Analysis Overview
SHA256
8386715c5fc28c0c5de37fbde8004c29ad1022b15141107633b2b48799fa0df7
Threat Level: Known bad
The file 4e7d171fcdcc00e1882872750b1f8fe6_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata family
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
Checks if the Android device is rooted.
Requests cell location
Queries information about the current nearby Wi-Fi networks
Checks the application is allowed to request package installs through the package installer
Registers a broadcast receiver at runtime (usually for listening for system events)
Queries information about the current Wi-Fi connection
Schedules tasks to execute at a specified time
Reads information about phone network operator.
Checks if the internet connection is available
Queries the unique device ID (IMEI, MEID, IMSI)
Acquires the wake lock
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-17 04:51
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-17 04:51
Reported
2024-05-17 04:55
Platform
android-x64-20240514-en
Max time kernel
123s
Max time network
151s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks the application is allowed to request package installs through the package installer
| Description | Indicator | Process | Target |
| Framework service call | android.content.pm.IPackageManager.canRequestPackageInstalls | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
parseh.logo.two
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | ad-sdk.com | udp |
| US | 1.1.1.1:53 | api.tapsell.ir | udp |
| IR | 45.94.254.25:443 | api.tapsell.ir | tcp |
| IR | 45.94.254.25:443 | api.tapsell.ir | tcp |
| IR | 45.94.254.25:443 | api.tapsell.ir | tcp |
| BE | 74.125.133.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| IR | 45.94.254.25:443 | api.tapsell.ir | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| IR | 45.94.254.25:443 | api.tapsell.ir | tcp |
| IR | 45.94.254.25:443 | api.tapsell.ir | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 216.58.204.68:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.16.226:443 | tcp |
Files
/data/data/parseh.logo.two/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/parseh.logo.two/databases/evernote_jobs.db-journal
| MD5 | 57ebcb9242291c0c6375cb6190040780 |
| SHA1 | dcf1c35c0a008d841b918d73f4d4ec29878c94f2 |
| SHA256 | c612e28845f8f8a377b131f6b2804f9190bdf8c36a67180ae7d730be477a1516 |
| SHA512 | 68c3d626a97a938f84948fbc29474e3358035ad7cd4c72cef20a11791d848de99089f1dd6118c05c8de721e3bd21d6733dd606cccdb691ccfa2660ccb10c17cc |
/data/data/parseh.logo.two/databases/evernote_jobs.db
| MD5 | 00e829076f54c72b50b63fd6de296a03 |
| SHA1 | fbeb1b8be863931f98a7c29224a03b89f9616ab2 |
| SHA256 | c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df |
| SHA512 | 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc |
/data/data/parseh.logo.two/databases/evernote_jobs.db-journal
| MD5 | 31a1ed57686a69bcff9b932442ec9fb2 |
| SHA1 | ba7fd92ab8d47794c30052a61ebc9ff657fecbf1 |
| SHA256 | 1f60535f30ebf9351c76f51b83bfe6aa770cc26c54bcbdc2bdaa8e6fbf6270bd |
| SHA512 | 05745ec07cd44ebefb79d7c57e797b0025926986c5392aec99db33044b9fc226256e12da2ca5881f13ec4c5cd71579780e18223123785101995bfc2f1c57ad56 |
/data/data/parseh.logo.two/databases/evernote_jobs.db-journal
| MD5 | ef1aaaf7252887fc364845f890c3a0f4 |
| SHA1 | 48436e8c1ba5a469bd4ac314c93b46f6416fd7bb |
| SHA256 | 8a702a93e8559757d8313d838ccc84784bb4fa82996f1e887c8fa9e6cea347d5 |
| SHA512 | c38e483c739d6f6c394544cc6b23ef9f14367231b9112f847f550df89cc4f7b375a83d3eef454658561dbfb9c28b77236c65d488d5950f26a679156ed36f82a3 |
/data/data/parseh.logo.two/databases/evernote_jobs.db-journal
| MD5 | a591ef79c382332fd641cba76d876e9a |
| SHA1 | c0957a38809c5ddcacbfba73baa48db1a502381c |
| SHA256 | 73e15dafb9d20ef7e14e8ab05c9b1c37f8ab6f19c89a302a98214237d04284c7 |
| SHA512 | a05d7edd3c9d7b0ba626a903e7a4d4cb03e69df86a149916f5ac44d5472d9a0282279e62422550bff5797ba4325b6db39231b4fa05b2331d014720e7222c1c54 |
/data/data/parseh.logo.two/databases/evernote_jobs.db
| MD5 | 6f72fe09377b968c54b07ad38dd4737d |
| SHA1 | 5a2ba0567ea5cea4ed3c9025e31133c41db10814 |
| SHA256 | 632147d269cd647c43abbacb33a9325998add347da6420f005b51cca4728dcec |
| SHA512 | d7c5f797fb39334154626ece0163f0821976b6e3ef5f4faa07ae877336cc5dcc151d0f493e016d47acbfa2ac9248e15539733c62482535f4ba47ec0c911957c1 |
/data/data/parseh.logo.two/databases/__pushe_base_lib_db-journal
| MD5 | 57fcb7b1d7c59777cc666cce7ac735eb |
| SHA1 | 8f49d3a749beb76f18e4e93426ab1ff91713fb3c |
| SHA256 | ae66c295fbfea229e74b207d8bffed23d314c41e9618aa52191102eed6d6d6fc |
| SHA512 | a1d08e236534dcd663f1f041628b9d38c0de9acc9b864815a71368fa7328e84b658502db19d7fc3ebbe570461de523785215c2306a105e434c3d199e32d9b525 |
