Analysis Overview
score
10/10
SHA256
e83067807fe391cf0b07f2a58efcc9da935fca1adf13bef5ade5c491e77a0fcb
Threat Level: Known bad
The file 78b1f8eeb13da6bd497f1d622664f2d3_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata family
Requests cell location
Requests cell location
Queries information about the current nearby Wi-Fi networks
Checks memory information
Queries information about running processes on the device
Loads dropped Dex/Jar
Registers a broadcast receiver at runtime (usually for listening for system events)
Queries the unique device ID (IMEI, MEID, IMSI)
Requests dangerous framework permissions
Acquires the wake lock
Schedules tasks to execute at a specified time
Reads information about phone network operator.
Checks if the internet connection is available
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK Matrix
N/A
Analysis: static1
Detonation Overview
Reported
2024-05-27 09:35
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 09:35
Reported
2024-05-27 09:38
Platform
android-x86-arm-20240514-en
Max time kernel
64s
Max time network
155s
Command Line
ir.ziba.kuku
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ir.ziba.kuku/cache/1582435991586.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.ziba.kuku
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.227:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 1.1.1.1:53 | almabala.com | udp |
| US | 1.1.1.1:53 | admob.mehranarzani.ir | udp |
| BE | 74.125.71.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | qlfosian | udp |
| US | 1.1.1.1:53 | yyudlosnrmwgp | udp |
| US | 1.1.1.1:53 | edlggwvo | udp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.180.2:443 | tcp |
Files
/data/data/ir.ziba.kuku/databases/db_default_job_manager-journal
| MD5 | 300d24507aecb18fe0b2c1d4e3b46c00 |
| SHA1 | b2ac2dc03a4bfc898a366cc11573dc440fce4907 |
| SHA256 | 8842a947d3b40ae532eff45fade60d39fd9e54536a054f888ff656ae26fab229 |
| SHA512 | e13626fb08f7c67d88e9bde67be94eeb2a12f54ead44119a16e979deab824c7588b10a582c7cfbd2e93e9a7323e351ea04e3422e4e979c3375e6b3a579d2e5ad |
/data/data/ir.ziba.kuku/databases/db_default_job_manager
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.ziba.kuku/databases/db_default_job_manager-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/ir.ziba.kuku/databases/db_default_job_manager-wal
| MD5 | d02058de547d216d46866547dd6f56b7 |
| SHA1 | e6c5d19640ef196e30ea6b9448cff8eb37c8e8e0 |
| SHA256 | 1831ec6769c9a94c90e875d8befdeb83eff03526552a6822fa868049be891c74 |
| SHA512 | 2af27b083599ec2a3876296bc9dfc4df54dc9e2f14a29004e770b3a39e3e02f56abbaa13ca194f759ac0a9801df1cbda47a09ab1fc533487a9ca9948d6ef8879 |
/data/data/ir.ziba.kuku/no_backup/com.google.InstanceId.properties
| MD5 | 4cfb3a639879678d7a528d0c5db95d5e |
