Analysis Overview
SHA256
fbc061df4aeb65383fad78890df1c464bd847db236068cda42a9e564ed945c46
Threat Level: Known bad
The file 3e1d7bcf1d82b84925de1535a83fb825_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Requests cell location
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Registers a broadcast receiver at runtime (usually for listening for system events)
Obtains sensitive information copied to the device clipboard
Queries information about the current nearby Wi-Fi networks
Checks memory information
Checks CPU information
Queries the mobile country code (MCC)
Acquires the wake lock
Schedules tasks to execute at a specified time
Requests dangerous framework permissions
Reads information about phone network operator.
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-14 05:54
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-14 05:54
Reported
2024-05-14 05:57
Platform
android-x86-arm-20240506-en
Max time kernel
24s
Max time network
131s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
ir.pars.ash
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | 330b7e1ccf9742419a5ba3b4466d7924.s.adad.ir | udp |
| US | 1.1.1.1:53 | 330b7e1ccf9742419a5ba3b4466d7924.s.adad.ir | udp |
| US | 1.1.1.1:53 | 330b7e1ccf9742419a5ba3b4466d7924.s.adad.ir | udp |
| US | 1.1.1.1:53 | 330b7e1ccf9742419a5ba3b4466d7924.s.adad.ir | udp |
| BE | 173.194.76.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.200.2:443 | tcp | |
| GB | 172.217.169.78:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
Files
/data/data/ir.pars.ash/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.pars.ash/databases/evernote_jobs.db-journal
| MD5 | 674bb94ac4deb23f3838dd3128e303c9 |
| SHA1 | ff2e064a77dd5ecdc42e238766da02b95e556c42 |
| SHA256 | 90cc9353dea376d136afcf7759e7bdb895e5182d4fda7951ff17658fadcad507 |
| SHA512 | f53e28f0cdbbbee9aac1b599a59d076572b30184033a22664eeee5d5584d127e0fc95488afc5df28a38dc6ce3bfad7e285d232adce3506f6f22012d928b8f2d6 |
/data/data/ir.pars.ash/databases/evernote_jobs.db
| MD5 | 978fdf85b8448e3a7c9015e51477eb49 |
| SHA1 | 793bb88398dc9457935a4416638d5ed3974baf19 |
| SHA256 | 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92 |
| SHA512 | 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38 |
/data/data/ir.pars.ash/databases/evernote_jobs.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/ir.pars.ash/databases/evernote_jobs.db-wal
| MD5 | c137ee7227ae0562c9d1fb263e359d25 |
| SHA1 | 2744800d4e6c11430049863020776a7eda6747a8 |
| SHA256 | d35fb75c20097b0a4333823d34270aa24e030b4c23a619f0aec4b1560c792541 |
| SHA512 | ff6791420651ee02f55d4e251cb07303d7b245283851b1f4f1c7ffd9a11da7dd0eaab2215258891f6d40aa4db048b530f76097875f636e620f02b02c37d1f8f2 |
/data/data/ir.pars.ash/databases/evernote_jobs.db-wal
| MD5 | 1b10b4cc43aed0e2acf1c2310caa9297 |
| SHA1 | a08fa0f784c16f626ee02766a8d35984bfe1b324 |
| SHA256 | d1bd71bb1486e5904721391ffd5e542b8cb22ca1f6f548b26a74ccfe673e0168 |
| SHA512 | 739a778ae6e9598bfcde1f9c204a8ebc14cf3d6ebd3e43993f8a8807fb798d7b2dd66e62df0c8549b4bbd402c54497ce68b3dea5858303a8bfe439934a1d1329 |
