Analysis Overview
SHA256
acb28440297159a9d34c908e3c3912742df9de19a044ef0618fab3bdd9a7438b
Threat Level: Known bad
The file 20d11715ce2a65dfb5d9e05620433f14_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Obtains sensitive information copied to the device clipboard
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
Queries the mobile country code (MCC)
Schedules tasks to execute at a specified time
Requests dangerous framework permissions
Reads information about phone network operator.
Acquires the wake lock
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-07 14:35
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-07 14:35
Reported
2024-05-07 14:38
Platform
android-x64-arm64-20240506-en
Max time kernel
121s
Max time network
154s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
ir.mostafakeshvaree.iran2018.anvaekhorak
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| BE | 142.251.168.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.178.2:443 | tcp | |
| GB | 142.250.180.6:443 | tcp | |
| GB | 216.58.204.66:443 | tcp |
Files
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal
| MD5 | e14b2ec54f7f25fd7459d548ffc1cc6b |
| SHA1 | 4853026141d509e872cb22c91ab6e06d2b7921d1 |
| SHA256 | 42ef8f5aca0c43939b5a482a0be43c4d7353b4881b3ba4c47c220af3b7196012 |
| SHA512 | 2065a0db3acf8229b2168293b3eb30f506e98eb942787fb43445552790e9bc4ecf2f69030a355238f22dd6f98ef5ec51f581801764e587050f2c25c426fea3af |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | 47080e3bfcf2db9b8620f2faf6c5857a |
| SHA1 | 6f63c1851255e0fa99567f047382074b086d38bc |
| SHA256 | dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb |
| SHA512 | e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473 |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal
| MD5 | c2a755d9c9c1d918241cbc016c8b5f4a |
| SHA1 | 1d302323b87c595f117252eb31b867879cffcdea |
| SHA256 | a2776dc34aa977e4f7faa8b43d3f7767f99dccb02153b4efd4bef6f2c6853790 |
| SHA512 | 2fe5ad1c00dce65abb8bd3a550e256be51ee18966b1d33837abef578ed30bc5863abec2e0cf7eb8a3f8c9efcdfa9a88d64fac89bed647be6b509a78cc7698656 |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal
| MD5 | c430a93b26e74e925d16c4149e74762f |
| SHA1 | 94d8c943b38ea6a7747660ff02aec3d10984bb7c |
| SHA256 | fe6c0d781ba9fa913d50341953dfa9607fa6d68522133e59e114e453e2579a6e |
| SHA512 | 3a80a2b87693ce66f99a93ca466f62213292a98d32f58120864689e9caa7cde03af2cb075ebc2ddbd06b72a7775277c1714f5837d533ab841b27073c42182129 |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal
| MD5 | 4088f321336aa7d180dcb95aa6f376fe |
| SHA1 | c0face84ca62953422bc9f278415b304699a9d04 |
| SHA256 | c9e7718a9f6fccbbda6bfedc02923e3478f29f284cac4e03688b4d5b3d6cc66c |
| SHA512 | 9bed25fbc8fd7cb1ebb03cb5094504df065de1cbe035346701c57e928f1b56d9246b0c9c0fff458a6ed218292b1719f026e3b2c538fbaf992819fd0997cff7f0 |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | 92562cd5d25a08160cb67adbcd744f85 |
