Malware Analysis Report

2024-09-09 16:13

Sample ID 240517-fhbqzaac65
Target 4e7d171fcdcc00e1882872750b1f8fe6_JaffaCakes118
SHA256 8386715c5fc28c0c5de37fbde8004c29ad1022b15141107633b2b48799fa0df7
Tags
banker collection discovery evasion execution persistence irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8386715c5fc28c0c5de37fbde8004c29ad1022b15141107633b2b48799fa0df7

Threat Level: Known bad

The file 4e7d171fcdcc00e1882872750b1f8fe6_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

banker collection discovery evasion execution persistence irata

Irata payload

Irata family

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Checks if the Android device is rooted.

Requests cell location

Queries information about the current nearby Wi-Fi networks

Checks the application is allowed to request package installs through the package installer

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current Wi-Fi connection

Schedules tasks to execute at a specified time

Reads information about phone network operator.

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-17 04:51

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-17 04:51

Reported

2024-05-17 04:55

Platform

android-x64-20240514-en

Max time kernel

123s

Max time network

151s

Command Line

parseh.logo.two

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks the application is allowed to request package installs through the package installer

evasion
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.canRequestPackageInstalls N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

parseh.logo.two

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ad-sdk.com udp
US 1.1.1.1:53 api.tapsell.ir udp
IR 45.94.254.25:443 api.tapsell.ir tcp
IR 45.94.254.25:443 api.tapsell.ir tcp
IR 45.94.254.25:443 api.tapsell.ir tcp
BE 74.125.133.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
IR 45.94.254.25:443 api.tapsell.ir tcp
GB 142.250.187.228:443 www.google.com tcp
IR 45.94.254.25:443 api.tapsell.ir tcp
IR 45.94.254.25:443 api.tapsell.ir tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp

Files

/data/data/parseh.logo.two/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/parseh.logo.two/databases/evernote_jobs.db-journal

MD5 57ebcb9242291c0c6375cb6190040780
SHA1 dcf1c35c0a008d841b918d73f4d4ec29878c94f2
SHA256 c612e28845f8f8a377b131f6b2804f9190bdf8c36a67180ae7d730be477a1516
SHA512 68c3d626a97a938f84948fbc29474e3358035ad7cd4c72cef20a11791d848de99089f1dd6118c05c8de721e3bd21d6733dd606cccdb691ccfa2660ccb10c17cc

/data/data/parseh.logo.two/databases/evernote_jobs.db

MD5 00e829076f54c72b50b63fd6de296a03
SHA1 fbeb1b8be863931f98a7c29224a03b89f9616ab2
SHA256 c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df
SHA512 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc

/data/data/parseh.logo.two/databases/evernote_jobs.db-journal

MD5 31a1ed57686a69bcff9b932442ec9fb2
SHA1 ba7fd92ab8d47794c30052a61ebc9ff657fecbf1
SHA256 1f60535f30ebf9351c76f51b83bfe6aa770cc26c54bcbdc2bdaa8e6fbf6270bd
SHA512 05745ec07cd44ebefb79d7c57e797b0025926986c5392aec99db33044b9fc226256e12da2ca5881f13ec4c5cd71579780e18223123785101995bfc2f1c57ad56

/data/data/parseh.logo.two/databases/evernote_jobs.db-journal

MD5 ef1aaaf7252887fc364845f890c3a0f4
SHA1 48436e8c1ba5a469bd4ac314c93b46f6416fd7bb
SHA256 8a702a93e8559757d8313d838ccc84784bb4fa82996f1e887c8fa9e6cea347d5
SHA512 c38e483c739d6f6c394544cc6b23ef9f14367231b9112f847f550df89cc4f7b375a83d3eef454658561dbfb9c28b77236c65d488d5950f26a679156ed36f82a3

/data/data/parseh.logo.two/databases/evernote_jobs.db-journal

MD5 a591ef79c382332fd641cba76d876e9a
SHA1 c0957a38809c5ddcacbfba73baa48db1a502381c
SHA256 73e15dafb9d20ef7e14e8ab05c9b1c37f8ab6f19c89a302a98214237d04284c7
SHA512 a05d7edd3c9d7b0ba626a903e7a4d4cb03e69df86a149916f5ac44d5472d9a0282279e62422550bff5797ba4325b6db39231b4fa05b2331d014720e7222c1c54

/data/data/parseh.logo.two/databases/evernote_jobs.db

MD5 6f72fe09377b968c54b07ad38dd4737d
SHA1 5a2ba0567ea5cea4ed3c9025e31133c41db10814
SHA256 632147d269cd647c43abbacb33a9325998add347da6420f005b51cca4728dcec
SHA512 d7c5f797fb39334154626ece0163f0821976b6e3ef5f4faa07ae877336cc5dcc151d0f493e016d47acbfa2ac9248e15539733c62482535f4ba47ec0c911957c1

/data/data/parseh.logo.two/databases/__pushe_base_lib_db-journal

MD5 57fcb7b1d7c59777cc666cce7ac735eb
SHA1 8f49d3a749beb76f18e4e93426ab1ff91713fb3c
SHA256 ae66c295fbfea229e74b207d8bffed23d314c41e9618aa52191102eed6d6d6fc
SHA512 a1d08e236534dcd663f1f041628b9d38c0de9acc9b864815a71368fa7328e84b658502db19d7fc3ebbe570461de523785215c2306a105e434c3d199e32d9b525

/data/data/parseh.logo.two/databases/__pushe_base_lib_db

MD5 9ebe5bba1c2ff97f49c50afda6703043
SHA1 7df0ed269b47ba1e7872c74b054e1fd187aa55b9
SHA256 7fe422f7ff8647ba295ef0bc30f70cc18c07b4b6221760114a544fde2142579c
SHA512 d8b836fdc6d9eb1c68ff8e2414a5bd7093ab5ad810b4e1b842b4d90d0cb6d5213f4e8b2aae264328fc3f4565100adfc7871ead9df057fcdf54efa37ffdcebf37

/data/data/parseh.logo.two/databases/__pushe_base_lib_db-journal

MD5 318d332bfece0f887c639780d286d94b
SHA1 00248dd399a82f51a5bfdcd3cd1ae043e014a7d5
SHA256 d4fea9448b471c3709c39089d100ad27952f2c4803961ee6fa22c171eb3d3c22
SHA512 9e094dc8c6a1e3c1735156275e2d3f7d84d38ab10f482547e1a036c4e0c8fa7931ffe68f8a520cc1214e4c5f291b8238632a50ef7c5f73ec026eee9b4ed92e08

