Malware Analysis Report

2024-09-09 16:11

Sample ID 240509-azqzbsge9x
Target 2777b5945af6abf74f1168caf41d0ee6_JaffaCakes118
SHA256 adb5a810346d31dbe7d239b790448ab07e219d4cf364bf4aa65612c7c60dc9d0
Tags
banker collection discovery execution persistence evasion irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

adb5a810346d31dbe7d239b790448ab07e219d4cf364bf4aa65612c7c60dc9d0

Threat Level: Known bad

The file 2777b5945af6abf74f1168caf41d0ee6_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

banker collection discovery execution persistence evasion irata

Irata family

Irata payload

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Requests cell location

Queries information about the current nearby Wi-Fi networks

Queries the mobile country code (MCC)

Checks if the internet connection is available

Reads information about phone network operator.

Requests dangerous framework permissions

Acquires the wake lock

Schedules tasks to execute at a specified time

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-09 00:39

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 00:39

Reported

2024-05-09 00:42

Platform

android-x64-20240506-en

Max time kernel

123s

Max time network

151s

Command Line

ir.fateh.football

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

ir.fateh.football

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 srv.magnetadservices.com udp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
BE 142.250.110.188:5228 tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
GB 216.58.212.206:443 tcp
GB 172.217.16.226:443 tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.187.206:443 tcp

Files

/data/data/ir.fateh.football/databases/__pushe_base_lib_db-journal

MD5 266ff2d46c1eedd438196304dac6b716
SHA1 b2fd4cf228d71f25f1bd9870aa95ac584bb7cfba
SHA256 af9b3285a0ede66972bcba81d164288d1bd5b84aaa042356ca3d37a893880f43
SHA512 2272e5d1fc5e497a313de43fdc0375b25bab39d55372d337244658b88d761d2f8abd2a8c9dc9499b6035c70c72ca605438e577341645aa94edc80fbd8c2c2ade

/data/data/ir.fateh.football/databases/__pushe_base_lib_db

MD5 c62dd7d3a6192ac96a572d6dc8657ccc
SHA1 2414a0586c42c84fde006cf101994f304f89f8d4
SHA256 8917197bd3879569164b9f30fde9bdd1f8e8369cb1e0fd081905a2bc37f3ab69
SHA512 ff4806f00fb8d58ed4a4ebf98355cbe4d884472e4d76f64263ca26ce163be05c936d13af6806d5dc2f6b9e1cd8b2ca46d38ef66c92625a24eaf8a604611e24a0

/data/data/ir.fateh.football/databases/__pushe_base_lib_db-journal

MD5 1463f634f908bab726693df7fa4178a7
SHA1 1629ceb1c2b3613494bbcd34af3018fde18ea706
SHA256 8e2fc6cc7fbb95848992e86b92105b0e927b719093ebfd500abd1c1a4cf05037
SHA512 f7a9972867f62c9d96e896f499b4d8fda7f5c63b027bf9b5e08c4f2cdb3888472334d0b86ca67522e50858ff2326bbc42752e9af372b1c644dc2fa2952fa77f7

/data/data/ir.fateh.football/databases/__pushe_base_lib_db-journal

MD5 99b64f233b07bdbcbefc5ca58ae1b4e1
SHA1 d85282c16722df9aedbb5a59883145e8f0c0994e
SHA256 30558705741afa77daeae9862eebc4739a949b1cb907470c0c8ab88b7a255a74
SHA512 3d30a8a1e71fb4cc9d9c378b0f4dcb8cbef20ee4a7c88a0691fac987bf8ed801122d8ea3ff119fb5b5e5fe923e4d79b1e5b45a94492491354f9e8463a24415b2