| SHA1 | 9833df0cf1ddf731c897544cb521a39233465820 |
| SHA256 | c894c58c152c96b4a769aa35e0ad627778f31721572a9228ca3e7bb6d3fb5799 |
| SHA512 | 6507e4979aad1e742622ba8cd8d2f2c1b6854aa671a84161b77fb7e92d0e67e67eff7fd0c3c55ce5fbcf16aec6183df17cb80c0c8114032452a3a9bf9fed013f |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal
| MD5 | c198537bdca6a49b34858746e78a6484 |
| SHA1 | 0c81038069514e9544d2833c2b8ecd4346d8b122 |
| SHA256 | a43f42cb4b278cfceeacce38c545ff43554b41adeda0086781ef12fac1aa8a83 |
| SHA512 | c159fee2775281915bd83a30b00590d5ef4fdab6fdd9a98978b6c2b29c96678771a5566b4f7ead3e2c7acf01fb1ebb133915388077b723aca16eaacf2ec6c430 |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db
| MD5 | 05596d5a2335f6271140c81dfd7ec18d |
| SHA1 | 9ada41f394119f10f741ce4cac9b41a6955f1154 |
| SHA256 | fa8dca2e63bdef9482c80c7a52e6bc541186651743557947347c5b83031905bf |
| SHA512 | c8111545eb3c4251e2de38eefb7976e80c9baa9b97737b47f5079a9a1a4c8ed7f6116329c95f51c80244d375a2acac831db935aa32dc54ed55d643f579811f71 |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal
| MD5 | f2daf37f861db572c348f23781542242 |
| SHA1 | 933269d053f4f43f45de150804dfdb085f46c708 |
| SHA256 | 32add9a9c3169bae0e7f088dcf69fcbd1d2b17b252b8713ec386c1b7d669a911 |
| SHA512 | 8bd0e3db41c3af96e90a95e9ff6519642cd5983390a6f9f563ee883f5fcc48de95eb23231bdda086aa5295dfd88960a70a654fe54a7aa5a4288da4a13a99c513 |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal
| MD5 | 29baa2d7dae07ba3e95dedd5ac1a7c99 |
| SHA1 | fb6644254f08a3ae22326e223c81a2984702e397 |
| SHA256 | d457513c2775b6afcdb6dca757426d678f40e97e8bd8d797263209719c2502d9 |
| SHA512 | f8f0814c8556e739685b1aa386953dcf056b1853fcbf4d9ea7133dc87860bfcf0c5ad7bf465a9704be5dc087efa25e8501d4f18bee8f54181e84b6587f8644d7 |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/files/khorak.db
| MD5 | b3de6a1b33fe8379e95e32e182f658fd |
| SHA1 | 84ade4c2496de093d023c4d010460613db4d5a9d |
| SHA256 | de476dd031779fb969b038c4796d62902dce929f0e993fb16084dea385ef8b93 |
| SHA512 | d97609a058f041d2ffe800fc9bd35bac955489308728621675ef02a9ef5b834e2292536dc8b378c55364ee3f1a52e11c6d790bf9496d6e0cf3d63692f2a12757 |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal
| MD5 | ef8a18eea0c1a498dd3440ea25601ea0 |
| SHA1 | df53303ab3afe758bf1398f5d808572484d26cb1 |
| SHA256 | fd435b8b5be56dfcf9a15e2be2b4ed8e02a113b24d6d3a7e108f62adfd888c64 |
| SHA512 | a925e9cb04147016439ca48ecf786dc40cbf1eb848c40ca716a80ee69c098907bc1b745109d0020f6c27471b3cc9f1d6e19b44d93c9230fd1b11c0b8b9cffbaa |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | f4e5fca3b10a612f708f08f4ce772ddb |
| SHA1 | 702e3bad39b7ee2df3dfbe8d63821f1180404dcb |
| SHA256 | fe7b6d12a8683ec2fc2203f959bca12ff3282ebf42b70720bde22755842ba424 |