/data/data/ir.pars.ash/databases/evernote_jobs.db
| MD5 | 48d6159eecf2ae99b199dcfa8eb4c158 |
| SHA1 | 98035fc4585fbefca191b19bbcf464258132b55d |
| SHA256 | 3600cd39d40e5945a9dad5c39556a0e5b504e4cd2501c4347201da15cc0464f6 |
| SHA512 | 4efc8edf7e2dd3e04b27ca947a237c666ba9624c7527d7818cd5edf6ef2ec58ce1342187f78b11ed198f1ef7863897bdf9ac72c580adedce0b11e26e9d4ee927 |
/data/data/ir.pars.ash/databases/__pushe_base_lib_db-journal
| MD5 | dc57cdd2432aea304a923d820cee0227 |
| SHA1 | 0368d27fe0c9662f8dcb062d6a65749a8bf4bbd0 |
| SHA256 | 4fdb7bdba7ca1a450e79924687085b9ab3962b6d38e02e5d62e9c17415e4ea3a |
| SHA512 | a99b0944581825f1cb9330612678483ef2f84f4b3ab890d875cd6c7e12cbcd2e45390d1141b44c854d8609165b3cae98944e6a6ab106424b4307cea19cc2ba9e |
/data/data/ir.pars.ash/databases/__pushe_base_lib_db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.pars.ash/databases/__pushe_base_lib_db-wal
| MD5 | 655aaee7d689c267ffed4b08507fa54c |
| SHA1 | 0532fed8134bc788253b983b15517d0211a7555d |
| SHA256 | fa686c4c3e81e4d387d777b4508ef944e66f3e7b282d18021529295dfc062202 |
| SHA512 | 28d9e233edb53c22f8737d6ea5c7e6196080665dcd4c33546b921e43842c58360fd1863451ecbe24fbbd8c776183955288471584e9db23f3c39d08f5b3bf7378 |
/data/data/ir.pars.ash/files/sop&ash.db
| MD5 | 5f1b372d2a74ccc6f23bf056d2ab11e9 |
| SHA1 | ffe4843014b1abf493412d997410eb5596d3e839 |
| SHA256 | 9b75d26962b6eb5ac7227091cbcf332411b293ee0451b512f9aba39b38d44791 |
| SHA512 | 7137ece4ee60e215f36d96c32cb56b91deee2cc91b0eb9a4c651b779bde4159491a5bce2e93f0cd5dd54d57b0758d0e39ba0c4bb1d9a195d15dc085c159b5f7e |
/data/data/ir.pars.ash/files/sop&ash.db-journal
| MD5 | ca1f4bc7de7b3c93ba842930b8f6f7ff |
| SHA1 | 53a86f66d865e72b4440eca2e5811f79e06b3a1e |
| SHA256 | f6710a5807995fae24b8d431b811c211554426846324a0e47e8deed04dcf38bb |
| SHA512 | 53f74fbcdc5ee596a242310c74be7b46e2f87649efb5d790edc8d700813660d227b63cfff002a2e3891df27b157617b1818bef4a06d35eb901167a4c09eebeec |
/data/data/ir.pars.ash/files/sop&ash.db
| MD5 | 8c8a1c9cbeaa451840ed4aff8ec9e6c3 |
| SHA1 | 0aa7779e949307a929c179990e7bdd41dbb8d310 |
| SHA256 | 8a9e1633d139ecf186f7c466f4e738f07eb62690de8ae6f028cde3e23d35f1b2 |
| SHA512 | 5d7ad1c14255aac69be4e1148be354e99c54188d5755ef903dcdcf8fca0f3ea0f3f033160f0147cf87c2f38d65e363a0463586b2119f548ba9b574f84d09ea69 |
/data/data/ir.pars.ash/databases/evernote_jobs.db-wal
| MD5 | 4451028663f0aa16e4d925c9c27c7c8c |
| SHA1 | 497e172d02001c0bb6f4d4c0325e2d4590262c09 |
| SHA256 | ed49f77520bae80a6717615705242832983216b25bec2d6f3a6baee4d31a8192 |
| SHA512 | b95b434c19fbc279df5ea78aba65487ece8c72d02b009ac72388c6b783f8fcede699bbddce872c6aa7ae5a195da492165137d9a5aee9e4355f0ca88b9d5216d1 |
/data/data/ir.pars.ash/databases/evernote_jobs.db
| MD5 | a2d4a8738bb2ee9638e427687a802016 |
| SHA1 | 5a672a3e9d2bc11317f0f51bd11454773496b2d0 |
| SHA256 | 027694a6229d78ee1229aec66c1c4a73df0a3d255c6d4799e0d970fe5e8a0677 |
| SHA512 | bf7f9fb434db7e3458691204f42276255d28f932168a6d85323e56906137328b41f5d7fdbb1bc418371d51e3d00046459aa0e9781c205dc94dee6749dc9413b7 |
/data/data/ir.pars.ash/databases/evernote_jobs.db-wal