/data/data/ir.fateh.football/files/kalamat.db

MD5 c32496c248e431de9bb60af0e9a8657f
SHA1 e342b95a0b685646c3587dd47d972e8ff6ad1b86
SHA256 8cfef21c3f5ffc2dd6649d5218cc12b3c7543a4bd9f5f0555b49960a9bc5847d
SHA512 44d6969518be2b6a56f4edb536cd36d56a6eadc4a4eb5b895d19afbc676272b0a1e4b04e356e1404ff1208944060ccf835146f8d1958121f98794928822e4197

/data/data/ir.fateh.football/databases/evernote_jobs.db-journal

MD5 93405014cc364aa0580a6159536522ad
SHA1 b5e6915919e4ceb201ecee19bdec1ea7539f3c6a
SHA256 df4a7ca601c6e6a8b8468a20dadbc2272a4e1a45cf10121b1aad2758cb95821c
SHA512 51d734d9b076c6e192348896541f3ab5615de56cf6ceae7ee42ad29dde7b26f0b69c413ce9b76aa53e9f868480e6aeaf6d4f627a31814a6f10a8b0da146e3afb

/data/data/ir.fateh.football/databases/evernote_jobs.db

MD5 80a0c85546da9d895eded1d674efa5c2
SHA1 efb6f1c8354bf164f5a8dda37db4b16947a54de3
SHA256 24f8439dfeb917d2a7eb86e9fd79d73e1a485f802def25f41bc221ace424a6ec
SHA512 7bcdccc0b27f790fef05e09261ed69569a224a24f3a2c34db32074432f58151997b227adae063056efed29c32e36d093914ab7971b0208e1c3209c538aa347fa

/data/data/ir.fateh.football/databases/evernote_jobs.db-journal

MD5 cd94ea20a51b449ef4916986dcb19ca6
SHA1 4bf0a525f329904f79b8c3a12442d347917fb28a
SHA256 e42376aee33a127f651405016154ff72b6025edf0deadb4bc66058e3c8a8ec74
SHA512 3dd55f3e36859e892b3607327b1daf5f734a0fb1d19ffc33bc2934d24b8094f360bdb38ae5ec1c6c97fed73d79dda8d543fce15a40e354c7f022a864c5d35b25

/data/data/ir.fateh.football/databases/evernote_jobs.db-journal

MD5 db552aeb5b7f3dec45a833395461d45e
SHA1 e85a6fca0d8fbff624eeb63d6436e3be06918f5e
SHA256 e17495e7cc595ce00d4cd21584993ea476c2794d1a00899a678117f94c46980c
SHA512 21de20eb3c15bd934f93aae2aed6c5166534ba5b9e28a3aa1b1d63c11446a536dd1955d1f17adbc101af8ef727cce16ce0a036cc3577f1c99757d0be6f62abb9

/data/data/ir.fateh.football/databases/evernote_jobs.db-journal

MD5 26a877125d446e1b5b6045339e5bef86
SHA1 fb3e73985e607f4bc5ff33d63113923623db3962
SHA256 3a5550453e655b8994b254904cb47e5cad53076f0e0d1dde35b09d22defeba25
SHA512 b9bef166743893a0a5364bf6edf37136572dd323066a78bb5d6612a244ddec01bd4e32c019670d610d8f7155ea7c69392727babea627f38cbbc61e7cfc5b2d54

/data/data/ir.fateh.football/databases/evernote_jobs.db-journal

MD5 5a177d3675e4b85cfc1488b49ffeff49
SHA1 3bd8ddb59097473a186b15876ca90ca8e3f60f6f
SHA256 417cd8bfb375768d0d63477658dcb113149dd6ed0245aaff2b8e77cf688e8780
SHA512 9612574ae7a86792eba0ce259eaecf73f3f9cb41c38fe5eae9277b715eca2de90dbb11648a106f071d9853ebf4b376ae6a18ef0111f538c6790c39dc4926ca3c

