Analysis Overview
SHA256
8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72
Threat Level: Known bad
The file 515257eed660ad6345930c3f1c03bdcc_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
Registers a broadcast receiver at runtime (usually for listening for system events)
Queries information about the current nearby Wi-Fi networks
Checks if the internet connection is available
Schedules tasks to execute at a specified time
Requests dangerous framework permissions
Reads information about phone network operator.
Acquires the wake lock
Queries the unique device ID (IMEI, MEID, IMSI)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-17 20:21
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-17 20:21
Reported
2024-05-17 20:25
Platform
android-x86-arm-20240514-en
Max time kernel
123s
Max time network
172s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
parseh.filmha.two
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | api.tapsell.ir | udp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| US | 1.1.1.1:53 | storage.tapture.ir | udp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| AZ | 185.191.76.90:443 | storage.tapture.ir | tcp |
| US | 1.1.1.1:53 | cdn.rephub.ir | udp |
| US | 104.21.26.45:443 | cdn.rephub.ir | tcp |
| IR | 45.94.255.23:443 | api.tapsell.ir | tcp |
| BE | 64.233.166.188:5228 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 34.172.225.131:80 | 4.ifcfg.me | tcp |
| US | 34.172.225.131:80 | 4.ifcfg.me | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.213.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | rdlvsod | udp |
| US | 1.1.1.1:53 | wdbqefvnnmuo | udp |
| US | 1.1.1.1:53 | aylcyebkmga | udp |
Files
/data/data/parseh.filmha.two/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal
| MD5 | 4cfad73e1e2427d12162c957bf600187 |
| SHA1 | 8c769ddc5124da5991fbff54a9ff7ae713209f68 |
| SHA256 | a174118d62ca076c7cc0e7a7c0f31247b1269a43df0de86c95204eaf210c1ba7 |
| SHA512 | 6b61c006580b90498534731e1f2d095ede844fc4a8414e980334165cf777ad542e3e66d6f551aef74df86caf86289d48cd119f08c3ccad0e533d32d3cfe947a9 |
/data/data/parseh.filmha.two/databases/evernote_jobs.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/parseh.filmha.two/databases/evernote_jobs.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/parseh.filmha.two/databases/evernote_jobs.db-wal
| MD5 | b9baa8e53c68452d790152fc289f2e73 |
| SHA1 | 963049b20f78ec1c7f5688d718d21e95c1a7b648 |
| SHA256 | 07e0c40f0e11b05f0323a85072379eef7450edf96cb3e6ffcbbdf8f980f7ef04 |
| SHA512 | a67d7ba24dca3cf8d143fefad9b8774e26ca54afc31f15059b267247d3225233095d1dcf2e9ca614a7fa5aca7b6b044f91fb726699c6725f03e837ac1e333303 |
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal
| MD5 | 1cbaf18236f78abea92c59e4deffc5e7 |
| SHA1 | 72c3e130a0f1c133da8b79f594e190336e53f0c9 |
| SHA256 | 7e3b0a5f396d76ab6bd8779a64410b187e87ce349ed0a6c0dd35fad8c25df01b |
| SHA512 | b52c0784b727a49ac93f1a5e1e8e136728d66e9b28d53c799e22e48e7383768dd822711bb2f72bdc14c7c8ea94e3ad753a8bfdd5ff5620287abe395f12680dd6 |
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-wal
| MD5 | 644e1f2e8cb71ce1232e7be2d992e6a3 |
| SHA1 | a89e644a4a715305cdb2b23dadfe33ded61fc7fe |