| SHA512 | 9e0720fd964622ae98c256359ac6853f0256a17b8c165f2133401c5d71597d1089a4e930489a3d7e62f088f44ae741d1e5fb5f177cc95d7d720781644fb74b97 |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal
| MD5 | 9e217fdc7d4daf8f19e7f2785d7d59f6 |
| SHA1 | 90faa13f0372d6c542904190a2572293188a04b7 |
| SHA256 | 2ef9f6babb45bc81eeb5e83bb14c38ee0d1d2dd2a815d73238f1364ad5cc67c5 |
| SHA512 | f94cbb96619f20c767d65d92992600098be804064280482f572b6a75d5a39166c45e60386ca83982accbeff7b9974bc3a328257cb50fcc2187d99cdaffe4ae9a |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | 44b806538146e3dd243a870823706284 |
| SHA1 | 2bdf5b342214105afc9005dc6e4d74b3cf6dc456 |
| SHA256 | 33672fb82cfd0f2dbc812306d0293a5268eb0cdb9b8074bf853af94b9e7d3791 |
| SHA512 | e53077100fb00390f4eb8c3757f6d620c142c6e27f8861bf65b4faa88a8c2edcfbc157ff9429a03898f27290298fc9150112d7d87aa40ec08aeef15328af9859 |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | 539e03841940115f75316f4b3dc570e2 |
| SHA1 | d49ef19c43cd2b03236155228073192371db0e25 |
| SHA256 | 2444df64bb688c246176ee8dcd8fa8f4ede703cea46f997d27618faaf42876be |
| SHA512 | d27286261b99b279f2cc4be1cdb869aa8b67be87bcf6a737f1350f3a3ad9b41cc2d797151b3dfbfdf9a5cca1658cad15b0326d3c6b0d3b42602cb641b6cc1533 |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | 75e4643ab311a1cf3411e24d7fec124e |
| SHA1 | c43fa8f964015c7382e07c1157839e555d948d96 |
| SHA256 | 74275814813831afcc2c4d8d536f9ec682900c5bac23338bfa1090c9b9fe5951 |
| SHA512 | b8cf3c8d0fe40aaf7488c8d88cb7d6a6b17c01a3ec7ddfe8548e318658d23a40012a93d59b498ba2661df29ed83baf63c22383025453b49c7d0b9a9d214a7c24 |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal
| MD5 | d8f472f4597d258810292e392d3bca66 |
| SHA1 | 339d7db9d271705f06c136df0ba43fc316e93af9 |
| SHA256 | f3204ed87fb22854fae69be8a5696915902f7dce19412616bbccc1d62c1b9eca |
| SHA512 | 87b7c69a330892828437ea0326bd6a90354e1a25968076074772920805837d11b092e0586e0e45961d7877d4ceadbfdacbbb0073f4deaaa9724af17d93f2746a |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal
| MD5 | 472d311021e1cbbde3cdf2112775bd28 |
| SHA1 | db37a504e66d79dceddbce8ce2dcca002536b520 |
| SHA256 | 8cc387a374a11bfab15a3379f5ac40f07aaba3c88048f2a5be499842adaef5cd |
| SHA512 | 08d07f4c66796d4fb810145e94673351d31839a166d6e68dc5b4e1e2eab17a6203b04532f1aca75eaf7be91254f61ee59c6f7e1a77c5eb634f31363b73699836 |
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal
| MD5 | e064e3bc56bacbf85c00f2c50092d207 |
| SHA1 | a725237dfa87b44617b642040493e569ffd9e04a |
| SHA256 | 95773f05c459c3b2160b583d298f0be52a872094f8d5208f4d159f52baabb7f2 |
| SHA512 | f004133eb79b6266423d2d993ca290fef16ab2fe12e2f993596c0631b8bf92ed4a0fb4f53e3021dbc6aa8c544efe165457b6ac94cefecabb1c72d09947e49a49 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-07 14:35
Reported
2024-05-07 14:38
Platform
android-x86-arm-20240506-en
Max time kernel
111s
Max time network
131s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
ir.mostafakeshvaree.iran2018.anvaekhorak