/data/data/ir.fateh.football/no_backup/com.google.InstanceId.properties

MD5 949bb94660d5089ee107f9be46960a18
SHA1 62a432f3b77b2a12ec716bc9926de24b6e7e17f9
SHA256 e970f6a7c43cb0d5035c252d7bb28694b9cd114b92036fad2153a1a57b37b9eb
SHA512 403caa6cb33a680fcc1ba33f5f753f25a847fc02d6e85dae22f97e752701444ae774a64aea13500430854df8773c038492a8c8a2873cf4705f2fd052a2ed6090

/data/data/ir.fateh.football/databases/__pushe_base_lib_db-journal

MD5 e70ea60ffad6481f4cc7e04f18f637ac
SHA1 3262d35307b06d19a95257de7ccdc2e48750e816
SHA256 482e69600de88a3521c570433604dd8445a041f865fb874df2331e82059e68ee
SHA512 ca868b48cbb090ad932a4f6da21a4e6bf25deaf6f9b81aeb5b3cd4980397dca91aa57d77d30098708baaa0803c0133d7d8d1d60ba6e73489e936a2b3d0210f96

/data/data/ir.fateh.football/databases/evernote_jobs.db-journal

MD5 ecdc72cd9b306fa15b2deecf82acfc9b
SHA1 5ec4cd831649194bd7433404111e81d270b18a24
SHA256 f5d3eddae8c001f9251b14c01dcf97543ebbf767aa5eefee1d550f03a58a1e73
SHA512 f528cea6e03ecf86a806dace56321c22ae7177348605c89292f8e274e406d2451b8f22f180faca68cd148be6f4c310d2d546940a17c3e3cabc452282f0219834

/data/data/ir.fateh.football/files/fonts/bkoodb.ttf

MD5 2be5d53bd9404008e505c403b2af6d9c
SHA1 ee393eeb3e8cc8338126367a6dca01fe1a2569d3
SHA256 5fd93a626bda3e75f0ee6ce429f15acbd32cc5278b1d1d6fcf25a64ec693efc4
SHA512 df7da6e9bb2d10e421930ef70b7d943d2f983134cf9436723d203e79d4141ae283e032df2e6b4cb808d62f3ceaa3885b53a3e8e1e4bbe7f49833fff6ab493e73

/storage/emulated/0/Android/data/ir.fateh.football/files/Magnet/close

MD5 e0aa021e21dddbd6d8cecec71e9cf564
SHA1 9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
SHA256 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
SHA512 900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874

/data/data/ir.fateh.football/databases/__pushe_base_lib_db-journal

MD5 d8c847a5bb0a9da76a4077354429da38
SHA1 5bd8b035c4ad8129640b3e764a96b161c17920f9
SHA256 6dfe8c7766a9d09ca31adc21034b6f0ee1ef873bc0b29d010453591f46e559a9
SHA512 b32d65b83ace279f0e3c548854eeb208bdf615028656f91d04dfe100bafa300f470c59716df798a221a0289c35c4b01682b41a06aa175f649332cc34c5b09088

/data/data/ir.fateh.football/databases/__pushe_base_lib_db-journal

MD5 18f24eff56abecac3d79fd96bddc9e59
SHA1 0ab325e7b8b4ad77e28ca390556117f8870d9710
SHA256 e571e0f558ea05d04ecbd2948b8b3a7b90d6967d42985b14befa4bcd6f8a14a2
SHA512 76818f3bbdc876ec3312eec93a433240d4ab0958c4e648dc10d7b99e4b03da36c975f5f354521f104b8bca06e8f595a4e6bb9f4fdaabb6570314cd786aafbb2d

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 00:39

Reported

2024-05-09 00:42

Platform

android-x64-arm64-20240506-en

Max time kernel

123s

Max time network

133s

Command Line

ir.fateh.football

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

ir.fateh.football

Network

Country Destination Domain Proto
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 srv.magnetadservices.com udp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
BE 142.251.168.188:5228 tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
US 1.1.1.1:53 www.google.com udp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.178.2:443 tcp
GB 142.250.180.6:443 tcp
GB 216.58.204.66:443 tcp