/data/data/parseh.logo.two/databases/__pushe_base_lib_db
| MD5 | 9ebe5bba1c2ff97f49c50afda6703043 |
| SHA1 | 7df0ed269b47ba1e7872c74b054e1fd187aa55b9 |
| SHA256 | 7fe422f7ff8647ba295ef0bc30f70cc18c07b4b6221760114a544fde2142579c |
| SHA512 | d8b836fdc6d9eb1c68ff8e2414a5bd7093ab5ad810b4e1b842b4d90d0cb6d5213f4e8b2aae264328fc3f4565100adfc7871ead9df057fcdf54efa37ffdcebf37 |
/data/data/parseh.logo.two/databases/__pushe_base_lib_db-journal
| MD5 | 318d332bfece0f887c639780d286d94b |
| SHA1 | 00248dd399a82f51a5bfdcd3cd1ae043e014a7d5 |
| SHA256 | d4fea9448b471c3709c39089d100ad27952f2c4803961ee6fa22c171eb3d3c22 |
| SHA512 | 9e094dc8c6a1e3c1735156275e2d3f7d84d38ab10f482547e1a036c4e0c8fa7931ffe68f8a520cc1214e4c5f291b8238632a50ef7c5f73ec026eee9b4ed92e08 |
/data/data/parseh.logo.two/databases/__pushe_base_lib_db-journal
| MD5 | 313103339c1b683c43c3cf6be54e9e56 |
| SHA1 | 53fd9cdd2a6988d9e29fc8c1cb1ce37e10723ab2 |
| SHA256 | 1208c33df7e581884fed13453ce8c3a4f857af9db3a6d53983f85430e7ed5bd8 |
| SHA512 | f123147297fa4ec4ead3a3c8bc44829e0ca3f7ee02bbe7ef880ebbb27d685add14c41ac0fe8df8d1c7a62c725c578ef1ddd461d2f5f2e5e619bddebed0212e92 |
/data/data/parseh.logo.two/databases/evernote_jobs.db-journal
| MD5 | dcc1d104459121a346f6fe4d84bcf387 |
| SHA1 | 73da54d5963f2a7298c298e62e2fa14fc60a11e6 |
| SHA256 | c16cd57e2e627316bd8d7a63e06efb0127920d019e1ba873d0362efb0bdc36f4 |
| SHA512 | 3d8d8291284eb4709abe0a1c0f67dcc5d808c8e901045b2b6082a92ed5945c506d0b18a363b97e4523128784a00012499a1503730b3bec25521935fe0e4b3742 |
/data/data/parseh.logo.two/databases/evernote_jobs.db
| MD5 | 106fbfe9130e55c23964d4c2cfd07e4e |
| SHA1 | 9c984eefc1130fdf4a90f9ca3a7fdb90c01fe947 |
| SHA256 | 5f01792763b359945a6a9c0d26042d37fc31296ee21a43b7e13bbe479621c726 |
| SHA512 | 465976192f4b11d389f465f3521f30100ec4e11ae5eb081b6d74931b90e1d3056f525b0af6408a8289e1ee27820b81862b3a89bd52e0c7fc5a79af7d2159eda2 |
/data/data/parseh.logo.two/databases/evernote_jobs.db-journal
| MD5 | 36dc56431eb3dd275af9c0a3b94273ca |
| SHA1 | 1899f801f3a032ab08af6532d8c7a0bed5d59010 |
| SHA256 | 8b3fdffd68bc4b03f63d3318b02efacf24a15b4dc91d528204d51f768cf758a5 |
| SHA512 | 22560962a7dc256169b2b237b6cc0e09da27eede1a0be92a001af6d442e48735c43bdc689f7fe577ef03d1ea42ff340decb812b0b9a9b40f491f8323e27c5b79 |
/data/data/parseh.logo.two/databases/evernote_jobs.db
| MD5 | 4956c59522b119a6cdbff4054d7e0125 |
| SHA1 | c0f2caa89ee57a665156a95e54f7f8226a35e1d6 |
| SHA256 | 01671092a51071c4fb750876813950d40660a873c7db0c31d7635abf8a89b460 |
| SHA512 | efa27171cfaf2940f10bdca8b3c1add15d6a80e7598e3492051e1c79102398cc7b4604be9b08128b982900524ac173737b6e3d72b181c6f0aa1a6737daa75fa0 |
/data/data/parseh.logo.two/databases/evernote_jobs.db
| MD5 | 89466ce4794bdd5c83e9a1d13b364af3 |
| SHA1 | b3a2b82a09b24eee8a79568e6dfdec259525c282 |
| SHA256 | 74a85998df212239e6d581845d2c17682d6af8534e2daaf6869637b11ca12ec0 |
| SHA512 | 81250e2efcdcbcba982f7759e3420a88c6806ec229848feb11286d4e510280fe74efdd22354849bc47bc53a832b94ec05866a5d94e7edde7fa2dd57c73204412 |
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal
| MD5 | da1595c94f9d8f4e8c4faab60489bb93 |
| SHA1 | 3b359952fcbf7d005634b2762e95b7087c96fd1f |
| SHA256 | 69a04ef71f5c8e9ad4cb8a03f4d94c62c29768f23d438c264a2402cc8aeaf1ea |
| SHA512 | 5e9eea888ac197c36b051736278a2e8bf1fbcc838872eb14a977cc4ba03e17d957cc2c9c6e9ef95bd60cd9acab51eb4bb61358005e194014c28ac8bb81de813a |
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads
| MD5 | 2f515ee72eb2f5f40eef1fcdf67bfdc7 |
| SHA1 | 81da15fb4317240515d0a78a6b7504ecd335a448 |
| SHA256 | bf4a759fcd025c1142ad6ed70e3bb0d159935b4ca96762c8d4ac1d3c0c0ef353 |
| SHA512 | 5c612d44a20beff96d9ab2d4b6e111f31c80c07d882a54dedac16480bb9a91e6c1cf0a91c38fa853c85b03e8fc7dfa6eb61f76462dfe37dbc55e77b5454ec932 |
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal
| MD5 | 783d792345d44c5e2381f5bf77a045ac |
| SHA1 | f1b655be0afb6fc0e53756ad611a88974e7eccb0 |
| SHA256 | 1735c47f8d20cf3b470b7406a6e4561f59a0889d0008dcb4f89c8491f6d99cdd |
| SHA512 | a104a76ade3ea085d11c1f21df3b46c5ec5d1402fe5be0f21b9af6d33829c05574e1faa2436c218e4adf429e2d8120f967397a0843651702871815b74ace02de |
/data/data/parseh.logo.two/databases/evernote_jobs.db
| MD5 | 6f17623291346b978b507f6429400c85 |
| SHA1 | 637ec4b0d369a029657c23a1db012a139d4a2032 |
| SHA256 | e4847b46d6b4d20c6d59f055725cf5015ee4eed8d70f789a94e9bad9fac32745 |
| SHA512 | 828e2d357423d3b0689d0f679102cdad4fe5c967750a8ab4287e47c1bfbd29ea158354109fcdea56ab1a7ed48a4e761e0ee417cf63d430d9e1e325e5c2c74b66 |
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal
| MD5 | 5859d4e541517b5bf41ed3f6866ea588 |
| SHA1 | dde2b03ffe3d7653552392e002bf9cf19177adf9 |
| SHA256 | 4822e32a744e0b241ae372df21349a625a5f20e65cda24515bf42a41e2747599 |