| MD5 | eb7ed2ca18eb31f68fb726ab23bf1583 |
| SHA1 | faf4e48be7ba19dfa3693c45546b9a09aa223119 |
| SHA256 | c7de936d909c0e67b6db51660e24a81f5db02a02b829ba4394afa11a3b9179da |
| SHA512 | cfc534b807505c1ea8caafa8c041e89a50f4a64181306053fd9a8f557a6e8317668a0c368848e43342b20cc664152efaa4b6603e579401685e9398561a68e914 |
/data/data/ir.pars.ash/databases/evernote_jobs.db
| MD5 | 06fc17e4f6774adeff660ae2c6d5ab4d |
| SHA1 | daf6a41df7a9ecd09885aaebf048ebfdcbfdb949 |
| SHA256 | 51451affe95e3982163d9a6d5059de98f7d5686d3698b18bb0c32324cb351285 |
| SHA512 | 0319944e72e5b49e8f0fe8e4c00b0ce6bb45e462a3011159781d8c4e1d7dad4e370b390bb3dd74c8d425bc93b03a7bcccd0762980a8533e0f16c89511494134c |
/data/data/ir.pars.ash/databases/evernote_jobs.db-wal
| MD5 | 2b477d060536147867c0e3bf82bfd747 |
| SHA1 | a00b4907f25bc400713c2da127155642df414a6d |
| SHA256 | 162b13a1f4a501ed21e00e57b1dfeb538bb07864f51fa73deb0ded1a7bf51fab |
| SHA512 | edb943d0a09e2a05b15764064da356ec7de7faccf551cdc13ae4ec030cd40180eccea3ffba5f73ff3cdc07e71e17550a20598513473a24ee653e641e05cd5398 |
/data/data/ir.pars.ash/databases/evernote_jobs.db
| MD5 | bb04efdc2e4784547654456c2d30b81d |
| SHA1 | 435eb488fc5efb07e34044ca1971641f0fb72e5b |
| SHA256 | 9a82e2b19a7f0d6c58359d43bdeb208992cae4e8c13c8cad7b9b2dc7facda3f0 |
| SHA512 | c183f4c5060db2c16debd3f4463c711310f2bf059a241cb07579fd454c7e813b02e0259bc8d273ec381e855608849793f8ad91dfa18d6d81588b11519721f9aa |
/data/data/ir.pars.ash/databases/evernote_jobs.db-wal
| MD5 | c8f7dd6d8b6c0e603cabc0d506a251b3 |
| SHA1 | 8daec0e6b6838d4b1a794f9a04b71fa69f882acf |
| SHA256 | ce4ed54ec7ff1cad3ebcdf39576d73e162a2016ac7c544216e63cf7bcf24822c |
| SHA512 | 4b7b90389c413714eb7224dc4651cc47608f37aef58a1d300c0cdabba2331b5d02544c764ced876c8ae09323f9a71848a1c8af48fa37c576a3d2f272f861350a |
/data/data/ir.pars.ash/databases/evernote_jobs.db
| MD5 | 1980059ac17a7573db907a494855bf5d |
| SHA1 | c35b3841ba0f3a1227376ef277a7c36d8e78414d |
| SHA256 | ec2fa2b43c9f20ed0923b7f8d31c9d485f29b73bbe201db0f062427442b644d6 |
| SHA512 | 2aaf59509ed70e0e024ef3c12e2f780ffb705892a31a3dad303420a5b63452eb0b9267c71a3cbde1cdf55a0294420ad28f9fb87236d51e6b1c7fe723e98e8fb2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-14 05:54
Reported
2024-05-14 05:57
Platform
android-x64-20240506-en
Max time kernel
51s
Max time network
157s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
ir.pars.ash
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.202:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | 330b7e1ccf9742419a5ba3b4466d7924.s.adad.ir | udp |
| US | 1.1.1.1:53 | 330b7e1ccf9742419a5ba3b4466d7924.s.adad.ir | udp |
| US | 1.1.1.1:53 | 330b7e1ccf9742419a5ba3b4466d7924.s.adad.ir | udp |
| US | 1.1.1.1:53 | 330b7e1ccf9742419a5ba3b4466d7924.s.adad.ir | udp |
| BE | 142.251.173.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 216.58.212.206:443 | tcp | |
| GB | 216.58.204.66:443 | tcp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | pwsjtcjshifgt | udp |
| US | 1.1.1.1:53 | wjjlucttmyc | udp |
| US | 1.1.1.1:53 | jwvlismswlw | udp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
