Malware Analysis Report

2024-09-09 16:11

Sample ID 240517-zglz4aaa5w
Target 8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72
SHA256 8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72
Tags
irata banker collection discovery evasion execution persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72

Threat Level: Known bad

The file 8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72 was found to be: Known bad.

Malicious Activity Summary

irata banker collection discovery evasion execution persistence

Irata family

Irata payload

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current nearby Wi-Fi networks

Reads information about phone network operator.

Schedules tasks to execute at a specified time

Requests dangerous framework permissions

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-17 20:41

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 20:41

Reported

2024-05-17 20:44

Platform

android-x86-arm-20240514-en

Max time kernel

123s

Max time network

186s

Command Line

parseh.filmha.two

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

parseh.filmha.two

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 api.tapsell.ir udp
IR 45.94.255.21:443 api.tapsell.ir tcp
IR 45.94.255.21:443 api.tapsell.ir tcp
IR 45.94.255.21:443 api.tapsell.ir tcp
US 1.1.1.1:53 storage.tapture.ir udp
IR 45.94.255.21:443 api.tapsell.ir tcp
AZ 185.191.76.90:443 storage.tapture.ir tcp
US 1.1.1.1:53 cdn.rephub.ir udp
US 172.67.135.96:443 cdn.rephub.ir tcp
IR 45.94.255.21:443 api.tapsell.ir tcp
BE 108.177.15.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 tcp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 4.ifcfg.me udp
US 34.172.225.131:80 4.ifcfg.me tcp
US 34.172.225.131:80 4.ifcfg.me tcp

Files

/data/data/parseh.filmha.two/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 1de0897ba176dee8a71f4d88d6cf78c6
SHA1 0548f1125993feb20fed351884b0678e9bb59710
SHA256 6d6aa63f70bdeffa06e029c2ad506238fc407681e080fb002a96ab27e8aa4119
SHA512 2a5e4cb268780eac766c4110b8ae8b9e8f19adf25daaae587db9be4c9b8a808d5ab2d1232e48a63b01339debb718ade0945a17658441d4c31a6838de80a75eb7

/data/data/parseh.filmha.two/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/parseh.filmha.two/databases/evernote_jobs.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/parseh.filmha.two/databases/evernote_jobs.db-wal

MD5 88c3bba94b06ed3de5cb21947b148df3
SHA1 9a01c585748573b33e93cdd6ea7f5e0dc3279933
SHA256 14ccf9ed9520403be6cbc7bd68ceda3ec3d835b0a3e4d709ffe5d75ce2d27ef1
SHA512 64412a5254ee22d51617dc95b694aa82b24742e0f2d9df39381c881503dd667c31859a848d6af9b8077b5f2c418a311cef058793a3ac6d543656663184f9fe97

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 d82da112712abaadfb676251a11d6566
SHA1 6b1ffc382e61498e8657e6bf86f082581f8390c8
SHA256 f198f5672c4ad4297090c1bba5be5958c2c43a23fa729433b6948178dea986e3
SHA512 5a93a47a142e2036c12a6383237bc2eb4a1a68b6ec4bc6325e9af878cf1429cc0b916cc073b183b2cc90d87db2d89473fa0c7944642ab8bfb109987e7ede4329

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-wal

MD5 7d0bba21ddd0792a39305b875431db25
SHA1 f5a3d9c7ba04a9c292118f899b84915aa684e5e8
SHA256 fa4504743143de1f6ee5d16a9b190cb9b1ca931fb4d182680ec9d91cd612d1f3
SHA512 c78d8fd27017ba2f2bd580c73e6f50b41048a69f0215ed04b86d8747ed10141d1c6ba4e443b541c603900aeb1a49ebf68f8be8dc246dcf96c04daff477f0f65b

/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr

MD5 afdf467528c1072942e0637263af72c9
SHA1 e4e3ed07c8713c88fdd9053a96ec8673346cdeca
SHA256 ffc8dcff07e313d6914e443ad5d35c8d55e4b41181535808433cdf66f83851d7
SHA512 459e85f07afc8188d85078923a7a0ad6497d9d54516844ae9109f12ff4c3ee3ccc1e8987d5bb2b1ff9e33b31f131a18f5e13927ae2eace9240a0d820e8eb934a