| SHA512 | 996276ec701dbb727802e56bde572916288a7c0016c3af095f9f9ab80ba9d0d0d4d7e68709950270876f2cdd9e2ccc0e312cbdc2849b0a2d727294ac117a9d48 |
/data/data/parseh.logo.two/files/fonts/bkoodb.ttf
| MD5 | 42ed81df7776b8b0ce4272a0928a2565 |
| SHA1 | 51d7d6847c17547d17f5e658341022f0c1566ca8 |
| SHA256 | 25d3f3d41f695978a1920935a09c2839ea1cc221191aab12dbb03560156a72a4 |
| SHA512 | 76a9bf954af4cf14e909ead307ff46bd978b01bc25aa7b30a565cf7128b55166c8381e5cabf05705d271dbf8301e2f6834cf4dc3285dc2d17a05ba76da3ea33c |
/data/data/parseh.logo.two/databases/tap.db-journal
| MD5 | c7a723e92ee430f7609cd8608d8098d3 |
| SHA1 | dd1ece5e884c4a2a7db62eb4c6925609667d23e8 |
| SHA256 | 1e1ebcafd9b75be0efb232d273318299f83a85c5df6b770368c4e66c7493f8e0 |
| SHA512 | 6b50454e441b056fcbd09d4c32f313d791c5def92be5bad72f1f6f6b907cf7677e7852d3dd54e4d73fb342604be0801083e0611b1e5606ec1ae609bdccb02b34 |
/data/data/parseh.logo.two/databases/tap.db
| MD5 | 694d8539801603790854368111160611 |
| SHA1 | 530600b332e6e7127c1df6992dba147194ac0dd0 |
| SHA256 | aa073e1227c040f8ffe9cd3ec6bd17f89e115906c6b051443ccc694981dead93 |
| SHA512 | 1d45b89b30da4565653a2ca3a6fd08f52bda1e0ebd9f9b8e1120d71b166a467b14e9e854e400fd4b8ca44519d82c71a01f58c6360033a12724712a2a71d7a2ef |
/data/data/parseh.logo.two/databases/tap.db-journal
| MD5 | f2cd865fb854b6fb5c72290bc9badcd9 |
| SHA1 | 4d41231b13a513e092788356a9e987e7febbb999 |
| SHA256 | cc43062c0efbc330ed6a88b1a4fa7603dfaa976660e9e2d1099946fa543010e2 |
| SHA512 | 1c5511c2e6f533547fcab56fe834af655c2ff7848233420d5746acc258ea37d499a1f4b1f092fda5fbc2be1d64294a034062190a73c4524cbef134bc0075be14 |
/data/data/parseh.logo.two/databases/__pushe_base_lib_db-journal
| MD5 | 1c57e739edefca3f9a66bdf4a366025f |
| SHA1 | 983ffc6105eb31dd1aeb8339c87c8a001f48cb2d |
| SHA256 | 06777e6455a4983058d13cb7f6ec0a1b46cc2410ff8e9b031dc1c3ba92c4656e |
| SHA512 | 54b1b2529a675b3372cbc53fe3f817635945ae2f44005bff27f840b9f7b963c80eda0b1fd15faf0f73d52db618a1121f7c6767f6d5cc86c667d332b3e692f037 |
/data/data/parseh.logo.two/databases/tap.db-journal
| MD5 | b62fdd4a34a8e92282fe79444f56de38 |
| SHA1 | 1d72dc02cfe2efd6246f335f9305b632997aa3c8 |
| SHA256 | 091cb35bfde32a53918aee0482b44b0a69900d2e92e74a379f0deea137c2d578 |
| SHA512 | f5bf036af874bb7e480f3a9f5d8667c65591a84931f8e00c6ec46771c013a9c6f59911a11a169116aef3a6e33129d2a22d31c1177940b2dec5b9b25ab3bbb7ed |
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal
| MD5 | 388b76f72f587c790c0156ce77a5e9db |
| SHA1 | 64d1c0e04147211a3930db6b3387abd2c030f5c5 |
| SHA256 | e883fdd0731118d9ddbf58a3116e07bc1a2a8c580c9c5accf9a2af419986181f |
| SHA512 | 46ba28310df2ffbeb0af80245faaf20a34904e4dfe6971aa63714b5979a42bc3b1b95f5a630bd1f160ec9ac7b5e50b975e0888cc65a18538a382e671886460e4 |
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads
| MD5 | 237111b0303218ca0f940795cb4cc36f |
| SHA1 | 50df0e2481963fc4a24fecf4f441c1f4a817222e |
| SHA256 | 2f92f495b62d364d289f80f1e5cf967688f90b600a195dd0233de2b5499e0367 |
| SHA512 | 50a6304e67e57079e0aaff0187627d879c2a5461d65a38108e3f38b8f2a294fccf595a4efe3315557f809d24af15ebbb2697ae447959f69171a0dbe4c7ded349 |
/data/data/parseh.logo.two/databases/__pushe_base_lib_db-journal
| MD5 | 6c85d187dc842efd6e73a305f2f8a154 |
| SHA1 | 7c46f74df47e3664605912c16116cccf6a2435a9 |
| SHA256 | 85a56d26942b885e170a9594c5e13d1b117afe708376c9d2fdf4016fafd39564 |
| SHA512 | d81dfb535e192109597f492c8c771c4fc2714f561eddc4f13bac23b5db346ca1a158017a29536d0865c0f33a42d6dc3889bd2ed5acbe9066cee902ff4b99f34a |
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal
| MD5 | fa4e27d3afa558dd66dcc072303a361f |
| SHA1 | 4252b5720333ce0904c834e9e32636f79550a893 |
| SHA256 | a86627aa62edfcd7f5cd4a21518b943bae009fcdcb1d85ef7675a371ee03733c |
| SHA512 | fc1c31c22f7416a0f46025252e4e310a403ae5eb9e7ab95924c88c7212c87a61c91e169ec86781e748aa17c55bc6644f50db2f59a9e33be68b9582228ca23536 |
/data/data/parseh.logo.two/databases/tap.db-journal
| MD5 | 27f887e5717d8940649f5e198410398d |
| SHA1 | 92ba62f54384307ecdd307b2808150f716f28fba |
| SHA256 | e3ec1def51679872b377df00dacd8f997f31570b6099c39e2d55dfc58ee70f9f |
| SHA512 | a10badc380376b3f11a9af23568902b646d19d31ed63d527575149e2f0946da4a157704f2096952362682165f4d76f9f19d05d468fb6cd7fb68bd8c491b5ba31 |
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads
| MD5 | 8cbf0aab03a83de7e58e0d8000d29a1c |
| SHA1 | 332de4d36047bfb8ced675434a1a98cb588939d3 |
| SHA256 | 20dc2405ab9918a73558345f44ab67af359d9f26046ec219aa5b84711a5ad4ce |
| SHA512 | d48e59d628c3e085185d9685ea5d8c2ecaf0b399ba4c075c36fd9c524ec0e670590bb8db7312bf464af355d98b09a319aa5453c1d0e4d6ca894c610375e923f7 |
/data/data/parseh.logo.two/databases/__pushe_base_lib_db-journal
| MD5 | b6069328e0fb41809383dea35d92643e |
| SHA1 | c84c649a47e4f957129b89c7b6e8a6a9a8db6be3 |