/data/data/parseh.logo.two/databases/__pushe_base_lib_db-journal

MD5 313103339c1b683c43c3cf6be54e9e56
SHA1 53fd9cdd2a6988d9e29fc8c1cb1ce37e10723ab2
SHA256 1208c33df7e581884fed13453ce8c3a4f857af9db3a6d53983f85430e7ed5bd8
SHA512 f123147297fa4ec4ead3a3c8bc44829e0ca3f7ee02bbe7ef880ebbb27d685add14c41ac0fe8df8d1c7a62c725c578ef1ddd461d2f5f2e5e619bddebed0212e92

/data/data/parseh.logo.two/databases/evernote_jobs.db-journal

MD5 dcc1d104459121a346f6fe4d84bcf387
SHA1 73da54d5963f2a7298c298e62e2fa14fc60a11e6
SHA256 c16cd57e2e627316bd8d7a63e06efb0127920d019e1ba873d0362efb0bdc36f4
SHA512 3d8d8291284eb4709abe0a1c0f67dcc5d808c8e901045b2b6082a92ed5945c506d0b18a363b97e4523128784a00012499a1503730b3bec25521935fe0e4b3742

/data/data/parseh.logo.two/databases/evernote_jobs.db

MD5 106fbfe9130e55c23964d4c2cfd07e4e
SHA1 9c984eefc1130fdf4a90f9ca3a7fdb90c01fe947
SHA256 5f01792763b359945a6a9c0d26042d37fc31296ee21a43b7e13bbe479621c726
SHA512 465976192f4b11d389f465f3521f30100ec4e11ae5eb081b6d74931b90e1d3056f525b0af6408a8289e1ee27820b81862b3a89bd52e0c7fc5a79af7d2159eda2

/data/data/parseh.logo.two/databases/evernote_jobs.db-journal

MD5 36dc56431eb3dd275af9c0a3b94273ca
SHA1 1899f801f3a032ab08af6532d8c7a0bed5d59010
SHA256 8b3fdffd68bc4b03f63d3318b02efacf24a15b4dc91d528204d51f768cf758a5
SHA512 22560962a7dc256169b2b237b6cc0e09da27eede1a0be92a001af6d442e48735c43bdc689f7fe577ef03d1ea42ff340decb812b0b9a9b40f491f8323e27c5b79

/data/data/parseh.logo.two/databases/evernote_jobs.db

MD5 4956c59522b119a6cdbff4054d7e0125
SHA1 c0f2caa89ee57a665156a95e54f7f8226a35e1d6
SHA256 01671092a51071c4fb750876813950d40660a873c7db0c31d7635abf8a89b460
SHA512 efa27171cfaf2940f10bdca8b3c1add15d6a80e7598e3492051e1c79102398cc7b4604be9b08128b982900524ac173737b6e3d72b181c6f0aa1a6737daa75fa0

/data/data/parseh.logo.two/databases/evernote_jobs.db

MD5 89466ce4794bdd5c83e9a1d13b364af3
SHA1 b3a2b82a09b24eee8a79568e6dfdec259525c282
SHA256 74a85998df212239e6d581845d2c17682d6af8534e2daaf6869637b11ca12ec0
SHA512 81250e2efcdcbcba982f7759e3420a88c6806ec229848feb11286d4e510280fe74efdd22354849bc47bc53a832b94ec05866a5d94e7edde7fa2dd57c73204412

/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal

MD5 da1595c94f9d8f4e8c4faab60489bb93
SHA1 3b359952fcbf7d005634b2762e95b7087c96fd1f
SHA256 69a04ef71f5c8e9ad4cb8a03f4d94c62c29768f23d438c264a2402cc8aeaf1ea
SHA512 5e9eea888ac197c36b051736278a2e8bf1fbcc838872eb14a977cc4ba03e17d957cc2c9c6e9ef95bd60cd9acab51eb4bb61358005e194014c28ac8bb81de813a

/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads

MD5 2f515ee72eb2f5f40eef1fcdf67bfdc7
SHA1 81da15fb4317240515d0a78a6b7504ecd335a448
SHA256 bf4a759fcd025c1142ad6ed70e3bb0d159935b4ca96762c8d4ac1d3c0c0ef353
SHA512 5c612d44a20beff96d9ab2d4b6e111f31c80c07d882a54dedac16480bb9a91e6c1cf0a91c38fa853c85b03e8fc7dfa6eb61f76462dfe37dbc55e77b5454ec932

/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal

MD5 783d792345d44c5e2381f5bf77a045ac
SHA1 f1b655be0afb6fc0e53756ad611a88974e7eccb0
SHA256 1735c47f8d20cf3b470b7406a6e4561f59a0889d0008dcb4f89c8491f6d99cdd
SHA512 a104a76ade3ea085d11c1f21df3b46c5ec5d1402fe5be0f21b9af6d33829c05574e1faa2436c218e4adf429e2d8120f967397a0843651702871815b74ace02de

/data/data/parseh.logo.two/databases/evernote_jobs.db

MD5 6f17623291346b978b507f6429400c85
SHA1 637ec4b0d369a029657c23a1db012a139d4a2032
SHA256 e4847b46d6b4d20c6d59f055725cf5015ee4eed8d70f789a94e9bad9fac32745
SHA512 828e2d357423d3b0689d0f679102cdad4fe5c967750a8ab4287e47c1bfbd29ea158354109fcdea56ab1a7ed48a4e761e0ee417cf63d430d9e1e325e5c2c74b66

/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal

MD5 5859d4e541517b5bf41ed3f6866ea588
SHA1 dde2b03ffe3d7653552392e002bf9cf19177adf9
SHA256 4822e32a744e0b241ae372df21349a625a5f20e65cda24515bf42a41e2747599
SHA512 996276ec701dbb727802e56bde572916288a7c0016c3af095f9f9ab80ba9d0d0d4d7e68709950270876f2cdd9e2ccc0e312cbdc2849b0a2d727294ac117a9d48

/data/data/parseh.logo.two/files/fonts/bkoodb.ttf

MD5 42ed81df7776b8b0ce4272a0928a2565
SHA1 51d7d6847c17547d17f5e658341022f0c1566ca8
SHA256 25d3f3d41f695978a1920935a09c2839ea1cc221191aab12dbb03560156a72a4
SHA512 76a9bf954af4cf14e909ead307ff46bd978b01bc25aa7b30a565cf7128b55166c8381e5cabf05705d271dbf8301e2f6834cf4dc3285dc2d17a05ba76da3ea33c