/data/data/parseh.filmha.two/cache/Temp959717377

MD5 5af7dbcca37558c942081de1d9d8aadb
SHA1 31feb92b3bebc4f377f44d543da3935f649aa72b
SHA256 dc76d675c65ec7427d4ea05d6abf671c06aeeb80fda9f193a7f4181ed0706b6d
SHA512 3c06cc2c3902ecc18b81f6cc512112f1a3159ab64c54863ade61486e057321ce1a6092f82f5c0c5643fdffe2c220a136eef37c77a8bf8e6f3355e4ef5a91f6b6

/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr

MD5 910bb14977dfa80f2a32f40fa2e023a4
SHA1 2ce153d904db91c9256146a4b6f73f020c488fab
SHA256 c6bf3f861df78e2292fa13b74d1129ab95fa8632b672aeb64295df2b74ca7258
SHA512 31cb61eb6999b5e74c07e17f18af8d5934b888d6f983a9c500c3409d7912965ce36ff47d3a7283dd6a153b101e25ac51b1a216e1bc175ce01ab91acda1ffeb0c

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-17 20:41

Reported

2024-05-17 20:44

Platform

android-x64-20240514-en

Max time kernel

124s

Max time network

184s

Command Line

parseh.filmha.two

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

parseh.filmha.two

Network

Country Destination Domain Proto
GB 142.250.178.10:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 api.tapsell.ir udp
IR 45.94.255.21:443 api.tapsell.ir tcp
BE 74.125.133.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
IR 45.94.255.21:443 api.tapsell.ir tcp
IR 45.94.255.21:443 api.tapsell.ir tcp
US 1.1.1.1:53 storage.tapture.ir udp
AZ 185.191.76.90:443 storage.tapture.ir tcp
IR 45.94.255.21:443 api.tapsell.ir tcp
US 1.1.1.1:53 cdn.rephub.ir udp
US 172.67.135.96:443 cdn.rephub.ir tcp
IR 45.94.255.21:443 api.tapsell.ir tcp
US 1.1.1.1:53 4.ifcfg.me udp
US 34.172.225.131:80 4.ifcfg.me tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp

Files

/data/data/parseh.filmha.two/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 1d532958c32a87cfe6e5bac32b59574c
SHA1 f4b6b0b0bedf630e82f0170fb8d19198eba9985b
SHA256 ee7dc2325e12544a6f6d458ac5a510c58ecefe9ddda679d6011db10abc332015
SHA512 7d75a21dcafba9a91953cb4feacf6b9acd5a4188b2046d53e4c49f9ca18e8e53440d1b0ebc9df1a849b28a95f17302aaecfaa69dba4850d8d054dc4b7bdb8b28

/data/data/parseh.filmha.two/databases/evernote_jobs.db

MD5 8612200c80eb292ecc6712b5f7f2de84
SHA1 192fed016308a73e611f46e987017d2e3ac47707
SHA256 fa0242dc0c92480be615bce9d135418c0d7d46e1849e12ed7093cb6dd0e773f6
SHA512 ed15dab744e89c6ae50aeb0373dfd5e017e0a2b71c213ef29c2a1173eb934d3058687991222e8fa9eb166cd2ffa44ed65b1361f884bbce5f447b5407a69ea9d0

/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 96f4135db9bc61293aa7ea8828715d76
SHA1 9b495542ad9fce11457b7604bede92df32801c20
SHA256 d528e146df5efa3438e328df2bf574abc9d153bf9df08c25cb2d4e28db11282d
SHA512 46b8db8ed32e2a985d3662d1f568674238a5a143f8fc29a09061fe0ce8254a031f3606afde9635284abcbfa3bb29466bc2b27c0fe9c5532237b117097dfe75df

/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 7ecb99afb33ba7bd0f5c05614935ca6b
SHA1 ec30475b99fa9ca2b34e8f05fbb2f3c465a574c3
SHA256 86847c2ea836b174a843bc800843a40ee85910e88ad8c7b928423341cff3c0e6
SHA512 768f12c4aaf39fe173bd66145fc78aa99b85176e88411bc42c8d8763415a497bfd1d4d0a5d5e2209af1756ddf5c2c13fcfbe0f1ad18d543336fbc8b14b248646