| SHA256 | 94ae87fa5685f4427e25230bf594efc4a06530534789eb44cff96ae8f9c039e6 |
| SHA512 | b35d2d4535e39beeb6ef5de9fd7b593121d96ae3d01bc3c05d352b7cb0b7c4f2617243f6715ba96137ff89ccd30390525a6d2bb908682870287c1d82dac47df1 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-17 04:51
Reported
2024-05-17 04:55
Platform
android-x64-arm64-20240514-en
Max time kernel
123s
Max time network
132s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
| N/A | /system/bin/su | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Checks the application is allowed to request package installs through the package installer
| Description | Indicator | Process | Target |
| Framework service call | android.content.pm.IPackageManager.canRequestPackageInstalls | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
parseh.logo.two
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.234:443 | tcp | |
| GB | 142.250.179.234:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ad-sdk.com | udp |
| US | 1.1.1.1:53 | api.tapsell.ir | udp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| BE | 74.125.71.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/user/0/parseh.logo.two/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/parseh.logo.two/databases/evernote_jobs.db-journal
| MD5 | d7bd644d0ff702a6a9123826d1915e62 |
| SHA1 | d4e8411a06bbfc799dab9268a1d601fa0740fcb6 |
| SHA256 | 032af224aa5e78e7c8c25870907fe7e975ea2a4b72aff9be999e303f2e15d57e |
| SHA512 | 523799ec004b309e596c8b0c3e5dd834bb8b501f60b4702025b79141684c10002443943b601b36a8ddae03d2a2f36ab03bef03e4370e6e7c470b230eed0d2887 |
/data/user/0/parseh.logo.two/databases/evernote_jobs.db
| MD5 | 47080e3bfcf2db9b8620f2faf6c5857a |
| SHA1 | 6f63c1851255e0fa99567f047382074b086d38bc |
| SHA256 | dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb |
| SHA512 | e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473 |
/data/user/0/parseh.logo.two/databases/evernote_jobs.db-journal
| MD5 | 002cc3b19d2bff46ccb57b57f5f40e13 |
| SHA1 | 584cb2b30fe1fcaa279d85f1400720d31a27c7e2 |
| SHA256 | 7eb77a3e93dfb3993ca587ca011c412c89b98a5ba9de0f4cf6c3b5853fd63b84 |
| SHA512 | 88b4a37647c7dd3b127f6aba98761390a0543d9c2ae0786543748baacda3988484dac2099497d0759e54e8bcd8c47caeb675b7e3d2348dff6b72ac2931f73734 |
/data/user/0/parseh.logo.two/databases/evernote_jobs.db-journal
| MD5 | 2afe9943b53f307221fca42c904833da |
| SHA1 | f98fe296fe4ae78568e971c6bbdc239a77ad90f2 |
| SHA256 | b3540be48a75be66cc2a5e7aebe636b7d5b650733e3695e43264b8f0e1e2a56b |
| SHA512 | aed830d1fc77bcdccf8a419a15ec86c5ddeb4989fe57a210abccfd6be44da194781cb8d1a3f0f7da69fb2b4d0afdfaacc0d1e132f0afd5c61b1204ca475a3870 |
/data/user/0/parseh.logo.two/databases/evernote_jobs.db-journal
| MD5 | 9708fd4d51d6e69b3c70bc41f9f5bee5 |
| SHA1 | a076afe3f61944b4cbb203c95ffbecaff4173875 |
| SHA256 | 4ae6d788807a83543197541468972ac42552d131509999e9f62f90c03c9ab4c2 |
| SHA512 | f4be0faaf90f2b700575c11197879fa6d031f98891887754589d48b4fc17728ae415f0b82d116967f23dbec5934595840e58ebd87648be9dc9abe3fc26ba9a54 |
/data/user/0/parseh.logo.two/databases/evernote_jobs.db
| MD5 | 209e235aec1a87462824ac3d67de26b7 |
| SHA1 | 5c87982b8028d3a4f4291abf83a64ef114bd5038 |
| SHA256 | 33e4ed5e2eefe2cbea1d4c9c30cf7ea538492ea96a46886caf8dd90d700efddb |
| SHA512 | 1e03393665111dc4786d76151ff0506493110e4fa724cf17f49e9ba5fdfb3157711b0c0bd14f83af8cd1ee9cf7a5f8b06c5cd7fedb62b539a9a3fcc3e9707393 |
/data/user/0/parseh.logo.two/databases/__pushe_base_lib_db-journal
| MD5 | c2b9d975beb9fb4796ce1ffd1ec409d2 |
| SHA1 | 9f0def66e422df87a072c5cb7620581a1a77bc1a |
| SHA256 | d663471902b1a75c1f2c82a383cdc0d2d0ac89bdff15ab7fa0727055265551c5 |
| SHA512 | e13a2a7735224ebcc04a61cb6ada540eff2ed8fafbb93fe6106a5a425bea1e26f2f5329ee78ceef54112ec85903a0f1034e27830c8b55cfb57cd9140edead187 |
/data/user/0/parseh.logo.two/databases/__pushe_base_lib_db
| MD5 | 776dacdfb78ddbd4037b7f51e0a60b8d |
| SHA1 | bc790247307ff232cc32c65e80c65d72756d3f70 |
| SHA256 | b174ccb9077887fe020e09a0cb4247f8f42788fd5d56ec169138c93d57b4eb72 |
| SHA512 | d2f9b7621a2be4532ed996fa4ed05e8a19b3c1932febfd552a059342a9d824b2cd373328b7432801c7dadae632ed0b71bca81d9a8ca0ed851b55654ab9fd0fc1 |
/data/user/0/parseh.logo.two/databases/__pushe_base_lib_db-journal
| MD5 | 7e885eb9d1995f4363571e548d9c653c |
| SHA1 | b8efbe7749d037626c812917ce392d74c0c78266 |
| SHA256 | 0cb750a9e953e831940b124f5dc7cdb9a31fe3b28e301ce91e0b7185ae1674b6 |
| SHA512 | ff96fb3f8cc968db9799bc9751724439eb38066598665f80cf98e2617ca74d67118602d3dd5850c6f8a5789a0951f2c01cd7eb5bac2a24552e01b17806db8b5b |
/data/user/0/parseh.logo.two/databases/__pushe_base_lib_db-journal
| MD5 | 7d59e294814107014da6c42400536af5 |
| SHA1 | 38460bc66e3af527075fe731d303c6ca2803ca21 |