| SHA256 | 83da27d69855447a01edf29fd7ed3eadc56c66cf2cf0c67303bb7aca6ab07b3d |
| SHA512 | 8863556711362b3473dcc0136f8d3ce45dc32f0b2f5989d09d6af68e3cedd320d5a46db9a648403f3537bf7fb18a0b10471c895c9e33c33bc9ef86f6718faba7 |
/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr
| MD5 | 97caf4ddfaf8dd7539f7d0f86232587e |
| SHA1 | 81835c6adfd75679cc60a62242478a86d77c3354 |
| SHA256 | b6d8a0363c2a2ae0773fabbfe03903d6bfbb96ac8febef0504fb4d1cf2ddfe7f |
| SHA512 | 43f340b2179805242758c235acc5e2ee5c13148c9991c9f0354b3d11a97b25d8155f60c734d72d48e6c48e15d4b0ba79240a4956d0b15107605ed22302857aa3 |
/data/data/parseh.filmha.two/cache/Temp1217810297
| MD5 | 4398d4e49d72943ca037145b667af5c2 |
| SHA1 | be257dc4fbb5756f7972c095236a3f15a950f088 |
| SHA256 | cf48c13513ae8276bb300dab93837095ff36d87d924ef1d621b52826b05c993f |
| SHA512 | 801a40a25aac69adf409891756d32085f66a0cafc22947eab1c76e8c0bc66a044a78ddccaa7e17a75e6db7a22caa59463827566ca72b8abba7e2e226c17456fe |
/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr
| MD5 | b702a676a3122403ac567d4088409d60 |
| SHA1 | a91a036eb064b83068d04300d9013c98ab163d46 |
| SHA256 | 817ea666a659249dde4db287c564d8b08bc46fe822843b16e72a5737aa0e81c8 |
| SHA512 | 71b6c2f7f4fe5550a4979855d61a6f40ccaf269f502566d89152f0bf6773b29baebce5bdcdfa7de938a3f8dadc75788f938af238a64507f709d5ad577f2f0eda |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-17 20:21
Reported
2024-05-17 20:24
Platform
android-x64-20240514-en
Max time kernel
124s
Max time network
184s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
parseh.filmha.two
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | api.tapsell.ir | udp |
| IR | 45.94.255.21:443 | api.tapsell.ir | tcp |
| IR | 45.94.255.21:443 | api.tapsell.ir | tcp |
| IR | 45.94.255.21:443 | api.tapsell.ir | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | storage.tapture.ir | udp |
| AZ | 185.191.76.90:443 | storage.tapture.ir | tcp |
| IR | 45.94.255.21:443 | api.tapsell.ir | tcp |
| US | 1.1.1.1:53 | cdn.rephub.ir | udp |
| US | 104.21.26.45:443 | cdn.rephub.ir | tcp |
| IR | 45.94.255.21:443 | api.tapsell.ir | tcp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 34.172.225.131:80 | 4.ifcfg.me | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp |
Files
/data/data/parseh.filmha.two/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal
| MD5 | 41eb73cf3063e64a9f302009d8f07396 |
| SHA1 | a63ce2a1b413db59e3216b1000dba4826ef70896 |
| SHA256 | a4905778d9c4ac5c735ab438a8f27d928a03acdc68f7ba15cbfb876ae8ce8562 |
| SHA512 | a8aae17e62246746e3c5dbc84b27be4e81638ad9ccb31e2b0a28ea8042d72cd12c2d471c1d139443e287656132ef1909cc364b8d6aa050f91e96ac2c0ce2249c |
/data/data/parseh.filmha.two/databases/evernote_jobs.db
| MD5 | ac9084441cc3e5b00e9dd7af5ac7f5f4 |
| SHA1 | 31d69157b7e813484b6037939f513cccfd97e3d7 |
| SHA256 | b661374f100ee3fcd831e47eea8c3bfabdb735c3fc9f85c55080d8f87e067cb1 |
| SHA512 | 08e647ed98b21eda4f3106faa126e9f33acf62a6d6e8ab56ada7139eb0af5786f60c8bc4ef03971b6219a04f0b7f584a8ca10bf3853d1823d8b872ebacb4c2de |
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal
| MD5 | 4cc79622d065b8392fc0834b0ed7c0e4 |
| SHA1 | 8c70a707fdc563a467f9c37746fda21a3fc2151e |
