Analysis Overview
SHA256
6c6740ad4344878c8ceb7df2a88edfbafa530cbd3f2c020408dd572e1aa050b3
Threat Level: Known bad
The file 55d36a9ea95f5264426b1e225c27cd11_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata family
Requests cell location
Checks CPU information
Obtains sensitive information copied to the device clipboard
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
Queries the mobile country code (MCC)
Reads information about phone network operator.
Checks if the internet connection is available
Requests dangerous framework permissions
Schedules tasks to execute at a specified time
Acquires the wake lock
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-18 17:02
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-18 17:02
Reported
2024-05-18 17:06
Platform
android-x64-20240514-en
Max time kernel
15s
Max time network
147s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
ir.pedar.halva
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | af26c14a0fc4467881c66c952b24b9e7.s.adad.ir | udp |
| US | 1.1.1.1:53 | af26c14a0fc4467881c66c952b24b9e7.s.adad.ir | udp |
| US | 1.1.1.1:53 | af26c14a0fc4467881c66c952b24b9e7.s.adad.ir | udp |
| US | 1.1.1.1:53 | af26c14a0fc4467881c66c952b24b9e7.s.adad.ir | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 216.58.213.14:443 | tcp | |
| BE | 64.233.184.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 216.58.212.194:443 | tcp | |
| GB | 142.250.180.14:443 | tcp |
Files
/data/data/ir.pedar.halva/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.pedar.halva/databases/evernote_jobs.db-journal
| MD5 | 357cb2675a53d7ca2ad349b3576f1ba2 |
| SHA1 | 9bee1c2a8a1791ca7ba347e50f37a47564391e7d |
| SHA256 | dfb7bf8722518b7634b1b3f0964e7797f774da01d0264367da0de4d1980fe0b4 |
| SHA512 | 9382cffad2cc300ba74e0dab7cea43d25ec40f842d40e3691bfbe81a978ca0b4c2505ebe488b0c8e140c666c404b30c4014daf8d2fc3150ea585f320348a8a3f |
/data/data/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | 00e829076f54c72b50b63fd6de296a03 |
| SHA1 | fbeb1b8be863931f98a7c29224a03b89f9616ab2 |
| SHA256 | c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df |
| SHA512 | 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc |
/data/data/ir.pedar.halva/databases/evernote_jobs.db-journal
| MD5 | fb18739203516e7d02e3b2683f1a815a |
| SHA1 | c6b3a25f4d8bf4f5b0cec81dbc23c07db7552422 |
| SHA256 | b1aedc80ccecebbdb61ed4be6f52619f50f8d447a2a878b56f530e937b7ef7f5 |
| SHA512 | 7a861064e04697ad178d0531b16851c322fdd9a214f278122c42d4b8a2293066e6a39fb58fb3735cc88e28f8522a846a7382ea60a90a302584abee3f2ce831d2 |
/data/data/ir.pedar.halva/databases/evernote_jobs.db-journal
| MD5 | 504e13dd6b4fe580d7482c81ba06c5da |
| SHA1 | 09bc12b8438cd765841136ca0836179a87359f94 |
| SHA256 | 807246a8c25a84e0cbbf311de9fc9a4c38481476f209699775769baac339a27f |
| SHA512 | 527949a6b1134cf325d658d7866cc8021b527ba338f44d259792cb88a316f7e7e7521167337676d853035d10f55750a90b959e4ec1ddb7c9c1cc7857fc97caef |
/data/data/ir.pedar.halva/databases/evernote_jobs.db-journal