| SHA256 | 2b5724ec1e9681a1f39ef33f337d601b6809f66a0ddee74667397cd5495af706 |
| SHA512 | d7d59e93d6814315d37bb0155cf8f6e60214df97084cd1bbd335f3e7d575d04f597ec896b7ca4549737ac598309fdee234a0cd500bbb584230489155f4f076b7 |
/data/user/0/parseh.logo.two/databases/evernote_jobs.db-journal
| MD5 | 02724c2e29e68db4f5414ad398464819 |
| SHA1 | 84079864ea5ed3e69e38384058787693af2f49f2 |
| SHA256 | 40f9b67bb31729435a40d4ed2fc23237715fb2414595a91f80d3eb93d1c94004 |
| SHA512 | 5537930ae39864d446f58abf651ea914595981f4beb35e1bd3de6a801646bec2c9708953d058d22ca71f8d9ad7ba981e066e72befb7ae910f897d1fc7adbcccb |
/data/user/0/parseh.logo.two/databases/evernote_jobs.db
| MD5 | b93d349780a9bfbb3b0b12304eb99806 |
| SHA1 | 22a735174bcec10f93b51f406266c12048abcb42 |
| SHA256 | b879f905e4d7dc0f040e080c8c294d43a9003c4a4d20496a628372d6e5042d8d |
| SHA512 | 30be0cc76dd537458601fedd1bf2d50edf022428fe60395b3cf9ca672a884682c917a99e728dc5c648d4f62af41f3069151704217731f4f97387d460c0f49de9 |
/data/user/0/parseh.logo.two/databases/evernote_jobs.db-journal
| MD5 | 894dbd5902365581bac1124056956050 |
| SHA1 | eb001a54d6cd8a9dc7ce2e1618d275b6b6452197 |
| SHA256 | 11b1f4a3d09c32987487e98504b0cf7e9211e18381e6c555e6d58e656f9d1fe3 |
| SHA512 | 575030726bdcc235ba52f7dea9b1ed0216e716447b2640a2be6b5c1aec96747c4f5623538fc507b9c0657a693a610bfff515ff19f4e649c6f9f0d8acbc56d092 |
/data/user/0/parseh.logo.two/databases/evernote_jobs.db
| MD5 | 8554cf5adedb682298d5f3d2411cb6dc |
| SHA1 | ebf6aff15e943f3fd20b45bae710b4b8c782eae2 |
| SHA256 | 7f8df68a4150b9b7bc91cc5a1243a134cde6027973501b117f7e52da0186373a |
| SHA512 | ea90005ed9e485f189d2053ef277e5bf4fc4e87be4bcc099816fbb647d413e7662801706d24fe44fbb1bc6ed2f4f19272363a8de3f65e7599d8fcb3df534241b |
/data/user/0/parseh.logo.two/databases/evernote_jobs.db
| MD5 | 82ee0db32581286180af3ce61d5e9523 |
| SHA1 | fc2bb9f1295372648f4c2c4606335b9755a60229 |
| SHA256 | 0ee5b73852985a92c0694217c86ee0989a62987a5f08b64bea4495ad8bc0b427 |
| SHA512 | 42b981e2dcacf04cb62805fc0ce87c4752d930869f106be6d1ed6ada600b0157841682bbfba8932bb3a816c23debc7f73baff4b7cc2e80b1608e8a8613acdc46 |
/data/user/0/parseh.logo.two/databases/evernote_jobs.db
| MD5 | 8188a223c968b77eb4ff1474d0ac58cc |
| SHA1 | a0119bdf99cbbef380a2089b9abd18d36baa1380 |
| SHA256 | 8630072f33d7557efdd47d1561ca01c807f3d95c842e77e8a4548ed4e7026c40 |
| SHA512 | a3c2238062dcedb9a696f92ef7768067c6febee5136417106798c18d79fb0310b8052a1a220a0e3d06578b5553b7b0c151c29b49336cca50beda04043e55d22a |
/data/user/0/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal
| MD5 | 53314b69c92d87666ae5804de7038eec |
| SHA1 | 6943cc1bfa1220dd69fc80524e80506970d4e35f |
| SHA256 | bab45cadd0195eaf748e42ab2fec1b2ffd371e09a4bd5540a15a8826c69b5b8d |
| SHA512 | 41e168bc4c677f339276db252ee7caab08141f7e340f75d81745932b1dce6cb5bf18964f1808ff4dace60db53e53f520f199d943645a707d2f59de04a6a7d08e |
/data/user/0/parseh.logo.two/databases/ir.tapsell.sdk.ads
| MD5 | f73e6bbf9b484f89037480ed1ffdf3d0 |
| SHA1 | 6e452a8b856956a331299bee8bdda4e3be3ed6b1 |
| SHA256 | 4beb9ca21b7e7dccf054ffdb3d02169caff8cd3a01f58c763c8f07481b3ef672 |
| SHA512 | b85619c3571d6ef4e1d0df8477193ab8190d547e82e482b82ca754504d754e32110c81e82d0a139ea524961ad08e5a61bd4c0afd1de5e8752fd160208b24c1a6 |
/data/user/0/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal
| MD5 | 15c5f7fcd96de6f5a1d80a2b4ab6743c |
| SHA1 | f7845d5670d6fb227f07821511108812a7bc28db |
| SHA256 | d6b36735ec49029d36df7a12024dd82cd77e79dd120a1765f493d990c4a08bf1 |
| SHA512 | fa8a78e6fce902b741d3b143002941db01ea0c51ed2112e8e6333b6e81e6e704dfec05e88b4b432ab0ed535e2b61fd8b282e47522e78b0ae694095f0b6d76d7a |
/data/user/0/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal
| MD5 | d232f127d381ddc590f5e12a9ff971e6 |
| SHA1 | e383e7a3face1301390aa4965a04cac823851f29 |
| SHA256 | 4e87e08e7bdb01a48323cf9c40db9778b40cf278b5f2e40f466de3c82cb99b8c |
| SHA512 | e9bdb29c6730c750271512f355cf8b8e1d2fcf86a7dd8258eeefca694d1a5b9893c838123eea49604f8b635c3755885a2574a373de848fc7aa7044e4b717b7da |
/data/user/0/parseh.logo.two/databases/__pushe_base_lib_db-journal
| MD5 | 8594740867a7eaf6abca6e8a04f6d39d |
| SHA1 | 42a0e5bf0ae85486435ee06e5aa72a63ac7748d4 |
| SHA256 | 0d8b33abc020b72d8b9d86958be2fdf83b8fe1cbd37c535057bb6986fe21eecb |
| SHA512 | f52c34904646b98486448c3e0f0f190762cd0f7362e7eb63af530ae757a5891df93d513779926aa75760bb9f2d3bb31f5bf22fd5ce6f6ead7d8a7c7fa4166e49 |
/data/user/0/parseh.logo.two/files/fonts/bkoodb.ttf
| MD5 | 42ed81df7776b8b0ce4272a0928a2565 |
| SHA1 | 51d7d6847c17547d17f5e658341022f0c1566ca8 |
| SHA256 | 25d3f3d41f695978a1920935a09c2839ea1cc221191aab12dbb03560156a72a4 |
| SHA512 | 76a9bf954af4cf14e909ead307ff46bd978b01bc25aa7b30a565cf7128b55166c8381e5cabf05705d271dbf8301e2f6834cf4dc3285dc2d17a05ba76da3ea33c |
