Analysis Overview
SHA256
71bb4b9db79d5b32cb425e68fe2b6181c1f2dbfd6d9bdb605ce0831abfd2c879
Threat Level: Known bad
The file 013f27aedaa260dd3a876637d8094207_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata family
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
Obtains sensitive information copied to the device clipboard
Checks CPU information
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
Queries the mobile country code (MCC)
Queries information about the current nearby Wi-Fi networks
Reads information about phone network operator.
Checks if the internet connection is available
Requests dangerous framework permissions
Acquires the wake lock
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-04-26 17:06
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-26 17:06
Reported
2024-04-26 17:09
Platform
android-x86-arm-20240221-en
Max time kernel
17s
Max time network
131s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
ir.dariadar_iran2018.torshi
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| BE | 173.194.76.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | bayan313.ir | udp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | gqqvedpyosjvkmp | udp |
| US | 1.1.1.1:53 | egznvllferr | udp |
| US | 1.1.1.1:53 | ctawdzkunrzwacd | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
Files
/data/data/ir.dariadar_iran2018.torshi/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal
| MD5 | d2624630b36f84ec1eb775619cbe4d40 |
| SHA1 | 3f85fd62b359ef3d3ab8aba1f24126d2b1751032 |
| SHA256 | b6ad51e70f56d64913524308572d680e98c088af64eed5fd203262d536c65b82 |
| SHA512 | 8713fedd1b56c07797d6fd02e4076769fb01717230c61c541f6d6c93e883b0b42470f5ccb89062fd344de345a16d23fe6a381c5d900856189c2ff565a987bb24 |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db
| MD5 | 978fdf85b8448e3a7c9015e51477eb49 |
| SHA1 | 793bb88398dc9457935a4416638d5ed3974baf19 |
| SHA256 | 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92 |
| SHA512 | 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38 |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-wal
| MD5 | 6bd511fe83657851003b989e7d4dfc4c |
| SHA1 | 2a911d5781adcbc56967a7c6c59e24aa96f057d3 |
| SHA256 | 40e4b953ac5f94faee4bd680b7cc975cddb88fd0efc5aab8614b9b4be8ffabc4 |
| SHA512 | 2666c4265bff731206c1e2c107e571678675f8dc8de6e1107d38632713980ba1daaece3ebf55cc6301a7a1c753d1b1af6b4eaef5ce5f7b1ce8970157fcd63908 |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-wal
| MD5 | b14e8aecd750dc3e1240405fe62ee226 |
| SHA1 | 0cbcb769ba42b1b0c44aa9498884164f05352cd6 |
| SHA256 | 33ec1c86081e9c51604a60d319c69829096fcc268366b5f7e96f2cff0ec71419 |
| SHA512 | 20c62d57cb438d44c53308ca68052ca015be65f769504c750dd04eee8f87041416228b10a7f0792c8c61370fb40c670ca18d046538f0e120f4180d3e6b02d92d |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db
| MD5 | 91ff8d9d3d986a8b8df41ee4bc38d40d |
| SHA1 | ae406415cac6206eda6aff4b9a6714b72dfce469 |
| SHA256 | 6b0432db07c0541bfebc45223a7b5d098545195cab42e851573e81681edf92d1 |
| SHA512 | 73d8b876a9a03074559699d51eb4c2c933578e47b169da63cdcb1ee06515893c1fcf8d6b161c9aa5630bc407744346b553ffc41fb50b8844601396da2dc79b08 |
/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal
| MD5 | c7953f7c0f37a98a641223da648bfeab |
| SHA1 | 5c9fb117e53f02284242f9a21464e843ac8dd5b0 |
| SHA256 | 27a1df11381073c23724a79c9abb8fe1857c8d9bdd9febb2550dd404dc763daa |
| SHA512 | 0a46292013a1f9469010cf58417cfad3c5da6f0e8b16052e8675f947249df75fba7b8a3cf8f2f0df94fcae9a949fba3673ee162bed4035845cad30f079fbbf3b |
/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-wal
| MD5 | 60bd78e6808e7138455886557bab80d3 |
| SHA1 | 1fc61f4d0612b910ea84ccfba5d3c197da0d2622 |
| SHA256 | 95ec8d1dfaf52c9847a05b20b1ff5dad46c7768c009a27b3a953c9562247138e |
| SHA512 | 573f0be563b59d30c58378c5a58941f62207929cd5071f7c9023cb2c4dc8304d6b738f248bdaa932792e4f76273448ec937ef1a5bb914fffaaa09b5a1d19ab36 |
/data/data/ir.dariadar_iran2018.torshi/files/4_5942895236148625435.db
| MD5 | a19c2ee959de591882abee257ee26220 |
| SHA1 | 8fad45232d955a6f33ee61dfafa3479439e9aa95 |
| SHA256 | 59923c6db0056021b64d30de21dcb397e00eea13b152e23b18d8dee365f9d5d0 |
| SHA512 | ff1a2704d225452873abc5b4a1945a860fb56bbec4d1b17fd1178058a78a9be3647e3aae92cd412985b2703ecf3a2db7240601a7890e217e063c00200bd45d44 |
/data/data/ir.dariadar_iran2018.torshi/files/4_5942895236148625435.db-journal
| MD5 | 5d90cefe9239a12f76e7f4872ff07325 |
| SHA1 | a03ca91f2c4916527f4d2d047b8a579ba7d20bee |
| SHA256 | 8191395185d15f43b87d785e1729a8dd48a532ac195d2f5116736692fc3744e7 |
| SHA512 | d738de49a6705c78af9bcc1d2fa3e9093470b514bba361a435e0715215f60ea4e0269eebc624f07d037ba2d115ffa417cbc2fdecc459bdda7e2216974151ce94 |