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| BE | 108.177.15.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 216.58.204.68:443 | www.google.com | tcp |
Files
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal
| MD5 | 603e4f621b7142261bc819bd2a98bac7 |
| SHA1 | 0740566702e288c94710e392178d2410081ae666 |
| SHA256 | 74778cd3c065f9497975e6e2b31825261083e68931b27138f4e5fca7f7bcab5d |
| SHA512 | 9b27a37d76c555314b30855f52d14690e2e3b9d1b8addfa0279eae5c58f6c800c76a0a965df25f3fff5561dd059ffb1b391950e2cf4de217bab8686d7282b400 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | 978fdf85b8448e3a7c9015e51477eb49 |
| SHA1 | 793bb88398dc9457935a4416638d5ed3974baf19 |
| SHA256 | 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92 |
| SHA512 | 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal
| MD5 | 334d8d625ffd3558b0b83f82581ca211 |
| SHA1 | 47ec09eb343d9a8e2325087ab8dfb92227c55916 |
| SHA256 | afee31c23507ae73c908efa01f3d21ac776d9fbba54c356c10e25d8393cee146 |
| SHA512 | f8f40f8f9bf94138c0b3d361be46b99d178dee4dcd078f7f58db8f330da571652c4f1239d63d8674dea0016629060cd5689e21f74dda7b8642ea04fcb4093481 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal
| MD5 | b170e435a909de769447392d2df646c2 |
| SHA1 | be72bd30ed7086856497c3df94e2a89a8a4f77ff |
| SHA256 | 90962b08e11d3d9a48522e03da8480a73f558fb29ae81f4efdff3631d9c05150 |
| SHA512 | 6f8579f7a4941ef3cafac2ea902a5ee730e67e92cae2f8c09fd0007b06e3df112d7765d7e2a2e69afdf45a54d8fe340a8c1edb0cca840abef26ea7ae16b3db9a |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | e3a35ac248b3be9e8e2c1888aaebbc8f |
| SHA1 | b99421a4303b300078ea9f1dd612d131882d1d03 |
| SHA256 | 19c57fb7eccc576dfd5f8eb0e4554ada67a13a8a12d61590a10171bcf4107fd9 |
| SHA512 | dee12336211d1e7049eaac073f9cdb272fca4f20837f039f5647c8d3f53cdc764ece6bcfd0e8f783f84fa773ffaa68357724f97b5f94de583ebfecad72ee15bf |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal
| MD5 | 102dcfadd4b07c98d6a90fe05b8806d1 |
| SHA1 | 7e9b905f8951b607250fb1c63d9f744de6ee3081 |
| SHA256 | a73dfde8c8d479edf4530c9d285720a5dbe0ed01898f4d9596d886a62789c595 |
| SHA512 | 04c00bf0a8b5358d1a356e6f24595963ed97bc53c81f19c0954472ed803a1caff8ae07d2cabc4fe184aae342bef8c23a89e8c194a555000a1570d1bc69fc70a5 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-wal
| MD5 | f7b486b15d6734dccd9d890cffe90fb0 |
| SHA1 | 7754c2dc58a9b192a5eb6226c2014c991c564970 |
| SHA256 | 4ee571fb35d2c7e08d9af2a1a11efc7954ff560580227ce3f94e18866f08ae92 |
| SHA512 | bf3cfd575a175f943f2b7a0b7b3dbff8529a31378ef1d3188cf8dd493ec54d7304f672ee2be74b3d0df83cc820325a3cbcf730f1d1479c8180676c6bef68da1e |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/khorak.db
| MD5 | b3de6a1b33fe8379e95e32e182f658fd |
| SHA1 | 84ade4c2496de093d023c4d010460613db4d5a9d |
| SHA256 | de476dd031779fb969b038c4796d62902dce929f0e993fb16084dea385ef8b93 |