/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 fc227231dc97f665834908c94f1012da
SHA1 cf13f7fcad34d74f9c66cd9a3dcbb950e36dfc1e
SHA256 4f714d6b4f322ba98711c1f1ada24a9ee052aeedb4d59f034c023c0f78ccbf97
SHA512 d45fc9adaeb4a9b46ece17b2d90ad31e53d3ad251fa0112dd67392a3918aa2671a2c12aad8f82e866239ece5ff2ce4476f91fbd57422de5538e0806d4f65c9b7

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 452342981537ce3074b0d89a5821e6bd
SHA1 9d5fe81886392765f1cf641ed4899e9e6770f56c
SHA256 543545c1b4496af660bee2953552313e8daff961db300007c4d08c0944369182
SHA512 98388fbc2fb51c99cbacfb389a19d4e08b9e8a45fc9052a5a109f738425d1addb0583c1e3ffa7bbf2d9e7ba8241baca1435812edde24ed2cecbfd155b309add4

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db

MD5 5897fce01b0fcde69effa4d2a84d9bd0
SHA1 a1f7ae1c16c774b0896c1740af24646232fbba03
SHA256 4fc00c19ce0dc8bc2e017a7036b1a5c400f79e522721beb1c4ec4305347576ca
SHA512 ada50f24e448995873f57e979a1b206c705beae358664bdfb19b9d74a076026e036b111b95b9a15f123af1fe632b4a7f8ccda7edcfe4c255ce1f1dc1074c9b53

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 8e92ad5b71c6ce83a80220e8392af8c9
SHA1 5ee1bd1b0f6f3a61887a3815486037af2dfa6e61
SHA256 d38c0ea7c7c5258aa52da729a3cb4b12e141e47a8f127eb5e9e96e673c10b374
SHA512 af8f470f09681dd29fb5c09baaa27a2c2b37b68c37535c73de49faf96d428ac613862fe4d63e95ac5b832bad6e6319981db9c0465a8543d18c7abd37b90821ef

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 51ccd66a273f94f1c053cfc85648a336
SHA1 c04c486f0acea8e8d5c2fdbcdbd5e4e189fdd393
SHA256 5a03476e4d0227cf8e8026f047b1db8252144e5cbfe8cf33a0b912dc07ca5166
SHA512 f4785544f2b4795decd4592446a89695190d572cced5000b943bd6d3f47faa27fab0cc075261a9bcb005fd04367f1125c388c2b6b7766a16cef85e0f0e8636fa

/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 be29f3d9928e36ce70c9a449060ea8ae
SHA1 7363dc1b9ff5fb8080a33958de78b0f33ebb2d63
SHA256 8ae956475fe5a85f2a2736b2be65e875d7f350e7d327c9c1eb54cb0262e883b7
SHA512 1492d399b35300dd182182ac53af4f86d42d1e0ded023b8663e93bb5be021a04f7d17ad9ea5afcfc57e91abab7963a341143af9b245229f618c2a0e72389e6f7

/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 c6400d336d4d8b687713b68cbf53c9f5
SHA1 989be681606d08af0d5638c4a3bd0802b2cc5838
SHA256 5d6f4bc310a3783b189d3441621f51395b463e48371f5fd42855ff424bd7fc77
SHA512 05042b09d981f25ecc6daad777f3c7c1428727a57ee2468b84f648d7fbafa7a2bccf981c44b35648945839c861b65d309ee94b899008fd59ec3e4c7f5f4707a7

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 55cb8373ab34d20e340377b26e6b39f6
SHA1 220c400414bf2377c0ba5dfbda8a66d76b0953b0
SHA256 bf56dad779039e0a9591fac8a4514d1db27abbdc8a364f8aa2b8fbfbe35069a1
SHA512 025ad330768a21faa0060d4e366997b8e012d59a5dc1b94ca2bfc58c78b1a43ebc14160112a1f6a440ccbf70986e17ac36c372dac4efcc81cad9bb361dee5afc