| MD5 | 31417918d5e9cb7b869474138ba1deb0 |
| SHA1 | ad83841f32ec8220eaf521875ffb9ea9ffe37087 |
| SHA256 | 5ed6fd42b235ae1d503274a99414532c6f551da408a67ed0f10ee4238668a089 |
| SHA512 | 9bd0435dfc16dae1c2cb1f186e60ce3a17f1fbf57240c623ec334bb805ed3d3260d86ca4485bad65d3ac7664717b593fbb0551b468519313790ff0d223ce3c75 |
/data/data/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | fe9e69bc66fec6c9997c431c265835fc |
| SHA1 | ba798d6036145c950686a6d188ab9d788c0f38d4 |
| SHA256 | c8624e80a207d8fab5a2a0799232b775e103df2904325bc8584e67e3820b2242 |
| SHA512 | 0486374e2176a9048cfdf720d8a3da59626ad1fc7c0dd630a40faa2b16765d16199e05f4e3f3be954f56e5a6418814d246acc73dc5120a03334cab78078d700a |
/data/data/ir.pedar.halva/databases/__pushe_base_lib_db-journal
| MD5 | e6dc92afd54799a018ee268d2a560402 |
| SHA1 | 17e26146d42eda2a94a03e34f03d962a5e0cab49 |
| SHA256 | 409181e86431fa89245a530620c5629978482ede3618ab31970e6a5d7cae8007 |
| SHA512 | a81555eb6bdfa842b4594a7673981b707a732745e3d4b97be2b69cb35da356e61c8611f4f1b46e0e813e8a3b63595cb2a57880f27106f7dc987482c2dcfe7ba0 |
/data/data/ir.pedar.halva/databases/__pushe_base_lib_db
| MD5 | b4bb44bfcf3cc53a508e547c6dcf0c7a |
| SHA1 | dfc5c937c21dc4606256576e6b3a2a7fb00a6383 |
| SHA256 | 1c076c07027aa451b6727e0e007ae35bef7c69962ec1774b5838cf3657cb9e0c |
| SHA512 | aa7ba1a2a07b83ab9b0ba5635c5c722ec7fe21f2432ab3e710b707e05bd4bb3547b6edcee8095de395e71eb10471d2fa4f81fe3cbdd5568dcc5af92a8af2e016 |
/data/data/ir.pedar.halva/databases/__pushe_base_lib_db-journal
| MD5 | 89f65293b07e95d949ee8de8a940e1b8 |
| SHA1 | ba62f258f78c01a3df0ad910356c7d68bbeacea1 |
| SHA256 | a097be13d727c2331788eb6d202a5b3824788cfca8b2d1ca0cb7b118df7f7152 |
| SHA512 | 9854dd74b14c1b3f6e9197a99ef200050ebee8bd727ed49a8c144db6ccfe1d2c27b05e2aa9eef2ac1316096fc1d7a35f2de7cef8b56c7556460ad2407f5b13b6 |
/data/data/ir.pedar.halva/databases/__pushe_base_lib_db-journal
| MD5 | 6b3d43ba733c62c88a0c1fd366e06e28 |
| SHA1 | d071e7bfbaf1b9d6eaaa8d54d463c984b730086b |
| SHA256 | e3e4d117baa40f5b695cbd717415ce13990f82acf78a31642a3dc0dd8a0e07c1 |
| SHA512 | ba85b61636093e1b7609f5fb21b1a20b156bbd031096cb1169842db996976901ec253400cfcb65558fb7d419790d2fde2ac0f70dd45e2eb3890e88c312155fd6 |
/data/data/ir.pedar.halva/files/halva.db
| MD5 | ccc0c1eab906f7cc08a6d6b35edabe47 |
| SHA1 | 9e77c691259d22faa2409b8360eb440479b949f6 |
| SHA256 | 244c44cbfa632b986e7d9c25eec6013a3e8e29cc32176e478482d7a631863d12 |
| SHA512 | e50757582aa3cdb1ee511450bfe576b3c8163d633d99bca7f42f1e33f5bba992c7edd3aa84fbe5aee1488b305c95e214b1a240b68637621e8d479efb47382002 |
/data/data/ir.pedar.halva/databases/evernote_jobs.db-journal
| MD5 | 35b448ce33799813b3e7eaff94bcab64 |
| SHA1 | f97df02d16811e63ed4cc7ef5fe48b7f66656105 |
| SHA256 | 099cb61d59c301949c75ba186ecc6660b91b9730e571875cd06e7bb2aa58e767 |
| SHA512 | 58dfec702f4b2ea3dc3bedaa9ebb3b14f0aeb2072b63d416d64a89ef23fa08b4e433ccb8bdb840e937aff59c46ef93c409a66cec7e991c2f0e3901892cce8e01 |
/data/data/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | 04110d00727ecc9a3bec65c11bd46905 |