/data/data/parseh.logo.two/databases/tap.db-journal

MD5 c7a723e92ee430f7609cd8608d8098d3
SHA1 dd1ece5e884c4a2a7db62eb4c6925609667d23e8
SHA256 1e1ebcafd9b75be0efb232d273318299f83a85c5df6b770368c4e66c7493f8e0
SHA512 6b50454e441b056fcbd09d4c32f313d791c5def92be5bad72f1f6f6b907cf7677e7852d3dd54e4d73fb342604be0801083e0611b1e5606ec1ae609bdccb02b34

/data/data/parseh.logo.two/databases/tap.db

MD5 694d8539801603790854368111160611
SHA1 530600b332e6e7127c1df6992dba147194ac0dd0
SHA256 aa073e1227c040f8ffe9cd3ec6bd17f89e115906c6b051443ccc694981dead93
SHA512 1d45b89b30da4565653a2ca3a6fd08f52bda1e0ebd9f9b8e1120d71b166a467b14e9e854e400fd4b8ca44519d82c71a01f58c6360033a12724712a2a71d7a2ef

/data/data/parseh.logo.two/databases/tap.db-journal

MD5 f2cd865fb854b6fb5c72290bc9badcd9
SHA1 4d41231b13a513e092788356a9e987e7febbb999
SHA256 cc43062c0efbc330ed6a88b1a4fa7603dfaa976660e9e2d1099946fa543010e2
SHA512 1c5511c2e6f533547fcab56fe834af655c2ff7848233420d5746acc258ea37d499a1f4b1f092fda5fbc2be1d64294a034062190a73c4524cbef134bc0075be14

/data/data/parseh.logo.two/databases/__pushe_base_lib_db-journal

MD5 1c57e739edefca3f9a66bdf4a366025f
SHA1 983ffc6105eb31dd1aeb8339c87c8a001f48cb2d
SHA256 06777e6455a4983058d13cb7f6ec0a1b46cc2410ff8e9b031dc1c3ba92c4656e
SHA512 54b1b2529a675b3372cbc53fe3f817635945ae2f44005bff27f840b9f7b963c80eda0b1fd15faf0f73d52db618a1121f7c6767f6d5cc86c667d332b3e692f037

/data/data/parseh.logo.two/databases/tap.db-journal

MD5 b62fdd4a34a8e92282fe79444f56de38
SHA1 1d72dc02cfe2efd6246f335f9305b632997aa3c8
SHA256 091cb35bfde32a53918aee0482b44b0a69900d2e92e74a379f0deea137c2d578
SHA512 f5bf036af874bb7e480f3a9f5d8667c65591a84931f8e00c6ec46771c013a9c6f59911a11a169116aef3a6e33129d2a22d31c1177940b2dec5b9b25ab3bbb7ed

/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal

MD5 388b76f72f587c790c0156ce77a5e9db
SHA1 64d1c0e04147211a3930db6b3387abd2c030f5c5
SHA256 e883fdd0731118d9ddbf58a3116e07bc1a2a8c580c9c5accf9a2af419986181f
SHA512 46ba28310df2ffbeb0af80245faaf20a34904e4dfe6971aa63714b5979a42bc3b1b95f5a630bd1f160ec9ac7b5e50b975e0888cc65a18538a382e671886460e4

/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads

MD5 237111b0303218ca0f940795cb4cc36f
SHA1 50df0e2481963fc4a24fecf4f441c1f4a817222e
SHA256 2f92f495b62d364d289f80f1e5cf967688f90b600a195dd0233de2b5499e0367
SHA512 50a6304e67e57079e0aaff0187627d879c2a5461d65a38108e3f38b8f2a294fccf595a4efe3315557f809d24af15ebbb2697ae447959f69171a0dbe4c7ded349

/data/data/parseh.logo.two/databases/__pushe_base_lib_db-journal

MD5 6c85d187dc842efd6e73a305f2f8a154
SHA1 7c46f74df47e3664605912c16116cccf6a2435a9
SHA256 85a56d26942b885e170a9594c5e13d1b117afe708376c9d2fdf4016fafd39564
SHA512 d81dfb535e192109597f492c8c771c4fc2714f561eddc4f13bac23b5db346ca1a158017a29536d0865c0f33a42d6dc3889bd2ed5acbe9066cee902ff4b99f34a

/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal

MD5 fa4e27d3afa558dd66dcc072303a361f
SHA1 4252b5720333ce0904c834e9e32636f79550a893
SHA256 a86627aa62edfcd7f5cd4a21518b943bae009fcdcb1d85ef7675a371ee03733c
SHA512 fc1c31c22f7416a0f46025252e4e310a403ae5eb9e7ab95924c88c7212c87a61c91e169ec86781e748aa17c55bc6644f50db2f59a9e33be68b9582228ca23536

/data/data/parseh.logo.two/databases/tap.db-journal

MD5 27f887e5717d8940649f5e198410398d
SHA1 92ba62f54384307ecdd307b2808150f716f28fba
SHA256 e3ec1def51679872b377df00dacd8f997f31570b6099c39e2d55dfc58ee70f9f
SHA512 a10badc380376b3f11a9af23568902b646d19d31ed63d527575149e2f0946da4a157704f2096952362682165f4d76f9f19d05d468fb6cd7fb68bd8c491b5ba31

/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads

MD5 8cbf0aab03a83de7e58e0d8000d29a1c
SHA1 332de4d36047bfb8ced675434a1a98cb588939d3
SHA256 20dc2405ab9918a73558345f44ab67af359d9f26046ec219aa5b84711a5ad4ce
SHA512 d48e59d628c3e085185d9685ea5d8c2ecaf0b399ba4c075c36fd9c524ec0e670590bb8db7312bf464af355d98b09a319aa5453c1d0e4d6ca894c610375e923f7

/data/data/parseh.logo.two/databases/__pushe_base_lib_db-journal

MD5 b6069328e0fb41809383dea35d92643e
SHA1 c84c649a47e4f957129b89c7b6e8a6a9a8db6be3
SHA256 94ae87fa5685f4427e25230bf594efc4a06530534789eb44cff96ae8f9c039e6
SHA512 b35d2d4535e39beeb6ef5de9fd7b593121d96ae3d01bc3c05d352b7cb0b7c4f2617243f6715ba96137ff89ccd30390525a6d2bb908682870287c1d82dac47df1