/data/data/ir.dariadar_iran2018.torshi/files/4_5942895236148625435.db
| MD5 | 18a180bc6e9ad79c5998b84f699c2338 |
| SHA1 | dbbc483aaa42ff5300a4bc969f9c7c6bd16adb77 |
| SHA256 | d02a4deee22bdf28892dc68896be9ad28bcd29da74aee0d1131c707058b2aaea |
| SHA512 | 890abcda9ee5c63eb5f71f8f57adc4d1721b68b9d335ecac287332ab1880d4ed4a2c708753c4236b1f6b595aee477abd207b1e4b421946bff383c89217bcd577 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/1.jpg
| MD5 | 8a591d1d652673aa1e9551a2f9b38b5e |
| SHA1 | 9795f3658da39244fe86b15e54d252f21b1fb44f |
| SHA256 | 665b6af4c7f437310192b67c861e6873f9ba38d9ca1296a062a3c6b7ff2f0c7e |
| SHA512 | 3d27f2185ceda7e99e4044f784e0cb9fb2780fe60ff0d4381e30e2d7698e1db6542176c550ea56950b86bc92e7839e1ff011e20eea4d3b43d0f34d9bae73c2bb |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/2.jpg
| MD5 | 6f9605393f308393f80c6a4ae655994c |
| SHA1 | ccd32dbed41aa506bd010a98436180fb3a3a580f |
| SHA256 | c070d00213311032276f33224558080b43145e2eeaf236037e981afd89409ba9 |
| SHA512 | 5559ea44c11517710440dba08562cdf5b0740f6be7ff072e6c96657a677cab3c1a5c81e986159f014bf8c8f1054f3ab65f1da02db61e53570db062621802374c |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/3.jpg
| MD5 | 340193296068da8dc7f7f911969bec0a |
| SHA1 | 2344e82f0aec3a9d824d0514524bc26426de06b0 |
| SHA256 | 5c1b26b61b9a05ee3538883782c0c71f0242e8752cfaf6cc630b12c488b90b81 |
| SHA512 | 3a8cc4a0c17d17b8c239fafc93bc8a27473d22c848bc88dc6cea305f42eec6669a4a4be04ca885e63ac45d5181866cbfb70d44cbada888466a8d28e5b55afb38 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/4.jpg
| MD5 | 543344d007873bf40e78370ed7971035 |
| SHA1 | 623db729be3ee81f1aa85468999579976faefb77 |
| SHA256 | 00f2a5834bfbcb56e8e582ae1daf881424cae9e30a5ffe59b1325879ced7876f |
| SHA512 | 57a0132b47c07379719002cd03f007424ea51507973eed62ad507b6b2824a439ad9ede2b99830ef5f86943ea88bfdd0f348a98f29afd43b9f6ab4d3b1ca86e8d |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/5.jpg
| MD5 | fa56ea4497f8a0273f4224b975eac2c8 |
| SHA1 | 8cfe496b44424566df59d368ac8aafceb449927b |
| SHA256 | add570765cd8a7a600bbb8a18d56a44bfba158e649fcc4fd7cdb2cf9742a42a1 |
| SHA512 | 298b1679abd0f46a972025f9670450b82b1c8abaf9551da3196e7b51afc176fb3e17596b7c47df85323e6e095d69c533283f47042c1ff8deaf5930445e9151bb |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/6.jpg
| MD5 | 80ea011c7a8a8dd9365bb37c35f43152 |
| SHA1 | f05e6718cbfbac12299ede3b0226e3fd86055a76 |
| SHA256 | 3ffb4ae4bab230d3b52b45b55c4ce5f8118db9c436f79b4fc0995ec6a88f1098 |
| SHA512 | 28a787c977362aae63db2cf6312037efa5876e475ab95e9dace956518cf46f09729bd2f7b28a752a2eaf9750cabe01924187c3c27876cc48b73b2879b5dca1d8 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/7.jpg
| MD5 | cd19be2e2be6b3606019c3e3e03b1d3d |
| SHA1 | 367fd9ed0fa5059f53f9607499f2449f9b7d3e70 |
| SHA256 | ab69dd5f9a6971deac63708035a4380b74e8113c696d4967f2aa81e0b8be240a |
| SHA512 | 5198a2256934ee937f512c7a016d0f67ee1bebe914f206596245feb37ac31f4000561b69af6e9a8639e6348c4babb4cba2018ebe99d4fc626189938a58eb33cf |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/8.jpg
| MD5 | f8bdb1601eda2e6ba23d6028fe096ff0 |
| SHA1 | 81e852ce080733070355b43752f9b54648e1efb4 |
| SHA256 | 72f199f552feac75398d6efb1b6d684006b060c790af636aa2709cf083b19960 |
| SHA512 | 70f6df390f62906f6a0f8574373644929338cdfa3f7df7f24e95049dacac09802a38247ca6f7954087bb62bc691bd609e911b5faffb762d80cc376d7896cf84c |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/9.jpg
| MD5 | 10f7a9fae6a1fd97469df5ec50b7fd14 |
| SHA1 | 82d09f983006a39ff63bc447e9f27f9ecf9d21d5 |
| SHA256 | 55f8948bbcf3320e846f0f1b302d23b866a2ab7b5225486662b54ec40d7424e2 |
| SHA512 | 9e0ea9fe8baac48bbfcb1ed788045a1106c7c718af4a656e8f5c46e7924ab78defbc000b89705f970d1fd0a5ad231501abba0156e912305030269979040aae0c |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/10.jpg
| MD5 | 33e3f224a3b555eca2018318104af0cc |
| SHA1 | db2c6a290cf6b48eda0c2971c3f73c7dfdbeb0a4 |
| SHA256 | 8b76ac4252194bb308650bf3cbf1b87dec25f89fea8ea6682778662742fe7987 |
| SHA512 | b80ad1415f077d5aee81174671c7ee449dfce5749574c8aed9771a54ad37aba1927c2968cb8e555905ab23826fb7c4b529c117eec06e115ac21614603c241084 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/11.jpg
| MD5 | 6faf6324b46dd9fd30bf5643b466bb52 |
| SHA1 | 0f7c6896defe7b827b0f39f6cb466714153a55bd |
| SHA256 | b60317d3d489845d7b3459f200424c0743cd346d0330881df31efb1cbca6b7fb |
| SHA512 | 5356202425ed2611d5954e9d3a443adea711a26247c4a41c9120a035e919ff056d39575b4b885ae023499f5abc3d4229ff5f16d1163b6d760593c60c0039bb0f |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/12.jpg
| MD5 | ef0881e2d2a6444249f489d75df01b7f |
| SHA1 | b9844a0cd4f5f2a074fc3f9c4960f3a04e863c10 |