| SHA256 | 8b427d3f78c48b6678bee970bebe55e5573595a30ab2e7afa70fe3b0c00ed9fa |
| SHA512 | 5c8542113130537225a3a4ffdba22f7b1f6638239e0b68fd07a5fdea5cf69c567176c22bdc1bd3f09666d03d3aaaa7d0a1afbc65f4fa866944d8314956a01348 |
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal
| MD5 | 5a62e2eb9b6bce9e8b222bc7114d5917 |
| SHA1 | 9046b765f06846ffd779a4732131f221671f2908 |
| SHA256 | 1cb71d77d3b7b7f8f74a2cd8a38ee2361d4c8cdf989644e5ed89e6acadb12d7a |
| SHA512 | 4048991baf3e94d7187843c70dd5a9caaea897d9133aa436e5f77ac5dd6840a08fa9d653a3f82b70e8c64167b4c3437ce7bb5ddbd239212c712169e2a2e63073 |
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal
| MD5 | 437bc1070feb12b6de1f906fdadd3e2b |
| SHA1 | a9a496e1e6f362c134254b9940aa00bb128be28d |
| SHA256 | 2d324a5f395cd7504bb73fd0cdeed0830473991f7f110598120282bb6e6f20e5 |
| SHA512 | 2824ac23dc89add345487549192e6cd47832482a37a87d0484b66528dde037e006788068d2437cc08d736a9cece0ae9362e77ee1062731563cf2eff17db68c88 |
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal
| MD5 | 44c33a45af92071646077dffc421dd9f |
| SHA1 | 9b30fc319a0d34085df11323e2c287e6e36159e4 |
| SHA256 | 83d69b3c4eec99b985c5851382b4e889415405530013d026ce7daefd25ac40e7 |
| SHA512 | c54ca3d2e3ed357a07d6c85b196bf8fd14ac6f601545773f381a7fe2169d098f65996187fd25b06883967cd00d0aa28d87bf711deb7625a3e24f18d2368f785b |
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db
| MD5 | db989e14a5c585a551a3cbab52334135 |
| SHA1 | 7f7e58da9c67856c415c137257ba6f13c5df7410 |
| SHA256 | e30671dd09cf77e55e835d4c052fdaf94e51ffe4c1585f4a7e37fc9c36491cd5 |
| SHA512 | 54c9028f8db92681fad0273672b4244dc86df96afaaa0504c32220bb38862232bc83415ef5930c2e384afeb9f1c6a2ee7b6f12fab2a1c471163c9fd8214d7b8e |
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal
| MD5 | 4cb754cf58dc05aba45ec7c0aa32fc92 |
| SHA1 | 63c961debbcba3b4957bae0ed62e0492226addf1 |
| SHA256 | e080edfc64161f6f93c9c6903fd72e697359f251556e1b60c65897039f332a7f |
| SHA512 | a3fe6976230cbbca0b7fe831e1ff874a20240ef17c9871dcbc6781e77c9a33bad0e03d4462e9cfeb97a9fe73559ae46c3812a77fb7ad989019c21636bd198abd |
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal
| MD5 | 0ad19cfa8b389fa1747ac432f4dc2176 |
| SHA1 | d8c749c6e1b74dde771606819c41363d61951ea7 |
| SHA256 | 8efaeac75ecd81a384c717b46a36d5b81e7f09db5fa0ba0df0dd4c894ee91994 |
| SHA512 | 04edcc0efc1b34019c2bd751fc8b186da018d02af11bb431d6af1a41e5387767a644b226fb1150c157334a2d2cd12fc9a20e59d0d77856396371b9f64d62d118 |
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal
| MD5 | 389c6dbeb3994d0a87f29d352a3b128e |
| SHA1 | fdce9caba4b039d1596302ba46220bc6a751252d |
| SHA256 | af660f5f446c32a8fec9559f636efb6d30eb4df9c3b83c98a38d9ad1074c20be |
| SHA512 | 5a7149a18ac0865ee5a0cf01c5ede11646024a6f05d5c4fe748b006d8f184ce17cae5aa959b72ba4a0eb18bd54ff6bab3dd4e053f32c8864319c681ceec7e410 |
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal
| MD5 | 5b91bc4b12615382e3f237ef013bed43 |
| SHA1 | 1f786f7584d38f6dd9ba38e318fbbb50b6e4b6e7 |
| SHA256 | e764ab5aa9a89c62383d6986b1ae083dc72825d7572061b8df1caba96c54d2b7 |
| SHA512 | 2b6fa7e314545624dd85f974896f9be793cce51a0c615d572e75b3422dd5b6291ec8ab561b7bcd7b494e88d2e7953f8b85fd4d9793467390164ba3013a530bbd |