| SHA1 | f8a82d39e2ae3e185fc7967fafc614e395ccbae9 |
| SHA256 | e8659805c05615390a80b4c7d77abba63601f0d1b61f192e3c00ec41e2567a8f |
| SHA512 | f627d72e195cfba792109aa83d471659baa536bd7361b7a13bda17005df270d6681c0f41915fa288734629238709649a06071128d406baf9245556290aef1cc9 |
/data/data/ir.pedar.halva/databases/evernote_jobs.db-journal
| MD5 | 3521f61838363810574eb38bbc311b54 |
| SHA1 | 55c1e478613b687cb3a2a7c332db8ca2c1c5f7f0 |
| SHA256 | 302c138d3c60848d31814b986415f6d036c16d510bce3d6cd99a0f5be8c77a7d |
| SHA512 | fd808907d4050450bf87c392ceac3241fbaa6e19a129624c026c2e70430676b0fb916e0c7560d20408c0ba7073087cce42c7a31adb3dd91c998548477f77e5fe |
/data/data/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | f593bc8de46596e175626869a4635020 |
| SHA1 | c305dddaae921e2b987ea50bfbb882b222a3a04a |
| SHA256 | 01f91c9e0520e852e875cc584208d3cb138f6d8f05f680bf0cbd4b5b2eb5e2b0 |
| SHA512 | 9ba40d8f31d24802e6b031b411aba08bff2cdb00a759f870487100985b3a647b3aa53c6dec53025e9096c9593f6f5317a6bff5aa8f9a24a99e296f90d8b5f59d |
/data/data/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | e3db58711bbfd0d720d4b345f08dd8e9 |
| SHA1 | c848910f4dbd8210457b13353f6ee3b40b8db987 |
| SHA256 | 1f727efab2dde946eb33395dc6a5a0829937bd61d1759271c66e64fd968b0d24 |
| SHA512 | 325efab5eba7bd8a388e699294d50d2f76fe242d39835e6341c5dcbb351b95341b77915efd6fef8ac6862b1a2722727d63b2f9f6d9c93b3dadacb0d08cf69cec |
/data/data/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | 15196aec581871cfdc31c84b57fa8e6f |
| SHA1 | 74ad674665dd0b0694bea4b59f6096b0bd094f38 |
| SHA256 | 729685fd0a12c4686d8b18cec6fe0dda07036dcdbf0a7cc5789a8f4e085a489e |
| SHA512 | 0703fd51f98581134497aec8de2e54a30625c0732053f5ffa3120bbafbc3b82bf4441a369b36b2a80aeadb3088019b8169f5192e07a23124f0f224f6f2b1e619 |
/data/data/ir.pedar.halva/databases/__pushe_base_lib_db-journal
| MD5 | edfee7357000466827290f3b9466eb53 |
| SHA1 | 74c77e5e9ee1074826ed6256272239cb79e867ab |
| SHA256 | 5ee882a45b211245721eafe48e6a5fa0a47c03ce85217bb48c5f7a2848049b30 |
| SHA512 | 31602da5afdd7a0e6f762201c90a9a901822fbf0bbb601f390d69c7cabe4119d1e53d6145592d2e46fa2e611eda4c2c8f588840dd6f213d0377fbcb4b36adbc8 |
/data/data/ir.pedar.halva/databases/__pushe_base_lib_db-journal
| MD5 | ca31ba18af2c81cbcdabc33dbfbc2f50 |
| SHA1 | d9d59347798e732e104abb82f04938b844a2a1a2 |
| SHA256 | aeecb64baf2bcc69b7ccf1c95da6ada79f6065b05a5d2f125ebf75d5d3bc7e85 |
| SHA512 | 3bacdd30634d8ec3190515b77550a63d79daa9d7669e6acedd3524208e1a570229820f3e72cce2b14dabfdb6115c45586183a7e7cacaabce4362df9604ec3fcd |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-18 17:02
Reported
2024-05-18 17:06
Platform
android-x64-arm64-20240514-en
Max time kernel
20s
Max time network
131s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
ir.pedar.halva
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.106:443 | tcp | |