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-17 04:51

Reported

2024-05-17 04:55

Platform

android-x64-arm64-20240514-en

Max time kernel

123s

Max time network

132s

Command Line

parseh.logo.two

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Checks the application is allowed to request package installs through the package installer

evasion
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.canRequestPackageInstalls N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

parseh.logo.two

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ad-sdk.com udp
US 1.1.1.1:53 api.tapsell.ir udp
IR 45.94.255.23:443 api.tapsell.ir tcp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
IR 45.94.255.23:443 api.tapsell.ir tcp
IR 45.94.255.23:443 api.tapsell.ir tcp
IR 45.94.255.23:443 api.tapsell.ir tcp
IR 45.94.255.23:443 api.tapsell.ir tcp
IR 45.94.255.23:443 api.tapsell.ir tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 216.58.204.68:443 www.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/user/0/parseh.logo.two/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/parseh.logo.two/databases/evernote_jobs.db-journal

MD5 d7bd644d0ff702a6a9123826d1915e62
SHA1 d4e8411a06bbfc799dab9268a1d601fa0740fcb6
SHA256 032af224aa5e78e7c8c25870907fe7e975ea2a4b72aff9be999e303f2e15d57e
SHA512 523799ec004b309e596c8b0c3e5dd834bb8b501f60b4702025b79141684c10002443943b601b36a8ddae03d2a2f36ab03bef03e4370e6e7c470b230eed0d2887

/data/user/0/parseh.logo.two/databases/evernote_jobs.db

MD5 47080e3bfcf2db9b8620f2faf6c5857a
SHA1 6f63c1851255e0fa99567f047382074b086d38bc
SHA256 dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb
SHA512 e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

/data/user/0/parseh.logo.two/databases/evernote_jobs.db-journal

MD5 002cc3b19d2bff46ccb57b57f5f40e13
SHA1 584cb2b30fe1fcaa279d85f1400720d31a27c7e2
SHA256 7eb77a3e93dfb3993ca587ca011c412c89b98a5ba9de0f4cf6c3b5853fd63b84
SHA512 88b4a37647c7dd3b127f6aba98761390a0543d9c2ae0786543748baacda3988484dac2099497d0759e54e8bcd8c47caeb675b7e3d2348dff6b72ac2931f73734

/data/user/0/parseh.logo.two/databases/evernote_jobs.db-journal

MD5 2afe9943b53f307221fca42c904833da
SHA1 f98fe296fe4ae78568e971c6bbdc239a77ad90f2
SHA256 b3540be48a75be66cc2a5e7aebe636b7d5b650733e3695e43264b8f0e1e2a56b
SHA512 aed830d1fc77bcdccf8a419a15ec86c5ddeb4989fe57a210abccfd6be44da194781cb8d1a3f0f7da69fb2b4d0afdfaacc0d1e132f0afd5c61b1204ca475a3870

/data/user/0/parseh.logo.two/databases/evernote_jobs.db-journal

MD5 9708fd4d51d6e69b3c70bc41f9f5bee5
SHA1 a076afe3f61944b4cbb203c95ffbecaff4173875
SHA256 4ae6d788807a83543197541468972ac42552d131509999e9f62f90c03c9ab4c2
SHA512 f4be0faaf90f2b700575c11197879fa6d031f98891887754589d48b4fc17728ae415f0b82d116967f23dbec5934595840e58ebd87648be9dc9abe3fc26ba9a54

/data/user/0/parseh.logo.two/databases/evernote_jobs.db

MD5 209e235aec1a87462824ac3d67de26b7
SHA1 5c87982b8028d3a4f4291abf83a64ef114bd5038
SHA256 33e4ed5e2eefe2cbea1d4c9c30cf7ea538492ea96a46886caf8dd90d700efddb
SHA512 1e03393665111dc4786d76151ff0506493110e4fa724cf17f49e9ba5fdfb3157711b0c0bd14f83af8cd1ee9cf7a5f8b06c5cd7fedb62b539a9a3fcc3e9707393

/data/user/0/parseh.logo.two/databases/__pushe_base_lib_db-journal

MD5 c2b9d975beb9fb4796ce1ffd1ec409d2
SHA1 9f0def66e422df87a072c5cb7620581a1a77bc1a
SHA256 d663471902b1a75c1f2c82a383cdc0d2d0ac89bdff15ab7fa0727055265551c5
SHA512 e13a2a7735224ebcc04a61cb6ada540eff2ed8fafbb93fe6106a5a425bea1e26f2f5329ee78ceef54112ec85903a0f1034e27830c8b55cfb57cd9140edead187

/data/user/0/parseh.logo.two/databases/__pushe_base_lib_db

MD5 776dacdfb78ddbd4037b7f51e0a60b8d
SHA1 bc790247307ff232cc32c65e80c65d72756d3f70
SHA256 b174ccb9077887fe020e09a0cb4247f8f42788fd5d56ec169138c93d57b4eb72
SHA512 d2f9b7621a2be4532ed996fa4ed05e8a19b3c1932febfd552a059342a9d824b2cd373328b7432801c7dadae632ed0b71bca81d9a8ca0ed851b55654ab9fd0fc1

/data/user/0/parseh.logo.two/databases/__pushe_base_lib_db-journal

MD5 7e885eb9d1995f4363571e548d9c653c
SHA1 b8efbe7749d037626c812917ce392d74c0c78266
SHA256 0cb750a9e953e831940b124f5dc7cdb9a31fe3b28e301ce91e0b7185ae1674b6
SHA512 ff96fb3f8cc968db9799bc9751724439eb38066598665f80cf98e2617ca74d67118602d3dd5850c6f8a5789a0951f2c01cd7eb5bac2a24552e01b17806db8b5b

/data/user/0/parseh.logo.two/databases/__pushe_base_lib_db-journal

MD5 7d59e294814107014da6c42400536af5
SHA1 38460bc66e3af527075fe731d303c6ca2803ca21
SHA256 2b5724ec1e9681a1f39ef33f337d601b6809f66a0ddee74667397cd5495af706
SHA512 d7d59e93d6814315d37bb0155cf8f6e60214df97084cd1bbd335f3e7d575d04f597ec896b7ca4549737ac598309fdee234a0cd500bbb584230489155f4f076b7

/data/user/0/parseh.logo.two/databases/evernote_jobs.db-journal

MD5 02724c2e29e68db4f5414ad398464819
SHA1 84079864ea5ed3e69e38384058787693af2f49f2
SHA256 40f9b67bb31729435a40d4ed2fc23237715fb2414595a91f80d3eb93d1c94004
SHA512 5537930ae39864d446f58abf651ea914595981f4beb35e1bd3de6a801646bec2c9708953d058d22ca71f8d9ad7ba981e066e72befb7ae910f897d1fc7adbcccb