| SHA1 | 0939ee55cb717c96f29940aab03f310c5018dab5 |
| SHA256 | 11be956dd40a68e5c1524c59e8f28127d9c74f39f80d6e759b1eb4454b598c3d |
| SHA512 | 0562cafacb87c8db447b86e15c1dc603f09fff80a779f6d6ca29e0dc0ec7ee817842e4a36cd575b4f3b74635cbd7c8539ce82450ac45e3d64fd256265326e6e6 |
/data/data/ir.ziba.kuku/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/c6f3fdb3-1cbe-4797-9880-824adb53c70e.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/ir.ziba.kuku/databases/cheshdb-journal
| MD5 | f5fb7449c0ebcbe67b7f3ad5b5e669a4 |
| SHA1 | 44e8e009227165c874d44e22e347867c2b7896c6 |
| SHA256 | 6722b69499924e64e353751ea3efe686a8636fefe1afcadb67498784fff4c0f1 |
| SHA512 | eae96b3a2c435e777c47d3b684ab5f95409150d46e3a8ea244429f09b46ca3a6c52aaaa63be87569c16c9081478b9211ade650ba6b4294af5d173fa37b5c7d78 |
/data/data/ir.ziba.kuku/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0bba6a7a-c8fd-4c30-a851-a76967ae6117.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/ir.ziba.kuku/databases/cheshdb
| MD5 | 1f347cea6a53594be878e35079bdabc4 |
| SHA1 | ae24631f83d3c875dd678040baafb5e64fc6ba6e |
| SHA256 | 46cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5 |
| SHA512 | 6f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9 |
/data/data/ir.ziba.kuku/databases/cheshdb-wal
| MD5 | 03a9eb62bfa68630be87c221baf29076 |
| SHA1 | e612dcd52b2ae571e7c918d6acad33bec2a9d475 |
| SHA256 | 03debf43c45146786630e20046583fdb59fbbf7bb50a7dcebe61a91ea6bd7fc8 |
| SHA512 | 6eb66f7445b429ff278ae9eeadede6a8fb4b443e74c1b5869c087f8c54f8e18c9f589ec443fbc0ca7e29ce16e4e73da9cac647682449aa177461b2df4edc8bf7 |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db-journal
| MD5 | 36336b5826d609cee7c3557a83752a8a |
| SHA1 | 09cd6097cf4a4b7c2c92c0ac327c7d900735a942 |
| SHA256 | b6caca59414ac6c64a77821d6d7ac0697d01fea50c553748f0a3874f47444539 |
| SHA512 | 864dc826a6130ee0ab098c9ba3b9ec05b8d98d641c71d88a68fd07f45ab92bb6becd096da93d1185882f538e1b5ff228a9ab6ec03078848e24a59d1cfaea6c44 |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db-wal
| MD5 | 745f5688bd76f210938721e9a75e2a0e |
| SHA1 | 5c0d47b7b83c390c1ee555878cb00a28473c2a1d |
| SHA256 | b776c4671da69df1bc08a7fe47ea52e649e3d5111ac1f282bda6b8a1d2eecdbc |
| SHA512 | 1dd1bb578e07184e1b52e3f0dbadad46317a663debcdf3f406edbfa1fcacb0104853eba09bde32420d721b94364be520d9146e0d128fa52d978c2ac2089d2ddf |
/data/data/ir.ziba.kuku/databases/cheshdb-wal
| MD5 | 21a3a61118fccc1b272561f99c34fdb5 |
| SHA1 | 366559bd9ebf867ccdbfa218c2d7bf2c34e21895 |
| SHA256 | f4bbc113d5add69a93c03f4a0d9d54ba123c5886625635aa44a6a7fa2c6c822d |
| SHA512 | 695f7422033f2155133147bef3151ed0b5276151ddc68173fe4f09dc6f1ed03c2b6d000a6a62f1e921c52fa6e9b96770495fe1830fafbfd43ee1062bcef9901a |
/data/data/ir.ziba.kuku/databases/cheshdb