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 96c97d7890fa10235702541ca1577975
SHA1 9a192192d7bbbe1c5dd9cf2b9bd2a3ccec6c1c7d
SHA256 4d0d33d63fdc181f0f67b1a190215f82de911fee5d4db99ad6568d3d471c2e75
SHA512 3a45ccedab14449b25eea152888533d1a0223b4628aeefc198bd9b168682c81a0afb3fb60adc25c2611bd13957e580d4d8785776457a5a83915e3844dec09f4e

/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr

MD5 36376cd27a73876c0f7e89a13ecbae0d
SHA1 f9683f7ad8212bdb8b0ffc6ea4e8397c1304d8c6
SHA256 017267eaec63981dce6e638c5392f65444b774ed08c60a38290b5722237c8810
SHA512 ab4e0c20c60ee33d6837cb79bd96a1da492aaacc73ecb6bf551c5da9b1555f6e00c9a4e2be166d4d795241ccab6643b6fa950c51e8cfcab2e55e9e98702ee77a

/data/data/parseh.filmha.two/cache/Temp959717377

MD5 5af7dbcca37558c942081de1d9d8aadb
SHA1 31feb92b3bebc4f377f44d543da3935f649aa72b
SHA256 dc76d675c65ec7427d4ea05d6abf671c06aeeb80fda9f193a7f4181ed0706b6d
SHA512 3c06cc2c3902ecc18b81f6cc512112f1a3159ab64c54863ade61486e057321ce1a6092f82f5c0c5643fdffe2c220a136eef37c77a8bf8e6f3355e4ef5a91f6b6

/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr

MD5 41af61e3a71a075c8cc7bb3d44d4dd9c
SHA1 7624aee63426343e0334e0952197b07c0f500d29
SHA256 3b1facc06ef3b145b3de06d680deca5f557cadbc4e4a5c901d501b991658dc94
SHA512 52ba39bbfafbdc05cfb56ab68b32f051b9573808a8b847a605fb32fc1868cec866fdde236d8be24512cce116da56679cb1dfa944297667286fb39068492b0c30

/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 dfb2ce6c84ba7236a75a42f84edca103
SHA1 338d4ccc6892da11a2c7f3e97958d7a281dc4f6d
SHA256 3fd5a20d7742d4994cec0b87aaa006ae279d7f9f0281a18b886ce145b8f5d50e
SHA512 c1f223f8783fda9bd0fc1fcfb207c4415b5506d347e07220d8a1b4a66238c2cdd5cd670453c37a7975a810e0760bd984b52133fe9ae6c6f4799898fab1718f5c

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-17 20:41

Reported

2024-05-17 20:44

Platform

android-x64-arm64-20240514-en

Max time kernel

123s

Max time network

179s

Command Line

parseh.filmha.two

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

parseh.filmha.two

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 api.tapsell.ir udp
IR 45.94.255.21:443 api.tapsell.ir tcp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
IR 45.94.255.21:443 api.tapsell.ir tcp
IR 45.94.255.21:443 api.tapsell.ir tcp
US 1.1.1.1:53 storage.tapture.ir udp
AZ 185.191.76.90:443 storage.tapture.ir tcp
IR 45.94.255.21:443 api.tapsell.ir tcp
US 1.1.1.1:53 cdn.rephub.ir udp
US 104.21.26.45:443 cdn.rephub.ir tcp
IR 45.94.255.21:443 api.tapsell.ir tcp
US 1.1.1.1:53 4.ifcfg.me udp
US 34.172.225.131:80 4.ifcfg.me tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 142.250.187.228:443 www.google.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp

Files

/data/user/0/parseh.filmha.two/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 30f5007d89664b3deb72d99b605b6996
SHA1 a48f3db526b5f3ae46902f5f683357a006f923d1
SHA256 c21d75a37db2a75d91cee92a6c1a3550ab9b86ed708d4e8ca0ab77339ad109a3
SHA512 5a6856c607dacee2869f7c6f8f386cdc4564317f5df89f63bc026e190d9c2ff5437f62a7efb57d4185f7bb3ac75894221a073c85e686d86e53907252e23b1527