| SHA256 | 26612d75530e83e0f3935b58aea0c0eb9c8c733118eebb7af12564946be200f5 |
| SHA512 | e772f10dbd9cd7a449cdfa84ea9607f4973263886e60a7edb86becef3d838bf63ade30760409236c954073b7adf53a3d7684f47f7b38670add798bc89a53a965 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/13.jpg
| MD5 | 2b174b476cef5686db3c0c27c953374a |
| SHA1 | 51ee9ce515793dfd8326ae8f658b9ae402b94994 |
| SHA256 | 0396823bc0c6c2f2b96fbddb8b0c305df671e2d76873d004f5226ca410fbd7ac |
| SHA512 | 6a076bbe7a4e908ac47a2ac704537dec8176dca0eccd9b6351a5d5ae08fafab1cd75f6cf8a17b85d83017d452cc917ac6496053eb485e966433d22705a9f11d0 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/14.jpg
| MD5 | 751ddbb053a031d15eb3463d0256c2bf |
| SHA1 | da241acd53250396d6af5ede400f8e56bde82788 |
| SHA256 | ca2867c61525ab2487693a8718ffdefa32dfb63b1f508e49647db2c556d84adf |
| SHA512 | 017716d337676dfc6255e7d7023ce47ce3ed533cebd121c511fd5ac71d6537f124ebcd4c169ea297f9611b5b93e449f8fae52fb8aa4598b640065ffd37d87cd6 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/15.jpg
| MD5 | 621438bd8b57d903ebca7dfddeb71bcc |
| SHA1 | 0e17fe13a66d7bf5f0452ac9bd12e66cf9419eb1 |
| SHA256 | 3d41cb42eb81da79432a093e5b18d239810ab7e0a78b657a1302139ea99a2bfa |
| SHA512 | 58350f17f34da15bf04f942007d91ae7efab97cfd5802ce6ee7558c915c99c84c5d025e79dfaa2a35b60406a5d12d585a4e268adaaea16c3a03c2760f6f28f64 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/16.jpg
| MD5 | 46f772dfa86553d90eb2fe66eea07573 |
| SHA1 | 257433856c6e4c89a58cefca159363e953a80c00 |
| SHA256 | ed0becdc74d2cd02ac10b76d6f91cc4f5f173efa40e93503eee821ea9e626e23 |
| SHA512 | 78f4fcc3aff819db02c4fbc38be1f09d2c8bb3d18daa45bdf5c9ddab8f2a80385fa30fa146e001fce97ef3cc50f39b0c3fd55d71da069823a20dcb004ea5869b |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/17.jpg
| MD5 | a4ce1d9f76869fe7e210d361cb86ab91 |
| SHA1 | 6b53a4f9ed0eb7bb1497d7e14bcdf26308e8184b |
| SHA256 | fb7867fe2ceeef8d49d643aae4fcc52cf4b20a3f1819482c16aa4ab075b3babe |
| SHA512 | 928fed3cc2172aee088bac02e4358583e48d82a4052121e9914fcbf24a8f85979928635e34eb0a99a7b411389eab9fa68f55d00bd5e7b51d83c5e1fabd6ecce2 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/18.jpg
| MD5 | 653539559dd6d69900d5b9fd4b656ef7 |
| SHA1 | 710f53ae799cdde1d6d23abd97e34adae84686bf |
| SHA256 | 8e3bb4807d2f5662f5be4f9b0950c8372ebf745c52386dd991178b0daf516749 |
| SHA512 | 68c8acdace94af0c9451144d7d78f32b9940320a5deec1df1b8090c6c437d2f07814ff672bd1c2d0c10e7746bb2b8c69870c62eb1e8c4e00d3692dba31fe9143 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/19.jpg
| MD5 | 9c05da31c8d7179f1b2e25d18439b22e |
| SHA1 | 4df2b743c623318c91d33a6ea99dfd9efb176927 |
| SHA256 | d06767c3b9f663d457ac4f12c91e3f0ca1f9065ebfea0f7de479033e0f5016cd |
| SHA512 | 2c396e859460e9728b6dd2cc4f6271dbba01d12132442a240eb047748b4531d564c636ba5ae951c0c331062ed465273ec1720e254623ba18c7aef1e2b0eba112 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/20.jpg
| MD5 | de86a0c25747a960e5d0dbaa39dd1a06 |
| SHA1 | 2549192bea7eb0d04f7941050e4e89a7f901eba0 |
| SHA256 | 9fa34a8f2b58b83f16d79166087a76666f9bf9b3582df0192d2a58ae78ba2190 |
| SHA512 | a4ba51ce7f5789f3ec484c28d5b0bb5e6d6fd5a056b042bbd95d5001503b7115eb46060beb3931209a7177f36375335f1493d823855aa65fa0e5cd1bd173cbc0 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/21.jpg
| MD5 | 8eae0c4333cc0dfee661eaa2b3bf4964 |
| SHA1 | b2b5fc4cfb11548d5b36f2e33211da64c31c1c8f |
| SHA256 | 984060cb7d5b0164b7f5ad557383420753c69665d461a5ec3cf9405bcb43b674 |
| SHA512 | 45ebe119adc27eaa1947860e8c8e58cd9f476d1b50f5f16e45250d66a3d0cf3d65c0fdd891c35cf3112ca8cc833a1a0848108de1bc608bc9deb2919ebf25272e |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/22.jpg
| MD5 | 0600307eda72c9b66963a7e36a2b1ed7 |
| SHA1 | 48007d9343dad91f62da0761b679ffa6f775431d |
| SHA256 | d4b79433ee76c4fee4610064f86f6d9b1a6155177c91658f13628afeac4335ee |
| SHA512 | 97e0c2f2fb7e8535eb5447418f122fc57926a8eaf99702ffb08c55a1f11b36c978b51fb41d393da9b3aef14d36e443345fcfc528a20defd585da4d974c08bbcb |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-wal
| MD5 | c8c68e8cee599c897e4b3b5a72993bfb |
| SHA1 | 54f42b0e535dbc863b223d5306ee2bbc6d35eaf0 |
| SHA256 | f3117e6f99e1e87cd763b678c13f036725a5b2e9dfd61210ca6d865f48c91a55 |
| SHA512 | d995b94ac9d266ad784ccdb0aa184916fbc2be4830bdcf7be4b83226343b7de9113c80491cee50443f19b8f6816e3ed96f87681a04440ea4918b9e012229ac78 |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db
| MD5 | 86a876a8ab9a34eab90144bbb0811909 |
| SHA1 | f38c7f33bbfa4c8c05622a5968df3775e541fdd9 |
| SHA256 | 2d3805aa0a8540fd80b63ad249bcde086e55aa39223ab99db24e90bc233befb0 |
| SHA512 | aba6628904461b37b25e8e2aa30fe5aabb6e0692c73c09c7d1e9b9aa5a2c6ac2b33df3f8e513c219a902cd367353ec1aada562ab6fe0abac591bc27e472bde95 |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-wal
