Malware Analysis Report

2024-09-09 16:12

Sample ID 240507-rx9gbsea45
Target 20d11715ce2a65dfb5d9e05620433f14_JaffaCakes118
SHA256 acb28440297159a9d34c908e3c3912742df9de19a044ef0618fab3bdd9a7438b
Tags
collection credential_access discovery evasion execution impact persistence irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

acb28440297159a9d34c908e3c3912742df9de19a044ef0618fab3bdd9a7438b

Threat Level: Known bad

The file 20d11715ce2a65dfb5d9e05620433f14_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

collection credential_access discovery evasion execution impact persistence irata

Irata family

Irata payload

Requests cell location

Obtains sensitive information copied to the device clipboard

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

Queries the mobile country code (MCC)

Schedules tasks to execute at a specified time

Requests dangerous framework permissions

Reads information about phone network operator.

Acquires the wake lock

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-07 14:35

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-07 14:35

Reported

2024-05-07 14:38

Platform

android-x64-arm64-20240506-en

Max time kernel

121s

Max time network

154s

Command Line

ir.mostafakeshvaree.iran2018.anvaekhorak

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

ir.mostafakeshvaree.iran2018.anvaekhorak

Network

Country Destination Domain Proto
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
BE 142.251.168.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 142.250.178.2:443 tcp
GB 142.250.180.6:443 tcp
GB 216.58.204.66:443 tcp

Files

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

MD5 e14b2ec54f7f25fd7459d548ffc1cc6b
SHA1 4853026141d509e872cb22c91ab6e06d2b7921d1
SHA256 42ef8f5aca0c43939b5a482a0be43c4d7353b4881b3ba4c47c220af3b7196012
SHA512 2065a0db3acf8229b2168293b3eb30f506e98eb942787fb43445552790e9bc4ecf2f69030a355238f22dd6f98ef5ec51f581801764e587050f2c25c426fea3af

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 47080e3bfcf2db9b8620f2faf6c5857a
SHA1 6f63c1851255e0fa99567f047382074b086d38bc
SHA256 dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb
SHA512 e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

MD5 c2a755d9c9c1d918241cbc016c8b5f4a
SHA1 1d302323b87c595f117252eb31b867879cffcdea
SHA256 a2776dc34aa977e4f7faa8b43d3f7767f99dccb02153b4efd4bef6f2c6853790
SHA512 2fe5ad1c00dce65abb8bd3a550e256be51ee18966b1d33837abef578ed30bc5863abec2e0cf7eb8a3f8c9efcdfa9a88d64fac89bed647be6b509a78cc7698656

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

MD5 c430a93b26e74e925d16c4149e74762f
SHA1 94d8c943b38ea6a7747660ff02aec3d10984bb7c
SHA256 fe6c0d781ba9fa913d50341953dfa9607fa6d68522133e59e114e453e2579a6e
SHA512 3a80a2b87693ce66f99a93ca466f62213292a98d32f58120864689e9caa7cde03af2cb075ebc2ddbd06b72a7775277c1714f5837d533ab841b27073c42182129

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

MD5 4088f321336aa7d180dcb95aa6f376fe
SHA1 c0face84ca62953422bc9f278415b304699a9d04
SHA256 c9e7718a9f6fccbbda6bfedc02923e3478f29f284cac4e03688b4d5b3d6cc66c
SHA512 9bed25fbc8fd7cb1ebb03cb5094504df065de1cbe035346701c57e928f1b56d9246b0c9c0fff458a6ed218292b1719f026e3b2c538fbaf992819fd0997cff7f0

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 92562cd5d25a08160cb67adbcd744f85
SHA1 9833df0cf1ddf731c897544cb521a39233465820
SHA256 c894c58c152c96b4a769aa35e0ad627778f31721572a9228ca3e7bb6d3fb5799
SHA512 6507e4979aad1e742622ba8cd8d2f2c1b6854aa671a84161b77fb7e92d0e67e67eff7fd0c3c55ce5fbcf16aec6183df17cb80c0c8114032452a3a9bf9fed013f