| SHA512 | d97609a058f041d2ffe800fc9bd35bac955489308728621675ef02a9ef5b834e2292536dc8b378c55364ee3f1a52e11c6d790bf9496d6e0cf3d63692f2a12757 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/khorak.db-journal
| MD5 | b955512135e0b05dde8c62d65f74b269 |
| SHA1 | 0e99946457118e23f2f0b83614453f37f5177cc4 |
| SHA256 | 856954b20de3d9df370048b2db34d7b143bff6bfeaeaaace2107f73b24603c9d |
| SHA512 | f0ee1ae705edd697311a88c0880b51ba54d204b0ddd681c5cde632e472e280eefc636df913bd05c8347d85bb77aae0b78090d9fe892b3f5e5f78fcbdbcc2b85b |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/khorak.db
| MD5 | 8a7caf3447a48d78e82bc14263130486 |
| SHA1 | ffaf270da1445b8361cd4b81c9f29ace0e673a84 |
| SHA256 | 7630b3abcf85b4a71a0d9af51118fbaf3441fe4e34f86206c6135bf021ea6f57 |
| SHA512 | dbb3bd819776ca010b2f0000d0e3d3bbd5a6f1bf363076fe99112847439a917a784c382a08480c14ba1f4b19fd7cb52646b1590f119c3ba1f6e17a9357381c0d |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal
| MD5 | e085eee449359bf08ce7639e631b9693 |
| SHA1 | dfd201180acf792bd2355e44538ffd404b103495 |
| SHA256 | e1b86156c17b0f4d067a653f8d4906ee319e51138c38c2942d0110fd7dcbf8dc |
| SHA512 | 21259505fd57c419044b0a7303551ac7576ebd0a6057a3e4a053f6d49172857398389c9aa9f49d93185a6f9cbd0d3f196b750aded44cfbac7aef739024cfcf7b |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | 5477741cb2cf8f43d493e24d6d86a1ce |
| SHA1 | 718276af3a64254a38863bdb35752068ea3abd58 |
| SHA256 | a683658c94a2f8b7041e92d53ef675c95da831092ddc9c16a7980fab5991ed05 |
| SHA512 | 16e0f9f01d9942a523031cdefd31d6d1e9f9b0c05b6268976815be937a27f27e14f2c2cc23b079a0052798d1d3aa0e677fa43550db41d85c80a6971148c60cef |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal
| MD5 | 5769caa53c495f414dffdae3c280bb81 |
| SHA1 | 5f480ef144981794a7870587da1770f6fcf0a23a |
| SHA256 | b44310b1c2aeadf195c9cfd63b2250353566cf3b4a76a63091f0b517f1034a34 |
| SHA512 | acf1557dae935064e2ea0f864efc38288a6198fde5c7908124e445bbe4d7e7e3bfc54679d89f68b7a213d4583b1c8cab70e724423af6fb539d74d77ff1f1f341 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | 6c4e46d11c6165c687dc3a365f0cc477 |
| SHA1 | 85d585cc3289e9b8d429e31405bf0992270eeaf2 |
| SHA256 | 3fbb7706afb0c94cc3d58a477533ea27c6a9655fac9f9891045778a956ce36af |
| SHA512 | f6445a531913ca59aa5512400ae629feffc352a22969b79947e4377214b8985ae0d180fe582487a3e07ddb8ee67589cfbcafd78d55d4a24c10fd2cb922b8f99e |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal
| MD5 | 9654d90d5c2adb65aa1bcf78b62e27d8 |
| SHA1 | 4cfb6aab71a50c0959c89e779ccbd6dfeb814058 |
| SHA256 | 461aeadbba29d757005eb7e0f250c7f4ea1fcf516c1525d8bb62629b7eb46bec |
| SHA512 | 1d915cdd5452012a1276f79c874a5bbe18e907c8287b610b63539f52d3831bba98efc1196f4ebcffcb05a8315df7b95da2c060b596f92d774a2cf3b9be4d9ca3 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | 9e31af293018fd81138d89dead81bd2d |
| SHA1 | 1d2fcb28c3b1ae13a5ae9c762e87996f1cca8887 |