Files
/data/data/ir.pars.ash/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.pars.ash/databases/evernote_jobs.db-journal
| MD5 | a5dbff0d0ab3d99f6dd17349adb9c362 |
| SHA1 | d2c29c2ec9949ebb4fb311d54de2977b3cf24d2f |
| SHA256 | b091e900b2cd2afdd8617700669cef694e942beeb0711cc655dd4dbcbf15a921 |
| SHA512 | 144bb94a9a68aa4a94dc9daa5517fb96a9977ebb65ccfd6837c037908fb21444a332d197bb15b6f02cb1297654778ff8355b33a4aa16279c0459084e59c5df04 |
/data/data/ir.pars.ash/databases/evernote_jobs.db
| MD5 | 00e829076f54c72b50b63fd6de296a03 |
| SHA1 | fbeb1b8be863931f98a7c29224a03b89f9616ab2 |
| SHA256 | c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df |
| SHA512 | 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc |
/data/data/ir.pars.ash/databases/evernote_jobs.db-journal
| MD5 | 3271b7a568fa43521174b108dd595162 |
| SHA1 | d6110f7c71414b63577fb9c99b0b00a6d18a8ff6 |
| SHA256 | 985236ac23dfb72eb18d6880dfa9bdffd9967c0818fd5e817bbeb2bbaf4b87fd |
| SHA512 | 3beccc309a2435efd7952204be5dab8540a56dff9e2afaa926a6768047e24e7f52831884d40b2b09fc050dd640b10a38398cb63e1ebdb1fd865c1515464b0994 |
/data/data/ir.pars.ash/databases/evernote_jobs.db-journal
| MD5 | 489e00400fb1588b46688fefd6b9ebb2 |
| SHA1 | 91742ef223dcfde98a4e07622e715f1cfc1036de |
| SHA256 | 0e829fb9864df206fd68ef00bb55216865cf988e08666b45882786dae574de42 |
| SHA512 | a6c801ec77ac28a254188f521888f37657bc086eccc15da10638231b0ae3d50122954ca06c33d96beacbde4ad87f9f9f41ca6b590e7548a1ad916977d73d59e3 |
/data/data/ir.pars.ash/databases/evernote_jobs.db-journal
| MD5 | a95a5b4ef50866a7c8a9280a6758e2e3 |
| SHA1 | 6d24027998ac92d3a4a219205b6d368ea7518131 |
| SHA256 | 6b21cfa7cc17fd478c9cce2f044bda7f0162042c827421f56e3f193a073ddaab |
| SHA512 | c1bc9271c39cc778b1c262ef66bacaea5d9a9567a82e42c3831a51435a966a351bbfb75fdb0e29fad7eb40461e1521498c1b7d79852c1d08079bd8a339ebadd5 |
/data/data/ir.pars.ash/databases/evernote_jobs.db
| MD5 | 8cc9a9bb5316b737896fa8309318b1bc |
| SHA1 | 49ada0d74f2aa827a6f37c7f9ce3367c13c2a871 |
| SHA256 | 228c58c85f35b782d425ee00d7eda6a9211ac099bda70c65555d9c1046ba645a |
| SHA512 | 6c9fc9e0a9392df9f2c76672c6fca7ac18274d643e4ce94703dee298f720bfc288e2ebc1a91091f39739f744125242417d3a936fab512004e4cf4fb09c5f039d |
/data/data/ir.pars.ash/databases/__pushe_base_lib_db-journal
| MD5 | c841001df337d6299b808ebead9e0b68 |
| SHA1 | bbc8f694740f95e8a351fb47d1afd493e4571c07 |
| SHA256 | 9a6fce9329df94e0f53d405a41f21a102c6c6fcfdbd564dfdb8dc6e0fe55cc90 |
| SHA512 | 49b1b3c501c806a90b23cfb6b520fa2b287fd653e71fe9af4a61499b824d2050e291a6594e2efce802016620f20bae6d3bd4ba63d0184467d676fb70e287fe3e |
/data/data/ir.pars.ash/databases/__pushe_base_lib_db
| MD5 | d5a3ec1f841cf6b1a5976291d5413c08 |
| SHA1 | 575ccf6133dd05626ee72172194787fedea88775 |
| SHA256 | 614053e9f08705db506bf1b31db5b1fdc062ef2c7c313263bbd36ac4276aadda |
| SHA512 | 21a0bc972633726ae31f8f4c3bf8895bcd1bf05822a08fd96a24585cdf190d6bcb43a6cd77e1394f90547d7f8fbf03fcc8e0673888cc07f12246d461f5118014 |
/data/data/ir.pars.ash/databases/__pushe_base_lib_db-journal
| MD5 | 209ed972594504311ada0e869eee0649 |