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

MD5 c198537bdca6a49b34858746e78a6484
SHA1 0c81038069514e9544d2833c2b8ecd4346d8b122
SHA256 a43f42cb4b278cfceeacce38c545ff43554b41adeda0086781ef12fac1aa8a83
SHA512 c159fee2775281915bd83a30b00590d5ef4fdab6fdd9a98978b6c2b29c96678771a5566b4f7ead3e2c7acf01fb1ebb133915388077b723aca16eaacf2ec6c430

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db

MD5 05596d5a2335f6271140c81dfd7ec18d
SHA1 9ada41f394119f10f741ce4cac9b41a6955f1154
SHA256 fa8dca2e63bdef9482c80c7a52e6bc541186651743557947347c5b83031905bf
SHA512 c8111545eb3c4251e2de38eefb7976e80c9baa9b97737b47f5079a9a1a4c8ed7f6116329c95f51c80244d375a2acac831db935aa32dc54ed55d643f579811f71

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

MD5 f2daf37f861db572c348f23781542242
SHA1 933269d053f4f43f45de150804dfdb085f46c708
SHA256 32add9a9c3169bae0e7f088dcf69fcbd1d2b17b252b8713ec386c1b7d669a911
SHA512 8bd0e3db41c3af96e90a95e9ff6519642cd5983390a6f9f563ee883f5fcc48de95eb23231bdda086aa5295dfd88960a70a654fe54a7aa5a4288da4a13a99c513

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

MD5 29baa2d7dae07ba3e95dedd5ac1a7c99
SHA1 fb6644254f08a3ae22326e223c81a2984702e397
SHA256 d457513c2775b6afcdb6dca757426d678f40e97e8bd8d797263209719c2502d9
SHA512 f8f0814c8556e739685b1aa386953dcf056b1853fcbf4d9ea7133dc87860bfcf0c5ad7bf465a9704be5dc087efa25e8501d4f18bee8f54181e84b6587f8644d7

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/files/khorak.db

MD5 b3de6a1b33fe8379e95e32e182f658fd
SHA1 84ade4c2496de093d023c4d010460613db4d5a9d
SHA256 de476dd031779fb969b038c4796d62902dce929f0e993fb16084dea385ef8b93
SHA512 d97609a058f041d2ffe800fc9bd35bac955489308728621675ef02a9ef5b834e2292536dc8b378c55364ee3f1a52e11c6d790bf9496d6e0cf3d63692f2a12757

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

MD5 ef8a18eea0c1a498dd3440ea25601ea0
SHA1 df53303ab3afe758bf1398f5d808572484d26cb1
SHA256 fd435b8b5be56dfcf9a15e2be2b4ed8e02a113b24d6d3a7e108f62adfd888c64
SHA512 a925e9cb04147016439ca48ecf786dc40cbf1eb848c40ca716a80ee69c098907bc1b745109d0020f6c27471b3cc9f1d6e19b44d93c9230fd1b11c0b8b9cffbaa

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 f4e5fca3b10a612f708f08f4ce772ddb
SHA1 702e3bad39b7ee2df3dfbe8d63821f1180404dcb
SHA256 fe7b6d12a8683ec2fc2203f959bca12ff3282ebf42b70720bde22755842ba424
SHA512 9e0720fd964622ae98c256359ac6853f0256a17b8c165f2133401c5d71597d1089a4e930489a3d7e62f088f44ae741d1e5fb5f177cc95d7d720781644fb74b97

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

MD5 9e217fdc7d4daf8f19e7f2785d7d59f6
SHA1 90faa13f0372d6c542904190a2572293188a04b7
SHA256 2ef9f6babb45bc81eeb5e83bb14c38ee0d1d2dd2a815d73238f1364ad5cc67c5
SHA512 f94cbb96619f20c767d65d92992600098be804064280482f572b6a75d5a39166c45e60386ca83982accbeff7b9974bc3a328257cb50fcc2187d99cdaffe4ae9a

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 44b806538146e3dd243a870823706284
SHA1 2bdf5b342214105afc9005dc6e4d74b3cf6dc456
SHA256 33672fb82cfd0f2dbc812306d0293a5268eb0cdb9b8074bf853af94b9e7d3791
SHA512 e53077100fb00390f4eb8c3757f6d620c142c6e27f8861bf65b4faa88a8c2edcfbc157ff9429a03898f27290298fc9150112d7d87aa40ec08aeef15328af9859