| GB | 216.58.201.106:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | af26c14a0fc4467881c66c952b24b9e7.s.adad.ir | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ca.pushe.co | udp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp |
Files
/data/user/0/ir.pedar.halva/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/ir.pedar.halva/databases/evernote_jobs.db-journal
| MD5 | 5a64eafdc329628f4ab491c755b9c38a |
| SHA1 | 63a67ba0bfaec00d0ae6f8b51a78620a6088dc63 |
| SHA256 | fde35c0320ae5bda792bc686f8cb12d822af3ccf62b47093cac1e0d0bd36e1e1 |
| SHA512 | f0eb3cf1c652ea0d1c5c7741d2874d8d92c96e2076613f308722152f4cb4698963d21b6dd61990da1d41f775d542f4a89744928afffab79f948b015d2ec3aeff |
/data/user/0/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | 47080e3bfcf2db9b8620f2faf6c5857a |
| SHA1 | 6f63c1851255e0fa99567f047382074b086d38bc |
| SHA256 | dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb |
| SHA512 | e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473 |
/data/user/0/ir.pedar.halva/databases/evernote_jobs.db-journal
| MD5 | 4ff764d61f792bfe330a76056495e49f |
| SHA1 | ee7c81db2a447c5d589e4c65bfa86118a5b34885 |
| SHA256 | a6fb9eb0157b75244389ec3f0b8ea92bc7eb90bec39dc5e914df3ed7eb44b6ed |
| SHA512 | ff7019aa3b0298ccea45e0101a818154423628bce2c925d1fab9df189a35c59a0a8926faa91ad54f77e87cce796229531cd6d8a3201a2254e1280d2115b34afb |
/data/user/0/ir.pedar.halva/databases/evernote_jobs.db-journal
| MD5 | 6863d330b0c9f2e7db48c1e9f8bccb83 |
| SHA1 | a0c26eee4aa6516b402a6268701793b94a5c418d |
| SHA256 | be82b155047515963907cd0703fc3b57ee54f20d7dbdb11ecf42a96f5537b3b1 |
| SHA512 | a183bfde252de2a34163bf920640f3c889d3aeeda3965f164bd27559b8b528af5579b19757dec6328b4e558d6be0d0fed8b01af02e8d90bf8ec8681819934d81 |
/data/user/0/ir.pedar.halva/databases/evernote_jobs.db-journal
| MD5 | e01d269d3b034886cf349ea3d3d6d294 |
| SHA1 | 3961c25c22074024d2223985674f95ceb612676c |
| SHA256 | 138c9c2be82cfe973449b273dcb4653c78fc48ecf9fdf580961d880e35ac46fd |
| SHA512 | 9b7adce328d7593465e4956a2c8cbe03dc7a08f63cb6b9d54bc83d7aaf513bcbf38bdc7e85c0cdef328f0a64c1bbd53610590896d8075512b321dac21e0566d8 |
/data/user/0/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | 0384d4a460bc74bababae0ae172a458d |
| SHA1 | 5324311c62ac834ca2683c753bfc494e0e8a674e |
| SHA256 | ce6712e1685a6ce66196104cc3a87254c0c0e7610890a4778b9838bde0bea73e |
| SHA512 | 71a4e7d58cbec3cf927b0e7d3124328d3923463ade788ef60300e3a3e652c0786f60eae88c577576ec444db3732ba245516288f56a6971958f147fe4c683145d |
/data/user/0/ir.pedar.halva/databases/__pushe_base_lib_db-journal
| MD5 | e669e087092255289dc98a519884962b |
| SHA1 | 4b9c36ee0e4dc354cdb75a6216d887936198e908 |
| SHA256 | 00be7e4f93cfaa6b919b7f502a1decd5186404519a0d8a12a6fae60e76aa35f1 |
| SHA512 | dd8dda9d5e795bb4c2ebc77913a2823e6554163ed8a20461fb9e13a9a2df72f87c5916b43eb6f6ea4266219f957df89e833c367c390b38c3f1d2a028e6b7eeeb |
/data/user/0/ir.pedar.halva/databases/__pushe_base_lib_db
| MD5 | d66c85906e4bf9c94e062b9e56d3c7de |
| SHA1 | eec36812635c568175a379f982b10c38d6a43a02 |
| SHA256 | abfb5dc5723ba72416179a8747184f4ecac372abceaf927e15adea6299dc7453 |