| SHA1 | 956dff23f5e9887b2a79eedda78924f22eec065e |
| SHA256 | b0a7e90ba1249f786efafb01abbf70a46da805c9e3fd618455a19a6ac3d9859a |
| SHA512 | 929e96a102ab607c81ea651eb7443d7598e78f446cd043ea1415356769a2f1f1d94f4770872b079890a82e6117c03d6e29d76ed8712c21c4e80db5b8ea9a367f |
/data/data/ir.pars.ash/databases/__pushe_base_lib_db-journal
| MD5 | 72481b27d5fae37b1da7c5a6098bba9c |
| SHA1 | 9d1e130a86a1538f230153643f0a89b0a198c59c |
| SHA256 | 0fea471790265a4724d7e5d95b6ec9de80090ffdcf819008dcc2b57c8fe7c427 |
| SHA512 | 8d09de61ae6713f50ed8c54a55ea28b8f84cd4ebe2e75ccdb0a4541e9c6f69889d7d1621771bbcb1f00f061e7300182fa116184c50122fc73a0c1060c80f4466 |
/data/data/ir.pars.ash/files/sop&ash.db
| MD5 | 5f1b372d2a74ccc6f23bf056d2ab11e9 |
| SHA1 | ffe4843014b1abf493412d997410eb5596d3e839 |
| SHA256 | 9b75d26962b6eb5ac7227091cbcf332411b293ee0451b512f9aba39b38d44791 |
| SHA512 | 7137ece4ee60e215f36d96c32cb56b91deee2cc91b0eb9a4c651b779bde4159491a5bce2e93f0cd5dd54d57b0758d0e39ba0c4bb1d9a195d15dc085c159b5f7e |
/data/data/ir.pars.ash/databases/evernote_jobs.db-journal
| MD5 | 220515e99314613e7332bc2e65aae056 |
| SHA1 | af91c18d8dfc8e01ae046b94470fbe8b146e43da |
| SHA256 | 289cf5fce38b3d40a728c3932f78c619494c1d104c4becd521c7083fdb3162d1 |
| SHA512 | 462acce9997272006cd59326447d40b61cfcc600134e4a568f5bc56e17030412321bb288b5a64366e3d99f38d47dbb82a8c08ade1abdaa9844af62aa313a78f3 |
/data/data/ir.pars.ash/databases/evernote_jobs.db
| MD5 | 31ca5b79b6731be021000d6282a59af3 |
| SHA1 | 71d7dc6eeb93d010ed553f60c21b7136abc9fd2f |
| SHA256 | 5fcaec1b76754bd8cb46cd18161fb3e744441d393245c4e11dfbd28b486f9579 |
| SHA512 | 2be811ed66a4f25464160fd1989f5b5cc9df11db3316eb118c9f6fbbf97dc5fd3757a977e2b359f879090179c1418174e31148733336afd528fb4dbe67cfd6df |
/data/data/ir.pars.ash/databases/evernote_jobs.db-journal
| MD5 | 379bd0da16854a32176eb7b6cd739b7e |
| SHA1 | 944cb6b00b1761d1e2c68abd6d7198577df11e01 |
| SHA256 | 2c29d7f605c7d26aee72ad9a542415595d82814dc5175f4b67e3ea21c65cc665 |
| SHA512 | 9ac495ae7a1eee45c835ada7dc593c824dd6958a399c5c007f6d6c7073fa07384097a7c024ca4f0bddef94334a2c17b4f578472b976cb594c3c89b6361e377ba |
/data/data/ir.pars.ash/databases/evernote_jobs.db
| MD5 | c1275b87877f25bb546ff6a1ff063f43 |
| SHA1 | da7661c168fb207e0ad4f88dfb9eab53a293b576 |
| SHA256 | dcecbe01dea28dd2b310428260d58a57ec15f540081a8a47c32e203f60716a5b |
| SHA512 | 626b8b06530094327265bc56a88f40113cf8870acee4b8a62c43a1cb012451ba9dd4d98d689ab6944e647f4998683323a5715bd258f53b115f5ce92356412f56 |
/data/data/ir.pars.ash/databases/evernote_jobs.db
| MD5 | 81bf797f95ffe936398d57f6f128dce6 |
| SHA1 | f5fe5b762d8661e3c2a13073f022f489c5a09c9b |
| SHA256 | cc186fb3cbcd54e886578773bfe3f307ab3535b4d33233b0e3dc5f9072f2baf8 |
| SHA512 | f814a8c83312fab8eee922c0739e044eb5b0ca78bd6de47aeb3f668d6af645df3323b397b7aa98929938abb85d72692c00af307833decc9e770614f120d93c31 |
/data/data/ir.pars.ash/databases/evernote_jobs.db
| MD5 | 9e851a1e9f0f3bb4436959eeab19de47 |
| SHA1 | 5224eac0d320725d8d7b8f103b342c7b0f2041ba |
| SHA256 | ceeb24f3d3603b2ba96807ad6479141dc7fe7b668eb717bda8b5736946bf4267 |
