12d585a4e268adaaea16c3a03c2760f6f28f64

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/16.jpg

MD5 46f772dfa86553d90eb2fe66eea07573
SHA1 257433856c6e4c89a58cefca159363e953a80c00
SHA256 ed0becdc74d2cd02ac10b76d6f91cc4f5f173efa40e93503eee821ea9e626e23
SHA512 78f4fcc3aff819db02c4fbc38be1f09d2c8bb3d18daa45bdf5c9ddab8f2a80385fa30fa146e001fce97ef3cc50f39b0c3fd55d71da069823a20dcb004ea5869b

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/17.jpg

MD5 a4ce1d9f76869fe7e210d361cb86ab91
SHA1 6b53a4f9ed0eb7bb1497d7e14bcdf26308e8184b
SHA256 fb7867fe2ceeef8d49d643aae4fcc52cf4b20a3f1819482c16aa4ab075b3babe
SHA512 928fed3cc2172aee088bac02e4358583e48d82a4052121e9914fcbf24a8f85979928635e34eb0a99a7b411389eab9fa68f55d00bd5e7b51d83c5e1fabd6ecce2

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/18.jpg

MD5 653539559dd6d69900d5b9fd4b656ef7
SHA1 710f53ae799cdde1d6d23abd97e34adae84686bf
SHA256 8e3bb4807d2f5662f5be4f9b0950c8372ebf745c52386dd991178b0daf516749
SHA512 68c8acdace94af0c9451144d7d78f32b9940320a5deec1df1b8090c6c437d2f07814ff672bd1c2d0c10e7746bb2b8c69870c62eb1e8c4e00d3692dba31fe9143

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/19.jpg

MD5 9c05da31c8d7179f1b2e25d18439b22e
SHA1 4df2b743c623318c91d33a6ea99dfd9efb176927
SHA256 d06767c3b9f663d457ac4f12c91e3f0ca1f9065ebfea0f7de479033e0f5016cd
SHA512 2c396e859460e9728b6dd2cc4f6271dbba01d12132442a240eb047748b4531d564c636ba5ae951c0c331062ed465273ec1720e254623ba18c7aef1e2b0eba112

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/20.jpg

MD5 de86a0c25747a960e5d0dbaa39dd1a06
SHA1 2549192bea7eb0d04f7941050e4e89a7f901eba0
SHA256 9fa34a8f2b58b83f16d79166087a76666f9bf9b3582df0192d2a58ae78ba2190
SHA512 a4ba51ce7f5789f3ec484c28d5b0bb5e6d6fd5a056b042bbd95d5001503b7115eb46060beb3931209a7177f36375335f1493d823855aa65fa0e5cd1bd173cbc0

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/21.jpg

MD5 8eae0c4333cc0dfee661eaa2b3bf4964
SHA1 b2b5fc4cfb11548d5b36f2e33211da64c31c1c8f
SHA256 984060cb7d5b0164b7f5ad557383420753c69665d461a5ec3cf9405bcb43b674
SHA512 45ebe119adc27eaa1947860e8c8e58cd9f476d1b50f5f16e45250d66a3d0cf3d65c0fdd891c35cf3112ca8cc833a1a0848108de1bc608bc9deb2919ebf25272e

/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/22.jpg

MD5 0600307eda72c9b66963a7e36a2b1ed7
SHA1 48007d9343dad91f62da0761b679ffa6f775431d
SHA256 d4b79433ee76c4fee4610064f86f6d9b1a6155177c91658f13628afeac4335ee
SHA512 97e0c2f2fb7e8535eb5447418f122fc57926a8eaf99702ffb08c55a1f11b36c978b51fb41d393da9b3aef14d36e443345fcfc528a20defd585da4d974c08bbcb

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal

MD5 f14846bc4ba18f4459911791c788a778
SHA1 d3360cd1e4b001de219c8c3343060887e8d73ad9
SHA256 84ed7890f63440c0a375cabb62668505112e401e1dd28bb7633ac33c14dd1f9a
SHA512 90e6dd1a7f6cafb18345ebc157281669491a8e3b5cef504a199b79a9fa2965e4ae3e71d101dcdc339ff9340ad43c02cd60db1d94b17895179e8d80a772df4715

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db

MD5 5eff8aeb42b3268091a4a1bfc14cec56
SHA1 5518ff54d09b0b7622fc203978caf7a820f961cc
SHA256 40b8fb8260ab912703a0f3b7e481052099611ea8aad1e3d279b7e8aca878e6eb
SHA512 614e30b86837928d274066434b3638fcf1ad6bf2a95a982d470df38c4ff46622c17ad1636d26e113078966cbca242415ce931d7434fac705f56fafb825ebe32e