| SHA512 | 71ed55d477e1e9d2902fd025024d5b9078b5872730220960bfcb7ee627339e6caf0c7228a85a4d7cb871b590bcd9da955d65411428df7680cd7e4cd4f33f63eb |
/data/user/0/ir.pedar.halva/databases/__pushe_base_lib_db-journal
| MD5 | 31e025fa66b0eb34ffb297465ab416f2 |
| SHA1 | 3cabd133a36bd329c302a1790a56d9f10349b76e |
| SHA256 | dcf91885f909d8b784c159173f4209648164c1b83bd3729d059de215a05569b1 |
| SHA512 | 36d2c54c43533bf8dc0ac8a1c7535ac87fa810e0d0e8f76f12c078ca12f772b26dcdd163a4b716db0b80fa6519a9f24effc8215ef0e6a9348b8954f0e4878b2c |
/data/user/0/ir.pedar.halva/databases/__pushe_base_lib_db-journal
| MD5 | c4efe8c6e7a88c8704953b81504d1e9e |
| SHA1 | ef6381dcf587123839fbb5f48ab5fa835c78ecaf |
| SHA256 | 950e4342e37a84240f4c34a10dff9b3bfcfc7f19779c2db73740d2fabb2a458a |
| SHA512 | 94de339657ad9d266fb2d1671aea33403ac9578b8518207207aeee2301309442451d5f42782d29be4aae57e9211310cd5b0c023acb6b948b8376a42634df6a08 |
/data/user/0/ir.pedar.halva/files/halva.db
| MD5 | ccc0c1eab906f7cc08a6d6b35edabe47 |
| SHA1 | 9e77c691259d22faa2409b8360eb440479b949f6 |
| SHA256 | 244c44cbfa632b986e7d9c25eec6013a3e8e29cc32176e478482d7a631863d12 |
| SHA512 | e50757582aa3cdb1ee511450bfe576b3c8163d633d99bca7f42f1e33f5bba992c7edd3aa84fbe5aee1488b305c95e214b1a240b68637621e8d479efb47382002 |
/data/user/0/ir.pedar.halva/databases/evernote_jobs.db-journal
| MD5 | 1f2039b0f6553f6fc280191b5045caeb |
| SHA1 | 3b74f46cfcfbe0deb4c8e103a7313e60b3ba1ec0 |
| SHA256 | 47b177f45ee7e86b58bf0078ff8a8ce074f8ac9e8da0fe541919130e87cf56b5 |
| SHA512 | 47a41a7658cc0f84272b11b37a09aa51b76cb3c404fcc5bca687fa5f284ccd41e655d6fab5325e0eaab72ea99a8a1668430870d1d570a3822edb2069a5e9ceeb |
/data/user/0/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | 163242409c9a9bfd7a7819760482390e |
| SHA1 | c01212a0c889b133b569946b6f0a28f9a9644b32 |
| SHA256 | 956585dd6a34a1cdbbb40051ec575716e95dfa00e0d7c82846513dee44a530a7 |
| SHA512 | 6507f815af0809352b7fc3e50636cf51edd5a2058ca149fa983f22f7059fa74cd0b148f2728d0a0b847f98426db215d63e844d68bd315c0cccdf27c3672e9bee |
/data/user/0/ir.pedar.halva/databases/evernote_jobs.db-journal
| MD5 | ff2bbc5869418a31a1b6dc2e9e413e6d |
| SHA1 | 5593541f9af73d25d5cd602f8aba05c931e5ac6b |
| SHA256 | 810a3544a3790f25aa67c4e782b7019d81254a55647e4029ff0c274a70aed19e |
| SHA512 | 49b6621904645a1cd7b9dc43946f90a2472d057f09db558b63510361d35b1fcb13d3fe4801126076d6964496da0dd1aa315865eb69f78a14880fae041bfabd1a |
/data/user/0/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | 1048560c88f79667200751af8e8d37e5 |
| SHA1 | 82a7bb54fc86d1299c8c9f55ae4016eb5aaa61ea |
| SHA256 | 30d233754ea36df55194bf7eb701174add939d9a6948ba0ba837db70d49dc940 |
| SHA512 | ca66d5c4fcf4e021deb942e55ad2a09f8ffa7517a2c6b92e1e7d43a71666e8c612c2bb8e7d3e035a945544456b7afee39c835feda6974722728678f838e3c44b |
/data/user/0/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | 93d015fa3816a76d9a6bd1c95424bdb6 |
| SHA1 | 266614ef3bc472127d5738a67671ae58579a0e49 |
| SHA256 | e945ed165bb442c83d18abb160daadefcab33d95a8c0d6f1cba4731008ba65a6 |
