Malware Analysis Report

2024-09-09 16:10

Sample ID 240517-y5bzcshc3s
Target 515257eed660ad6345930c3f1c03bdcc_JaffaCakes118
SHA256 8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72
Tags
irata banker collection discovery evasion execution persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72

Threat Level: Known bad

The file 515257eed660ad6345930c3f1c03bdcc_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

irata banker collection discovery evasion execution persistence

Irata family

Irata payload

Requests cell location

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current nearby Wi-Fi networks

Checks if the internet connection is available

Schedules tasks to execute at a specified time

Requests dangerous framework permissions

Reads information about phone network operator.

Acquires the wake lock

Queries the unique device ID (IMEI, MEID, IMSI)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-17 20:21

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 20:21

Reported

2024-05-17 20:25

Platform

android-x86-arm-20240514-en

Max time kernel

123s

Max time network

172s

Command Line

parseh.filmha.two

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

parseh.filmha.two

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 api.tapsell.ir udp
IR 45.94.255.23:443 api.tapsell.ir tcp
IR 45.94.255.23:443 api.tapsell.ir tcp
IR 45.94.255.23:443 api.tapsell.ir tcp
US 1.1.1.1:53 storage.tapture.ir udp
IR 45.94.255.23:443 api.tapsell.ir tcp
AZ 185.191.76.90:443 storage.tapture.ir tcp
US 1.1.1.1:53 cdn.rephub.ir udp
US 104.21.26.45:443 cdn.rephub.ir tcp
IR 45.94.255.23:443 api.tapsell.ir tcp
BE 64.233.166.188:5228 tcp
GB 216.58.204.68:443 tcp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 4.ifcfg.me udp
US 34.172.225.131:80 4.ifcfg.me tcp
US 34.172.225.131:80 4.ifcfg.me tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.213.4:443 www.google.com tcp
US 1.1.1.1:53 rdlvsod udp
US 1.1.1.1:53 wdbqefvnnmuo udp
US 1.1.1.1:53 aylcyebkmga udp

Files

/data/data/parseh.filmha.two/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 4cfad73e1e2427d12162c957bf600187
SHA1 8c769ddc5124da5991fbff54a9ff7ae713209f68
SHA256 a174118d62ca076c7cc0e7a7c0f31247b1269a43df0de86c95204eaf210c1ba7
SHA512 6b61c006580b90498534731e1f2d095ede844fc4a8414e980334165cf777ad542e3e66d6f551aef74df86caf86289d48cd119f08c3ccad0e533d32d3cfe947a9

/data/data/parseh.filmha.two/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/parseh.filmha.two/databases/evernote_jobs.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/parseh.filmha.two/databases/evernote_jobs.db-wal

MD5 b9baa8e53c68452d790152fc289f2e73
SHA1 963049b20f78ec1c7f5688d718d21e95c1a7b648
SHA256 07e0c40f0e11b05f0323a85072379eef7450edf96cb3e6ffcbbdf8f980f7ef04
SHA512 a67d7ba24dca3cf8d143fefad9b8774e26ca54afc31f15059b267247d3225233095d1dcf2e9ca614a7fa5aca7b6b044f91fb726699c6725f03e837ac1e333303

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 1cbaf18236f78abea92c59e4deffc5e7
SHA1 72c3e130a0f1c133da8b79f594e190336e53f0c9
SHA256 7e3b0a5f396d76ab6bd8779a64410b187e87ce349ed0a6c0dd35fad8c25df01b
SHA512 b52c0784b727a49ac93f1a5e1e8e136728d66e9b28d53c799e22e48e7383768dd822711bb2f72bdc14c7c8ea94e3ad753a8bfdd5ff5620287abe395f12680dd6

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-wal

MD5 644e1f2e8cb71ce1232e7be2d992e6a3
SHA1 a89e644a4a715305cdb2b23dadfe33ded61fc7fe
SHA256 83da27d69855447a01edf29fd7ed3eadc56c66cf2cf0c67303bb7aca6ab07b3d
SHA512 8863556711362b3473dcc0136f8d3ce45dc32f0b2f5989d09d6af68e3cedd320d5a46db9a648403f3537bf7fb18a0b10471c895c9e33c33bc9ef86f6718faba7