/data/user/0/parseh.logo.two/databases/__pushe_base_lib_db-journal
| MD5 | 0978344f2d07d3fefb16ba9880196cf8 |
| SHA1 | 6eca81e72ccc9afd98fddf1ca5768cae1f85f76c |
| SHA256 | 20ed2ec1218b6e8f36107a13f0e1c2a8ba9f575806f528fef0b8786b48352f3d |
| SHA512 | 6dac16fb41e8ca553b2e4061296177a68ddfb50232c8dc510fb8ef5ff74870a05d71ed25ba0d5d07f6c160ca08715bf59a8e00567753d1203625c2f009b7cf12 |
/data/user/0/parseh.logo.two/databases/tap.db-journal
| MD5 | d78eeaecb93015682a51f348176aa0b5 |
| SHA1 | 424ab21ee6870cdaa5c4fe00b80540d8f630adb7 |
| SHA256 | f8a9650dc7101cafe8f1190fe13f8ad57b302a124b26bc29136e2ee0eb5a1f84 |
| SHA512 | 6436961813187b6ca2303a028c6dcfd0f7d31f5634a561d300cdc1e178e6ad2f8d4d9f1b5f699b2b654dbf74470266e4172c5e9b84577054c90bd84aa26329cb |
/data/user/0/parseh.logo.two/databases/tap.db
| MD5 | 0854c610436dadcbb743b96cabb3dbc9 |
| SHA1 | 41b9835568cdf26a7e3f4df73cb8b08b50022982 |
| SHA256 | 0708d030ed80a593f272a70ceb6a2dbe8cb1fbfba553bc1372d5ab187bf06845 |
| SHA512 | e1b878c482375f34fad6dc9021e8edba84ece7103137c39dacd144b8a9ef92713215f23236067aaa7dabb7f8103651c138023ca0dbc3cbd993e6a9b0b99b0801 |
/data/user/0/parseh.logo.two/databases/tap.db-journal
| MD5 | cf00dcac04d8b60609d8212dc6c817a1 |
| SHA1 | dc8afa442043bc9d03d85b28fe82ced525382adf |
| SHA256 | 09b998193dbdb6265cc872358ebaf5b58caaa0f2d2432fb045eeb0f106c037bb |
| SHA512 | c3d8468db8086bc3a260c427cbe02e25874078dc1d012e61ae5bac953c8cb9a1a3758392fc7c0f3df0ae58ed0a54a24c6e837a7b0642d14205d9bb18a8a1f912 |
/data/user/0/parseh.logo.two/databases/tap.db-journal
| MD5 | 72098fbc7aaba46592f8203d818e3eaf |
| SHA1 | 7990a871cc23af5e3b8e47eba3b9157e8c9ff4eb |
| SHA256 | 91c89bbec1cbefc187d97f6bc11dc74cbbe7496442549e1dff3f189a7d4c1c6a |
| SHA512 | 47a19e5b329e53b4a7aa33daed4415a4a5c1d3bc811f81a222a9a79b7b0c70dddebfa0e71394d771d3203b903190d5c67937c2d9d56c9a7f44b3a27afd80cc2c |
/data/user/0/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal
| MD5 | 98cfb5c584a072920f50904135d8396b |
| SHA1 | 82d8857fb48f04ffeca67423f91afdcb81b05e66 |
| SHA256 | d3bc0973d8eb399ad6c894325b7db10458d9c28f6a5cc883794fa396573fa552 |
| SHA512 | 2dc366f4fb315ca2142ec67c63594a6e64f25810b6857ab36b124bd1ced93bf1f52adb696bc3d90c169b62e749cc555820b483a682bf3d195a33801d60d5f925 |
/data/user/0/parseh.logo.two/databases/ir.tapsell.sdk.ads
| MD5 | e250400dd81d6c1eab2381f9e611b4b2 |
| SHA1 | d50deca82c2b38227254ad5662c5a59c7169dd86 |
| SHA256 | ec9e9f51d149d600131dfc1262eb25c85ca4dccda54da194bc222678741d48b0 |
| SHA512 | 7d5768018ca96ed255d9880f851972ade6dc4b789208df3bb9880c36b935017e885c8ced49d944d79944e3a8264c9e72103e9d337f50441716d45230680cb590 |
/data/user/0/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal
| MD5 | d6740a149bf3d3c1c0da0d4f8a08137d |
| SHA1 | 02b9dd89d99f16cfd83223bb2119643af22a1ea2 |
| SHA256 | 8086f574b97a502ee8429874d70963f7336611a84d12b41c94d3b791b94cf4a8 |
| SHA512 | 02468fafda51de96d6f65b2de7bbcfc6eabe8549726d7a0d3463ffafef5a493a6eb504bc8255754f8de4b534d804ea9ca028662a06c0602242f68c55bfda7257 |
/data/user/0/parseh.logo.two/databases/ir.tapsell.sdk.ads
| MD5 | 453210ce1af5ac6418962ae9b76443c3 |
| SHA1 | 91d562d2fc2a242f5cbc273c70a05f92059da4be |
| SHA256 | 488c39fad62924cbd03c78a4c8d2f76fc3de8787e4ef7d6d0adfc340079947da |
| SHA512 | 847c83461606899af930c68ecf0dc803e7087e7969b316f1147db359f691d3074579dd4fb8d9a5f9a7ac9dea89b4a95f0263d6ebcbdd7e29db4e9285ccab7599 |
/data/user/0/parseh.logo.two/databases/tap.db-journal
| MD5 | 4e9121b57a511edd54aefb1cf6416613 |
| SHA1 | 70a6efcbfb210f4121e9f3dd4c0057c2ba324a24 |
| SHA256 | 2f5f28a4c1fb8236d2bfaf182523b0c0332275dae521b69832acba5915b7acc2 |
| SHA512 | 91c5f8fafdb85b4bd39adc3378e0d6d8994e3bf0c53c5301a23a243c4ba369a1edbd0f0336542ec920d7bd2af9457a5007a3299520aa1a1b77a1fb2a013652fd |
/data/user/0/parseh.logo.two/databases/__pushe_base_lib_db-journal
| MD5 | 78b724b4897855e95acd16cc4b1f3a0d |
| SHA1 | ff625ab6d6ca1b853053b29e3813e0ecbacdebf0 |
| SHA256 | 917863e0f46eda541998aca54c001242885314b557b4cc4229072a5dc9b66d6e |
| SHA512 | bdf8d6d2be67287c4c264f6726d12015ec72a4b85361184e9392ca1d42a080635f27368e97bd32345f0505d10884db90029e6ef14ca7d71a4883aa47aee3c7c6 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-17 04:51
Reported
2024-05-17 04:55
Platform
android-x86-arm-20240514-en
Max time kernel
123s
Max time network
147s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
parseh.logo.two
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ad-sdk.com | udp |
| GB | 142.250.178.3:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | api.tapsell.ir | udp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| BE | 64.233.166.188:5228 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
Files