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 539e03841940115f75316f4b3dc570e2
SHA1 d49ef19c43cd2b03236155228073192371db0e25
SHA256 2444df64bb688c246176ee8dcd8fa8f4ede703cea46f997d27618faaf42876be
SHA512 d27286261b99b279f2cc4be1cdb869aa8b67be87bcf6a737f1350f3a3ad9b41cc2d797151b3dfbfdf9a5cca1658cad15b0326d3c6b0d3b42602cb641b6cc1533

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 75e4643ab311a1cf3411e24d7fec124e
SHA1 c43fa8f964015c7382e07c1157839e555d948d96
SHA256 74275814813831afcc2c4d8d536f9ec682900c5bac23338bfa1090c9b9fe5951
SHA512 b8cf3c8d0fe40aaf7488c8d88cb7d6a6b17c01a3ec7ddfe8548e318658d23a40012a93d59b498ba2661df29ed83baf63c22383025453b49c7d0b9a9d214a7c24

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

MD5 d8f472f4597d258810292e392d3bca66
SHA1 339d7db9d271705f06c136df0ba43fc316e93af9
SHA256 f3204ed87fb22854fae69be8a5696915902f7dce19412616bbccc1d62c1b9eca
SHA512 87b7c69a330892828437ea0326bd6a90354e1a25968076074772920805837d11b092e0586e0e45961d7877d4ceadbfdacbbb0073f4deaaa9724af17d93f2746a

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

MD5 472d311021e1cbbde3cdf2112775bd28
SHA1 db37a504e66d79dceddbce8ce2dcca002536b520
SHA256 8cc387a374a11bfab15a3379f5ac40f07aaba3c88048f2a5be499842adaef5cd
SHA512 08d07f4c66796d4fb810145e94673351d31839a166d6e68dc5b4e1e2eab17a6203b04532f1aca75eaf7be91254f61ee59c6f7e1a77c5eb634f31363b73699836

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

MD5 e064e3bc56bacbf85c00f2c50092d207
SHA1 a725237dfa87b44617b642040493e569ffd9e04a
SHA256 95773f05c459c3b2160b583d298f0be52a872094f8d5208f4d159f52baabb7f2
SHA512 f004133eb79b6266423d2d993ca290fef16ab2fe12e2f993596c0631b8bf92ed4a0fb4f53e3021dbc6aa8c544efe165457b6ac94cefecabb1c72d09947e49a49

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-07 14:35

Reported

2024-05-07 14:38

Platform

android-x86-arm-20240506-en

Max time kernel

111s

Max time network

131s

Command Line

ir.mostafakeshvaree.iran2018.anvaekhorak

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

ir.mostafakeshvaree.iran2018.anvaekhorak

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
BE 108.177.15.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 tcp
GB 216.58.204.68:443 www.google.com tcp

Files

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

MD5 603e4f621b7142261bc819bd2a98bac7
SHA1 0740566702e288c94710e392178d2410081ae666
SHA256 74778cd3c065f9497975e6e2b31825261083e68931b27138f4e5fca7f7bcab5d
SHA512 9b27a37d76c555314b30855f52d14690e2e3b9d1b8addfa0279eae5c58f6c800c76a0a965df25f3fff5561dd059ffb1b391950e2cf4de217bab8686d7282b400

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 978fdf85b8448e3a7c9015e51477eb49
SHA1 793bb88398dc9457935a4416638d5ed3974baf19
SHA256 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92
SHA512 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal

MD5 334d8d625ffd3558b0b83f82581ca211
SHA1 47ec09eb343d9a8e2325087ab8dfb92227c55916
SHA256 afee31c23507ae73c908efa01f3d21ac776d9fbba54c356c10e25d8393cee146
SHA512 f8f40f8f9bf94138c0b3d361be46b99d178dee4dcd078f7f58db8f330da571652c4f1239d63d8674dea0016629060cd5689e21f74dda7b8642ea04fcb4093481

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal

MD5 b170e435a909de769447392d2df646c2
SHA1 be72bd30ed7086856497c3df94e2a89a8a4f77ff
SHA256 90962b08e11d3d9a48522e03da8480a73f558fb29ae81f4efdff3631d9c05150
SHA512 6f8579f7a4941ef3cafac2ea902a5ee730e67e92cae2f8c09fd0007b06e3df112d7765d7e2a2e69afdf45a54d8fe340a8c1edb0cca840abef26ea7ae16b3db9a