| SHA256 | 279c84375e7b5d601dba6ccc45213facb6b9596a91a2e984766481705f1cd797 |
| SHA512 | b8974f48d3734c5ef747dd4caab5f3f639629782147afb36e1dbe329d06d37e00a13d3c2d155a58d8f88e19cde9dd6abf6e358bb194fc2403dd26053c2ae3826 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal
| MD5 | d91135b6d561b713da516b12af22309e |
| SHA1 | d568033fb915e470b4c5720c1c1a4760727bc6c0 |
| SHA256 | 2c32a3677d18dc4bec3efbf434211a6cf6a8edeef5dd422766e94c65f5b7d809 |
| SHA512 | 7f3f7e137cf832b4bd8bf2a5e985bd0f8fdc4162f2a3d55f356e53afe847b4ae7a3ef5bb7c36688cc29c62eaf05ce5d4e11001dab3fb7043397df5e48105ade0 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | 08dc4d22a6fdd518b728e5490a5f18ff |
| SHA1 | db0a94064e00b7808e23fd770de3e54279c37da3 |
| SHA256 | 289d210863934860b2757f7ee8ad0ae1f8fd1281c935695233d656c7757b6d38 |
| SHA512 | e2a4043720e4d733948aa6a79f74d5d4248fbc5da0b653ce6090c7c28e4cceefc2ffb541637f0543d2602351a0dfbe51f777a5b870d990e8832886c7ac645250 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-07 14:35
Reported
2024-05-07 14:38
Platform
android-x64-20240506-en
Max time kernel
107s
Max time network
131s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
ir.mostafakeshvaree.iran2018.anvaekhorak
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| BE | 64.233.167.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 172.217.169.78:443 | tcp |
Files
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal
| MD5 | f6f161a09e4d3b80ad6afe343ce2336c |
| SHA1 | 7382a11b78c7650c6e4839e51ab38fb9a36e5c57 |
| SHA256 | 31dbf9538601c4bacceaf26f274b213acfc960604b92e0387a2c46903f55d956 |
| SHA512 | 7e367c1607ffcca4c11fd64a040c462db58404838738bddf7768f238864f421b45ad024b0a884c79ece558bc04e5afff6a7b1191fd9422b747f63e4ba7f72009 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | 00e829076f54c72b50b63fd6de296a03 |
| SHA1 | fbeb1b8be863931f98a7c29224a03b89f9616ab2 |
| SHA256 | c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df |
| SHA512 | 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal
| MD5 | 14f3c40ce6d8734e24e77ec37428e8f6 |
| SHA1 | 084727243f8e2d49406acc7c5192193881b1cc67 |
| SHA256 | cae9182ff52eb0c96a2bb3d194a23a4bd0a2271897a2ab36a81e1d327488456c |
| SHA512 | f4ed2f72fef089677829db2aeec126e88c718d1e8ab76db9e8a447f8567d10c921f2aa568cdb3d5406286160817cbbb072f47d67f32a55936c30d91750a2c2a3 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal
| MD5 | 6ff0ba05c2b75a3d7df030823a300e6b |
| SHA1 | db97d35bfd081ed0547c5e603049aa2de456aa11 |
| SHA256 | 41b01f1188cab0da7d936818087338146462b2694768e2c56c536af1613a973a |
| SHA512 | bc224f0466c6d132a946ae9ec81417e35dbacd20933f8e6390cac3d6353ed9399f422c4c201d29e89481035ba47aef0d88fae7dcf4f4d278cc0e425525d68e55 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal
| MD5 | 74e39bbe8409a3a3858678f02989df24 |
| SHA1 | 64152f8537bdb0761b058d55d8e2dfb74d5dca05 |