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal
| MD5 | 294d6d924987d773860954ba586a15b3 |
| SHA1 | 6818628ab9969392b1e6f38a41ba6223d9eff787 |
| SHA256 | 232c5562990472c12cd86e66cc42b44523f4d1401eafe398a4186994f12c28d4 |
| SHA512 | 27530d10ee7d32f8657f1c853bb48a17630b302f5d982e76d58ec26923dac52aebeb20e6ab22ac17fa58dabe201b492db4ad6bc84380eeef0eb020bf36e8e37b |
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal
| MD5 | f5ad40040a8f7c945cd404f98e864f64 |
| SHA1 | 15f24c5e2f2d2d4185404dd04c75956801690ddc |
| SHA256 | 17b09c7624332d67a097ea17bdf85abcd475d20df9cc385bc1a57294d3bfeb97 |
| SHA512 | 72046c385648b35cf8a23eafdc1e6c0eeb6204fbccc9fda01a8fb7a0a34fd9ad1b0050ef2865d0ccb894f4072163e9862728c5d60ca111a91e7e8f0edd21d6f7 |
/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr
| MD5 | 17da1384d8f589a75fba531db94a98af |
| SHA1 | 93ff1e39027dc28e631c4e07440814461a1482ca |
| SHA256 | ff8b0d5f5e0b61edacff5c34d0a5da9c0228acf89aac49312d335f1aede50daf |
| SHA512 | c02f633e026fc04637c9d43dcc897675489080b1fad3d81d9f0a28e9f94f6869f12de89284c828d3a48eba704a7eb3696fceeb2a5beb7a2f45c966fd621f8772 |
/data/data/parseh.filmha.two/cache/Temp97191484
| MD5 | 5c2db015bd9b8dd848f18d71ffb2b5f4 |
| SHA1 | 25776f06fbf478feeb9fc78d07e9d84026a7445d |
| SHA256 | 914f8094a4341d90347aed7492b34a04fc3b79e4889bbc06eab39f04f9fb71e5 |
| SHA512 | d7f3e82501999d089cb822f1642d40703abfedc816240c3d949aab71c19059c98b5fba1252bcc83f5079bec0f5ca500ba27a9a486b5c56732d3793c440bf245b |
/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr
| MD5 | b425c6073acb8760dd7478af84bb3f41 |
| SHA1 | 032000e6807efe3872418ebf95a317f831666faa |
| SHA256 | 46d901f5565af795aceba3640ccdc1896179f0dfeb3a42713ca53ed1795574f5 |
| SHA512 | 1ee2c4d524429790ca68c062ed79ff781e21230836473b030563835970a61dd291a2ef0627baa220969a2be9c1772df67cc25e3dda63ff9a7b976b89686d6b7b |
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal
| MD5 | 0a12595d52c03a31bded73aa425c9087 |
| SHA1 | 0005edaa0e883d70b20a145f9ccb846e7759c825 |
| SHA256 | 4861e38334aa6d203983438791b4945abe24fa37d2841bb3345fbbb76a50fa4d |
| SHA512 | 0718087137b8f6cb0345083c13bf5eeae175040bf9cafdb0d15c4ba3d977f4d2f8553e9a356fc9d0697c5a1994a72f1189756f6cb297d1151c27f340def77d95 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-17 20:21
Reported
2024-05-17 20:24
Platform
android-x64-arm64-20240514-en
Max time kernel
123s
Max time network
187s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
parseh.filmha.two
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| BE | 142.250.110.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | api.tapsell.ir | udp |
| IR | 45.94.254.25:443 | api.tapsell.ir | tcp |
| IR | 45.94.254.25:443 | api.tapsell.ir | tcp |
| IR | 45.94.254.25:443 | api.tapsell.ir | tcp |
| US | 1.1.1.1:53 | storage.tapture.ir | udp |
| IR | 45.94.254.25:443 | api.tapsell.ir | tcp |
| AZ | 185.191.76.90:443 | storage.tapture.ir | tcp |
| US | 1.1.1.1:53 | cdn.rephub.ir | udp |
| US | 104.21.26.45:443 | cdn.rephub.ir | tcp |
| IR | 45.94.254.25:443 | api.tapsell.ir | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 34.172.225.131:80 | 4.ifcfg.me | tcp |
Files