| SHA512 | d649171fc3cd119f97604145508a2d7977f2e6c57af7db40ad87d8d25624a8341759ff4ef8e869c91e1e3ba9497a779bc222fef0646761acd46752732ef9ff5f |
/data/user/0/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | 899ed45e88ee81372c73460e5dffbc7e |
| SHA1 | d6287e42e9e66dc6264991ebb0ab3d33c9aaea65 |
| SHA256 | 92e04c2ac0aa982af4302c3c6eabb0fe4cdedc9bdedc9997b9931f46d81987a8 |
| SHA512 | d8d6d9864bb74f56b21d96ad4675710e88b60f84253d23d7d647d3fbf7ba5c3fdd831c37766d75c610fd3bb508b4373104c5b08964c68f1eaa22737073fca7ff |
/data/user/0/ir.pedar.halva/databases/__pushe_base_lib_db-journal
| MD5 | 64188ed55fc08b1aa2572cc4b78885c6 |
| SHA1 | c4d677bdf664583b7066d2324a6731cef2fb69ce |
| SHA256 | 7833a435f854cb635bf63671ee821e690ea97fb32189ced844b94b0318223cbe |
| SHA512 | e8c6a426097eb575a2b143068007c12feea2a3bcc308f1f4d87f3e537f164d7c7c95c73955b24544abcec46c7e84e283f9d96f2cbdcd47c2e34bb8a804739750 |
/data/user/0/ir.pedar.halva/databases/__pushe_base_lib_db-journal
| MD5 | bb51674a10882990bab6527bc15211b6 |
| SHA1 | 43071fb96ea4ae9f1729b341efb16044ae76346d |
| SHA256 | 06838e442fd4383664743e5820691a8c0735809b759057c5a0dda8101f39ab28 |
| SHA512 | dfb27a0ea5c7a357f94001f95b901c4ef352bcc261d8a790ceb8dd15abe022340390cef44b405ba0aa334357a2aa18bc5ef22f351d188541cb653d95893df345 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 17:02
Reported
2024-05-18 17:07
Platform
android-x86-arm-20240514-en
Max time kernel
21s
Max time network
130s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
ir.pedar.halva
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | af26c14a0fc4467881c66c952b24b9e7.s.adad.ir | udp |
| US | 1.1.1.1:53 | af26c14a0fc4467881c66c952b24b9e7.s.adad.ir | udp |
| GB | 216.58.204.67:443 | tcp | |
| US | 1.1.1.1:53 | af26c14a0fc4467881c66c952b24b9e7.s.adad.ir | udp |
| US | 1.1.1.1:53 | af26c14a0fc4467881c66c952b24b9e7.s.adad.ir | udp |
| BE | 108.177.15.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ca.pushe.co | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | gbpjcshjla | udp |
| US | 1.1.1.1:53 | jpazlnpvezoex | udp |
| US | 1.1.1.1:53 | yvvfjkjetrpk | udp |
Files
/data/data/ir.pedar.halva/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.pedar.halva/databases/evernote_jobs.db-journal
| MD5 | 729d84333d4eb78c6b23a45f6cf60eca |
| SHA1 | cda1317ca56f4241581acd6f7454d81a38eff709 |
| SHA256 | 9105ed18395f7457715fb1c6b7955b572cd9d0c960e4c31f2b7712ec8124c35b |
| SHA512 | 0c343951adf16590e716a23fd88e32d1b722afe40a754750c79c7b222174ce0bbcedbffad7531ad617e7ff464ca6e08a22c18a7e2ef19a6976abe4c828801edd |
/data/data/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | 978fdf85b8448e3a7c9015e51477eb49 |
| SHA1 | 793bb88398dc9457935a4416638d5ed3974baf19 |
| SHA256 | 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92 |
| SHA512 | 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38 |
/data/data/ir.pedar.halva/databases/evernote_jobs.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/ir.pedar.halva/databases/evernote_jobs.db-wal