| MD5 | 45cdec1f08de8b0019c3e1ffaa1edd86 |
| SHA1 | 1c4c6a4b775c421696c16f982b10d5a4aeec588f |
| SHA256 | c24676ac912ef5148a668f5e7711ace0b6240a572be31082c3181b75b880eb9c |
| SHA512 | 4c5d02c6994ca1e6a07b89eb79a2af471c57344240516d8ff90db92745bea74e6560f02dd6344838d9e5e538c0ef31eccef4f5451e18dd381db819dce6d608b8 |
/data/data/ir.ziba.kuku/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/4e02fbf7-59dd-4114-b84c-ed57bd652186.jobs
| MD5 | 34fa33496b5dbea80f9d6b69347b33cd |
| SHA1 | 9d6b7daac4e48edf83288b9c465a8ba07ef29bb0 |
| SHA256 | 6109e785c4452c8276eca3a26b61d1ac42b5fcfff38b952fe70529341c0dc990 |
| SHA512 | a8f3d82e22c5b26e16d235bfa3ef4e47f52c74755195f65effac6c3bfa920d066e77fadd86b02a5bac40db4267bfb995dd6eb88b6e03d1510d43541ab4d860e1 |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db-wal
| MD5 | 5c50fb586b8c453a0856359501db2f0b |
| SHA1 | 8f88334591ae373f28a95fedd45b1ddb759953b1 |
| SHA256 | d339c94a3cbda0425baddfd22672a41ea8892ac859a238f37f3b579e5e4c091e |
| SHA512 | f65d697d8be38bf43a1e8ed515f1d73d90e8aa68107437fb0f9226424ac969dfd05178af23cf951b91180f0b2421daaf770ef0094a2278a1b214c3a3e2df0c43 |
/data/data/ir.ziba.kuku/databases/__pushe_base_lib_db-journal
| MD5 | 2913801f94b006e6850f9cb08eca8049 |
| SHA1 | 6d12859bf7b38f115f449d75aff78b0426ab5729 |
| SHA256 | a658c3c3796e3efc6e5d21bdcdecaaa26d04498d32ccf4535e285bfd5d52ded6 |
| SHA512 | 1620a8a96c6c4f3755c98827062bac16b8630580fd912bb27bac040eba97cc03e186a92295cdf4401d7d3098455fe0c934b3ac558cab5dd5792a03a11c61a7b3 |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | 963c11efbad18a7792ed3edd9b4c8349 |
| SHA1 | 3d6242221b09bd1ec85142742346aab3f917c85b |
| SHA256 | 851930835edbe401106f9b887f93f90e0af2d848c2c93f84dfe05a40bbae5355 |
| SHA512 | f4427c0875dcfe8d453f82e939b2713613400b846dbf0c5114a99c087fc011a811f9bf85683b74f803ee83f2aba16a12efec1f480c48566cd6606817855342af |
/data/data/ir.ziba.kuku/databases/__pushe_base_lib_db-wal
| MD5 | b56a8201cd312f48d07824c573181972 |
| SHA1 | 79ef3ce1f29e87bdfae7932adeb0e97c32f6bed7 |
| SHA256 | c8c39b6993417e33df7c7c997ee9ed5207a88343617f6935d78bf33d6caa37d5 |
| SHA512 | 14ff0feea2e576e84b45ba59a20a352512ce7d1973cef9baf43e45e8b05a2fd24351a4248c8dd5b6e7525725f21d5f5b5338d6e7fe0259be4ae60c77f950f7a5 |
/data/data/ir.ziba.kuku/files/info.db
| MD5 | 8bedf997089a2734cd138da037dbe00c |
| SHA1 | 86d4064bc54dc8e7d06c0e03d21921f2f5c00ecd |
| SHA256 | 742b2d55b43405d8eebdc38cac728b3c0f63e1af3817d9eade6f67cdaaa73414 |
| SHA512 | ce38ef86fded49c53db632126b3b621efff4eee6e1478ed79c011aefde72cc6cb4c63bca60df340af1ea6846a4deefe3b63efabdaa804b698b5144dac1f0da1e |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db-wal
| MD5 | 857936dcb74c5c8da759f3cc05435d8f |
| SHA1 | 1b0be3105d2afd55ca1bbf1f5a7ad5d6a5ed3b1c |