/data/user/0/parseh.logo.two/databases/evernote_jobs.db

MD5 b93d349780a9bfbb3b0b12304eb99806
SHA1 22a735174bcec10f93b51f406266c12048abcb42
SHA256 b879f905e4d7dc0f040e080c8c294d43a9003c4a4d20496a628372d6e5042d8d
SHA512 30be0cc76dd537458601fedd1bf2d50edf022428fe60395b3cf9ca672a884682c917a99e728dc5c648d4f62af41f3069151704217731f4f97387d460c0f49de9

/data/user/0/parseh.logo.two/databases/evernote_jobs.db-journal

MD5 894dbd5902365581bac1124056956050
SHA1 eb001a54d6cd8a9dc7ce2e1618d275b6b6452197
SHA256 11b1f4a3d09c32987487e98504b0cf7e9211e18381e6c555e6d58e656f9d1fe3
SHA512 575030726bdcc235ba52f7dea9b1ed0216e716447b2640a2be6b5c1aec96747c4f5623538fc507b9c0657a693a610bfff515ff19f4e649c6f9f0d8acbc56d092

/data/user/0/parseh.logo.two/databases/evernote_jobs.db

MD5 8554cf5adedb682298d5f3d2411cb6dc
SHA1 ebf6aff15e943f3fd20b45bae710b4b8c782eae2
SHA256 7f8df68a4150b9b7bc91cc5a1243a134cde6027973501b117f7e52da0186373a
SHA512 ea90005ed9e485f189d2053ef277e5bf4fc4e87be4bcc099816fbb647d413e7662801706d24fe44fbb1bc6ed2f4f19272363a8de3f65e7599d8fcb3df534241b

/data/user/0/parseh.logo.two/databases/evernote_jobs.db

MD5 82ee0db32581286180af3ce61d5e9523
SHA1 fc2bb9f1295372648f4c2c4606335b9755a60229
SHA256 0ee5b73852985a92c0694217c86ee0989a62987a5f08b64bea4495ad8bc0b427
SHA512 42b981e2dcacf04cb62805fc0ce87c4752d930869f106be6d1ed6ada600b0157841682bbfba8932bb3a816c23debc7f73baff4b7cc2e80b1608e8a8613acdc46

/data/user/0/parseh.logo.two/databases/evernote_jobs.db

MD5 8188a223c968b77eb4ff1474d0ac58cc
SHA1 a0119bdf99cbbef380a2089b9abd18d36baa1380
SHA256 8630072f33d7557efdd47d1561ca01c807f3d95c842e77e8a4548ed4e7026c40
SHA512 a3c2238062dcedb9a696f92ef7768067c6febee5136417106798c18d79fb0310b8052a1a220a0e3d06578b5553b7b0c151c29b49336cca50beda04043e55d22a

/data/user/0/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal

MD5 53314b69c92d87666ae5804de7038eec
SHA1 6943cc1bfa1220dd69fc80524e80506970d4e35f
SHA256 bab45cadd0195eaf748e42ab2fec1b2ffd371e09a4bd5540a15a8826c69b5b8d
SHA512 41e168bc4c677f339276db252ee7caab08141f7e340f75d81745932b1dce6cb5bf18964f1808ff4dace60db53e53f520f199d943645a707d2f59de04a6a7d08e

/data/user/0/parseh.logo.two/databases/ir.tapsell.sdk.ads

MD5 f73e6bbf9b484f89037480ed1ffdf3d0
SHA1 6e452a8b856956a331299bee8bdda4e3be3ed6b1
SHA256 4beb9ca21b7e7dccf054ffdb3d02169caff8cd3a01f58c763c8f07481b3ef672
SHA512 b85619c3571d6ef4e1d0df8477193ab8190d547e82e482b82ca754504d754e32110c81e82d0a139ea524961ad08e5a61bd4c0afd1de5e8752fd160208b24c1a6

/data/user/0/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal

MD5 15c5f7fcd96de6f5a1d80a2b4ab6743c
SHA1 f7845d5670d6fb227f07821511108812a7bc28db
SHA256 d6b36735ec49029d36df7a12024dd82cd77e79dd120a1765f493d990c4a08bf1
SHA512 fa8a78e6fce902b741d3b143002941db01ea0c51ed2112e8e6333b6e81e6e704dfec05e88b4b432ab0ed535e2b61fd8b282e47522e78b0ae694095f0b6d76d7a

/data/user/0/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal

MD5 d232f127d381ddc590f5e12a9ff971e6
SHA1 e383e7a3face1301390aa4965a04cac823851f29
SHA256 4e87e08e7bdb01a48323cf9c40db9778b40cf278b5f2e40f466de3c82cb99b8c
SHA512 e9bdb29c6730c750271512f355cf8b8e1d2fcf86a7dd8258eeefca694d1a5b9893c838123eea49604f8b635c3755885a2574a373de848fc7aa7044e4b717b7da

/data/user/0/parseh.logo.two/databases/__pushe_base_lib_db-journal

MD5 8594740867a7eaf6abca6e8a04f6d39d
SHA1 42a0e5bf0ae85486435ee06e5aa72a63ac7748d4
SHA256 0d8b33abc020b72d8b9d86958be2fdf83b8fe1cbd37c535057bb6986fe21eecb
SHA512 f52c34904646b98486448c3e0f0f190762cd0f7362e7eb63af530ae757a5891df93d513779926aa75760bb9f2d3bb31f5bf22fd5ce6f6ead7d8a7c7fa4166e49

/data/user/0/parseh.logo.two/files/fonts/bkoodb.ttf

MD5 42ed81df7776b8b0ce4272a0928a2565
SHA1 51d7d6847c17547d17f5e658341022f0c1566ca8
SHA256 25d3f3d41f695978a1920935a09c2839ea1cc221191aab12dbb03560156a72a4
SHA512 76a9bf954af4cf14e909ead307ff46bd978b01bc25aa7b30a565cf7128b55166c8381e5cabf05705d271dbf8301e2f6834cf4dc3285dc2d17a05ba76da3ea33c

/data/user/0/parseh.logo.two/databases/__pushe_base_lib_db-journal

MD5 0978344f2d07d3fefb16ba9880196cf8
SHA1 6eca81e72ccc9afd98fddf1ca5768cae1f85f76c
SHA256 20ed2ec1218b6e8f36107a13f0e1c2a8ba9f575806f528fef0b8786b48352f3d
SHA512 6dac16fb41e8ca553b2e4061296177a68ddfb50232c8dc510fb8ef5ff74870a05d71ed25ba0d5d07f6c160ca08715bf59a8e00567753d1203625c2f009b7cf12