| MD5 | 6bf891a64f25cf2504d30d45fc4ebc63 |
| SHA1 | 34d27e8140d7fc31576e3c8b6a3eef36aa87a3b9 |
| SHA256 | fd3bb5aabbdec1a175b8bf37fd881713636270de5318e86dcef7c66525875803 |
| SHA512 | 0c919ab13bca7dff600ff5cbba65e0be4a02a7ec8ebcbd02ac72a92e2c3d4260b738d01302807de1a147c552f6f8ff86bd6302b606f27a52ff6ac161be83468f |
/data/data/ir.pedar.halva/databases/evernote_jobs.db-wal
| MD5 | 62cd237ed54914dd3e16e90b999d5100 |
| SHA1 | b037ccb5691655520e385f14f9851f5a369cb4e5 |
| SHA256 | f632627eabdd99a2be6790635b3535d03cb9808962266dd735a174b59657530a |
| SHA512 | 91a928167c880b5b4de5669e4b2b42f57499f77b68c61d4a29c4e501b4ab6f5c2755a6d69153e0a91df7268136da40d4b87977929d5f6485f39c06cfaa979f42 |
/data/data/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | 96a6b55ff02bfcd4c5425e3be965e3c8 |
| SHA1 | ea82ecc2b8b5be550c263af378267eb8e8392e71 |
| SHA256 | 6d0ffee274f76eaf9576bafc5839ca24cbd2c9f16baf6344a7fd2145b39ec5bf |
| SHA512 | 817631034473e6e4684cd5f5ab783f1f77a012ab47caa4894fe6832ffa0c58e935c2a9730522cb31a4e35020bc38035b666bd0c3c1119d798ff490b7cd433290 |
/data/data/ir.pedar.halva/databases/__pushe_base_lib_db-journal
| MD5 | 951a1be76fe312f0385045eb8f1eb858 |
| SHA1 | 8457ebd03f2460bb8dc4766610a2ec3d3754680a |
| SHA256 | 363a1c31e599707fc0afd81797ff4c3fc06a747983c958a246efc07a3ddaae85 |
| SHA512 | 15f909eac2d86334629af731773b4857393587beb9f845c723893f0cb41f072735b3c27496cc888945d13f0e086dc37b6f1d99bbd1d45fdc59d6a1f169fe799e |
/data/data/ir.pedar.halva/databases/__pushe_base_lib_db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.pedar.halva/databases/__pushe_base_lib_db-wal
| MD5 | 3dab151dcb18cda043a02578833d478f |
| SHA1 | ec2de56be3f2e80d15bde2df8aa206d7a756b69b |
| SHA256 | 93f2a2233c31a66cf7b357b098475eceb9192deda576afa74871e15b8dc345b8 |
| SHA512 | 56c98f6ca46d2ac18a2c5d1a6d31bf675ee82b08a7500cd564e3bd3a1d2bf65bf001791d94c4d7682dd07a0454d77af99343569c33948dbae200ad34b9e5507d |
/data/data/ir.pedar.halva/files/halva.db
| MD5 | ccc0c1eab906f7cc08a6d6b35edabe47 |
| SHA1 | 9e77c691259d22faa2409b8360eb440479b949f6 |
| SHA256 | 244c44cbfa632b986e7d9c25eec6013a3e8e29cc32176e478482d7a631863d12 |
| SHA512 | e50757582aa3cdb1ee511450bfe576b3c8163d633d99bca7f42f1e33f5bba992c7edd3aa84fbe5aee1488b305c95e214b1a240b68637621e8d479efb47382002 |
/data/data/ir.pedar.halva/files/halva.db-journal
| MD5 | a2a50fbeb8900f844a75d19d09e1900d |
| SHA1 | 51b66dcf4b41588a4b900fcdc92e2ce20b76b76c |
| SHA256 | b63f2a4a59663727639393e52ac3088dd5bb5a6d49f47dee6da8b50746a77ef7 |
| SHA512 | c35f44a332781282bcc73c9c954ca902eb4153bb9c8687c8eb0c8661d7714b8b8eac13a83a81976c2b25d43adf81b26a2188e96633dd0562fa56374ef862676d |
/data/data/ir.pedar.halva/files/halva.db
| MD5 | 3fd7876e74e4e3b117a9d12ef6a19f9a |
| SHA1 | 9cd14ecf0916cb6d5fbc3535045a827674bf0616 |
| SHA256 | 2f7ab51f71cf635876fc8b0d11d5bae683a2761222542ffaed856f1c99cea5a3 |
| SHA512 | 9c0c15d696cfc6746e833cb439fb6b8ac4a99ba082e0dd9661cc81b89ce1b5edc72ad8e7f9707e3c4115f8b4f3706d2e8294bd85f5e7c7822489e70165a887e5 |