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 e3a35ac248b3be9e8e2c1888aaebbc8f
SHA1 b99421a4303b300078ea9f1dd612d131882d1d03
SHA256 19c57fb7eccc576dfd5f8eb0e4554ada67a13a8a12d61590a10171bcf4107fd9
SHA512 dee12336211d1e7049eaac073f9cdb272fca4f20837f039f5647c8d3f53cdc764ece6bcfd0e8f783f84fa773ffaa68357724f97b5f94de583ebfecad72ee15bf

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

MD5 102dcfadd4b07c98d6a90fe05b8806d1
SHA1 7e9b905f8951b607250fb1c63d9f744de6ee3081
SHA256 a73dfde8c8d479edf4530c9d285720a5dbe0ed01898f4d9596d886a62789c595
SHA512 04c00bf0a8b5358d1a356e6f24595963ed97bc53c81f19c0954472ed803a1caff8ae07d2cabc4fe184aae342bef8c23a89e8c194a555000a1570d1bc69fc70a5

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-wal

MD5 f7b486b15d6734dccd9d890cffe90fb0
SHA1 7754c2dc58a9b192a5eb6226c2014c991c564970
SHA256 4ee571fb35d2c7e08d9af2a1a11efc7954ff560580227ce3f94e18866f08ae92
SHA512 bf3cfd575a175f943f2b7a0b7b3dbff8529a31378ef1d3188cf8dd493ec54d7304f672ee2be74b3d0df83cc820325a3cbcf730f1d1479c8180676c6bef68da1e

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/khorak.db

MD5 b3de6a1b33fe8379e95e32e182f658fd
SHA1 84ade4c2496de093d023c4d010460613db4d5a9d
SHA256 de476dd031779fb969b038c4796d62902dce929f0e993fb16084dea385ef8b93
SHA512 d97609a058f041d2ffe800fc9bd35bac955489308728621675ef02a9ef5b834e2292536dc8b378c55364ee3f1a52e11c6d790bf9496d6e0cf3d63692f2a12757

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/khorak.db-journal

MD5 b955512135e0b05dde8c62d65f74b269
SHA1 0e99946457118e23f2f0b83614453f37f5177cc4
SHA256 856954b20de3d9df370048b2db34d7b143bff6bfeaeaaace2107f73b24603c9d
SHA512 f0ee1ae705edd697311a88c0880b51ba54d204b0ddd681c5cde632e472e280eefc636df913bd05c8347d85bb77aae0b78090d9fe892b3f5e5f78fcbdbcc2b85b

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/khorak.db

MD5 8a7caf3447a48d78e82bc14263130486
SHA1 ffaf270da1445b8361cd4b81c9f29ace0e673a84
SHA256 7630b3abcf85b4a71a0d9af51118fbaf3441fe4e34f86206c6135bf021ea6f57
SHA512 dbb3bd819776ca010b2f0000d0e3d3bbd5a6f1bf363076fe99112847439a917a784c382a08480c14ba1f4b19fd7cb52646b1590f119c3ba1f6e17a9357381c0d

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal

MD5 e085eee449359bf08ce7639e631b9693
SHA1 dfd201180acf792bd2355e44538ffd404b103495
SHA256 e1b86156c17b0f4d067a653f8d4906ee319e51138c38c2942d0110fd7dcbf8dc
SHA512 21259505fd57c419044b0a7303551ac7576ebd0a6057a3e4a053f6d49172857398389c9aa9f49d93185a6f9cbd0d3f196b750aded44cfbac7aef739024cfcf7b

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 5477741cb2cf8f43d493e24d6d86a1ce
SHA1 718276af3a64254a38863bdb35752068ea3abd58
SHA256 a683658c94a2f8b7041e92d53ef675c95da831092ddc9c16a7980fab5991ed05
SHA512 16e0f9f01d9942a523031cdefd31d6d1e9f9b0c05b6268976815be937a27f27e14f2c2cc23b079a0052798d1d3aa0e677fa43550db41d85c80a6971148c60cef