/data/data/parseh.logo.two/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/parseh.logo.two/databases/evernote_jobs.db-journal
| MD5 | 0a0b9d5792a3dab64c0dd7827b1c32d4 |
| SHA1 | 805dd34f27f9e30837677558770541951de2ec04 |
| SHA256 | 4dcedffddedde592c4e3e5c02bc915365e5f204b0ab5e3a6a75a6e69b53cfd70 |
| SHA512 | 882345e432892d5ea074d474e1beaae1eda62e17288e717ac4d5c09772804acdc8a89f6243520b1c8e54b92398a25de4885db5617bc1ec1de160a89a44399a25 |
/data/data/parseh.logo.two/databases/evernote_jobs.db
| MD5 | 978fdf85b8448e3a7c9015e51477eb49 |
| SHA1 | 793bb88398dc9457935a4416638d5ed3974baf19 |
| SHA256 | 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92 |
| SHA512 | 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38 |
/data/data/parseh.logo.two/databases/evernote_jobs.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/parseh.logo.two/databases/evernote_jobs.db-wal
| MD5 | 26e548c945a6c7ef4ebb1647a11e16e7 |
| SHA1 | 7d0110668e4c2063f6328ee301c8465203cdff48 |
| SHA256 | 383275821aee2d73d9a813b23e407efac6a866cf10522a43039979f411c7156b |
| SHA512 | 99410c2f097cb632d9793f32d957ac41847b711b81c747d300c35d1de5f692a92d3f14f5de3a0428d655f97db482c46080fd4f23635ae312407164d1f3d02d10 |
/data/data/parseh.logo.two/databases/evernote_jobs.db-wal
| MD5 | 483deda724c37c7edbc634d3bdcbc6a1 |
| SHA1 | 90a5d6a49c813cbea77e681766bcd82a63f42c2e |
| SHA256 | 561c4e07c588421c0e59c0366037ec04b749067c05a67243296ceeddb192df19 |
| SHA512 | c9dbf4f59f72486b599efc8ad5cf81c70fc245ff532afe67afff57da6d6ea9fe47e8a18b2a6822799cba686b801209675c79251f806331e5bc91ffac70e2b833 |
/data/data/parseh.logo.two/databases/evernote_jobs.db
| MD5 | f4ed44b1a3cc718d552f61a9b16e8a41 |
| SHA1 | 749e092a63cde748566138ed3c3c74e2079fa0ba |
| SHA256 | 0cc6affae9b54085db6d8ffbf3995fe14be1bb32032ccc460143fc9580d91cb6 |
| SHA512 | 78c57a1d84482a9a1706c5a13024baad3b1b80eb2a2c46d16215573a6e730d52525ebf6c3cec59984950f468622ad2935645912ceb6a251cf6ca950650265434 |
/data/data/parseh.logo.two/databases/__pushe_base_lib_db-journal
| MD5 | c8606bb929302a497b16e3ec50c36529 |
| SHA1 | c77b09aaa77c3417417206a41ccf59fcc455c125 |
| SHA256 | 434552c8bed417676207c532a0ee50e34eb4bc4abb3f7174a3f4338a5302eceb |
| SHA512 | fb4afe7a97b8a93bc8ca34a92a8c31979e61b9bc50d8e1ea65e540f803bb2aaaaeff60b114abaf1ead4112a5fbfdc9eb3ffb259bfeaae2e0d37f7e9c025fa25e |
/data/data/parseh.logo.two/databases/__pushe_base_lib_db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/parseh.logo.two/databases/__pushe_base_lib_db-wal
| MD5 | 8557badc93e6604dd383910c07fcc18a |
| SHA1 | bd52eb8c8668c0e33581153d15175edaded9d19d |
| SHA256 | 38936ad835b6010fa80bb1ade27cbce3b495948bf60f1c487997ee6219059b68 |
| SHA512 | 1ecec27329db9cf3eabef118af76e4b06697026e220426031d12ab5ae371ccd4042eaf484ce1a78bdb896af1f9996e7a3854c298505525e6da2e200b5a9d99b2 |
/data/data/parseh.logo.two/databases/evernote_jobs.db-wal
| MD5 | 43a556b2396f2848b59443e9f8910a6d |
| SHA1 | ad3513bf5fb328e65798fef732910ebe13534e53 |
| SHA256 | a1e1d78666b9e26c7494cc7ef736c9a9d74b40b69e474a0e78b5dd13612c18a4 |
| SHA512 | bcde8294f0e239ed5a3da011551a79d5feaee406fa0fa4a1a1f84ca93f30c84490f0176ac3faf139b93fdee706288c89134fcdd921f9c8c9e12e06660c38cf90 |
/data/data/parseh.logo.two/databases/evernote_jobs.db
| MD5 | d0aca282c1aa4a4d884bb8bd579e37d8 |
| SHA1 | 9c8b96b7f08f435921c8394d8acf9c0947fef61b |
| SHA256 | fa99b4751a374604e5f46420715b821153fdcc3b036f70be74db5fd49db674b4 |
| SHA512 | abcfd11ac0ec31434aada4a665ee63a8a59936283fe0961c0d53c0bc1509cbc9dfbe88a9e49944fdcbed6cd523e824d142add1b308ec8837044ef519b740128d |
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal
| MD5 | 121ab5f2efd62f10e77fbe9b01b774d5 |
| SHA1 | e6ffeec70ac0e3735dbb21f6913b2edf51ca504e |
| SHA256 | 9dde6cafbb394705fee100f883f4b67b058edb509d537f42eb22a1ea68eee475 |
| SHA512 | a540c27a8ed2e176d26290e5d53120adfd42bdba0b1c742c9bb609340637de888d9b479c1ce9636f20b6d2accd45608b177a4844bfff250e86223eccfeefdd7b |
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads
| MD5 | f29d088cc2131f3be847663b61b3f21b |
| SHA1 | 28bf5b805220e56594baa597a9c96ed51392b70e |
| SHA256 | 821fdecd357c8e1e21d6818bb1262f3b8181d63a8f70c78474e2dc766b877230 |
| SHA512 | bc717e29894a53c475da4e7873170232f4cb233d9a8a4aa90d931301f319cb3deb06d878d75f8182708a063e3a9a6657df7abd6b69137df227fe25166895e125 |
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-wal
| MD5 | 64c640e27c8931dc1b77e51a0006c1e0 |
| SHA1 | 16c2c89530d56f85ba86aa8cdf2d18f46a15e27c |
| SHA256 | 8e60580110fb256d06440a7f271647496e4e460dc75aea1c523cbf98a7722510 |
| SHA512 | 66c39ce2e0fc97875cf2b0f0022eb0e7e240d1c1516240676c3ba6c5f47d13e51cc3d6ea8a2e85d1199420c0dab43cf0a924a1bd5531890834fefb611ae69cf7 |
/data/data/parseh.logo.two/files/fonts/bkoodb.ttf
| MD5 | 42ed81df7776b8b0ce4272a0928a2565 |