/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr

MD5 97caf4ddfaf8dd7539f7d0f86232587e
SHA1 81835c6adfd75679cc60a62242478a86d77c3354
SHA256 b6d8a0363c2a2ae0773fabbfe03903d6bfbb96ac8febef0504fb4d1cf2ddfe7f
SHA512 43f340b2179805242758c235acc5e2ee5c13148c9991c9f0354b3d11a97b25d8155f60c734d72d48e6c48e15d4b0ba79240a4956d0b15107605ed22302857aa3

/data/data/parseh.filmha.two/cache/Temp1217810297

MD5 4398d4e49d72943ca037145b667af5c2
SHA1 be257dc4fbb5756f7972c095236a3f15a950f088
SHA256 cf48c13513ae8276bb300dab93837095ff36d87d924ef1d621b52826b05c993f
SHA512 801a40a25aac69adf409891756d32085f66a0cafc22947eab1c76e8c0bc66a044a78ddccaa7e17a75e6db7a22caa59463827566ca72b8abba7e2e226c17456fe

/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr

MD5 b702a676a3122403ac567d4088409d60
SHA1 a91a036eb064b83068d04300d9013c98ab163d46
SHA256 817ea666a659249dde4db287c564d8b08bc46fe822843b16e72a5737aa0e81c8
SHA512 71b6c2f7f4fe5550a4979855d61a6f40ccaf269f502566d89152f0bf6773b29baebce5bdcdfa7de938a3f8dadc75788f938af238a64507f709d5ad577f2f0eda

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-17 20:21

Reported

2024-05-17 20:24

Platform

android-x64-20240514-en

Max time kernel

124s

Max time network

184s

Command Line

parseh.filmha.two

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

parseh.filmha.two

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.tapsell.ir udp
IR 45.94.255.21:443 api.tapsell.ir tcp
IR 45.94.255.21:443 api.tapsell.ir tcp
IR 45.94.255.21:443 api.tapsell.ir tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 storage.tapture.ir udp
AZ 185.191.76.90:443 storage.tapture.ir tcp
IR 45.94.255.21:443 api.tapsell.ir tcp
US 1.1.1.1:53 cdn.rephub.ir udp
US 104.21.26.45:443 cdn.rephub.ir tcp
IR 45.94.255.21:443 api.tapsell.ir tcp
US 1.1.1.1:53 4.ifcfg.me udp
US 34.172.225.131:80 4.ifcfg.me tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/parseh.filmha.two/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 41eb73cf3063e64a9f302009d8f07396
SHA1 a63ce2a1b413db59e3216b1000dba4826ef70896
SHA256 a4905778d9c4ac5c735ab438a8f27d928a03acdc68f7ba15cbfb876ae8ce8562
SHA512 a8aae17e62246746e3c5dbc84b27be4e81638ad9ccb31e2b0a28ea8042d72cd12c2d471c1d139443e287656132ef1909cc364b8d6aa050f91e96ac2c0ce2249c

/data/data/parseh.filmha.two/databases/evernote_jobs.db

MD5 ac9084441cc3e5b00e9dd7af5ac7f5f4
SHA1 31d69157b7e813484b6037939f513cccfd97e3d7
SHA256 b661374f100ee3fcd831e47eea8c3bfabdb735c3fc9f85c55080d8f87e067cb1
SHA512 08e647ed98b21eda4f3106faa126e9f33acf62a6d6e8ab56ada7139eb0af5786f60c8bc4ef03971b6219a04f0b7f584a8ca10bf3853d1823d8b872ebacb4c2de

/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 4cc79622d065b8392fc0834b0ed7c0e4
SHA1 8c70a707fdc563a467f9c37746fda21a3fc2151e
SHA256 8b427d3f78c48b6678bee970bebe55e5573595a30ab2e7afa70fe3b0c00ed9fa
SHA512 5c8542113130537225a3a4ffdba22f7b1f6638239e0b68fd07a5fdea5cf69c567176c22bdc1bd3f09666d03d3aaaa7d0a1afbc65f4fa866944d8314956a01348