| SHA256 | d92d7f2ba460021b6e2e1127676b9f32df6839265abbcd4e547b6de567e05426 |
| SHA512 | d07c0bbd83f55bb874ab62547273429748dfd4f289ef2b4258a026719e68555fded9f834f306338791e6c5ae5547f19fe99c361dc45f341417b6c8c73ac04eb4 |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | 812396847e337802f91fb4419eb241f7 |
| SHA1 | 78dbd447f35dc5d51fe501cb39284b05c01e5c1d |
| SHA256 | b06fe6a89de8bcc92125a9d10f1fc5b2131023ebb70a8c6be431cc42ed4776fa |
| SHA512 | 96ad07db2fb2e2d65a229289ef65c08c6e28333bdf97c914a45f11b0f1115b1b1dfccf9d3541a69b9f03593b5085efab4ec276f473da2c9a31d7c61aff1d44af |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db-wal
| MD5 | c14e8eadf3e68dacc1fd1165bd95fd57 |
| SHA1 | bd0198a4e8a2f90540a4a4396151ca98ed336ac1 |
| SHA256 | b187a8ce043f910645f41b52f5e7274ceecd41f6953c4f04379121b86b9d947e |
| SHA512 | 4213ceff06d8c158c92ff7aae9c5b7863786137d5f61d2a24bc22bd4b03e18416a8a6ba566fee49db952fa7232b0ebc16eebae6348460c2de8cf9b4c49cf5fc2 |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | 303bba94c260640e8c73e80160d737d5 |
| SHA1 | fa3134ee39f12cd0b5ff9fcab6b7981acea99fa5 |
| SHA256 | 1557ccf8bb133c7e966724daf080bd2942228478157a6c4c50d06e2ebcbbc519 |
| SHA512 | c693285c600a3adde51f818dccadc2dce168bb8fb2011c8fc7f6f6f7e9b834e1e94ec15f49421478930e2227388a2223b97160439924e714d3c49aa1210322ab |
/data/data/ir.ziba.kuku/databases/evernote_jobs.db-journal
| MD5 | d1e75805470a2e85b9d57a101a4f581f |
| SHA1 | f370c6fda0378e4412f7581b6dc416b03043fe21 |
| SHA256 | ed40d4e6c3ee06aef044617092779872f88bfa07393b20037efbdda47bcc2a30 |
| SHA512 | 68d2e1e5b62419405392e7cc5fd0169c07ec3a9b84b2a28ec40c3e93461cbfb995145d71ec299c6936090e084c00e0941dda2071501397d6dd0e4c469c44ecb8 |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db-wal
| MD5 | beacaa740ce82aa1c43f9344d412b629 |
| SHA1 | dbf55f55071d9efe26afaa864b1f4f8f8993a129 |
| SHA256 | e8024d915eb29b7a9abcbb7e065ead6fae4cdd6b75810a8cb6c979a6a51c0c20 |
| SHA512 | e9ad69c4cc21a8e5c55c308d8783ab3e0f15aa4cf55d0b5bf3416c98bd39a68abe109aa2fb716c162c2cd18013649aea96046760e89d6b5a201b42103b934f62 |
/data/data/ir.ziba.kuku/databases/evernote_jobs.db-wal
| MD5 | 466122ef6eb853234961ec7c6b0143f1 |
| SHA1 | 6e7a2d8214b27cbbaf1b465a2fa09b74ae998df6 |
| SHA256 | 514582ddd0b72c008d4b2ee921870f91819b33c0d4dbd6f3145c94976abd71ac |
| SHA512 | 0f8169c49b236fc2568fd4a23026706079fe87ad25e0ccc7024e5536c21aba0029db714216bcbb7894ed5b0a2c9908b3e21ca9ec6c7031238227db857cec3789 |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | 98bf70422240b4d98507027f6699bf5c |
| SHA1 | 68ac64d5630b144bc20a0c42275582d6fedc1744 |
| SHA256 | fea1fb45bc7bf53f8bbe89ccd907fd0f756dabdfb46ee0ce55254d8bcef9ca1e |
| SHA512 | 549d4be13fa048d7d9d1c3e2b74586f47a86024998d99658233d3ab2bdc09aca5d0fbe0e873a1ead2a5db55e60e5dacb9250854cbb135803f88b24fc1fdd883d |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db-wal