/data/user/0/parseh.logo.two/databases/tap.db-journal

MD5 d78eeaecb93015682a51f348176aa0b5
SHA1 424ab21ee6870cdaa5c4fe00b80540d8f630adb7
SHA256 f8a9650dc7101cafe8f1190fe13f8ad57b302a124b26bc29136e2ee0eb5a1f84
SHA512 6436961813187b6ca2303a028c6dcfd0f7d31f5634a561d300cdc1e178e6ad2f8d4d9f1b5f699b2b654dbf74470266e4172c5e9b84577054c90bd84aa26329cb

/data/user/0/parseh.logo.two/databases/tap.db

MD5 0854c610436dadcbb743b96cabb3dbc9
SHA1 41b9835568cdf26a7e3f4df73cb8b08b50022982
SHA256 0708d030ed80a593f272a70ceb6a2dbe8cb1fbfba553bc1372d5ab187bf06845
SHA512 e1b878c482375f34fad6dc9021e8edba84ece7103137c39dacd144b8a9ef92713215f23236067aaa7dabb7f8103651c138023ca0dbc3cbd993e6a9b0b99b0801

/data/user/0/parseh.logo.two/databases/tap.db-journal

MD5 cf00dcac04d8b60609d8212dc6c817a1
SHA1 dc8afa442043bc9d03d85b28fe82ced525382adf
SHA256 09b998193dbdb6265cc872358ebaf5b58caaa0f2d2432fb045eeb0f106c037bb
SHA512 c3d8468db8086bc3a260c427cbe02e25874078dc1d012e61ae5bac953c8cb9a1a3758392fc7c0f3df0ae58ed0a54a24c6e837a7b0642d14205d9bb18a8a1f912

/data/user/0/parseh.logo.two/databases/tap.db-journal

MD5 72098fbc7aaba46592f8203d818e3eaf
SHA1 7990a871cc23af5e3b8e47eba3b9157e8c9ff4eb
SHA256 91c89bbec1cbefc187d97f6bc11dc74cbbe7496442549e1dff3f189a7d4c1c6a
SHA512 47a19e5b329e53b4a7aa33daed4415a4a5c1d3bc811f81a222a9a79b7b0c70dddebfa0e71394d771d3203b903190d5c67937c2d9d56c9a7f44b3a27afd80cc2c

/data/user/0/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal

MD5 98cfb5c584a072920f50904135d8396b
SHA1 82d8857fb48f04ffeca67423f91afdcb81b05e66
SHA256 d3bc0973d8eb399ad6c894325b7db10458d9c28f6a5cc883794fa396573fa552
SHA512 2dc366f4fb315ca2142ec67c63594a6e64f25810b6857ab36b124bd1ced93bf1f52adb696bc3d90c169b62e749cc555820b483a682bf3d195a33801d60d5f925

/data/user/0/parseh.logo.two/databases/ir.tapsell.sdk.ads

MD5 e250400dd81d6c1eab2381f9e611b4b2
SHA1 d50deca82c2b38227254ad5662c5a59c7169dd86
SHA256 ec9e9f51d149d600131dfc1262eb25c85ca4dccda54da194bc222678741d48b0
SHA512 7d5768018ca96ed255d9880f851972ade6dc4b789208df3bb9880c36b935017e885c8ced49d944d79944e3a8264c9e72103e9d337f50441716d45230680cb590

/data/user/0/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal

MD5 d6740a149bf3d3c1c0da0d4f8a08137d
SHA1 02b9dd89d99f16cfd83223bb2119643af22a1ea2
SHA256 8086f574b97a502ee8429874d70963f7336611a84d12b41c94d3b791b94cf4a8
SHA512 02468fafda51de96d6f65b2de7bbcfc6eabe8549726d7a0d3463ffafef5a493a6eb504bc8255754f8de4b534d804ea9ca028662a06c0602242f68c55bfda7257

/data/user/0/parseh.logo.two/databases/ir.tapsell.sdk.ads

MD5 453210ce1af5ac6418962ae9b76443c3
SHA1 91d562d2fc2a242f5cbc273c70a05f92059da4be
SHA256 488c39fad62924cbd03c78a4c8d2f76fc3de8787e4ef7d6d0adfc340079947da
SHA512 847c83461606899af930c68ecf0dc803e7087e7969b316f1147db359f691d3074579dd4fb8d9a5f9a7ac9dea89b4a95f0263d6ebcbdd7e29db4e9285ccab7599

/data/user/0/parseh.logo.two/databases/tap.db-journal

MD5 4e9121b57a511edd54aefb1cf6416613
SHA1 70a6efcbfb210f4121e9f3dd4c0057c2ba324a24
SHA256 2f5f28a4c1fb8236d2bfaf182523b0c0332275dae521b69832acba5915b7acc2
SHA512 91c5f8fafdb85b4bd39adc3378e0d6d8994e3bf0c53c5301a23a243c4ba369a1edbd0f0336542ec920d7bd2af9457a5007a3299520aa1a1b77a1fb2a013652fd

/data/user/0/parseh.logo.two/databases/__pushe_base_lib_db-journal

MD5 78b724b4897855e95acd16cc4b1f3a0d
SHA1 ff625ab6d6ca1b853053b29e3813e0ecbacdebf0
SHA256 917863e0f46eda541998aca54c001242885314b557b4cc4229072a5dc9b66d6e
SHA512 bdf8d6d2be67287c4c264f6726d12015ec72a4b85361184e9392ca1d42a080635f27368e97bd32345f0505d10884db90029e6ef14ca7d71a4883aa47aee3c7c6

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 04:51

Reported

2024-05-17 04:55

Platform

android-x86-arm-20240514-en

Max time kernel

123s

Max time network

147s

Command Line

parseh.logo.two

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

parseh.logo.two

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 ad-sdk.com udp
GB 142.250.178.3:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 api.tapsell.ir udp
IR 45.94.255.23:443 api.tapsell.ir tcp
IR 45.94.255.23:443 api.tapsell.ir tcp
IR 45.94.255.23:443 api.tapsell.ir tcp
IR 45.94.255.23:443 api.tapsell.ir tcp
IR 45.94.255.23:443 api.tapsell.ir tcp
IR 45.94.255.23:443 api.tapsell.ir tcp
BE 64.233.166.188:5228 tcp
GB 216.58.204.68:443 tcp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.187.228:443 www.google.com tcp

Files

/data/data/parseh.logo.two/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/parseh.logo.two/databases/evernote_jobs.db-journal