Files

/data/user/0/ir.fateh.football/databases/__pushe_base_lib_db-journal

MD5 e1726a5d1716c594bc0cf62f1cad1bc1
SHA1 4e6aba7e56020e7f4ec4ac5e757911fd1cdf25e1
SHA256 23e4b2748be9842f97710505c40634b240231b5fe267d7442663ae9310b62765
SHA512 a4c74c7b4cfcbb974dc42d52b46f48b271ba7f64815ba3f99f693348c5c54910972535887a56e4cc3964bef77fffbeb1fac5acc2c7c1bb5a5c3b3a3cc1bc6971

/data/user/0/ir.fateh.football/databases/__pushe_base_lib_db

MD5 90e4cdafce3be6428f67f2de8f6ce4fc
SHA1 52dda115f6140ddd07a3b6ca45d2d13455d2e73b
SHA256 269f67ec77b2cbb949861f74afd8fe5385d6f16a47dd48e65c074b3328e1e329
SHA512 811836a2e3411007c1f183a4f6d85b5ee0a3ca0a4f969925c215ce9f7ddb04b296fa1222210dcc7018839f18a8456320e5797d6dad1e704b30bd68ca9cfdedb2

/data/user/0/ir.fateh.football/databases/__pushe_base_lib_db-journal

MD5 9f5ce21b6e6a33ea062883fb9cf78e50
SHA1 c7b516b1750fdf9b9ee5932267f5964d0dcf6a6f
SHA256 66a74333b3d1a14d4082fdc1b9e353a3c893c0119ba401731345496c6814d524
SHA512 1bfa77013eb6ea0de1427ebbb2a17691e51edd827e92dede2a1a4d4cd96464b7ad2808d8ee25d217ace4f2ad8e72a8b78ce7bbef702a99b0a4c2bfc42dde980d

/data/user/0/ir.fateh.football/databases/__pushe_base_lib_db-journal

MD5 2943278593804707abaa37287f80240d
SHA1 93d364c69d41f80b4675d0334a5aaf7179d7c86a
SHA256 fee7b6ac4a2702de00886a65a30b5bd43b4de49316445a91e0a4c532b5ce9fed
SHA512 76d7b6e68e5b2798cb3711b90255b7594b61731250f083dfe4c2cb8fd3c5e882f23ae218f87a42057c37adacca5d0df86172d3bd540968b53f270834c71f8cf0

/data/user/0/ir.fateh.football/files/kalamat.db

MD5 c32496c248e431de9bb60af0e9a8657f
SHA1 e342b95a0b685646c3587dd47d972e8ff6ad1b86
SHA256 8cfef21c3f5ffc2dd6649d5218cc12b3c7543a4bd9f5f0555b49960a9bc5847d
SHA512 44d6969518be2b6a56f4edb536cd36d56a6eadc4a4eb5b895d19afbc676272b0a1e4b04e356e1404ff1208944060ccf835146f8d1958121f98794928822e4197

/data/user/0/ir.fateh.football/databases/evernote_jobs.db-journal

MD5 6bad185f069201024840bfe4ff331c21
SHA1 93b4b643338fde7e6c1e9fa4a38e8630edb748a5
SHA256 677ffd90a9fa81ed6d25f4fe9a2c9802c7f9dda64d6294ea71ce0869b0eefa90
SHA512 eedb38a32c71ca01ac45d281cc35f57cf8302de42781da44c3bfe06cb20c0e2a95d2b41b99afe8668058006f65635cbc42a47b8a7ffc642758fb0c665e65497e

/data/user/0/ir.fateh.football/databases/evernote_jobs.db

MD5 3daa885828fae96b2b414a784f53826d
SHA1 a571ab90c543f60a4cc8d2d77cd93e26aa4edfbb
SHA256 5ed282c85a7f6e29a72536eb791373587c310b5ba23c4d5a9475e6e82c0ac619
SHA512 f579dd2e44eb7455d9a1f009d050f5b778e768678bd0cc61af8cd4f4ca81394e763ea14437b410f1481fcb9898cbd019f333e27c592680a28842f1439569bfb0