| MD5 | 2530e5ebe361a38e743e4c2bc5721048 |
| SHA1 | ef7b2dfe42eec24c59c4bd950511e664adf0dbe4 |
| SHA256 | a23dec523f8c421689832cce3d0df1ea2d4b3d7858e7f74a3e84f0b93b49c0c1 |
| SHA512 | 40b6127499f16d525282bb6aa9480844be3b8d59f6763757e89e0b59ae32158b17944ccd82a50cf2550f1aaefc398319f2b06c32e8041ee62e4aedf3dc6d078c |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db
| MD5 | 1188c81863ea1d388374816acddec88d |
| SHA1 | 01ca91fa133d7928f576944c59a4db18e34ec227 |
| SHA256 | 40d67802885ec395040ad23c275df636f822019ad84154419cff3f581c67e410 |
| SHA512 | 7f6b0be4912dc9b8d014f18ed3911fff726a92278299ac1325edfcadc70582418dedc687ea145889ca2c0a35f167e0823b42344979485fff5fd870ceaea485bb |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-wal
| MD5 | a098786f2011e551f50a96a92d99fd05 |
| SHA1 | 61c4b76d564ba154d0678f894c505f8294b8f486 |
| SHA256 | c1e336fc480c68112138e82239b7c9705410f9f535af3142053b302877ae6877 |
| SHA512 | 63eb00c708de60b89655064aa2af654f71698fb4998abc4bff253f97c3daafb9083fb232a3ae49309acefee6c84c40cf1b9f54bec6ff215846642241c6e627ac |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db
| MD5 | a0c6ff9927105b61c913aa724cfd143b |
| SHA1 | ebac17bdbd979c79d778e8219d36d9bc14a3b38a |
| SHA256 | bf63ebd36bbbe92c22dd9dcbe9711edc1aa6166a2b519b7f8f6de451df421f71 |
| SHA512 | 1a2f13fe0d10154f13e8158af0afbf61de1d8ab7fe2677b4ad0a6ccca32f13f7a69e33afc08da2bcf7ae03df4ebe998d9bc039563a3671633d759dd8bed70f9d |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-wal
| MD5 | 64dd54a6b936f1de9ef01193ae31221c |
| SHA1 | b582f29a6855c8e20078aac3fb13e7ce5cd2f6f8 |
| SHA256 | 3dc005d6f044650ec47d57b86a31dc20a6ea5a10e16c8040e300fcaacac98850 |
| SHA512 | d41e12956713a6678ea038b754f80b378f678ebfdf0de1cfed7305e455495d5b2d495dc8c23aaaf9cf763b15bbcc51b61a52c38f038ddebd1aa0495ea31362b2 |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db
| MD5 | 52b244c5f0b1de26f999e7701102f076 |
| SHA1 | 60d8b9e5b7973c519b601ebed82e451ad9a48c0e |
| SHA256 | 80076a4650a937d2530399780ebcd3fa356beedf08c30a36d144016dfb02e80e |
| SHA512 | 3ce7ae0fbb9442c2f145eee7d3bb17da192d755b3266ded46b3922661967c212bc5b307878c058a5be4403c3e31fac6860906426b4543bf4dc50baa0ada1e54b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-26 17:06
Reported
2024-04-26 17:09
Platform
android-x64-20240221-en
Max time kernel
147s
Max time network
163s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Processes
ir.dariadar_iran2018.torshi
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| BE | 108.177.15.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | bayan313.ir | udp |
| US | 1.1.1.1:53 | oqxqhmzvfot | udp |
| US | 1.1.1.1:53 | szczhgw | udp |
| US | 1.1.1.1:53 | bdclyzebk | udp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 172.217.169.78:443 | tcp | |
| GB | 142.250.200.34:443 | tcp |
Files
/data/data/ir.dariadar_iran2018.torshi/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal
| MD5 | 225566251aace90cf0d0d232db3b7e08 |
| SHA1 | 526abbc2cbf11cd22c3c120e5b18e5518aaf0904 |
| SHA256 | d2e6822b5bf1698c33e3ae8baff07f3bc55e68242d0c7b2a32a2ce39174bb904 |
| SHA512 | 9675880fe59e6612d41f007d802b7ed8d08d515799c2b2e07f3551904a79c88a3070bdf44b082d2302feb6f79e01de59a149c57cbbc21c340ec22d276a716ceb |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db
| MD5 | 00e829076f54c72b50b63fd6de296a03 |
| SHA1 | fbeb1b8be863931f98a7c29224a03b89f9616ab2 |
| SHA256 | c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df |
| SHA512 | 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal
| MD5 | 1dbc97beb8b52908466498bfe0d16f48 |
| SHA1 | 337e91a8a5f5a943a548914205802e1ba626004a |
| SHA256 | e2b7fa9d57d959fe575ddb0add48f9e6d86d8937b50da5ed971c3d2c4c83cd77 |
| SHA512 | 33d6898383f40af340330f928a9f9a54741c2dc7145eaf70ac536bd169e358fb8d2ca4ddc6f75d82265c63838b5e5239fbbfcaae3db508fa5610410fc67de457 |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal
| MD5 | 597374594587b7861d315b6972146c70 |
| SHA1 | 527e860367c353d4c0dfc56ff621a047392b7875 |
| SHA256 | 110bfbb1512d0ee6f6971a8672d416a888d62cc9483193826549672119702625 |
| SHA512 | e80574927179837c46336b037911394fd59a4a1ba1f86d288f2adf4dca6fa1ebe68b84495543221f55b918b7623c9d1232f859854a2afd86e8ae88766540c429 |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal
| MD5 | d40db740f70bb2bede44a3658b808c92 |
| SHA1 | 0617d50af2f7d596d3bbedd0bc7ad66bc4b79d20 |
| SHA256 | 9c4171183e1c9dacae9e769ab2bad90f86faf71d2b9080697a5a2be68934127d |
| SHA512 | a96eed68cec19fa6697a688b848ec43e8ff57a29e758bd0165e6802c1ba4394e6267c669a24d6b95294fd48b6e78dca7483c9590b80d3a1a97107ebb03adb069 |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db
| MD5 | 9723abf7d0fec221b7062d82d39f15e2 |