/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 5a62e2eb9b6bce9e8b222bc7114d5917
SHA1 9046b765f06846ffd779a4732131f221671f2908
SHA256 1cb71d77d3b7b7f8f74a2cd8a38ee2361d4c8cdf989644e5ed89e6acadb12d7a
SHA512 4048991baf3e94d7187843c70dd5a9caaea897d9133aa436e5f77ac5dd6840a08fa9d653a3f82b70e8c64167b4c3437ce7bb5ddbd239212c712169e2a2e63073

/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 437bc1070feb12b6de1f906fdadd3e2b
SHA1 a9a496e1e6f362c134254b9940aa00bb128be28d
SHA256 2d324a5f395cd7504bb73fd0cdeed0830473991f7f110598120282bb6e6f20e5
SHA512 2824ac23dc89add345487549192e6cd47832482a37a87d0484b66528dde037e006788068d2437cc08d736a9cece0ae9362e77ee1062731563cf2eff17db68c88

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 44c33a45af92071646077dffc421dd9f
SHA1 9b30fc319a0d34085df11323e2c287e6e36159e4
SHA256 83d69b3c4eec99b985c5851382b4e889415405530013d026ce7daefd25ac40e7
SHA512 c54ca3d2e3ed357a07d6c85b196bf8fd14ac6f601545773f381a7fe2169d098f65996187fd25b06883967cd00d0aa28d87bf711deb7625a3e24f18d2368f785b

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db

MD5 db989e14a5c585a551a3cbab52334135
SHA1 7f7e58da9c67856c415c137257ba6f13c5df7410
SHA256 e30671dd09cf77e55e835d4c052fdaf94e51ffe4c1585f4a7e37fc9c36491cd5
SHA512 54c9028f8db92681fad0273672b4244dc86df96afaaa0504c32220bb38862232bc83415ef5930c2e384afeb9f1c6a2ee7b6f12fab2a1c471163c9fd8214d7b8e

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 4cb754cf58dc05aba45ec7c0aa32fc92
SHA1 63c961debbcba3b4957bae0ed62e0492226addf1
SHA256 e080edfc64161f6f93c9c6903fd72e697359f251556e1b60c65897039f332a7f
SHA512 a3fe6976230cbbca0b7fe831e1ff874a20240ef17c9871dcbc6781e77c9a33bad0e03d4462e9cfeb97a9fe73559ae46c3812a77fb7ad989019c21636bd198abd

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 0ad19cfa8b389fa1747ac432f4dc2176
SHA1 d8c749c6e1b74dde771606819c41363d61951ea7
SHA256 8efaeac75ecd81a384c717b46a36d5b81e7f09db5fa0ba0df0dd4c894ee91994
SHA512 04edcc0efc1b34019c2bd751fc8b186da018d02af11bb431d6af1a41e5387767a644b226fb1150c157334a2d2cd12fc9a20e59d0d77856396371b9f64d62d118

/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 389c6dbeb3994d0a87f29d352a3b128e
SHA1 fdce9caba4b039d1596302ba46220bc6a751252d
SHA256 af660f5f446c32a8fec9559f636efb6d30eb4df9c3b83c98a38d9ad1074c20be
SHA512 5a7149a18ac0865ee5a0cf01c5ede11646024a6f05d5c4fe748b006d8f184ce17cae5aa959b72ba4a0eb18bd54ff6bab3dd4e053f32c8864319c681ceec7e410

/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 5b91bc4b12615382e3f237ef013bed43
SHA1 1f786f7584d38f6dd9ba38e318fbbb50b6e4b6e7
SHA256 e764ab5aa9a89c62383d6986b1ae083dc72825d7572061b8df1caba96c54d2b7
SHA512 2b6fa7e314545624dd85f974896f9be793cce51a0c615d572e75b3422dd5b6291ec8ab561b7bcd7b494e88d2e7953f8b85fd4d9793467390164ba3013a530bbd

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 294d6d924987d773860954ba586a15b3
SHA1 6818628ab9969392b1e6f38a41ba6223d9eff787
SHA256 232c5562990472c12cd86e66cc42b44523f4d1401eafe398a4186994f12c28d4
SHA512 27530d10ee7d32f8657f1c853bb48a17630b302f5d982e76d58ec26923dac52aebeb20e6ab22ac17fa58dabe201b492db4ad6bc84380eeef0eb020bf36e8e37b