/data/data/ir.pedar.halva/databases/evernote_jobs.db-wal
| MD5 | f09681ee11914605e63e155cad0c75c1 |
| SHA1 | 58ed2be8058187923ee561a5187c12315764c342 |
| SHA256 | 2006dbe4b71f3736e4107a9e12115dbf375100acc0e7e6f58d249de5e1e2a269 |
| SHA512 | e81d1f6d17d94604741441edd1ca05b7673ac1a13f786b9b26ee544cc2aa8737e202a68b971a03c90f28124e00b74ebfb0a8be7c64de2539b95e4cf69d7baa91 |
/data/data/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | 5bfa42383d4d7732d3bff1d314da7e72 |
| SHA1 | f09819abe89ab317bc8a837293613c122b5d6369 |
| SHA256 | 4846da950ecce67a363757235446b449074fa392d374784899b9948b5b873e3e |
| SHA512 | d4e77b884a1840b45f80c400c3e10952361b3e843ae68f46cbb90d182c7fd81f023889c4702b29015000ce57d8bad33b0594ad96554bd18d8110ff96ca071598 |
/data/data/ir.pedar.halva/databases/evernote_jobs.db-wal
| MD5 | 555e63568cdb8b70d233a2061a323a31 |
| SHA1 | 8794b53c0d917d4701f3e39e7ea1934266e57ed7 |
| SHA256 | 2ab3ffa55a11016cee8f04a7c9e6714ad0835ada5ff3a42b1409c3f142622090 |
| SHA512 | 8f537a6639ff478d0166f1a798329c17e76668aa9c8925c8c2fe979197d2bf2d29ce141cf64c4af9b455ff9e214ba37b60f25657f2bfbe91d5e57bded14a0d99 |
/data/data/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | 39967ed7892504a50c13ea7e9624fb41 |
| SHA1 | 54d30295690473edddf72610552fff4f0a901a4d |
| SHA256 | 81067b1ebfc3fc8743ca86678a656e791d81bedd63bd9729fa75c0948079e081 |
| SHA512 | 8adbb4d21ac07564fb814d2bc807924b2fa2f06fbbcc2ca50e3a3780829e9a74ec339600643a45df8430602c25dac19c5f491b2f683f15a720700f2ae995f1a0 |
/data/data/ir.pedar.halva/databases/evernote_jobs.db-wal
| MD5 | 573600d0282f8e94611c95a293a7591b |
| SHA1 | 5ca64a428def2834b8f2bd40cbae90956fe486d9 |
| SHA256 | 4eee47e13077da92b4fbe1595ad2f96b507c92aaf6f24df0045745f9f67741c1 |
| SHA512 | df94308f8df6c172781ba1b3bbd84cac17135f2415acadb23ff24ede69723d94f0c4e89661d8275a887fe75f3acce6cf1db13db529735b98663ce2bd9ad3f091 |
/data/data/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | 9d8fe4dc42991d2746d7c2776ce67c69 |
| SHA1 | e7e22739e2647cc086d9c1819eb8315dedee6b0c |
| SHA256 | 974bb1db91d003089f2911e00024cbbeddb0f35133a6db121a4a71df209e6793 |
| SHA512 | 8949d0b078ee97765bd7b21308eaa7ed67d5a564ef785639bd097d49715e74958b68de9b5a57f08346861e16a0bef576f53d9212ed247e98ce795c1476377cec |
/data/data/ir.pedar.halva/databases/evernote_jobs.db-wal
| MD5 | 1d42d19c14915e9a3645571886a598a6 |
| SHA1 | df5d3a9f69760b254dbdac5286899e2399bde45e |
| SHA256 | 0b6af0342d035cf42b3cf0c3de6ea846721f587c649d36d479a2dce0794335d4 |
| SHA512 | 2242da504f51e89a4e67e6a48b1a3edfd0df3b8a04efef46625bc6494312c19d25c94b860cb2eb1ed8df4ed88a23743c0fc425020e16a0b1689096ac1307724b |
/data/data/ir.pedar.halva/databases/evernote_jobs.db
| MD5 | 8cd2605e63c2c162d75798d7796b71f7 |
| SHA1 | 8cc3e7b5fc1ab5542a1d0ed4c42ae6c6a2018912 |
| SHA256 | e975572f676f10cfe69d8960962ef980ed0c4bcfeabb35ca397db7c2f7fab0d6 |
| SHA512 | 7879759325716ba431dabe0d37054d83cf9f8cd17709b61c3ef295e37c4f53d2cedaa55c0806d59223da4c9e9203e733cc12e4c8b7078ff30bf725ada7e06544 |