/data/user/0/parseh.filmha.two/databases/evernote_jobs.db

MD5 f4d21f828fe4d3443b3edcf668fc731b
SHA1 ad97299fd7f1b858c72f8536b462d0e1a3de0206
SHA256 f4c20fd1c7c41036a22528739d21ec71079f79064cc9fdc0317c8c0874aaf7c2
SHA512 207e0d00c6b4c113d04479b3f8faa2faacacc18a7c63f5fe9e9b25665cfe84e49550043a09907ae752a898dda72624c0e122b6133ddc07ababdb4b5b12b46387

/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 19186d7c33d686f465c0d9e4f15169ce
SHA1 cd4956067ac151efaf8b1eb4cd06accb739deb61
SHA256 e680275ee6b98f4744678b376531dc11122b4290aae25b79ff3d3fe4a67b19d7
SHA512 9816fba05ac95d6eb1d936cb9854129a31559f6a9b5dc8604f9b8a1735efa09171020e8eb8c58061baad8d06efe9ace3d5c92e307780d4bdbd5d526986011464

/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 50478a1a733a1520fbe066a0757c8cc9
SHA1 0fd8dea1b4fce230e586bd6da4a3ec5043569250
SHA256 8ad360f0531b7da566d91329af97a65fff24b8b85d0e11fe5f7d467e6b850779
SHA512 89edbf186d0e1a22876fa760908dd3100f68dfdb364c322761c0d335924e613af58aa1a66149a89460f829ded5053c33fe57a7b683afd87a0374e6101af0c5c9

/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 314aacc8936215b582952bfbe41dd488
SHA1 3532160950029d211edc56b9ff60bc3e0da9edb2
SHA256 2cd31b2ab9bb0fa0303b80f3a8e561c2d5d85d7876769c14a2ef8f5c20724824
SHA512 d5fd6c8f70fd0d5ea94059c61b992b54eef48bf31b76d7b8bc023be4b4bcb68df65ba29b2160b3f7af936283be7cefdee244dfb75b42c5fc2b59569cf70dbae6

/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 1307a48ce80209cfe0ed844e02c31c02
SHA1 b8518d9cdfb308e0a0280cb6a69f3060c6649a5f
SHA256 f0e01f780bdff84459b33b8c943881d5ed9d20288c59dc0d1bb66ea17cf3a8c1
SHA512 e73785785f885c679503d2d46d9b58cd8475dda1a57dd95664b08709f50a23e2b762f04e47618d0444627e8b0c8fe45871b9d7aba934b75a14074013f665d89a

/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db

MD5 29404392dfb96a59c4e37492a8a7ef9b
SHA1 adac8d72500bfbdf895e6d8241a66947f49f523d
SHA256 df024ab42f0b17a360e9b50541bdb0e28fd4ddb9990a6ddc81147916fcac9aec
SHA512 bc970348cfd21718a002d9e538edf5b89daa386add36350e732867d20ed0e2890bec6036e5c6fac9a028b53982f876f08233e7dc2232153332b07d8175669d43

/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 f6708185b0fc969aa840dcc9e68ae423
SHA1 c16db27d8827f76f10981a2b69bbb48160bda2bd
SHA256 218a1dcc16699a317a38a0d5c44c5812c0bd86994598ec99705fe711845a2128
SHA512 047dd4e2f634bd7e7148e139f4bafa2147028cabf1a0e4c6640d4cdc14e6e2955a60d5c3b75b62b78d9ff0f0e80e033430ca4db00d21f34029f935208005daa0

/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 c73f8e524b8f0a8fe11cbebfef20b238
SHA1 f7d285783d9ece3ed4c55f04237c63444288487a
SHA256 0cf2d0a7a810a5d215f53d2cf00348b4bfb22bf258f72cf04227064657630f8e
SHA512 0f776731644c338cf20a1352d4b8d7b4e7475f444d444b4bfdcbfbd088081635fa9752d0a0b11551696c422e93680b86b3fba4300a1d6dfa7c000ada7695bd5f