/data/user/0/parseh.filmha.two/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal
| MD5 | fc63cf439017d9857b154e89ed86e1ef |
| SHA1 | 9ab96342993e2299f80eceec84884fb5e385cd06 |
| SHA256 | 095b8f93a05d00c7f8f588a5e79a1c6c3ad6fba76c89f847e468395ab9fb3822 |
| SHA512 | c46fb45320a028d9c215edbac10b8ebeb0ed9f24738341b8fd794ae6307d34721a4dd518d9f9679c84655a6c18ff381938739e8f36f533f7352e81cbd398e0af |
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db
| MD5 | 7872aebbbdbc44eeaeb8cbb1b1175628 |
| SHA1 | 8a1da9dc2add88ecb95ad7b6d3ba2ab097bcd584 |
| SHA256 | f4787b54251f86b0ea76e2adc65a019a063656c691e47142569f684faf9a312c |
| SHA512 | 02031997c6d13bf26ae4386fef97678cc78832d57ed70a6d8a5992c5590d2f2213df6149c692063065ed774a2c07169de72164352f049a73ecefed26834cf6a2 |
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal
| MD5 | 433bf08981051fe74e2b71cc3a8bf12b |
| SHA1 | 7065c3bc7b92f7d653e7d9789388d78a374ecef7 |
| SHA256 | 0124f47c6ffa0e92369a18eace5b6cdb254fa7ca76be815031c694d1ab2b50c8 |
| SHA512 | ef2f6a7932282ced66c2ea72e04c76dcd7a5002db96a30e060b13beebfaa20c0627ca2b994f0d2539963068738d11dae85ef6f23e8afe254ac162be2bef11925 |
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal
| MD5 | 8960f573e33b7d2fbcfe240f6a858cf3 |
| SHA1 | 3b48f269ee876075ddba2bc1b4b9638e7c76604e |
| SHA256 | 8ebb7280de0fcee552d663e4dc560cc7a323073bb94d6c2a9f57470be6dd513a |
| SHA512 | c6e16c6380decff1d4b956dfa004bc5d4124e4186d7c270f4f742186b09a9435ee7baf456dade1adbdadb3997c47ebf41dcf838b462ada42b5e39f90f458e1e3 |
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal
| MD5 | bfcf292e2dce0faa2784203aab54ae84 |
| SHA1 | 4c1554d601a016f50e44367843cb9adec87222f1 |
| SHA256 | 5b2a4e25f759d8e9f62bfee9e613a7675f0c76e6f6d28e87a35934f8d20322f5 |
| SHA512 | b184e561e9ba37796691d4513b176a122abe69e274493a6aa1ec8c8425fc9f45e7e4bd17f88eb3a52d607af2d5c9ecc55504f55a4f2b7cec4aa47339f0e1e3b6 |
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal
| MD5 | f9f66796132a60071d3d5c6aa9163d33 |
| SHA1 | ac004a4b966cf9e21f4c70c7a33eaa4e59e9e7dc |
| SHA256 | eb2feb023a5b6d70b0be77da6f12ae923b29dd16395df343cdbf43995a995ffe |
| SHA512 | 7d499493461e15ddf58c1795533f4a51a0e572bf5730e44dd45fdbb7bc871e71620794cf81831b544d2489c5376abf5db826ca1137a2e2ff0985e47ef0881b23 |
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db
| MD5 | 97af3ebd83f27d0d1aa6a07bbf4f8a89 |
| SHA1 | 1729e01edeccb6201ef5204ed47b40a919cc47de |
| SHA256 | 439f22bbf6f5a57401bdba342c456fa7dd402d60b517db8b6eafc7e0ed1c7928 |
| SHA512 | 23f80968195479911a897d03339fe2817d5794e5a9b9bf1ca0f2fb9c082a76acfe2d212eb9e938f3e6fc71ff8b29932ee911ddbf0ddf1e4448d1c7526288df2f |
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal
| MD5 | 3c3678fc03cc3da58bb69174576ac858 |
| SHA1 | 307c41791d15317b8f01aa3624d4dca604d372d7 |
| SHA256 | 45058263fb0a977c1c48c4e435e9bdb6547f3f27c86850fbffdd36326612c86c |
| SHA512 | aa774a369af3187e0c736a937de0000bec75a22984bf4ddb05f7de6b6c5c214f2e31474a47fa0697d5e85fa54e2647fc36f9af246cbe3237e632797acc06cf6f |
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal
| MD5 | c3b555cc3ecc06d10793ba847dc551e4 |
| SHA1 | a115f2e81fa55e5c0bddc2fa135fed0a95d97c57 |