| SHA1 | 5be8907dc7dc319c37213c477eee83c059e8faf6 |
| SHA256 | db977c510eb449571e22669fc460a0faf620ced8f274a7774602d6069d7c9688 |
| SHA512 | bcb9645f507bc6a22208c15189d93c2488eb25e4888978dc1b34befb55ce3bc9e22c7c2b9848fa2f3bf75b8284300f8c618b98c1d2f1f379fe0f23c175bb775a |
/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal
| MD5 | cea5972f5ec21bc5f3d497bacc70851d |
| SHA1 | 93aaa86567286413751c1bceb0a61199cfe0ca26 |
| SHA256 | dce11c692a43d8c8720747aead25075bc283f16e48ffc14a74a7a12a25577fa9 |
| SHA512 | bccf0dc14eb9e401139c77f4cfd205377e3ff95e11d5f8d1d700fec7f0bb0980e5e6c577c992e2475fd53f6521aca57390f4e5e3f2c135d07a65a6965c699b92 |
/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db
| MD5 | 63203db6bd8faf07010a8540c4f45283 |
| SHA1 | 101f9ea5a3854df3acd0942c7d02ffec0eded454 |
| SHA256 | d54c6e8784f4dd94952485b9318770d747c94374860ebbbfa9f3c448c9b6ff19 |
| SHA512 | b95bcb8878fd3d6e78927aff51d335091f6ec96d08eff5c06dc8f7dcf081411c6ad5e35a434e1a658eaf9ae7f8bf5f01fd38ce25605637f3ece939c0664e4ff8 |
/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal
| MD5 | b6ec8323e98df9eedcb563862ecb3e50 |
| SHA1 | acd2c37ed00ce18db19d85aed526504ab5cd7272 |
| SHA256 | aa1735e51ecfdf8613c15b31434e74dc20f2681156c9c02a3a074f64d2c2c7f0 |
| SHA512 | 73afe3642d5d70325b8f37fb2746783171268abc71c6882a6d4141e84e623aefca07d588fbc30fa172a531f36949843ac46e69c139d734df98411a711ecb9fd1 |
/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal
| MD5 | f1474a241940a22cc4d9adc4aca7c87e |
| SHA1 | 3b572c0fdadac9aef5500c16125af5bf42be487c |
| SHA256 | a529c74907c9511940dead0c5c3676812c5b4c0ffc2ff5702304f8838fb0f848 |
| SHA512 | 1c355de29417516e0ad88a77ecd3348a3f3e9cdd315c0978252cabf89571df441573bbf0806a3e0781ffee0203996979ccc7d3f6fbe2cb7ad04a559d5fcd3f40 |
/data/data/ir.dariadar_iran2018.torshi/files/4_5942895236148625435.db
| MD5 | a19c2ee959de591882abee257ee26220 |
| SHA1 | 8fad45232d955a6f33ee61dfafa3479439e9aa95 |
| SHA256 | 59923c6db0056021b64d30de21dcb397e00eea13b152e23b18d8dee365f9d5d0 |
| SHA512 | ff1a2704d225452873abc5b4a1945a860fb56bbec4d1b17fd1178058a78a9be3647e3aae92cd412985b2703ecf3a2db7240601a7890e217e063c00200bd45d44 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/1.jpg
| MD5 | 8a591d1d652673aa1e9551a2f9b38b5e |
| SHA1 | 9795f3658da39244fe86b15e54d252f21b1fb44f |
| SHA256 | 665b6af4c7f437310192b67c861e6873f9ba38d9ca1296a062a3c6b7ff2f0c7e |
| SHA512 | 3d27f2185ceda7e99e4044f784e0cb9fb2780fe60ff0d4381e30e2d7698e1db6542176c550ea56950b86bc92e7839e1ff011e20eea4d3b43d0f34d9bae73c2bb |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/2.jpg
| MD5 | 6f9605393f308393f80c6a4ae655994c |
| SHA1 | ccd32dbed41aa506bd010a98436180fb3a3a580f |
| SHA256 | c070d00213311032276f33224558080b43145e2eeaf236037e981afd89409ba9 |
| SHA512 | 5559ea44c11517710440dba08562cdf5b0740f6be7ff072e6c96657a677cab3c1a5c81e986159f014bf8c8f1054f3ab65f1da02db61e53570db062621802374c |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/3.jpg
| MD5 | 340193296068da8dc7f7f911969bec0a |
| SHA1 | 2344e82f0aec3a9d824d0514524bc26426de06b0 |
| SHA256 | 5c1b26b61b9a05ee3538883782c0c71f0242e8752cfaf6cc630b12c488b90b81 |
| SHA512 | 3a8cc4a0c17d17b8c239fafc93bc8a27473d22c848bc88dc6cea305f42eec6669a4a4be04ca885e63ac45d5181866cbfb70d44cbada888466a8d28e5b55afb38 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/4.jpg
| MD5 | 543344d007873bf40e78370ed7971035 |
| SHA1 | 623db729be3ee81f1aa85468999579976faefb77 |
| SHA256 | 00f2a5834bfbcb56e8e582ae1daf881424cae9e30a5ffe59b1325879ced7876f |
| SHA512 | 57a0132b47c07379719002cd03f007424ea51507973eed62ad507b6b2824a439ad9ede2b99830ef5f86943ea88bfdd0f348a98f29afd43b9f6ab4d3b1ca86e8d |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/5.jpg
| MD5 | fa56ea4497f8a0273f4224b975eac2c8 |
| SHA1 | 8cfe496b44424566df59d368ac8aafceb449927b |
| SHA256 | add570765cd8a7a600bbb8a18d56a44bfba158e649fcc4fd7cdb2cf9742a42a1 |
| SHA512 | 298b1679abd0f46a972025f9670450b82b1c8abaf9551da3196e7b51afc176fb3e17596b7c47df85323e6e095d69c533283f47042c1ff8deaf5930445e9151bb |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/6.jpg
| MD5 | 80ea011c7a8a8dd9365bb37c35f43152 |
| SHA1 | f05e6718cbfbac12299ede3b0226e3fd86055a76 |
| SHA256 | 3ffb4ae4bab230d3b52b45b55c4ce5f8118db9c436f79b4fc0995ec6a88f1098 |
| SHA512 | 28a787c977362aae63db2cf6312037efa5876e475ab95e9dace956518cf46f09729bd2f7b28a752a2eaf9750cabe01924187c3c27876cc48b73b2879b5dca1d8 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/7.jpg
| MD5 | cd19be2e2be6b3606019c3e3e03b1d3d |
| SHA1 | 367fd9ed0fa5059f53f9607499f2449f9b7d3e70 |
| SHA256 | ab69dd5f9a6971deac63708035a4380b74e8113c696d4967f2aa81e0b8be240a |