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 f5ad40040a8f7c945cd404f98e864f64
SHA1 15f24c5e2f2d2d4185404dd04c75956801690ddc
SHA256 17b09c7624332d67a097ea17bdf85abcd475d20df9cc385bc1a57294d3bfeb97
SHA512 72046c385648b35cf8a23eafdc1e6c0eeb6204fbccc9fda01a8fb7a0a34fd9ad1b0050ef2865d0ccb894f4072163e9862728c5d60ca111a91e7e8f0edd21d6f7

/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr

MD5 17da1384d8f589a75fba531db94a98af
SHA1 93ff1e39027dc28e631c4e07440814461a1482ca
SHA256 ff8b0d5f5e0b61edacff5c34d0a5da9c0228acf89aac49312d335f1aede50daf
SHA512 c02f633e026fc04637c9d43dcc897675489080b1fad3d81d9f0a28e9f94f6869f12de89284c828d3a48eba704a7eb3696fceeb2a5beb7a2f45c966fd621f8772

/data/data/parseh.filmha.two/cache/Temp97191484

MD5 5c2db015bd9b8dd848f18d71ffb2b5f4
SHA1 25776f06fbf478feeb9fc78d07e9d84026a7445d
SHA256 914f8094a4341d90347aed7492b34a04fc3b79e4889bbc06eab39f04f9fb71e5
SHA512 d7f3e82501999d089cb822f1642d40703abfedc816240c3d949aab71c19059c98b5fba1252bcc83f5079bec0f5ca500ba27a9a486b5c56732d3793c440bf245b

/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr

MD5 b425c6073acb8760dd7478af84bb3f41
SHA1 032000e6807efe3872418ebf95a317f831666faa
SHA256 46d901f5565af795aceba3640ccdc1896179f0dfeb3a42713ca53ed1795574f5
SHA512 1ee2c4d524429790ca68c062ed79ff781e21230836473b030563835970a61dd291a2ef0627baa220969a2be9c1772df67cc25e3dda63ff9a7b976b89686d6b7b

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 0a12595d52c03a31bded73aa425c9087
SHA1 0005edaa0e883d70b20a145f9ccb846e7759c825
SHA256 4861e38334aa6d203983438791b4945abe24fa37d2841bb3345fbbb76a50fa4d
SHA512 0718087137b8f6cb0345083c13bf5eeae175040bf9cafdb0d15c4ba3d977f4d2f8553e9a356fc9d0697c5a1994a72f1189756f6cb297d1151c27f340def77d95

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-17 20:21

Reported

2024-05-17 20:24

Platform

android-x64-arm64-20240514-en

Max time kernel

123s

Max time network

187s

Command Line

parseh.filmha.two

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

parseh.filmha.two

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
BE 142.250.110.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 api.tapsell.ir udp
IR 45.94.254.25:443 api.tapsell.ir tcp
IR 45.94.254.25:443 api.tapsell.ir tcp
IR 45.94.254.25:443 api.tapsell.ir tcp
US 1.1.1.1:53 storage.tapture.ir udp
IR 45.94.254.25:443 api.tapsell.ir tcp
AZ 185.191.76.90:443 storage.tapture.ir tcp
US 1.1.1.1:53 cdn.rephub.ir udp
US 104.21.26.45:443 cdn.rephub.ir tcp
IR 45.94.254.25:443 api.tapsell.ir tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 4.ifcfg.me udp
US 34.172.225.131:80 4.ifcfg.me tcp

Files

/data/user/0/parseh.filmha.two/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 fc63cf439017d9857b154e89ed86e1ef
SHA1 9ab96342993e2299f80eceec84884fb5e385cd06
SHA256 095b8f93a05d00c7f8f588a5e79a1c6c3ad6fba76c89f847e468395ab9fb3822
SHA512 c46fb45320a028d9c215edbac10b8ebeb0ed9f24738341b8fd794ae6307d34721a4dd518d9f9679c84655a6c18ff381938739e8f36f533f7352e81cbd398e0af