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal

MD5 5769caa53c495f414dffdae3c280bb81
SHA1 5f480ef144981794a7870587da1770f6fcf0a23a
SHA256 b44310b1c2aeadf195c9cfd63b2250353566cf3b4a76a63091f0b517f1034a34
SHA512 acf1557dae935064e2ea0f864efc38288a6198fde5c7908124e445bbe4d7e7e3bfc54679d89f68b7a213d4583b1c8cab70e724423af6fb539d74d77ff1f1f341

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 6c4e46d11c6165c687dc3a365f0cc477
SHA1 85d585cc3289e9b8d429e31405bf0992270eeaf2
SHA256 3fbb7706afb0c94cc3d58a477533ea27c6a9655fac9f9891045778a956ce36af
SHA512 f6445a531913ca59aa5512400ae629feffc352a22969b79947e4377214b8985ae0d180fe582487a3e07ddb8ee67589cfbcafd78d55d4a24c10fd2cb922b8f99e

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal

MD5 9654d90d5c2adb65aa1bcf78b62e27d8
SHA1 4cfb6aab71a50c0959c89e779ccbd6dfeb814058
SHA256 461aeadbba29d757005eb7e0f250c7f4ea1fcf516c1525d8bb62629b7eb46bec
SHA512 1d915cdd5452012a1276f79c874a5bbe18e907c8287b610b63539f52d3831bba98efc1196f4ebcffcb05a8315df7b95da2c060b596f92d774a2cf3b9be4d9ca3

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 9e31af293018fd81138d89dead81bd2d
SHA1 1d2fcb28c3b1ae13a5ae9c762e87996f1cca8887
SHA256 279c84375e7b5d601dba6ccc45213facb6b9596a91a2e984766481705f1cd797
SHA512 b8974f48d3734c5ef747dd4caab5f3f639629782147afb36e1dbe329d06d37e00a13d3c2d155a58d8f88e19cde9dd6abf6e358bb194fc2403dd26053c2ae3826

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal

MD5 d91135b6d561b713da516b12af22309e
SHA1 d568033fb915e470b4c5720c1c1a4760727bc6c0
SHA256 2c32a3677d18dc4bec3efbf434211a6cf6a8edeef5dd422766e94c65f5b7d809
SHA512 7f3f7e137cf832b4bd8bf2a5e985bd0f8fdc4162f2a3d55f356e53afe847b4ae7a3ef5bb7c36688cc29c62eaf05ce5d4e11001dab3fb7043397df5e48105ade0

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 08dc4d22a6fdd518b728e5490a5f18ff
SHA1 db0a94064e00b7808e23fd770de3e54279c37da3
SHA256 289d210863934860b2757f7ee8ad0ae1f8fd1281c935695233d656c7757b6d38
SHA512 e2a4043720e4d733948aa6a79f74d5d4248fbc5da0b653ce6090c7c28e4cceefc2ffb541637f0543d2602351a0dfbe51f777a5b870d990e8832886c7ac645250

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-07 14:35

Reported

2024-05-07 14:38

Platform

android-x64-20240506-en

Max time kernel

107s

Max time network

131s

Command Line

ir.mostafakeshvaree.iran2018.anvaekhorak

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

ir.mostafakeshvaree.iran2018.anvaekhorak

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
BE 64.233.167.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 216.58.204.78:443 tcp
GB 216.58.201.98:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.200.36:443 www.google.com tcp
GB 172.217.169.78:443 tcp

Files

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

MD5 f6f161a09e4d3b80ad6afe343ce2336c
SHA1 7382a11b78c7650c6e4839e51ab38fb9a36e5c57
SHA256 31dbf9538601c4bacceaf26f274b213acfc960604b92e0387a2c46903f55d956
SHA512 7e367c1607ffcca4c11fd64a040c462db58404838738bddf7768f238864f421b45ad024b0a884c79ece558bc04e5afff6a7b1191fd9422b747f63e4ba7f72009

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 00e829076f54c72b50b63fd6de296a03
SHA1 fbeb1b8be863931f98a7c29224a03b89f9616ab2
SHA256 c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df
SHA512 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

MD5 14f3c40ce6d8734e24e77ec37428e8f6
SHA1 084727243f8e2d49406acc7c5192193881b1cc67
SHA256 cae9182ff52eb0c96a2bb3d194a23a4bd0a2271897a2ab36a81e1d327488456c
SHA512 f4ed2f72fef089677829db2aeec126e88c718d1e8ab76db9e8a447f8567d10c921f2aa568cdb3d5406286160817cbbb072f47d67f32a55936c30d91750a2c2a3