| SHA512 | 2469932f0e91c1dc13bc58d69766b08ba6491e3b314afe92d1dbc39ffffabf13e891ea7b971a28d323261085309fcce4e56d69107d0b19350d59b692588dc0e2 |
/data/data/ir.pars.ash/databases/__pushe_base_lib_db-journal
| MD5 | 91edbcdfb1f977d7cb9be6a10107e551 |
| SHA1 | 8db42a8ee3662b525d44eeb3d6b4e7f26de32809 |
| SHA256 | c310489baa204a9df99c8d1d6d94c10ab79f9b7b98e02cedd42a1240fcd42bd8 |
| SHA512 | 00e66a6ce0fc054529648b707c756cd90c9ebea8c814278ac603cc02c4c5b5f7d509c704372baea8a799ed08efa5eb75b44e8ef36a2ce3c24f2353f3719e7ee8 |
/data/data/ir.pars.ash/databases/__pushe_base_lib_db-journal
| MD5 | 84ce884baac9ae9447bdf182c8f393e9 |
| SHA1 | 872d96e18ab77f70609eab9cdcfa34091ef5edd2 |
| SHA256 | c3b57e10b2b26660eb593166565aa91bc4dcdff59962257b44c57595e9908f3d |
| SHA512 | 040ae4f0a08112c06c335f69c334c1cf4778ca6549bb40c658486051b57f5851c5472d2f382f65cff06facd2d0fb4f8f85076d30cbbd50cbd64e085fd242c8ec |
/data/data/ir.pars.ash/databases/__pushe_base_lib_db-journal
| MD5 | a9f249ae07bb5737a64dba927b0a4193 |
| SHA1 | 1001e62948a79c75c563932a1faf73df2d8b1322 |
| SHA256 | e81952d311fcb0be8fc5c48c6339a44609135006053aedd20ae4bd12986670b4 |
| SHA512 | 8556b12e33b2df2a1a5c6dd02df6c3a4d00a8c3ac8de2b39424a128242b9e8d9359a2a2ba2a07ae8fe9492c270fc71deeb22f9851c6dfe53b12ba9682145f5f9 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-14 05:54
Reported
2024-05-14 05:57
Platform
android-x64-arm64-20240506-en
Max time kernel
42s
Max time network
132s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
ir.pars.ash
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | 330b7e1ccf9742419a5ba3b4466d7924.s.adad.ir | udp |
| BE | 64.233.184.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 216.58.213.14:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
Files
/data/user/0/ir.pars.ash/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/ir.pars.ash/databases/evernote_jobs.db-journal
| MD5 | fc8be71b67eeb9257f9ed043213675bf |
| SHA1 | cec21f44e2ab4a936c579c09d2d78a968a6972b8 |
| SHA256 | 6b06396899a20fecd026674ab956e92437d4a7a72f0f218dce078e7bd21ede8f |
| SHA512 | 87d0d1ae411d954bdf04114ec504c4f6bcb5bf2fbcb451924b8940b3be13f2344315458d2caa965c717f5e32357120b5a2e89e27c27233d9a4173c1e97199d1b |
/data/user/0/ir.pars.ash/databases/evernote_jobs.db
| MD5 | 47080e3bfcf2db9b8620f2faf6c5857a |
| SHA1 | 6f63c1851255e0fa99567f047382074b086d38bc |
| SHA256 | dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb |
| SHA512 | e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473 |
/data/user/0/ir.pars.ash/databases/evernote_jobs.db-journal
| MD5 | 80ff21d96525938eb568ae22ee53f15e |
| SHA1 | 820674f889eef0a738f03528a924867bd408f229 |
| SHA256 | 0e75316a54e8b6fc1aa123dab72223257ed60164d4b268099c9e06006775eff9 |
| SHA512 | 58b5354e988e930ef5db2154a362b2b649534ad24cba961d054b9e657d02a132142cc350680db2ba3f2e1ddbe26c47765c615ef011fe4342fe62e1b85e532a68 |
/data/user/0/ir.pars.ash/databases/evernote_jobs.db-journal
| MD5 | 05e4d72acc839a97d77abce0b6b3f15e |
| SHA1 | 83ac9fab5bd8464e579d7fba5547bbd09916dfa7 |