| SHA256 | 4830e7137448bc6771ed83521580284bdfcef48359a3495c1a952328ad23e6b8 |
| SHA512 | e01d244f3ae06edf5c7fa70f2ca829cdcc7969ae876b1342d2f2de0acaca52c2ba8aa96edc02c07ee802365d464900f7b8da64a3329d63ceaeb79dc699a94596 |
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal
| MD5 | ac78ccfdc1201f0b9e095804d83e83da |
| SHA1 | 7e4c2276bdabd56bde4eb1ec1b436e0b20151ea2 |
| SHA256 | e94cfff5bcef0a51776aef3f8278ed34744f267c246e417e64975d61889bea63 |
| SHA512 | 668a0bdc1f141c6b006737e8abef9d42ab3397b577f29d3d9de1e0c82c3dfd8d723715eb3dcf10b426efe7c51f549316843d830850317488da631cc7831f75e4 |
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal
| MD5 | 3e4e7f7339118fad2aafd1db85c6435e |
| SHA1 | f0f2850651bd131d707b7596504781e9b2f9fe75 |
| SHA256 | feed0005f7e92b6d555f1c480ee5eeaef4385314fe73f24ef6649e20cad64250 |
| SHA512 | f8c6ba763bc8f9f503d3445eaf8e21bdf392821b6f9343231bfbfb95990a6fd50b3e63c6b9a3409c184addd6eec9802167bed2ab4ad4df0e9e7bd9cd83ec849a |
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal
| MD5 | 04a9fd0a38ac4e14c697d936987253f0 |
| SHA1 | 4c5a4967c4d9ca75314acd854ded20196e8a8146 |
| SHA256 | c12e8b97a05232ed45b542d929bae2054bc43bcb616c5c12056399de8551f9de |
| SHA512 | c6e5db55c3053c57464ccd4f2878e7b5e582200aa6fb50c88ef3c3940328cdea449810544e928405bbd2603392fe758fc45a1afa3d5b1b5284a5cbeee0bef9fa |
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal
| MD5 | fa37e8fc4093cc995f336ddab91d69ac |
| SHA1 | 4ae0e3d60686a3ff385fae4341f69a6430244e34 |
| SHA256 | ae3504ae0f2724b4b8ea7955a3a4ae7bf0eb4987cff7f74e3a380881464f4d70 |
| SHA512 | dc8cdcdcb96fb981b93ff5a8d18c08bf20365a2f4f46390be18b50aaa750b63a666727c676ce87eb4c86a3454969946fbc59d0e1c89c733445dff154dec279dd |
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal
| MD5 | 7f451e848c7c385e69fe461fbbd15f7c |
| SHA1 | 9095d50cc0251197a2401aa6f94a26dd0a60cfb2 |
| SHA256 | 654fdbeb1f781f46551870caffd1adf65bc9087566552193957a5c3f27aa6caa |
| SHA512 | 7c4127db483bc0b59567587c110c20e41347db054000109cc8c740b40379716c3339296d472c7416c130b01878a9cfc9dce2156a29ae92001c35c692b98dd92b |
/data/user/0/parseh.filmha.two/app_Requests/QueuedRequests.sr
| MD5 | 4d312d7fbe07b60569efee4c6bd28f25 |
| SHA1 | c27b0bc5cff25c889b458d59692509ee7bc1397a |
| SHA256 | 2950b7a81a04f0a2056f5e9ca43fed85684b8c4af29b4ae8bbb1a77b14f24222 |
| SHA512 | 03ebd9379c1e342c7ce9e3c1949f4ad952c5e477cac9a770e1bee16d5e97d04b83ceef37aa769001ba51530c2dab275051aed133953dded50e21d5270202ef1d |
/data/user/0/parseh.filmha.two/app_Requests/QueuedRequests.sr
| MD5 | 1e1d8c8f0d275881d4944e26f958a635 |
| SHA1 | 580fc06ded1d4fba9d20236964792ad0f34fd076 |
| SHA256 | f5ea1e443f67fa87a00f36db7b43dbbcadb908e68337c5c5d9c60e47152d1c2c |
| SHA512 | fc3eaa3226595c30f4077a9f70fb0c7fa14e476f03fddd312528685bfb24d99d070cc95faa7631f10bab05154d43286ed758af0030f4182227defd06b06539be |
/data/user/0/parseh.filmha.two/cache/Temp1217810297
| MD5 | 4398d4e49d72943ca037145b667af5c2 |
| SHA1 | be257dc4fbb5756f7972c095236a3f15a950f088 |
| SHA256 | cf48c13513ae8276bb300dab93837095ff36d87d924ef1d621b52826b05c993f |
| SHA512 | 801a40a25aac69adf409891756d32085f66a0cafc22947eab1c76e8c0bc66a044a78ddccaa7e17a75e6db7a22caa59463827566ca72b8abba7e2e226c17456fe |