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

MD5 6ff0ba05c2b75a3d7df030823a300e6b
SHA1 db97d35bfd081ed0547c5e603049aa2de456aa11
SHA256 41b01f1188cab0da7d936818087338146462b2694768e2c56c536af1613a973a
SHA512 bc224f0466c6d132a946ae9ec81417e35dbacd20933f8e6390cac3d6353ed9399f422c4c201d29e89481035ba47aef0d88fae7dcf4f4d278cc0e425525d68e55

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

MD5 74e39bbe8409a3a3858678f02989df24
SHA1 64152f8537bdb0761b058d55d8e2dfb74d5dca05
SHA256 132f561d7fa9e33eefd67656d113e17d91f377110085bb4e6935d59e7c19ad3f
SHA512 a0441fddb42135310967c6ff9e1de1d805bc11889f9428d8312c472398e74e83d2334473e2f4fa560b83a8e2637372a1436520e1ce9a0b451e8bf30632be47f9

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 1c321a682803669b3c92264007c55374
SHA1 de600b91593e8e2fd384a735d784903e48f7f4f6
SHA256 4e83d886a9f377113842c645887836ed4e914155160dc6b03f57f701b7f1dcae
SHA512 9260b6754c35cbd3912eb0a56ee366aa66a68003cc056dad6ff0e4a71570ed19a571c48f8604763be7e42d6035d612f0c3872163ee76618f861799b7227171cd

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

MD5 66c4853ef56ea3f7416ba7545cdad665
SHA1 911f659caeb86d120eac317e320b916ce9fa8419
SHA256 8959acac4ebc26f4a1b246e1ed6271912e3e97ee9019c657422de038ec2fe812
SHA512 b4abdc9bc64264e8b982e02cebdb535b1929568fa4ea30ef87364dd73eb178949045bdf3e8945d130e026b93e03feb1cb77631ad5406bc7c82c5144f878eb01f

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db

MD5 f26e729d47db53e311d3fca0b69a34db
SHA1 cf4b7a9bbc7b81042be32397990b982fdd259c9e
SHA256 274d60957662a09729b2a8a4e1af2891f11b87a0ed2a470d18aa4c170ecd6711
SHA512 c20a6526e7f3bb17f48c34d4c6e23cce674a0c86445e4ff2db353410c80db0b4ae0aea9e629cc980588cfaee6fdd3bfc71bb7689a39c87d7bbabcbfd542541b7

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

MD5 e08f1ff48a53ff76b50cd7c71d02b751
SHA1 78ee84455b186a271dc620a0579895a301d4870a
SHA256 13cef1b56a7555d9c6ae534253643f0c58603d655e560cbc1b19355e91be1833
SHA512 8942cbe1cfaf5ba1a26d6b41ba4c5d8920699d60b94d4b86b2469e03605ac6860f1fd4516d6c084611fa4e2c6760460d710d6f4ddc793cfcd95d57b5446aa85e

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

MD5 9ecb354c895f979d9c008c20a0ead4d8
SHA1 0ac81d2b18f42a058dd8be0a7abf28fb14aeec60
SHA256 cdb51c8077dd53ca8b15e8d1419f310d31891426f943c165af512a1566010673
SHA512 ace1d6b7b0f5fda1d088a863a8496308d18a9375c6a1a062eb445a25d6ebb081d383d159d32964649dd7ad0ffd2ea8dc77646ad4caab834971bc7c2146d59dd2

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/khorak.db

MD5 b3de6a1b33fe8379e95e32e182f658fd
SHA1 84ade4c2496de093d023c4d010460613db4d5a9d
SHA256 de476dd031779fb969b038c4796d62902dce929f0e993fb16084dea385ef8b93
SHA512 d97609a058f041d2ffe800fc9bd35bac955489308728621675ef02a9ef5b834e2292536dc8b378c55364ee3f1a52e11c6d790bf9496d6e0cf3d63692f2a12757

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

MD5 8a407e1f706b9e55367ed8dd86722411
SHA1 5bf7ccfd814c6986a1d9c5cea797db06329cfad4
SHA256 5d0ff7ca4df8f3460fa1bb6c59d855673546ec35606095889eb24bd0fac5fbf0
SHA512 ae56d7d4f99976c673214f547c936e8ccfec4a02936f628227381ec4b3d10082f227fbcbdf5cb3418b0143974d1489774ca8d29a8c340be0cfe9a32dc05aca13