| SHA1 | 51d7d6847c17547d17f5e658341022f0c1566ca8 |
| SHA256 | 25d3f3d41f695978a1920935a09c2839ea1cc221191aab12dbb03560156a72a4 |
| SHA512 | 76a9bf954af4cf14e909ead307ff46bd978b01bc25aa7b30a565cf7128b55166c8381e5cabf05705d271dbf8301e2f6834cf4dc3285dc2d17a05ba76da3ea33c |
/data/data/parseh.logo.two/databases/tap.db-journal
| MD5 | 3107b6f007e7bcae9611cad21491dd65 |
| SHA1 | 919e3962892bc147577739a1946abe21a79b11a9 |
| SHA256 | 7a59f7b7810fb0211dc42dc13eb79d270c7cb1d92bb26aff63c251591d0ca5d0 |
| SHA512 | 85a0eac49bec9c25c7f68c4ff61df9e62bf25c3eb5443634e981b3a6a643c5d93e64089719920acc45b97dc9769a444fc0427ff560aaaf6c1197af295ca80ba4 |
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-wal
| MD5 | eaaca70adb5f7a69cb313ce5cf658a08 |
| SHA1 | f8e01a2b143e952be4c86717074bd62bd713cb9e |
| SHA256 | 03524f1a288495a9af93448054560743459434ab7f65d503baeec94b5de2578d |
| SHA512 | d597e28f3ce14c04e1b41b82f1a07ad2037c276ae258ab5c984468bf4d844d0203686e92081feedaf1f98f8c66de6249a72ad99cc697aa893c6810a98494db3f |
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads
| MD5 | dc666f7fc7a1bc6806f35e04d2b85d99 |
| SHA1 | 542edd4fc2f7fd25620b25409c649594f133a8fc |
| SHA256 | d7f8f4dffceb012e0be37feea3aa158f1c934453938edf6132fc27f42c4f62ec |
| SHA512 | ebc3212a4d8ab30eca2c1ea4ad84460f1de6cfd59bd7b507f5ad3d30ffd6982f952888f3f4669a4f6c8330bcca4b7e823ccbe36b6ef60bab8d0e35dc48286f7d |
/data/data/parseh.logo.two/databases/tap.db-wal
| MD5 | cd03bba571bd296f05974de0951cdd1c |
| SHA1 | 300bbdde31573f548b8f745606f0cc8cd83c4baa |
| SHA256 | c7fcc30c6045dd55f153c91ba7b2163b2ec215a13a12b01613299fef72e22ad8 |
| SHA512 | fc2cde96fceb1d5112e43a52d89c9b37fa016e1b75b3267f73fbf5bb207cb236d03da0fc6aeb622b707b4bdba4518e801f07164ac3ce97bedead49fd0b0376e7 |
/data/data/parseh.logo.two/databases/evernote_jobs.db-wal
| MD5 | a9f9fe6f55f9839f32acbd9c98fe2c4d |
| SHA1 | fc36b1db51167df7a19717e33e5daf33ef52bf26 |
| SHA256 | 4b370a605fdb5f712f58275592183866ec1c53720380a96e8785c3e3c474459e |
| SHA512 | 7cbb45162d5f8e514f1386332474879ea11d4c5daf45ec0550a64b6d923836e6d14b853c9418b1fa28270166208c38a2f6b270e416f01d12550512c8d8f0cfc8 |
/data/data/parseh.logo.two/databases/evernote_jobs.db
| MD5 | f2969d2b63ad4a90e1fb105e965aa1c8 |
| SHA1 | 6613acabb7ed9d8bd26a457d4d6208b41b83d41d |
| SHA256 | d3f649999eec92cf29c41f70c74ffd7adbf09db63f41ed848bac5d06bcf7db4a |
| SHA512 | 51677c163b33fd754dd32e3fedac49e21ccdf251827f3918ed5ae3dd1f822d43430172fec12f197037835ba90b8d5b6599bd87811a104943331b5f133f592319 |
/data/data/parseh.logo.two/databases/evernote_jobs.db-wal
| MD5 | 2fffb085d1c2382d5e8ce3f34151c8fd |
| SHA1 | 38f968723ad1e55023dc5f5febbb1ae6a531f3cc |
| SHA256 | 1a0943f264527ebe3cbb7eede9a678b54b23a4e90e6e8d8e7aee1c14975346e1 |
| SHA512 | 2c7c19850b1d406fe430410ba36796f0c4c316cb47726c3623b40010f1cc155af99fae25a383f5ed8e2bcf6d5f16b77e59c600bd862779c50ff645e034d547e2 |
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-wal
| MD5 | 8bfd7e7932446b6d402c67c602ad0d82 |
| SHA1 | acadc78b1de82874e9bb8421ec1f7ee8b14566e7 |
| SHA256 | bb31313d30e8aa5c354c7451938914aed5877c07ea9a1b2d7aa4027f1dbd49ee |
| SHA512 | d0b30d348e0add06165deb07db275a70d9bd4c2f885a3f96be6fba328f2d6605e1fec27c0c1af2e5d2e77d9d982a000bed6238744d3c102ce28f4d48c6077ec7 |
/data/data/parseh.logo.two/databases/evernote_jobs.db
| MD5 | b8ff291130048be3e3013f917911ffa7 |
| SHA1 | 270a6816d6d5bc65e4f0ed9ba0683867067af895 |
| SHA256 | 17bab2e1ca7814c3648b0f9e636d49f5544d4a6f1a03944c9d378c660ad8e3bc |
| SHA512 | ac7f520cd5ada4747c1a30f3c1f6586d573f0757266a334563e4cb83602d56225d2f2ee652b93d2c467c1962325d210605382335b791a108b410bfaa2650861f |
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads
| MD5 | dbe0b7ce94af5019f781bf00172d8a19 |
| SHA1 | 3e29cfffea4bdf79bc3a17fc0a827041297dc900 |
| SHA256 | 219bb22220dbe8687b0977d6d091b3c4706fed070c005d15d59f7c0fc85eb7e0 |
| SHA512 | 685af3c5e264040bdd527dcdf40e771175ddf5085cb0c195baec4c325be62e6102c90e6f90aa37572c16264152dd977c3d2d1a90ce479fe6c14003b9ffdb688c |
/data/data/parseh.logo.two/databases/evernote_jobs.db-wal
| MD5 | 3f1afa2ea98bd2c6041d9e93d7f418cb |
| SHA1 | 09dc6cd7b654c3cfe48d38938688dabbeeb57d87 |
| SHA256 | f05533ab480369a2688a20a54e4e147314d4a819f3ca4cd323ae303a8587b3e8 |
| SHA512 | c1d62bd1d31ed2312ccc606563a61a53ef9ae767915f8f7e9a5fb9c41cab4a1f2762dbcadd6dd80dd206ef76f12316648b80a83c5c3615e9a9bbce68e48aadcc |
/data/data/parseh.logo.two/databases/evernote_jobs.db
| MD5 | 71f8303f6e345492f9a538f674a68941 |
| SHA1 | b77280aa3a57e74992a8dfab31c89817bf50ebe9 |
| SHA256 | 0104a0b4af93d731b64b50c4dde94aed45f0ae8de2a6595dbeceac95f3584cf1 |
| SHA512 | b51eb38d0bd7697eab37b5103c17b34bafb1eb2aff93660c185cf42dc7eac391e1ae956310c751c3590336e0ba8311d82481d1399868801e216ed3143e941218 |