/data/user/0/ir.fateh.football/databases/evernote_jobs.db-journal

MD5 2a34f2c8f48813ded4e5f92a2332fcdb
SHA1 ebbb3cf14a33b597e6655a993514d36a1c7a7056
SHA256 3874a79e601aa14b08b4e11bc8695f3d1653e2ea92e9d0064531dc434f1eb982
SHA512 7aff77c3fdd1d06a40ad875859deca43672803101f1c1f5177616daa2a35d35d9d5b0e513363296527260a7495287e2ec3c40e60019fdd8218da5ddc7f204890

/data/user/0/ir.fateh.football/databases/evernote_jobs.db-journal

MD5 3147ef946669ba20017f6eea2babd55c
SHA1 5905c6eb6ce1e8e8b567a00b76272ce4fcfe1ae4
SHA256 ea719ca4f3c28881beaf4bf66909ad1fddf68da9d9e87f229e5876353d545fe3
SHA512 e0201f1bb069e4abb8fb69ca53385e5e9631979e2273d01cd03ee7af870413f3858662d3d376c5b23d2487f7c50874bdd9c5b04429b29a9e22b1dafe7046bf64

/data/user/0/ir.fateh.football/databases/evernote_jobs.db-journal

MD5 3c3ad74c55915d9c8620ba1c21f4c28d
SHA1 a88cb39439de59b3d1922b5e0419e17be0aee6ec
SHA256 27e1a94047dff1a0f47be5f53681e68fe3fc057aa840c36aac54837087dd278a
SHA512 74486e20fc67678b06e6cd27d78f680e1533a3ac01c3c52e7f01eb76daf06e5078874c00d62f3d161dd546b429e432f5ad599c9d29cdafdf5e6d308aa041b312

/data/user/0/ir.fateh.football/databases/evernote_jobs.db-journal

MD5 8fef1b2bcc5e27bf45261817600ad454
SHA1 7a376ecd56145f1c52594bd65423b9066ea904d1
SHA256 fd835a5d00e8c90e52cf2d22bb286eaeb2e1d095e2e44772b86591414e2a794b
SHA512 2dbe8b9df82f454bcf37f71873a1177f5a7ddbe19bb48f722a45f3580d16878a7dabc763df08d171e6e5e3fa030d5a406af816344c2eb5122e762343dc3d432a

/data/user/0/ir.fateh.football/no_backup/com.google.InstanceId.properties

MD5 2311cf60b52785915446cb5010c94f2d
SHA1 7e176551f57409c4fd8274a0e76fdcbc96187336
SHA256 2e85a80ff46651053be6999ddcca908f32591473112902fc0281a6fbd439a3b5
SHA512 ce4cdc4e8e4af4075255fbccd2c3865a25953cbd51e833c69bf3536bd3b776f47bb517f340053d6d741e08fc6caa86d5fe4346b850c7fcc300259cc94d6eeba7

/data/user/0/ir.fateh.football/databases/__pushe_base_lib_db-journal

MD5 8995e025b1ccd4aa672b281cb1a6664a
SHA1 d8e87484d1099ef209569fe6c31912cdbcd48e84
SHA256 e2e5b0a2b3cf4f837e8cc60b1b80e95a08db162ddc669885664b9f2dcdd14b8f
SHA512 1601992959dd80c473de7fa6005220d17aa6b4f768618db70f3f3b70edd3386374fbf94b04be1b4493384039392ad590402cf5f100d5d1fcbed0d3f9fda9a57d

/data/user/0/ir.fateh.football/databases/evernote_jobs.db-journal

MD5 ff3f7534dc268ed820c124aeae2c7154
SHA1 4182916a0a130757f5ce79d1458e06c14612a685
SHA256 ffaae58ea40baa1a7bdb96ff434b20a8f5ba4f5371f10b0568da4b13f398de61
SHA512 2d8517886c5307d2490f246ebf822c78956bc52af2ccad464fd91614bc05e803a08ddaa28e955bd056b340d1738e4082c71cf9f3552661a0d17ed1533827ca76