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 f23d95016d924b1b9d302ea578fdcc2e
SHA1 2c0574ff1185af5c6696bd60b789effa5cda384c
SHA256 ca4a88aa0c863560b3e16f6885ee92e68c2e7959dfba6e69c1ccdebce48b8fd7
SHA512 db9de28b9291a02017e5f169c075a98c26c6280c660e549b639578fc6d9b32446316da9cc4e5f6f3a58ca6ac417f8234957554d7b690ddf00db78c058f0cb4ad

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

MD5 f7f452989654529db0ed279d0932e0f2
SHA1 80ea0e5c4ebf5bf8ad43dffe1cca489fb8654113
SHA256 8f231052c3da4cc8baf4a993e87151fa39c67c9e70d3a5f1220c8f2c7117bf8f
SHA512 3a3bec92d7158c3a125b7c5a316cf23a9c9277a117e57e31ea57fdeb56aee356d1c2be00e346c0a21aaa3e689f73c919b526d81bce5a80ed5988444e5b192d0e

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 a0d93056078f02a24a1ba8c4ed9f5785
SHA1 e5036145314bf3a6e6b67be394e7ddacfc969169
SHA256 eebabc69e8813fa898abcc8592d9fdeaf21b22c50c9c38b3f2f6520cebd29b87
SHA512 b60f1faee2a1ff76b98fdbe6c9ae5eb837254d7c09d9da09110b260860b582384630ec17c821bb3a486c9a00558f074cee5fc9cad461bdd9827cfac92d5104de

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 30fa5f7c6f5f814e3c05f89bc16997ce
SHA1 7f864573b361b9cff1eb18ed53763c1b3a9866fc
SHA256 a8893467eb25f9561da79022c36d0ef40022a8498b7d46069e8ba631f1839bd3
SHA512 6168aeb2a46eedafe88fa5c0c57a3b1276be8970f12b3d40bb43923a205fa8cd3df346a0ab395a4cc470c4fce202f60027cf9db0ba05c97b1ad4b4492bcc36a4

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

MD5 b3a0295c72b2c56e89127c5bb1f8f778
SHA1 5b7b8345c70b9cfc61c155a7fe3d5df3d2b581c5
SHA256 b177997e7ac1e748b24232044f4dc671bc31358c952e339d0d097c91d423009b
SHA512 1ed4e71e9327964992e979aa20e54df13e5808ba051f6a0e47e72fe7162fc7f4c41bfe9b44e7fcf36bbbc7e32f08877f49d029af3535d59fc2874203c6d29afb

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

MD5 e2941c77b7c9f593bc0d8b23dffc0900
SHA1 9f04ee0d7bb23692d68f72df8c1300e08272f4e6
SHA256 c58d44f09ac0cd17d2b85ea9c081bc4ac3dfc984e1b7ece07182bcdc8118af37
SHA512 e9ed46386418b1ff20fe9d08e6984f375f011f20173474c67f5fc0b2f106d3f2bfa1d644381dbfdddf94913b99d98acce68a0f431f65bdf2b13d69b3dbdb4338

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

MD5 4482a5aaac215c98e4bfa02a71614e9e
SHA1 8bfbe9e13aaae20089c866bea72694d5779e9d71
SHA256 a63756af2401c9ea3699f39e8c4c096042ef69e056a8bb2eae9e8742ff9f83ed
SHA512 f57e1011fe96b19b21089e40613c505de9d2e821e510fd62ee3f4d93a30e8d0439d96c3dd915bb7d82742e29c0ec0402dce9833942b842ae6ecd5d3ea781e89c

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

MD5 1132d0624319e6875630c73b291e3768
SHA1 91ad3683b7e5e0c15a40e0c6a17e4214f90a869f
SHA256 e3df7207027cb17f1c146510c422f1c669dec4ad93c42f9fc760dbe63585227b
SHA512 01d262d6d2f73eeca44fe487afaf3a1f3a2016ed5a33a8fb6bc465da49c74c4f8f138b626f0d7088c778f76eedbde4b7ddba0299198dc83c667d98e60393174e