/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 f3d41bc5a03a5c41a31599a5b9b2faed
SHA1 6c7f31cd5c884d5c3298f864f1dee41f4c574a40
SHA256 7d31e95ea38aa22a9da2bf9024015194dc66af20ccf01cb01e7a4356d84e0e97
SHA512 174ef1550a7ff78b0640bc0787821102fae84af2264c93aab1f01c42939e10fb9db6d5db81af4338484bc330e6805f7c461ebaeef7208cfa2fcd10dc018fe839

/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

MD5 1ede449d313a9e19541acb6b480a41fc
SHA1 61f7586661c901894610a33adc714abe0a18bca6
SHA256 17e8579dc8059352f81750bce03cf6a1f3affbbc279e47f7a52ae4bcfdedb9c0
SHA512 5be87148554b9791be2dcb1ec3e2e36fa6e9a1e19569e5d07ca4a3f05a44ceb728eeafde832d687b1790c9b2a55dda7d7667f9dc1c0bfc2e09fab3ba2323b49b

/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 717a77140d7db82a0239d062fd66873b
SHA1 6ec2012405f73ef839e858785c6a9145e2ba9382
SHA256 67bb6c0413e145ae5b6134f85a6855a501e7e8534c0ef42f725a57c1b6464dff
SHA512 79906c77e2be415d501245807cdc7ecb761fd6b84d1bcf1153aa5329c23a6e93f92f83d2d8a3a7a48f637f9d9b5c654c3c75d173d8e9d1139223158684db8a62

/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 d4537ac4bf3f9613870894f296678c34
SHA1 520c6c84ac131445da12b7e7ca18317189bf89fb
SHA256 e95c7055e98637315c2570fb90572493ce8b2a75dd5d5c3d8523e45d6348c014
SHA512 9f3fa0da7398e425f9ab570757721eb97d896526d04e064211e2b0fd0cc0fd0e3bbf92af505fe7ccea29aa874aa73e7f1b20c820ac5d9921046294954ba117bc

/data/user/0/parseh.filmha.two/app_Requests/QueuedRequests.sr

MD5 5bd326c7a7ce8f1d6f179b76dba93378
SHA1 349d03e3d5190c2440b90d1de9bfedcf8d24b10b
SHA256 0095947bbd85263b9e6bf2772be7e19ebe63ac80dbd49c9d616be40ab63ea344
SHA512 cf95d77aa189b8816d5a6385a89e79aa45012f94ee5869786d7dfd059750c7bd2cc3363512015c33b9ee4a18c540a18fc0969ffcd94c402db9577573b95666d0

/data/user/0/parseh.filmha.two/cache/Temp959717377

MD5 5af7dbcca37558c942081de1d9d8aadb
SHA1 31feb92b3bebc4f377f44d543da3935f649aa72b
SHA256 dc76d675c65ec7427d4ea05d6abf671c06aeeb80fda9f193a7f4181ed0706b6d
SHA512 3c06cc2c3902ecc18b81f6cc512112f1a3159ab64c54863ade61486e057321ce1a6092f82f5c0c5643fdffe2c220a136eef37c77a8bf8e6f3355e4ef5a91f6b6

/data/user/0/parseh.filmha.two/app_Requests/QueuedRequests.sr

MD5 07f8f48b5fd7ed1a378a267a58936c92
SHA1 073a19f9729456b916f3f6a96195ff3b3f87e8b4
SHA256 13f233797e9496468f336e7d4722ac7e02163e3b833d568a5aaeaa99f1bf82ea
SHA512 3e2c820b37e95f2f55b6ce160469746d61f7856706a8807fd88143d6f5ff7186ceccf04de05ec441ed02f5311444a25f791f8b8f70df71455a0c6ff216d33cde

/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

MD5 6c4eb7a7879ce6e399d96a14eeee240b
SHA1 99354bdd4fbbc666620cce67a1d633eb5ea264c7
SHA256 403447e92d3bb7951b4b4e4bd74bb5574bbbe67ae13a8d24879fc84e11ffddca
SHA512 1fc25a1325f3bf0ba4f821741afcd1a0bb174550bbb2b77b2c4af6921f16e61dc4fdff991c13b301b4e0d24140c3ab3e1e7ff98ba3bc807d4bf79bdf477cd5a1