| SHA512 | 5198a2256934ee937f512c7a016d0f67ee1bebe914f206596245feb37ac31f4000561b69af6e9a8639e6348c4babb4cba2018ebe99d4fc626189938a58eb33cf |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/8.jpg
| MD5 | f8bdb1601eda2e6ba23d6028fe096ff0 |
| SHA1 | 81e852ce080733070355b43752f9b54648e1efb4 |
| SHA256 | 72f199f552feac75398d6efb1b6d684006b060c790af636aa2709cf083b19960 |
| SHA512 | 70f6df390f62906f6a0f8574373644929338cdfa3f7df7f24e95049dacac09802a38247ca6f7954087bb62bc691bd609e911b5faffb762d80cc376d7896cf84c |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/9.jpg
| MD5 | 10f7a9fae6a1fd97469df5ec50b7fd14 |
| SHA1 | 82d09f983006a39ff63bc447e9f27f9ecf9d21d5 |
| SHA256 | 55f8948bbcf3320e846f0f1b302d23b866a2ab7b5225486662b54ec40d7424e2 |
| SHA512 | 9e0ea9fe8baac48bbfcb1ed788045a1106c7c718af4a656e8f5c46e7924ab78defbc000b89705f970d1fd0a5ad231501abba0156e912305030269979040aae0c |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/10.jpg
| MD5 | 33e3f224a3b555eca2018318104af0cc |
| SHA1 | db2c6a290cf6b48eda0c2971c3f73c7dfdbeb0a4 |
| SHA256 | 8b76ac4252194bb308650bf3cbf1b87dec25f89fea8ea6682778662742fe7987 |
| SHA512 | b80ad1415f077d5aee81174671c7ee449dfce5749574c8aed9771a54ad37aba1927c2968cb8e555905ab23826fb7c4b529c117eec06e115ac21614603c241084 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/11.jpg
| MD5 | 6faf6324b46dd9fd30bf5643b466bb52 |
| SHA1 | 0f7c6896defe7b827b0f39f6cb466714153a55bd |
| SHA256 | b60317d3d489845d7b3459f200424c0743cd346d0330881df31efb1cbca6b7fb |
| SHA512 | 5356202425ed2611d5954e9d3a443adea711a26247c4a41c9120a035e919ff056d39575b4b885ae023499f5abc3d4229ff5f16d1163b6d760593c60c0039bb0f |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/12.jpg
| MD5 | ef0881e2d2a6444249f489d75df01b7f |
| SHA1 | b9844a0cd4f5f2a074fc3f9c4960f3a04e863c10 |
| SHA256 | 26612d75530e83e0f3935b58aea0c0eb9c8c733118eebb7af12564946be200f5 |
| SHA512 | e772f10dbd9cd7a449cdfa84ea9607f4973263886e60a7edb86becef3d838bf63ade30760409236c954073b7adf53a3d7684f47f7b38670add798bc89a53a965 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/13.jpg
| MD5 | 2b174b476cef5686db3c0c27c953374a |
| SHA1 | 51ee9ce515793dfd8326ae8f658b9ae402b94994 |
| SHA256 | 0396823bc0c6c2f2b96fbddb8b0c305df671e2d76873d004f5226ca410fbd7ac |
| SHA512 | 6a076bbe7a4e908ac47a2ac704537dec8176dca0eccd9b6351a5d5ae08fafab1cd75f6cf8a17b85d83017d452cc917ac6496053eb485e966433d22705a9f11d0 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/14.jpg
| MD5 | 751ddbb053a031d15eb3463d0256c2bf |
| SHA1 | da241acd53250396d6af5ede400f8e56bde82788 |
| SHA256 | ca2867c61525ab2487693a8718ffdefa32dfb63b1f508e49647db2c556d84adf |
| SHA512 | 017716d337676dfc6255e7d7023ce47ce3ed533cebd121c511fd5ac71d6537f124ebcd4c169ea297f9611b5b93e449f8fae52fb8aa4598b640065ffd37d87cd6 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/15.jpg
| MD5 | 621438bd8b57d903ebca7dfddeb71bcc |
| SHA1 | 0e17fe13a66d7bf5f0452ac9bd12e66cf9419eb1 |
| SHA256 | 3d41cb42eb81da79432a093e5b18d239810ab7e0a78b657a1302139ea99a2bfa |
| SHA512 | 58350f17f34da15bf04f942007d91ae7efab97cfd5802ce6ee7558c915c99c84c5d025e79dfaa2a35b60406a5d12d585a4e268adaaea16c3a03c2760f6f28f64 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/16.jpg
| MD5 | 46f772dfa86553d90eb2fe66eea07573 |
| SHA1 | 257433856c6e4c89a58cefca159363e953a80c00 |
| SHA256 | ed0becdc74d2cd02ac10b76d6f91cc4f5f173efa40e93503eee821ea9e626e23 |
| SHA512 | 78f4fcc3aff819db02c4fbc38be1f09d2c8bb3d18daa45bdf5c9ddab8f2a80385fa30fa146e001fce97ef3cc50f39b0c3fd55d71da069823a20dcb004ea5869b |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/17.jpg
| MD5 | a4ce1d9f76869fe7e210d361cb86ab91 |
| SHA1 | 6b53a4f9ed0eb7bb1497d7e14bcdf26308e8184b |
| SHA256 | fb7867fe2ceeef8d49d643aae4fcc52cf4b20a3f1819482c16aa4ab075b3babe |
| SHA512 | 928fed3cc2172aee088bac02e4358583e48d82a4052121e9914fcbf24a8f85979928635e34eb0a99a7b411389eab9fa68f55d00bd5e7b51d83c5e1fabd6ecce2 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/18.jpg
| MD5 | 653539559dd6d69900d5b9fd4b656ef7 |
| SHA1 | 710f53ae799cdde1d6d23abd97e34adae84686bf |
| SHA256 | 8e3bb4807d2f5662f5be4f9b0950c8372ebf745c52386dd991178b0daf516749 |
| SHA512 | 68c8acdace94af0c9451144d7d78f32b9940320a5deec1df1b8090c6c437d2f07814ff672bd1c2d0c10e7746bb2b8c69870c62eb1e8c4e00d3692dba31fe9143 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/19.jpg
| MD5 | 9c05da31c8d7179f1b2e25d18439b22e |
| SHA1 | 4df2b743c623318c91d33a6ea99dfd9efb176927 |
| SHA256 | d06767c3b9f663d457ac4f12c91e3f0ca1f9065ebfea0f7de479033e0f5016cd |
| SHA512 | 2c396e859460e9728b6dd2cc4f6271dbba01d12132442a240eb047748b4531d564c636ba5ae951c0c331062ed465273ec1720e254623ba18c7aef1e2b0eba112 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/20.jpg
| MD5 | de86a0c25747a960e5d0dbaa39dd1a06 |