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal

MD5 bad09a50b44956323916bfc13efc33a4
SHA1 87624a2101fd816a63770fb77e079ed7c10b75af
SHA256 54507cbf917eb9c47d711dcd11c1321adbd8b3f8f29d9fed57ac794d11937363
SHA512 e265c2c5bb8436bb62606ba58c240d01d1561e2d0d961ff07ea865c958ec7950ce0b823ca3d65c7b414ee3413d37d37129159e46d7a2a4de3ad65a0ce854b527

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db

MD5 4f9b6d8b04e9ec0906e17187f0902ea3
SHA1 5006bbc4fcd6a7f973d5a47a19b1dedc986d5c37
SHA256 c9a38f694278bfd710a7342e8b16b38ab6ce43cd07006aa3275cb41b4cbebc26
SHA512 c042b6632318b8b14d7f4d3428b5225ec486fb9af245824b9bab37761384f3e1f542363ef3d917b8e7753ec6290d0352e519e3b4121daf777613e5f1720a3a46

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db

MD5 78c1f298a73df21d42ceb19ce502ab86
SHA1 8fd230b39896b15190abdb21c559ea657cd3e189
SHA256 ca14b0f17bdcadd4d8d4291e3d1168c88bf272ca04681c2b97215ede407edf7c
SHA512 6bcc49df79e9ad7032023f8abb9fc89c84796fec58e054397b24df975a8592ac505fc391f6b8ef887a2b9329c4a03ac45eaa986eea102c4d8f38e22ed0c9d61e

/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db

MD5 f717e284a3db8e00201c104b314b8334
SHA1 19cf9593f3eaee431bfc5cb2ab63227ba764d6bd
SHA256 e7c1a7badce5607c6aa89580bff1fd68cc22633c0955e51918c0e8faad3d34e9
SHA512 d871add158e5fc5ae47d64806d18ab0df7089eb197454658594c64e14ff96dfe94988ecb68a4b2aebf40f1c17544af3b6ff9f3d9c7c4d77c253940141a35d843

/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal

MD5 90e4c7d670306b4d1e7b402bc3495914
SHA1 d3e4df039db669a1f317ce83e4cf6599a9117ff7
SHA256 10260ab1c4fea7d094180b874ed7e68516418c7b6deb292a6bcefc08b6b9881a
SHA512 2741f60339f54342785aea83f826da9107e599af3684ec9f458c60c59f37fe2e2b92bbf267bba0ebf8ffb34498456ed523a231921ae2a6b8c35328e19b1185b1

/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal

MD5 f9741295ff23da889035e703c326565a
SHA1 e9352dedc0cf52b45490748b05a5a45903de6577
SHA256 aba209cb742e2ead24804ea3a82d0c9903548f94d99d3bf76b879887739fd97c
SHA512 215997f5caf384f730b923e22cf6831615dc24f212a4d04255628d4f38474b540157e12cda9536148045f4e9f990a7949e0c2287cf2cf29369c65cee36caa893

/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal

MD5 ad813b9e39775ab7ddedd4b2b9fae729
SHA1 c1ec43eb8148b57f7ed097e9b148d1a4317dc18f
SHA256 093bc2d0295a9cd907197a08916476feeebda242ed556e2e55db5198b2785d47
SHA512 f6174553a63461344d76aaa4c3bf42f1de726aa9983aed9cf8ed7a492355ce40dae26de5ad0aa10631c9a6e515d90d06e8a23b494b5fd20a1062a7462f7b4de5

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-26 17:06

Reported

2024-04-26 17:09

Platform

android-x64-arm64-20240221-en

Max time kernel

4s

Max time network

150s

Command Line

ir.dariadar_iran2018.torshi

Signatures

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

ir.dariadar_iran2018.torshi

Network

Country Destination Domain Proto
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 udp
GB 142.250.200.14:443 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 ca.pushe.ir udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 142.251.168.84:443 accounts.google.com tcp
US 1.1.1.1:53 yiijnnb udp
US 1.1.1.1:53 odfvnttbqpltfaq udp
US 1.1.1.1:53 yewudnoedxgtpz udp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 172.217.16.228:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp

Files

/data/user/0/ir.dariadar_iran2018.torshi/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal

MD5 12bd99e54b2599c48e3e362d95e91295
SHA1 a4062e192eb4cbd059b1003470afa9a9490ef3f8
SHA256 589e2b19ad98e0a6c19fbc1af434f7754d2bfa012534acc65202cc805531a018
SHA512 93cc97454de843829ac64424f9f886795f8af1db2a386ad48ff8f3cdee2f6afbfa6e003492b27a23baa3907e41074e1db77d7bded69676dbab95bd3f9ae7e3dc