| SHA256 | 132f561d7fa9e33eefd67656d113e17d91f377110085bb4e6935d59e7c19ad3f |
| SHA512 | a0441fddb42135310967c6ff9e1de1d805bc11889f9428d8312c472398e74e83d2334473e2f4fa560b83a8e2637372a1436520e1ce9a0b451e8bf30632be47f9 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | 1c321a682803669b3c92264007c55374 |
| SHA1 | de600b91593e8e2fd384a735d784903e48f7f4f6 |
| SHA256 | 4e83d886a9f377113842c645887836ed4e914155160dc6b03f57f701b7f1dcae |
| SHA512 | 9260b6754c35cbd3912eb0a56ee366aa66a68003cc056dad6ff0e4a71570ed19a571c48f8604763be7e42d6035d612f0c3872163ee76618f861799b7227171cd |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal
| MD5 | 66c4853ef56ea3f7416ba7545cdad665 |
| SHA1 | 911f659caeb86d120eac317e320b916ce9fa8419 |
| SHA256 | 8959acac4ebc26f4a1b246e1ed6271912e3e97ee9019c657422de038ec2fe812 |
| SHA512 | b4abdc9bc64264e8b982e02cebdb535b1929568fa4ea30ef87364dd73eb178949045bdf3e8945d130e026b93e03feb1cb77631ad5406bc7c82c5144f878eb01f |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db
| MD5 | f26e729d47db53e311d3fca0b69a34db |
| SHA1 | cf4b7a9bbc7b81042be32397990b982fdd259c9e |
| SHA256 | 274d60957662a09729b2a8a4e1af2891f11b87a0ed2a470d18aa4c170ecd6711 |
| SHA512 | c20a6526e7f3bb17f48c34d4c6e23cce674a0c86445e4ff2db353410c80db0b4ae0aea9e629cc980588cfaee6fdd3bfc71bb7689a39c87d7bbabcbfd542541b7 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal
| MD5 | e08f1ff48a53ff76b50cd7c71d02b751 |
| SHA1 | 78ee84455b186a271dc620a0579895a301d4870a |
| SHA256 | 13cef1b56a7555d9c6ae534253643f0c58603d655e560cbc1b19355e91be1833 |
| SHA512 | 8942cbe1cfaf5ba1a26d6b41ba4c5d8920699d60b94d4b86b2469e03605ac6860f1fd4516d6c084611fa4e2c6760460d710d6f4ddc793cfcd95d57b5446aa85e |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal
| MD5 | 9ecb354c895f979d9c008c20a0ead4d8 |
| SHA1 | 0ac81d2b18f42a058dd8be0a7abf28fb14aeec60 |
| SHA256 | cdb51c8077dd53ca8b15e8d1419f310d31891426f943c165af512a1566010673 |
| SHA512 | ace1d6b7b0f5fda1d088a863a8496308d18a9375c6a1a062eb445a25d6ebb081d383d159d32964649dd7ad0ffd2ea8dc77646ad4caab834971bc7c2146d59dd2 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/khorak.db
| MD5 | b3de6a1b33fe8379e95e32e182f658fd |
| SHA1 | 84ade4c2496de093d023c4d010460613db4d5a9d |
| SHA256 | de476dd031779fb969b038c4796d62902dce929f0e993fb16084dea385ef8b93 |
| SHA512 | d97609a058f041d2ffe800fc9bd35bac955489308728621675ef02a9ef5b834e2292536dc8b378c55364ee3f1a52e11c6d790bf9496d6e0cf3d63692f2a12757 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal
| MD5 | 8a407e1f706b9e55367ed8dd86722411 |
| SHA1 | 5bf7ccfd814c6986a1d9c5cea797db06329cfad4 |
| SHA256 | 5d0ff7ca4df8f3460fa1bb6c59d855673546ec35606095889eb24bd0fac5fbf0 |
| SHA512 | ae56d7d4f99976c673214f547c936e8ccfec4a02936f628227381ec4b3d10082f227fbcbdf5cb3418b0143974d1489774ca8d29a8c340be0cfe9a32dc05aca13 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | f23d95016d924b1b9d302ea578fdcc2e |