| SHA1 | 2549192bea7eb0d04f7941050e4e89a7f901eba0 |
| SHA256 | 9fa34a8f2b58b83f16d79166087a76666f9bf9b3582df0192d2a58ae78ba2190 |
| SHA512 | a4ba51ce7f5789f3ec484c28d5b0bb5e6d6fd5a056b042bbd95d5001503b7115eb46060beb3931209a7177f36375335f1493d823855aa65fa0e5cd1bd173cbc0 |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/21.jpg
| MD5 | 8eae0c4333cc0dfee661eaa2b3bf4964 |
| SHA1 | b2b5fc4cfb11548d5b36f2e33211da64c31c1c8f |
| SHA256 | 984060cb7d5b0164b7f5ad557383420753c69665d461a5ec3cf9405bcb43b674 |
| SHA512 | 45ebe119adc27eaa1947860e8c8e58cd9f476d1b50f5f16e45250d66a3d0cf3d65c0fdd891c35cf3112ca8cc833a1a0848108de1bc608bc9deb2919ebf25272e |
/storage/emulated/0/Android/data/ir.dariadar_iran2018.torshi/files/Ashpazi-torshi/22.jpg
| MD5 | 0600307eda72c9b66963a7e36a2b1ed7 |
| SHA1 | 48007d9343dad91f62da0761b679ffa6f775431d |
| SHA256 | d4b79433ee76c4fee4610064f86f6d9b1a6155177c91658f13628afeac4335ee |
| SHA512 | 97e0c2f2fb7e8535eb5447418f122fc57926a8eaf99702ffb08c55a1f11b36c978b51fb41d393da9b3aef14d36e443345fcfc528a20defd585da4d974c08bbcb |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal
| MD5 | f14846bc4ba18f4459911791c788a778 |
| SHA1 | d3360cd1e4b001de219c8c3343060887e8d73ad9 |
| SHA256 | 84ed7890f63440c0a375cabb62668505112e401e1dd28bb7633ac33c14dd1f9a |
| SHA512 | 90e6dd1a7f6cafb18345ebc157281669491a8e3b5cef504a199b79a9fa2965e4ae3e71d101dcdc339ff9340ad43c02cd60db1d94b17895179e8d80a772df4715 |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db
| MD5 | 5eff8aeb42b3268091a4a1bfc14cec56 |
| SHA1 | 5518ff54d09b0b7622fc203978caf7a820f961cc |
| SHA256 | 40b8fb8260ab912703a0f3b7e481052099611ea8aad1e3d279b7e8aca878e6eb |
| SHA512 | 614e30b86837928d274066434b3638fcf1ad6bf2a95a982d470df38c4ff46622c17ad1636d26e113078966cbca242415ce931d7434fac705f56fafb825ebe32e |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal
| MD5 | bad09a50b44956323916bfc13efc33a4 |
| SHA1 | 87624a2101fd816a63770fb77e079ed7c10b75af |
| SHA256 | 54507cbf917eb9c47d711dcd11c1321adbd8b3f8f29d9fed57ac794d11937363 |
| SHA512 | e265c2c5bb8436bb62606ba58c240d01d1561e2d0d961ff07ea865c958ec7950ce0b823ca3d65c7b414ee3413d37d37129159e46d7a2a4de3ad65a0ce854b527 |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db
| MD5 | 4f9b6d8b04e9ec0906e17187f0902ea3 |
| SHA1 | 5006bbc4fcd6a7f973d5a47a19b1dedc986d5c37 |
| SHA256 | c9a38f694278bfd710a7342e8b16b38ab6ce43cd07006aa3275cb41b4cbebc26 |
| SHA512 | c042b6632318b8b14d7f4d3428b5225ec486fb9af245824b9bab37761384f3e1f542363ef3d917b8e7753ec6290d0352e519e3b4121daf777613e5f1720a3a46 |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db
| MD5 | 78c1f298a73df21d42ceb19ce502ab86 |
| SHA1 | 8fd230b39896b15190abdb21c559ea657cd3e189 |
| SHA256 | ca14b0f17bdcadd4d8d4291e3d1168c88bf272ca04681c2b97215ede407edf7c |
| SHA512 | 6bcc49df79e9ad7032023f8abb9fc89c84796fec58e054397b24df975a8592ac505fc391f6b8ef887a2b9329c4a03ac45eaa986eea102c4d8f38e22ed0c9d61e |
/data/data/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db
| MD5 | f717e284a3db8e00201c104b314b8334 |
| SHA1 | 19cf9593f3eaee431bfc5cb2ab63227ba764d6bd |
| SHA256 | e7c1a7badce5607c6aa89580bff1fd68cc22633c0955e51918c0e8faad3d34e9 |
| SHA512 | d871add158e5fc5ae47d64806d18ab0df7089eb197454658594c64e14ff96dfe94988ecb68a4b2aebf40f1c17544af3b6ff9f3d9c7c4d77c253940141a35d843 |
/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal
| MD5 | 90e4c7d670306b4d1e7b402bc3495914 |
| SHA1 | d3e4df039db669a1f317ce83e4cf6599a9117ff7 |
| SHA256 | 10260ab1c4fea7d094180b874ed7e68516418c7b6deb292a6bcefc08b6b9881a |
| SHA512 | 2741f60339f54342785aea83f826da9107e599af3684ec9f458c60c59f37fe2e2b92bbf267bba0ebf8ffb34498456ed523a231921ae2a6b8c35328e19b1185b1 |
/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal
| MD5 | f9741295ff23da889035e703c326565a |
| SHA1 | e9352dedc0cf52b45490748b05a5a45903de6577 |
| SHA256 | aba209cb742e2ead24804ea3a82d0c9903548f94d99d3bf76b879887739fd97c |
| SHA512 | 215997f5caf384f730b923e22cf6831615dc24f212a4d04255628d4f38474b540157e12cda9536148045f4e9f990a7949e0c2287cf2cf29369c65cee36caa893 |
/data/data/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal
| MD5 | ad813b9e39775ab7ddedd4b2b9fae729 |
| SHA1 | c1ec43eb8148b57f7ed097e9b148d1a4317dc18f |
| SHA256 | 093bc2d0295a9cd907197a08916476feeebda242ed556e2e55db5198b2785d47 |
| SHA512 | f6174553a63461344d76aaa4c3bf42f1de726aa9983aed9cf8ed7a492355ce40dae26de5ad0aa10631c9a6e515d90d06e8a23b494b5fd20a1062a7462f7b4de5 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-26 17:06
Reported
2024-04-26 17:09
Platform
android-x64-arm64-20240221-en
Max time kernel
4s
Max time network
150s
Command Line
Signatures
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
ir.dariadar_iran2018.torshi