/data/user/0/parseh.filmha.two/databases/evernote_jobs.db

MD5 7872aebbbdbc44eeaeb8cbb1b1175628
SHA1 8a1da9dc2add88ecb95ad7b6d3ba2ab097bcd584
SHA256 f4787b54251f86b0ea76e2adc65a019a063656c691e47142569f684faf9a312c
SHA512 02031997c6d13bf26ae4386fef97678cc78832d57ed70a6d8a5992c5590d2f2213df6149c692063065ed774a2c07169de72164352f049a73ecefed26834cf6a2

/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 433bf08981051fe74e2b71cc3a8bf12b
SHA1 7065c3bc7b92f7d653e7d9789388d78a374ecef7
SHA256 0124f47c6ffa0e92369a18eace5b6cdb254fa7ca76be815031c694d1ab2b50c8
SHA512 ef2f6a7932282ced66c2ea72e04c76dcd7a5002db96a30e060b13beebfaa20c0627ca2b994f0d2539963068738d11dae85ef6f23e8afe254ac162be2bef11925

/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 8960f573e33b7d2fbcfe240f6a858cf3
SHA1 3b48f269ee876075ddba2bc1b4b9638e7c76604e
SHA256 8ebb7280de0fcee552d663e4dc560cc7a323073bb94d6c2a9f57470be6dd513a
SHA512 c6e16c6380decff1d4b956dfa004bc5d4124e4186d7c270f4f742186b09a9435ee7baf456dade1adbdadb3997c47ebf41dcf838b462ada42b5e39f90f458e1e3

/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 bfcf292e2dce0faa2784203aab54ae84
SHA1 4c1554d601a016f50e44367843cb9adec87222f1
SHA256 5b2a4e25f759d8e9f62bfee9e613a7675f0c76e6f6d28e87a35934f8d20322f5
SHA512 b184e561e9ba37796691d4513b176a122abe69e274493a6aa1ec8c8425fc9f45e7e4bd17f88eb3a52d607af2d5c9ecc55504f55a4f2b7cec4aa47339f0e1e3b6

/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 f9f66796132a60071d3d5c6aa9163d33
SHA1 ac004a4b966cf9e21f4c70c7a33eaa4e59e9e7dc
SHA256 eb2feb023a5b6d70b0be77da6f12ae923b29dd16395df343cdbf43995a995ffe
SHA512 7d499493461e15ddf58c1795533f4a51a0e572bf5730e44dd45fdbb7bc871e71620794cf81831b544d2489c5376abf5db826ca1137a2e2ff0985e47ef0881b23

/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db

MD5 97af3ebd83f27d0d1aa6a07bbf4f8a89
SHA1 1729e01edeccb6201ef5204ed47b40a919cc47de
SHA256 439f22bbf6f5a57401bdba342c456fa7dd402d60b517db8b6eafc7e0ed1c7928
SHA512 23f80968195479911a897d03339fe2817d5794e5a9b9bf1ca0f2fb9c082a76acfe2d212eb9e938f3e6fc71ff8b29932ee911ddbf0ddf1e4448d1c7526288df2f

/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 3c3678fc03cc3da58bb69174576ac858
SHA1 307c41791d15317b8f01aa3624d4dca604d372d7
SHA256 45058263fb0a977c1c48c4e435e9bdb6547f3f27c86850fbffdd36326612c86c
SHA512 aa774a369af3187e0c736a937de0000bec75a22984bf4ddb05f7de6b6c5c214f2e31474a47fa0697d5e85fa54e2647fc36f9af246cbe3237e632797acc06cf6f

/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 c3b555cc3ecc06d10793ba847dc551e4
SHA1 a115f2e81fa55e5c0bddc2fa135fed0a95d97c57
SHA256 4830e7137448bc6771ed83521580284bdfcef48359a3495c1a952328ad23e6b8
SHA512 e01d244f3ae06edf5c7fa70f2ca829cdcc7969ae876b1342d2f2de0acaca52c2ba8aa96edc02c07ee802365d464900f7b8da64a3329d63ceaeb79dc699a94596