| SHA256 | c452211cd495426b40549f0df55b2562bc9f68d1c5409cccc2e546dafd9ea967 |
| SHA512 | e8126be9d6fc018a0d54a01ef11b8672a699acfb55c12794765a03a09109271b7ead3440223c85620ec1e8a1054c2772e9737007eb517b0dc3c00145cba050ca |
/data/user/0/ir.pars.ash/databases/evernote_jobs.db-journal
| MD5 | 1a61aab1b715674278abe0b12015ac73 |
| SHA1 | b64216545c0f3f5c619db22229eea82e98249018 |
| SHA256 | f2260c5741912927f6e34a117930cf4a84119efd67b4651577a88dc2b065655f |
| SHA512 | 1313794f8d86e5689da6233c5f78aa63c9e6e69eb32c62efb3bf9d12784e11a0e43bfc1a1011c32f5af0b6d9cff508b504b70c81a333be28382528f58a08b724 |
/data/user/0/ir.pars.ash/databases/evernote_jobs.db
| MD5 | 496a7e861c9cb282166229a18c4e1120 |
| SHA1 | 2276a216b15783a6081d0ff7f2e5baf9f513ad52 |
| SHA256 | c358017327539f360fd6a38889d9fb319c790bfbdf187801dc208ef4f8303135 |
| SHA512 | 9efa66f81cdd6a29b3b32c5fd412eb749f298f1fb58951b425ffd03bfc2b8bb4fd6d4268daa09e762755a6bd4920911bf1acb1ff70a8a35ba0f0fe17da64cc85 |
/data/user/0/ir.pars.ash/databases/__pushe_base_lib_db-journal
| MD5 | 2ea349283b86e2f537f442d0828ac26d |
| SHA1 | cfe6914a60cb59314dd31c276325f109b35299b2 |
| SHA256 | c229fd7b53a97b210d70817a56629a6a03d3266b1fda222f1a534c2ef4718145 |
| SHA512 | 6f6082089b4421c9917788b59e6128c63cb836e836e88955b9183db8124bc29b9aa43712e69b0cab2215c6cb1a5031e23e3de242f0fc4b3fb3c5217c49406522 |
/data/user/0/ir.pars.ash/databases/__pushe_base_lib_db
| MD5 | 84a596c9111a5344c9a96f15a53cb043 |
| SHA1 | 34a05626da40e5aab088b0a9b27c5471c5240b94 |
| SHA256 | b9bb27211de818330a355c09f54602b03021769250310daa519602545194a9e0 |
| SHA512 | 174f3156747942a30bc5a22bb77cf16094db46ebdf7cb0989d4cade4bb19a05745503b99145f396e20ec2b9f9ea5deb324d134ccf0cb2b61f8c62e60beb84c35 |
/data/user/0/ir.pars.ash/databases/__pushe_base_lib_db-journal
| MD5 | 84c3f14c3a76ca2d5f2bad6edeaf6758 |
| SHA1 | 2c23801dfbfa2c12c9b228023714b074acc08fbf |
| SHA256 | a9730cec4bd7e95d85cfd8e7e676f012bf8b6c507ffd701f23bc8e8917647d30 |
| SHA512 | 176df8999e7560833a284ef1d5d1f86b1cc4a8d1452c5f057ed52e782a87bba674cc0d82fb596ea03824408c9950cec0337ceede8b1aad1f95bfb328e548cd4d |
/data/user/0/ir.pars.ash/databases/__pushe_base_lib_db-journal
| MD5 | ab8a405f5a3868e8242d8631e39e4e38 |
| SHA1 | f30578a19bc9ce00ab003765e5c9323ccbfb178d |
| SHA256 | b6b54b6fcb4203ff13a0d7b029c885ea19b6f7b10dd434c0b4511a153e21e9a9 |
| SHA512 | 42ef59e8e2b1a7679155dccb7cf775f52028b72d8a6d5c2923c58125d8412bc271e7561f40d2e90e3c6eacdb00f8dfe7c0f966635c115fb34b505a6a9df54528 |
/data/user/0/ir.pars.ash/files/sop&ash.db
| MD5 | 5f1b372d2a74ccc6f23bf056d2ab11e9 |
| SHA1 | ffe4843014b1abf493412d997410eb5596d3e839 |
| SHA256 | 9b75d26962b6eb5ac7227091cbcf332411b293ee0451b512f9aba39b38d44791 |
| SHA512 | 7137ece4ee60e215f36d96c32cb56b91deee2cc91b0eb9a4c651b779bde4159491a5bce2e93f0cd5dd54d57b0758d0e39ba0c4bb1d9a195d15dc085c159b5f7e |
/data/user/0/ir.pars.ash/databases/evernote_jobs.db-journal
| MD5 | 2c8b0dcf617f91b20d1304268298eb3a |
| SHA1 | 6b2c9cc4c124eb3d518d68aca313304f13542bdf |
| SHA256 | abbde2f894dd84c4037bc5d4763306da6c0fbec5cf6c1aa583869af7f8b481c2 |