/data/user/0/ir.fateh.football/files/fonts/bkoodb.ttf

MD5 2be5d53bd9404008e505c403b2af6d9c
SHA1 ee393eeb3e8cc8338126367a6dca01fe1a2569d3
SHA256 5fd93a626bda3e75f0ee6ce429f15acbd32cc5278b1d1d6fcf25a64ec693efc4
SHA512 df7da6e9bb2d10e421930ef70b7d943d2f983134cf9436723d203e79d4141ae283e032df2e6b4cb808d62f3ceaa3885b53a3e8e1e4bbe7f49833fff6ab493e73

/storage/emulated/0/Android/data/ir.fateh.football/files/Magnet/magnetLogo

MD5 e0aa021e21dddbd6d8cecec71e9cf564
SHA1 9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
SHA256 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
SHA512 900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874

/data/user/0/ir.fateh.football/databases/__pushe_base_lib_db-journal

MD5 669e0ffc87bfb3e811520f2f76eb0a77
SHA1 3e0d07063f280051a4a5753f1187d782dbe95cca
SHA256 f6540ba0cf88582e93e6cf4bf19775c50004a230063733e29ea9ca44e5cf1fb2
SHA512 ab8c42b7247d84a7d02dadbed687e2723b2b8bd21ce3a4d19bd62dec93bcae3fbdd2d03a3010edf985129bd082569b1d082e410ae847611084be5f49317376d0

/data/user/0/ir.fateh.football/databases/__pushe_base_lib_db-journal

MD5 7a42d2562bd25a10a0e9e631c0ed6d29
SHA1 6e7d892797ef45d5fc284e362947c9af17816852
SHA256 7cd8dc798a4540d5dc6fd928bf6ee5b7124447331b62267c4ca05d1032077ef1
SHA512 4f45f9904e22b7144f60906af5e8831e40a87534e21eebd7bf93915adfc4b0b63faf727a7c0c58f94d441630d1db61f7357953e8331bb674d6fcfdbb6b034a0a

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 00:39

Reported

2024-05-09 00:42

Platform

android-x86-arm-20240506-en

Max time kernel

123s

Max time network

130s

Command Line

ir.fateh.football

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

ir.fateh.football

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 srv.magnetadservices.com udp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
BE 66.102.1.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 tcp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp

Files

/data/data/ir.fateh.football/databases/__pushe_base_lib_db-journal

MD5 d42fb69d3100f6ba8405f4341a6a08f9
SHA1 e3d8a308004992f7803d2d0305c553ee75925fcc
SHA256 001141b509c60cff46c8181ea50f4872fd5d63a602ebdbe9750d6fc90daad1e1
SHA512 405c7bc60b460c4153d25a6be9c02ac6d52a4d630d06814360170ac4cfa373b2fb7785b928c095b6473a0122d80661f1828cfa44d106579be72044a7dfcb7cad

/data/data/ir.fateh.football/databases/__pushe_base_lib_db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.fateh.football/databases/__pushe_base_lib_db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/ir.fateh.football/databases/__pushe_base_lib_db-wal

MD5 a52528a5968df1ec7e58a98191ee3cd9
SHA1 711a2ab515fc042a98fc10202ead519d59a09f1f
SHA256 6aa938b12eb72de360ca966bc4835aeea572c8ac6ab7fb6bdf02f798854b4be9
SHA512 2b724266bec4eb7b76b82a60709c164bc73d60b840faa06167bd909f6fccd9ff77bdc3d98ead79d7e735457e56c0af3f496d17aeac899dfbf6125d8a865bdf74