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | udp | |
| GB | 142.250.200.14:443 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ca.pushe.ir | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| BE | 74.125.71.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.251.168.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | yiijnnb | udp |
| US | 1.1.1.1:53 | odfvnttbqpltfaq | udp |
| US | 1.1.1.1:53 | yewudnoedxgtpz | udp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 172.217.16.228:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
Files
/data/user/0/ir.dariadar_iran2018.torshi/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal
| MD5 | 12bd99e54b2599c48e3e362d95e91295 |
| SHA1 | a4062e192eb4cbd059b1003470afa9a9490ef3f8 |
| SHA256 | 589e2b19ad98e0a6c19fbc1af434f7754d2bfa012534acc65202cc805531a018 |
| SHA512 | 93cc97454de843829ac64424f9f886795f8af1db2a386ad48ff8f3cdee2f6afbfa6e003492b27a23baa3907e41074e1db77d7bded69676dbab95bd3f9ae7e3dc |
/data/user/0/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db
| MD5 | 47080e3bfcf2db9b8620f2faf6c5857a |
| SHA1 | 6f63c1851255e0fa99567f047382074b086d38bc |
| SHA256 | dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb |
| SHA512 | e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473 |
/data/user/0/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal
| MD5 | 657876ab8f0b83de449e35eed8bd31db |
| SHA1 | c7504e05565c1e920841957ac1decd07ce4dbc21 |
| SHA256 | 679b3c68f94c641eca894b090650a766f686ca041ce632eb1746734bb2651bef |
| SHA512 | 1d4dc945c1763166a5a368c230eaf1fba4677e57cfc5fec8d1725e5401540d67b9ebfedc423aebf343f8eb0e2b3c3b5a35ec7b9809f3543b6e81c653fd32ae69 |
/data/user/0/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal
| MD5 | 1d473647578e6e9142e40486727dd367 |
| SHA1 | a242faabf90487ca5c574d5671917818df49d822 |
| SHA256 | 339c3f6ddd71459c94c821bff9427731d7ebc9be0f8ea4da3885b2c2f33683a3 |
| SHA512 | 772cc2f9fd427a62c934e724789c9eda22086fd1f00a6eb8fef373686e2ae5272bc4691b6f7adfddbb8828960a5bfbb093609c4901a5d77ba8a462a2203a184d |
/data/user/0/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db-journal
| MD5 | f2ed884f02ef9c5b312b3680bf9f0b5d |
| SHA1 | cfa75bf6582110349316e1431dc4c7262bd4a9bf |
| SHA256 | 5f801334e405795c2ceebc82a27c1274615d9f8e06844e699b7c2e5ef84360af |
| SHA512 | d0eba3561ea6852d26e11e3dabfe01c06c70a79789bf57eda1db4965f43d5b0ddcd35c94c86715cb928c1b60ba3e6d8dc212fd1e0f5c526ad79723862091a738 |
/data/user/0/ir.dariadar_iran2018.torshi/databases/evernote_jobs.db
| MD5 | 246f732961e2b87c5478837eabbc9c26 |
| SHA1 | e6fcd5310ff5bfcd49db55c41d0dd1bd9945a13a |
| SHA256 | ba6f597a4b192e7c154602a5e1dfe28fc59672fb2a3175776ec37a86bfe578f2 |
| SHA512 | ace0e3e6fb9861a9d574ab182079955d51cf53cd5c4a63e016633326d302dae68097c36bd92181a382ae2d059693cc534b07330141318f5ed8a836fda01d48d2 |
/data/user/0/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal
| MD5 | 9f35fffe68fa40bcb02920fa04958b67 |
| SHA1 | 3d08c21bf15309983c096f841548e1489f7e49e0 |
| SHA256 | b4ce0f15feef5e60142491262d5409a625101d77e859f224fadb2f943d0691d3 |
| SHA512 | 5aa8326006b7831186e3b5613a234bc493075b4cefd01ccda9ffe2118019209d55fb2747283f615633c18501234ea651683808f4882fb7f819b229bfce78bc29 |
/data/user/0/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db
| MD5 | 2cdf77d5c14dd3f313b60c691579a0b9 |
| SHA1 | 6a74a7a3170cabead82152871c90749afdd6f310 |
| SHA256 | 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0 |
| SHA512 | eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c |
/data/user/0/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal
| MD5 | 00aa1066a4e00775f5e16f7a7c2b1d27 |
| SHA1 | 609e8cfd7705561546b9f11546762d938c290db3 |
| SHA256 | ebc81c2f618752e81db1b92fcd42087e89ea535fa9d7c97b9abf314256899330 |
| SHA512 | cfde5b2ae182b78031585c9378a3f26e11d18d3f68ad2566c83c8b614231fd417deffbaed90f5d4615bce6e47e0c5f263e524fd874d5cabe7376809b785d06c1 |
/data/user/0/ir.dariadar_iran2018.torshi/databases/__pushe_base_lib_db-journal
| MD5 | 3a7e2861da9a373f9073babbc20a3cb9 |
| SHA1 | dc135c7940160d9646cb5e823297a625f1329398 |
| SHA256 | 2c10f31a2a0c05089bdf50c4fb6cb08a56f66008ce5a72b7a882d228c7a559b2 |
| SHA512 | ae2bad3d3374967bbd8c9590be4ce9ef1c1ad4222d2bf0170cb4fc8914d1c994e7b7c45249b5d5d7f318b8fd7f881cf92101a8b57cfea140b019f9432baf8cde |
/data/user/0/ir.dariadar_iran2018.torshi/files/4_5942895236148625435.db
| MD5 | a19c2ee959de591882abee257ee26220 |
| SHA1 | 8fad45232d955a6f33ee61dfafa3479439e9aa95 |
| SHA256 | 59923c6db0056021b64d30de21dcb397e00eea13b152e23b18d8dee365f9d5d0 |
| SHA512 | ff1a2704d225452873abc5b4a1945a860fb56bbec4d1b17fd1178058a78a9be3647e3aae92cd412985b2703ecf3a2db7240601a7890e217e063c00200bd45d44 |