/data/user/0/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db

MD5 47080e3bfcf2db9b8620f2faf6c5857a
SHA1 6f63c1851255e0fa99567f047382074b086d38bc
SHA256 dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb
SHA512 e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

/data/user/0/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal

MD5 657876ab8f0b83de449e35eed8bd31db
SHA1 c7504e05565c1e920841957ac1decd07ce4dbc21
SHA256 679b3c68f94c641eca894b090650a766f686ca041ce632eb1746734bb2651bef
SHA512 1d4dc945c1763166a5a368c230eaf1fba4677e57cfc5fec8d1725e5401540d67b9ebfedc423aebf343f8eb0e2b3c3b5a35ec7b9809f3543b6e81c653fd32ae69

/data/user/0/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal

MD5 1d473647578e6e9142e40486727dd367
SHA1 a242faabf90487ca5c574d5671917818df49d822
SHA256 339c3f6ddd71459c94c821bff9427731d7ebc9be0f8ea4da3885b2c2f33683a3
SHA512 772cc2f9fd427a62c934e724789c9eda22086fd1f00a6eb8fef373686e2ae5272bc4691b6f7adfddbb8828960a5bfbb093609c4901a5d77ba8a462a2203a184d

/data/user/0/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal

MD5 f2ed884f02ef9c5b312b3680bf9f0b5d
SHA1 cfa75bf6582110349316e1431dc4c7262bd4a9bf
SHA256 5f801334e405795c2ceebc82a27c1274615d9f8e06844e699b7c2e5ef84360af
SHA512 d0eba3561ea6852d26e11e3dabfe01c06c70a79789bf57eda1db4965f43d5b0ddcd35c94c86715cb928c1b60ba3e6d8dc212fd1e0f5c526ad79723862091a738

/data/user/0/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db

MD5 246f732961e2b87c5478837eabbc9c26
SHA1 e6fcd5310ff5bfcd49db55c41d0dd1bd9945a13a
SHA256 ba6f597a4b192e7c154602a5e1dfe28fc59672fb2a3175776ec37a86bfe578f2
SHA512 ace0e3e6fb9861a9d574ab182079955d51cf53cd5c4a63e016633326d302dae68097c36bd92181a382ae2d059693cc534b07330141318f5ed8a836fda01d48d2

/data/user/0/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal

MD5 9f35fffe68fa40bcb02920fa04958b67
SHA1 3d08c21bf15309983c096f841548e1489f7e49e0
SHA256 b4ce0f15feef5e60142491262d5409a625101d77e859f224fadb2f943d0691d3
SHA512 5aa8326006b7831186e3b5613a234bc493075b4cefd01ccda9ffe2118019209d55fb2747283f615633c18501234ea651683808f4882fb7f819b229bfce78bc29

/data/user/0/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db

MD5 2cdf77d5c14dd3f313b60c691579a0b9
SHA1 6a74a7a3170cabead82152871c90749afdd6f310
SHA256 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0
SHA512 eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c

/data/user/0/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal

MD5 00aa1066a4e00775f5e16f7a7c2b1d27
SHA1 609e8cfd7705561546b9f11546762d938c290db3
SHA256 ebc81c2f618752e81db1b92fcd42087e89ea535fa9d7c97b9abf314256899330
SHA512 cfde5b2ae182b78031585c9378a3f26e11d18d3f68ad2566c83c8b614231fd417deffbaed90f5d4615bce6e47e0c5f263e524fd874d5cabe7376809b785d06c1

/data/user/0/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal

MD5 3a7e2861da9a373f9073babbc20a3cb9
SHA1 dc135c7940160d9646cb5e823297a625f1329398
SHA256 2c10f31a2a0c05089bdf50c4fb6cb08a56f66008ce5a72b7a882d228c7a559b2
SHA512 ae2bad3d3374967bbd8c9590be4ce9ef1c1ad4222d2bf0170cb4fc8914d1c994e7b7c45249b5d5d7f318b8fd7f881cf92101a8b57cfea140b019f9432baf8cde

/data/user/0/ir.dariadar_iran2018.torshi/files/4_5942895236148625435.db

MD5 a19c2ee959de591882abee257ee26220
SHA1 8fad45232d955a6f33ee61dfafa3479439e9aa95
SHA256 59923c6db0056021b64d30de21dcb397e00eea13b152e23b18d8dee365f9d5d0
SHA512 ff1a2704d225452873abc5b4a1945a860fb56bbec4d1b17fd1178058a78a9be3647e3aae92cd412985b2703ecf3a2db7240601a7890e217e063c00200bd45d44