/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 ac78ccfdc1201f0b9e095804d83e83da
SHA1 7e4c2276bdabd56bde4eb1ec1b436e0b20151ea2
SHA256 e94cfff5bcef0a51776aef3f8278ed34744f267c246e417e64975d61889bea63
SHA512 668a0bdc1f141c6b006737e8abef9d42ab3397b577f29d3d9de1e0c82c3dfd8d723715eb3dcf10b426efe7c51f549316843d830850317488da631cc7831f75e4

/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 3e4e7f7339118fad2aafd1db85c6435e
SHA1 f0f2850651bd131d707b7596504781e9b2f9fe75
SHA256 feed0005f7e92b6d555f1c480ee5eeaef4385314fe73f24ef6649e20cad64250
SHA512 f8c6ba763bc8f9f503d3445eaf8e21bdf392821b6f9343231bfbfb95990a6fd50b3e63c6b9a3409c184addd6eec9802167bed2ab4ad4df0e9e7bd9cd83ec849a

/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 04a9fd0a38ac4e14c697d936987253f0
SHA1 4c5a4967c4d9ca75314acd854ded20196e8a8146
SHA256 c12e8b97a05232ed45b542d929bae2054bc43bcb616c5c12056399de8551f9de
SHA512 c6e5db55c3053c57464ccd4f2878e7b5e582200aa6fb50c88ef3c3940328cdea449810544e928405bbd2603392fe758fc45a1afa3d5b1b5284a5cbeee0bef9fa

/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 fa37e8fc4093cc995f336ddab91d69ac
SHA1 4ae0e3d60686a3ff385fae4341f69a6430244e34
SHA256 ae3504ae0f2724b4b8ea7955a3a4ae7bf0eb4987cff7f74e3a380881464f4d70
SHA512 dc8cdcdcb96fb981b93ff5a8d18c08bf20365a2f4f46390be18b50aaa750b63a666727c676ce87eb4c86a3454969946fbc59d0e1c89c733445dff154dec279dd

/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 7f451e848c7c385e69fe461fbbd15f7c
SHA1 9095d50cc0251197a2401aa6f94a26dd0a60cfb2
SHA256 654fdbeb1f781f46551870caffd1adf65bc9087566552193957a5c3f27aa6caa
SHA512 7c4127db483bc0b59567587c110c20e41347db054000109cc8c740b40379716c3339296d472c7416c130b01878a9cfc9dce2156a29ae92001c35c692b98dd92b

/data/user/0/parseh.filmha.two/app_Requests/QueuedRequests.sr

MD5 4d312d7fbe07b60569efee4c6bd28f25
SHA1 c27b0bc5cff25c889b458d59692509ee7bc1397a
SHA256 2950b7a81a04f0a2056f5e9ca43fed85684b8c4af29b4ae8bbb1a77b14f24222
SHA512 03ebd9379c1e342c7ce9e3c1949f4ad952c5e477cac9a770e1bee16d5e97d04b83ceef37aa769001ba51530c2dab275051aed133953dded50e21d5270202ef1d

/data/user/0/parseh.filmha.two/app_Requests/QueuedRequests.sr

MD5 1e1d8c8f0d275881d4944e26f958a635
SHA1 580fc06ded1d4fba9d20236964792ad0f34fd076
SHA256 f5ea1e443f67fa87a00f36db7b43dbbcadb908e68337c5c5d9c60e47152d1c2c
SHA512 fc3eaa3226595c30f4077a9f70fb0c7fa14e476f03fddd312528685bfb24d99d070cc95faa7631f10bab05154d43286ed758af0030f4182227defd06b06539be

/data/user/0/parseh.filmha.two/cache/Temp1217810297

MD5 4398d4e49d72943ca037145b667af5c2
SHA1 be257dc4fbb5756f7972c095236a3f15a950f088
SHA256 cf48c13513ae8276bb300dab93837095ff36d87d924ef1d621b52826b05c993f
SHA512 801a40a25aac69adf409891756d32085f66a0cafc22947eab1c76e8c0bc66a044a78ddccaa7e17a75e6db7a22caa59463827566ca72b8abba7e2e226c17456fe