MD5 0a0b9d5792a3dab64c0dd7827b1c32d4
SHA1 805dd34f27f9e30837677558770541951de2ec04
SHA256 4dcedffddedde592c4e3e5c02bc915365e5f204b0ab5e3a6a75a6e69b53cfd70
SHA512 882345e432892d5ea074d474e1beaae1eda62e17288e717ac4d5c09772804acdc8a89f6243520b1c8e54b92398a25de4885db5617bc1ec1de160a89a44399a25

/data/data/parseh.logo.two/databases/evernote_jobs.db

MD5 978fdf85b8448e3a7c9015e51477eb49
SHA1 793bb88398dc9457935a4416638d5ed3974baf19
SHA256 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92
SHA512 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

/data/data/parseh.logo.two/databases/evernote_jobs.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/parseh.logo.two/databases/evernote_jobs.db-wal

MD5 26e548c945a6c7ef4ebb1647a11e16e7
SHA1 7d0110668e4c2063f6328ee301c8465203cdff48
SHA256 383275821aee2d73d9a813b23e407efac6a866cf10522a43039979f411c7156b
SHA512 99410c2f097cb632d9793f32d957ac41847b711b81c747d300c35d1de5f692a92d3f14f5de3a0428d655f97db482c46080fd4f23635ae312407164d1f3d02d10

/data/data/parseh.logo.two/databases/evernote_jobs.db-wal

MD5 483deda724c37c7edbc634d3bdcbc6a1
SHA1 90a5d6a49c813cbea77e681766bcd82a63f42c2e
SHA256 561c4e07c588421c0e59c0366037ec04b749067c05a67243296ceeddb192df19
SHA512 c9dbf4f59f72486b599efc8ad5cf81c70fc245ff532afe67afff57da6d6ea9fe47e8a18b2a6822799cba686b801209675c79251f806331e5bc91ffac70e2b833

/data/data/parseh.logo.two/databases/evernote_jobs.db

MD5 f4ed44b1a3cc718d552f61a9b16e8a41
SHA1 749e092a63cde748566138ed3c3c74e2079fa0ba
SHA256 0cc6affae9b54085db6d8ffbf3995fe14be1bb32032ccc460143fc9580d91cb6
SHA512 78c57a1d84482a9a1706c5a13024baad3b1b80eb2a2c46d16215573a6e730d52525ebf6c3cec59984950f468622ad2935645912ceb6a251cf6ca950650265434

/data/data/parseh.logo.two/databases/__pushe_base_lib_db-journal

MD5 c8606bb929302a497b16e3ec50c36529
SHA1 c77b09aaa77c3417417206a41ccf59fcc455c125
SHA256 434552c8bed417676207c532a0ee50e34eb4bc4abb3f7174a3f4338a5302eceb
SHA512 fb4afe7a97b8a93bc8ca34a92a8c31979e61b9bc50d8e1ea65e540f803bb2aaaaeff60b114abaf1ead4112a5fbfdc9eb3ffb259bfeaae2e0d37f7e9c025fa25e

/data/data/parseh.logo.two/databases/__pushe_base_lib_db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/parseh.logo.two/databases/__pushe_base_lib_db-wal

MD5 8557badc93e6604dd383910c07fcc18a
SHA1 bd52eb8c8668c0e33581153d15175edaded9d19d
SHA256 38936ad835b6010fa80bb1ade27cbce3b495948bf60f1c487997ee6219059b68
SHA512 1ecec27329db9cf3eabef118af76e4b06697026e220426031d12ab5ae371ccd4042eaf484ce1a78bdb896af1f9996e7a3854c298505525e6da2e200b5a9d99b2

/data/data/parseh.logo.two/databases/evernote_jobs.db-wal

MD5 43a556b2396f2848b59443e9f8910a6d
SHA1 ad3513bf5fb328e65798fef732910ebe13534e53
SHA256 a1e1d78666b9e26c7494cc7ef736c9a9d74b40b69e474a0e78b5dd13612c18a4
SHA512 bcde8294f0e239ed5a3da011551a79d5feaee406fa0fa4a1a1f84ca93f30c84490f0176ac3faf139b93fdee706288c89134fcdd921f9c8c9e12e06660c38cf90

/data/data/parseh.logo.two/databases/evernote_jobs.db

MD5 d0aca282c1aa4a4d884bb8bd579e37d8
SHA1 9c8b96b7f08f435921c8394d8acf9c0947fef61b
SHA256 fa99b4751a374604e5f46420715b821153fdcc3b036f70be74db5fd49db674b4
SHA512 abcfd11ac0ec31434aada4a665ee63a8a59936283fe0961c0d53c0bc1509cbc9dfbe88a9e49944fdcbed6cd523e824d142add1b308ec8837044ef519b740128d

/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal

MD5 121ab5f2efd62f10e77fbe9b01b774d5
SHA1 e6ffeec70ac0e3735dbb21f6913b2edf51ca504e
SHA256 9dde6cafbb394705fee100f883f4b67b058edb509d537f42eb22a1ea68eee475
SHA512 a540c27a8ed2e176d26290e5d53120adfd42bdba0b1c742c9bb609340637de888d9b479c1ce9636f20b6d2accd45608b177a4844bfff250e86223eccfeefdd7b

/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads

MD5 f29d088cc2131f3be847663b61b3f21b
SHA1 28bf5b805220e56594baa597a9c96ed51392b70e
SHA256 821fdecd357c8e1e21d6818bb1262f3b8181d63a8f70c78474e2dc766b877230
SHA512 bc717e29894a53c475da4e7873170232f4cb233d9a8a4aa90d931301f319cb3deb06d878d75f8182708a063e3a9a6657df7abd6b69137df227fe25166895e125

/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-wal

MD5 64c640e27c8931dc1b77e51a0006c1e0
SHA1 16c2c89530d56f85ba86aa8cdf2d18f46a15e27c
SHA256 8e60580110fb256d06440a7f271647496e4e460dc75aea1c523cbf98a7722510
SHA512 66c39ce2e0fc97875cf2b0f0022eb0e7e240d1c1516240676c3ba6c5f47d13e51cc3d6ea8a2e85d1199420c0dab43cf0a924a1bd5531890834fefb611ae69cf7

/data/data/parseh.logo.two/files/fonts/bkoodb.ttf

MD5 42ed81df7776b8b0ce4272a0928a2565
SHA1 51d7d6847c17547d17f5e658341022f0c1566ca8
SHA256 25d3f3d41f695978a1920935a09c2839ea1cc221191aab12dbb03560156a72a4
SHA512 76a9bf954af4cf14e909ead307ff46bd978b01bc25aa7b30a565cf7128b55166c8381e5cabf05705d271dbf8301e2f6834cf4dc3285dc2d17a05ba76da3ea33c