| SHA512 | e357ac395489dc0ea490d5158f3e28cb02e23aa8715818ef5c203b2b119470f1e78520a29c16b19c016c82f1b0af04593334f8015bd5fff9ed74d8865992a909 |
/data/user/0/ir.pars.ash/databases/evernote_jobs.db
| MD5 | ac41df1104469ee4683dee6ecce210b0 |
| SHA1 | 174b3a262756b2eb6e0f2237b3cec40a2551e056 |
| SHA256 | 8765963ba4253fae527868fdfbdc820a836be53f5e6335fb16a998ebe8bce4d8 |
| SHA512 | 1bdfecbc5541e9a71399ed9ae2cbc69a61fae8bb2b9c5548e2b63a58f34b0aef5436c0786df5ebb4ef91272cfc912ce0e1923560b8753f1d08cca122209b658e |
/data/user/0/ir.pars.ash/databases/evernote_jobs.db-journal
| MD5 | 0e4c286d174a726e698181dec003f0d4 |
| SHA1 | cc49dfba387b8658f2d29b03150ea28097492539 |
| SHA256 | 7e6e0faba9bfcead1e6a7af26cebfdf7e3f678ee44f4f6e5503b26ca0ea3b9e8 |
| SHA512 | 3443db65d43df3532a5b0bd95367fe23e4a2e445f9f9ab3b315bdb63d5640f11d56dc878691b64b463f821aeea0d5be6f53a3bf8d61554ea8e17d450342ff78f |
/data/user/0/ir.pars.ash/databases/evernote_jobs.db
| MD5 | a4797f70ef68509856bb2ca5ae2c0505 |
| SHA1 | d3b48fb4c9aafd023f529dd6cbfc97e4965985a7 |
| SHA256 | d88281f0c4e9623884839bf3a1177c476852fc33830f734242c88d3ff5ee2c38 |
| SHA512 | 889ab707e6399a39fa44baee0fbc70b30fe80217502a16276a54b508807f2d16a47a0ce6b6a2b4d1a696fd61bed356ca7d52ba220c41b502b3b85bce04caa12d |
/data/user/0/ir.pars.ash/databases/evernote_jobs.db
| MD5 | c1aaeb33e804cdc5ac95ac43424d6d38 |
| SHA1 | 72587ce9f2476adc36b0e3a9d04ff8915bb61b75 |
| SHA256 | 609d448e1b20d4c1da612e2d0e0941842c797341382cb8720f001057fabef6ce |
| SHA512 | 51d65f6e88590cb90f1615281f33940151f8fb9ce106c20510e4fefad9619dd6707c6f055d71ada18422c834364277c36ae1eb50003a8b94dfd8794b057dfb7d |
/data/user/0/ir.pars.ash/databases/evernote_jobs.db
| MD5 | 79b44d2105e924f8ab8eb16bd051e8fd |
| SHA1 | 76545ec85816116bb146e67807903e5030b12776 |
| SHA256 | f61a5dbaf79080720a18db824006968d25bb90017bba8030065d0a11aafdb86b |
| SHA512 | 71203c3a4ce57a51035795caa51d6bb973ba58e775c01761fa05448eed3bfcda61c2e49c3b4f09196a3d0def7b9c6024870765fb52d6edf5938312585d58ade0 |
/data/user/0/ir.pars.ash/databases/__pushe_base_lib_db-journal
| MD5 | 66e19245b5f932a58145b25a38807777 |
| SHA1 | 3934b9d66fff4633fa0875d42cb3de1ca3e42c30 |
| SHA256 | 842725a6873f8cc4af0a8ad6bf7eca36b07cd47eab905be878a77161c88676de |
| SHA512 | 44bb252396a37a2a860cfc9c4259ad193da3af13c66fd1a3337b41701017522e72509908e65c3281674bad7265bfe2a5351b7644970ab08af1b5591874b9f1df |
/data/user/0/ir.pars.ash/databases/__pushe_base_lib_db-journal
| MD5 | 4d2c04f735cbda2fb52ea284676ded1d |
| SHA1 | 4742965e7d6cbb03af39a730841cd5b5df82fe28 |
| SHA256 | be6ee9869318fc60bb905647152222eb165b9ca8f6e2826d07ccb18b71555d1c |
| SHA512 | 755a19ea13243dcee5da82b44bb77609b1506b2582c33debbfeb6a0130f3e2f271d76c138dbaccb23393a39029eeac3c4e7675544cd4b3eceac87abc61bd567d |
/data/user/0/ir.pars.ash/databases/__pushe_base_lib_db-journal
| MD5 | 50d7ae0b1157c839ddbc794cd4f12e20 |
| SHA1 | 822bd235697f31525ddbfafad441b547750a2d0c |
| SHA256 | 9125406ea004ba101b74c7c1744d329d76e4b596c5482feda531cb5e540c9a81 |
| SHA512 | 4303f11c1b148351b4a6ddb9c76a49a88a5cf2f31946f566e49855ddac72faf15dbdee689bc34889897fa6e68189ae7fb95857930d171a48a6b75754fb5fdc7d |