| SHA1 | 2c0574ff1185af5c6696bd60b789effa5cda384c |
| SHA256 | ca4a88aa0c863560b3e16f6885ee92e68c2e7959dfba6e69c1ccdebce48b8fd7 |
| SHA512 | db9de28b9291a02017e5f169c075a98c26c6280c660e549b639578fc6d9b32446316da9cc4e5f6f3a58ca6ac417f8234957554d7b690ddf00db78c058f0cb4ad |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal
| MD5 | f7f452989654529db0ed279d0932e0f2 |
| SHA1 | 80ea0e5c4ebf5bf8ad43dffe1cca489fb8654113 |
| SHA256 | 8f231052c3da4cc8baf4a993e87151fa39c67c9e70d3a5f1220c8f2c7117bf8f |
| SHA512 | 3a3bec92d7158c3a125b7c5a316cf23a9c9277a117e57e31ea57fdeb56aee356d1c2be00e346c0a21aaa3e689f73c919b526d81bce5a80ed5988444e5b192d0e |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | a0d93056078f02a24a1ba8c4ed9f5785 |
| SHA1 | e5036145314bf3a6e6b67be394e7ddacfc969169 |
| SHA256 | eebabc69e8813fa898abcc8592d9fdeaf21b22c50c9c38b3f2f6520cebd29b87 |
| SHA512 | b60f1faee2a1ff76b98fdbe6c9ae5eb837254d7c09d9da09110b260860b582384630ec17c821bb3a486c9a00558f074cee5fc9cad461bdd9827cfac92d5104de |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | 30fa5f7c6f5f814e3c05f89bc16997ce |
| SHA1 | 7f864573b361b9cff1eb18ed53763c1b3a9866fc |
| SHA256 | a8893467eb25f9561da79022c36d0ef40022a8498b7d46069e8ba631f1839bd3 |
| SHA512 | 6168aeb2a46eedafe88fa5c0c57a3b1276be8970f12b3d40bb43923a205fa8cd3df346a0ab395a4cc470c4fce202f60027cf9db0ba05c97b1ad4b4492bcc36a4 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db
| MD5 | b3a0295c72b2c56e89127c5bb1f8f778 |
| SHA1 | 5b7b8345c70b9cfc61c155a7fe3d5df3d2b581c5 |
| SHA256 | b177997e7ac1e748b24232044f4dc671bc31358c952e339d0d097c91d423009b |
| SHA512 | 1ed4e71e9327964992e979aa20e54df13e5808ba051f6a0e47e72fe7162fc7f4c41bfe9b44e7fcf36bbbc7e32f08877f49d029af3535d59fc2874203c6d29afb |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal
| MD5 | e2941c77b7c9f593bc0d8b23dffc0900 |
| SHA1 | 9f04ee0d7bb23692d68f72df8c1300e08272f4e6 |
| SHA256 | c58d44f09ac0cd17d2b85ea9c081bc4ac3dfc984e1b7ece07182bcdc8118af37 |
| SHA512 | e9ed46386418b1ff20fe9d08e6984f375f011f20173474c67f5fc0b2f106d3f2bfa1d644381dbfdddf94913b99d98acce68a0f431f65bdf2b13d69b3dbdb4338 |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal
| MD5 | 4482a5aaac215c98e4bfa02a71614e9e |
| SHA1 | 8bfbe9e13aaae20089c866bea72694d5779e9d71 |
| SHA256 | a63756af2401c9ea3699f39e8c4c096042ef69e056a8bb2eae9e8742ff9f83ed |
| SHA512 | f57e1011fe96b19b21089e40613c505de9d2e821e510fd62ee3f4d93a30e8d0439d96c3dd915bb7d82742e29c0ec0402dce9833942b842ae6ecd5d3ea781e89c |
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal
| MD5 | 1132d0624319e6875630c73b291e3768 |
| SHA1 | 91ad3683b7e5e0c15a40e0c6a17e4214f90a869f |
| SHA256 | e3df7207027cb17f1c146510c422f1c669dec4ad93c42f9fc760dbe63585227b |
| SHA512 | 01d262d6d2f73eeca44fe487afaf3a1f3a2016ed5a33a8fb6bc465da49c74c4f8f138b626f0d7088c778f76eedbde4b7ddba0299198dc83c667d98e60393174e |