/data/data/parseh.logo.two/databases/tap.db-journal

MD5 3107b6f007e7bcae9611cad21491dd65
SHA1 919e3962892bc147577739a1946abe21a79b11a9
SHA256 7a59f7b7810fb0211dc42dc13eb79d270c7cb1d92bb26aff63c251591d0ca5d0
SHA512 85a0eac49bec9c25c7f68c4ff61df9e62bf25c3eb5443634e981b3a6a643c5d93e64089719920acc45b97dc9769a444fc0427ff560aaaf6c1197af295ca80ba4

/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-wal

MD5 eaaca70adb5f7a69cb313ce5cf658a08
SHA1 f8e01a2b143e952be4c86717074bd62bd713cb9e
SHA256 03524f1a288495a9af93448054560743459434ab7f65d503baeec94b5de2578d
SHA512 d597e28f3ce14c04e1b41b82f1a07ad2037c276ae258ab5c984468bf4d844d0203686e92081feedaf1f98f8c66de6249a72ad99cc697aa893c6810a98494db3f

/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads

MD5 dc666f7fc7a1bc6806f35e04d2b85d99
SHA1 542edd4fc2f7fd25620b25409c649594f133a8fc
SHA256 d7f8f4dffceb012e0be37feea3aa158f1c934453938edf6132fc27f42c4f62ec
SHA512 ebc3212a4d8ab30eca2c1ea4ad84460f1de6cfd59bd7b507f5ad3d30ffd6982f952888f3f4669a4f6c8330bcca4b7e823ccbe36b6ef60bab8d0e35dc48286f7d

/data/data/parseh.logo.two/databases/tap.db-wal

MD5 cd03bba571bd296f05974de0951cdd1c
SHA1 300bbdde31573f548b8f745606f0cc8cd83c4baa
SHA256 c7fcc30c6045dd55f153c91ba7b2163b2ec215a13a12b01613299fef72e22ad8
SHA512 fc2cde96fceb1d5112e43a52d89c9b37fa016e1b75b3267f73fbf5bb207cb236d03da0fc6aeb622b707b4bdba4518e801f07164ac3ce97bedead49fd0b0376e7

/data/data/parseh.logo.two/databases/evernote_jobs.db-wal

MD5 a9f9fe6f55f9839f32acbd9c98fe2c4d
SHA1 fc36b1db51167df7a19717e33e5daf33ef52bf26
SHA256 4b370a605fdb5f712f58275592183866ec1c53720380a96e8785c3e3c474459e
SHA512 7cbb45162d5f8e514f1386332474879ea11d4c5daf45ec0550a64b6d923836e6d14b853c9418b1fa28270166208c38a2f6b270e416f01d12550512c8d8f0cfc8

/data/data/parseh.logo.two/databases/evernote_jobs.db

MD5 f2969d2b63ad4a90e1fb105e965aa1c8
SHA1 6613acabb7ed9d8bd26a457d4d6208b41b83d41d
SHA256 d3f649999eec92cf29c41f70c74ffd7adbf09db63f41ed848bac5d06bcf7db4a
SHA512 51677c163b33fd754dd32e3fedac49e21ccdf251827f3918ed5ae3dd1f822d43430172fec12f197037835ba90b8d5b6599bd87811a104943331b5f133f592319

/data/data/parseh.logo.two/databases/evernote_jobs.db-wal

MD5 2fffb085d1c2382d5e8ce3f34151c8fd
SHA1 38f968723ad1e55023dc5f5febbb1ae6a531f3cc
SHA256 1a0943f264527ebe3cbb7eede9a678b54b23a4e90e6e8d8e7aee1c14975346e1
SHA512 2c7c19850b1d406fe430410ba36796f0c4c316cb47726c3623b40010f1cc155af99fae25a383f5ed8e2bcf6d5f16b77e59c600bd862779c50ff645e034d547e2

/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-wal

MD5 8bfd7e7932446b6d402c67c602ad0d82
SHA1 acadc78b1de82874e9bb8421ec1f7ee8b14566e7
SHA256 bb31313d30e8aa5c354c7451938914aed5877c07ea9a1b2d7aa4027f1dbd49ee
SHA512 d0b30d348e0add06165deb07db275a70d9bd4c2f885a3f96be6fba328f2d6605e1fec27c0c1af2e5d2e77d9d982a000bed6238744d3c102ce28f4d48c6077ec7

/data/data/parseh.logo.two/databases/evernote_jobs.db

MD5 b8ff291130048be3e3013f917911ffa7
SHA1 270a6816d6d5bc65e4f0ed9ba0683867067af895
SHA256 17bab2e1ca7814c3648b0f9e636d49f5544d4a6f1a03944c9d378c660ad8e3bc
SHA512 ac7f520cd5ada4747c1a30f3c1f6586d573f0757266a334563e4cb83602d56225d2f2ee652b93d2c467c1962325d210605382335b791a108b410bfaa2650861f

/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads

MD5 dbe0b7ce94af5019f781bf00172d8a19
SHA1 3e29cfffea4bdf79bc3a17fc0a827041297dc900
SHA256 219bb22220dbe8687b0977d6d091b3c4706fed070c005d15d59f7c0fc85eb7e0
SHA512 685af3c5e264040bdd527dcdf40e771175ddf5085cb0c195baec4c325be62e6102c90e6f90aa37572c16264152dd977c3d2d1a90ce479fe6c14003b9ffdb688c

/data/data/parseh.logo.two/databases/evernote_jobs.db-wal

MD5 3f1afa2ea98bd2c6041d9e93d7f418cb
SHA1 09dc6cd7b654c3cfe48d38938688dabbeeb57d87
SHA256 f05533ab480369a2688a20a54e4e147314d4a819f3ca4cd323ae303a8587b3e8
SHA512 c1d62bd1d31ed2312ccc606563a61a53ef9ae767915f8f7e9a5fb9c41cab4a1f2762dbcadd6dd80dd206ef76f12316648b80a83c5c3615e9a9bbce68e48aadcc

/data/data/parseh.logo.two/databases/evernote_jobs.db

MD5 71f8303f6e345492f9a538f674a68941
SHA1 b77280aa3a57e74992a8dfab31c89817bf50ebe9
SHA256 0104a0b4af93d731b64b50c4dde94aed45f0ae8de2a6595dbeceac95f3584cf1
SHA512 b51eb38d0bd7697eab37b5103c17b34bafb1eb2aff93660c185cf42dc7eac391e1ae956310c751c3590336e0ba8311d82481d1399868801e216ed3143e941218