/data/data/ir.fateh.football/files/kalamat.db

MD5 c32496c248e431de9bb60af0e9a8657f
SHA1 e342b95a0b685646c3587dd47d972e8ff6ad1b86
SHA256 8cfef21c3f5ffc2dd6649d5218cc12b3c7543a4bd9f5f0555b49960a9bc5847d
SHA512 44d6969518be2b6a56f4edb536cd36d56a6eadc4a4eb5b895d19afbc676272b0a1e4b04e356e1404ff1208944060ccf835146f8d1958121f98794928822e4197

/data/data/ir.fateh.football/files/kalamat.db-journal

MD5 4ee2c091818a037556a324692c833453
SHA1 88a7ac91ecae4e672252efa61b3ceaa3d9bc588d
SHA256 36aa19d8cd8a8cfcec9852283c25740cbf5034b463c1b1afee86dc6224c3fc01
SHA512 98fb477ec3d942a764cbab1629b5a7b35d15011f33dac9ad670d1de90b8002541f70b85dfc072060ba943ce063afec37992295080bbb749b3b5eef54871181e1

/data/data/ir.fateh.football/files/kalamat.db

MD5 45dbe4bacad134de6b42e658e481879c
SHA1 04f816b9e07617278c3dd02d5a1e28cd281c55fd
SHA256 41f05966e2c8f180e6a56941f4bc9dba320ca50159d047245c71d63fc2d396bb
SHA512 9db518118a6b6d721e30be38c496c6d12674503abd663f9465d115399c2412acf0ab27bde249284ed8b89f3ad6ce6899ce8e2b70b95bbdf806cc55adf730c92e

/data/data/ir.fateh.football/databases/evernote_jobs.db-journal

MD5 aeeae4c3e79cf4dec7fd0e81df3fdd2b
SHA1 3d69aae1ab8f1ce8cde00a455d0500514a0916d9
SHA256 f9a32a8f1f6bb207e4b9cf082229e5b1f6a901f0a7a4e647d5e4a8e8399c56bc
SHA512 82858fd1986254dc8f260fe15440bd27df351fce09a48ac4d6345348e4f94cbc7695feb4af883ae242be33f591d441d955abe647558f2171d283adf0930d8701

/data/data/ir.fateh.football/databases/evernote_jobs.db-wal

MD5 a5362e7d48bf6968d001fbf1222ed074
SHA1 ca6da73eae12271a59128685d329f43f431d5afe
SHA256 1db5f539201e5a648dbab5d71e05bc2745b059e5713f7f802788913ab077e888
SHA512 fe215d66b481d3c88f6a450aa88180141d3688790ff1c92d1ee21659df9a3a444a047f4d3cd2926d61dd47d856d845cc0e87bb0401338c409b8e603a421b21c2

/data/data/ir.fateh.football/no_backup/com.google.InstanceId.properties

MD5 cb649392ccb5a748d3a5c20013d9e0a5
SHA1 486fe1de8448c38a82311377b0af6b9690931f88
SHA256 197bacbbf94936231484f58014a8771f7209b1e64558c77c9511c7d1a61e0384
SHA512 9fe859e9e73659752f244eaea438a38694e4ade6c49fd17a49124f66377a16f700ab3275b59912df6c13591008d187014de380c980eac2f970fab21102bc45cc

/data/data/ir.fateh.football/files/fonts/bkoodb.ttf

MD5 2be5d53bd9404008e505c403b2af6d9c
SHA1 ee393eeb3e8cc8338126367a6dca01fe1a2569d3
SHA256 5fd93a626bda3e75f0ee6ce429f15acbd32cc5278b1d1d6fcf25a64ec693efc4
SHA512 df7da6e9bb2d10e421930ef70b7d943d2f983134cf9436723d203e79d4141ae283e032df2e6b4cb808d62f3ceaa3885b53a3e8e1e4bbe7f49833fff6ab493e73

/storage/emulated/0/Android/data/ir.fateh.football/files/Magnet/magnetLogo

MD5 e0aa021e21dddbd6d8cecec71e9cf564
SHA1 9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
SHA256 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
SHA512 900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874