| MD5 | ed5f5a733ea6b1c19b57373df4c83fd6 |
| SHA1 | 9a86dc95180cdb0bd6208a0c8694b43edc950043 |
| SHA256 | 8773eece767381e81e775f99a37e9c0454f82fb3de160b9aeb147a10a2127356 |
| SHA512 | 6fcd62d079e0f3c8cea2c5c3811b9402b5bcfd4af8135246111c689fc5d559e70374985d0ba0188cde9bc70383c15a798353aade7616f229517d2aba3f93840e |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | ae40eed41112b3a4aeebcd6aade5f5f2 |
| SHA1 | 7eb0be0aeacc160ed4e8ab173d9b42b204be6de7 |
| SHA256 | ef05bab1a95992ea26046167012f1d67767d18e08f60e416f659027fa0b41855 |
| SHA512 | 9cc6d59cb015beef6527c185ae271a12e487fa055761c525d8ee946d555fe56a631662efb73270f44d65dd02ed95012849a8572297f5c5f7ca040dd362427d2d |
/data/data/ir.ziba.kuku/databases/cheshdb-wal
| MD5 | 0856404e2540c7902e9d7189761e4c8b |
| SHA1 | cddb59e3ab2137994dba59f2405b8a0a17e9feb3 |
| SHA256 | 10e05d37ca8490212bad4f6fcc1883eab8006d83411cae315edfa20f9c485947 |
| SHA512 | 36cabcd7b702669188c2c673ca9881e8aec6067813aac2a1f517ed447470020102d37c304c4512364dda3f5b2668e85c2670bb68b1c9483ebd1c5a194b9937b9 |
/data/data/ir.ziba.kuku/databases/cheshdb
| MD5 | f88612344befa7578ea91e9a1276ed31 |
| SHA1 | 619ee15cca6b2fddd4c1fec026332cdb4ef20709 |
| SHA256 | 9c1af540855aed94a862d46aed11ca16b0844f2b5f0b4f771b94c176ea437605 |
| SHA512 | 90b98b3156d450f9a3e58b7d6c2e7ae0cffed84247ab8faec56ee149790daeff09b193466b01470e44958a256d45ceee6afc28950860e4761288805afb7dd3a0 |
/data/data/ir.ziba.kuku/databases/cheshdb-wal
| MD5 | 056020f18f64f463763e6d10a19c010e |
| SHA1 | 533ac8d385496b253d130c709cac61d1716d7761 |
| SHA256 | 07dabd433b19985d16d0b1151ebf0d7b44f907ab9f5bc277a5ee273f3804640f |
| SHA512 | 5a8f324242d9b955ac719cbea8dfd6241e6e4a8ea97d67da737b77b3cee906bc68a70401729be556579b957d9a332f4a053544cb5c33ffcd80b450ea98857695 |
/data/data/ir.ziba.kuku/databases/cheshdb
| MD5 | c18e215f50b6df961942ac5330be0415 |
| SHA1 | 3f43c6aa266b6f306ce72dfc8e501dfc80f65bf9 |
| SHA256 | 79c1944a480009fe4c997ae86dedcba2a106b92502b8f0568719c2908d83f406 |
| SHA512 | 71d2a77dd22cbbd5ff74a69660d05238c168057cf2be957dc4a23caf00e2851ae323cd21d65b4e460e3063123f379b3bc0c11d561cb258d51b0a12e68f506591 |
/data/data/ir.ziba.kuku/files/info.db-journal
| MD5 | fd37f8aa83dd161f87e0e716437bef8d |
| SHA1 | 998c2ccdb6e71cbf6f50e4f67e2eb37a4f2a7bcb |
| SHA256 | ac115c65583121d24bb3253ff58a3dea550b51452f668b86b04d6b9414b2c965 |
| SHA512 | 3350ce9ecd5e44a7b0e6cd4f4156a48d0485f356ba8af1721672059e93b0aafbcb87fd084cc0445b48496a1af3b8d2bed8836e7efa2c2ede435b3b7e891ed834 |
/data/data/ir.ziba.kuku/files/info.db
| MD5 | 65af62fcab8e72ec6e9dbd9b32057881 |
| SHA1 | a732949404cceb9c5944a74786637d2d1f03e7d2 |
| SHA256 | 95b9575a3b36156e0e31d091e82c41b7293535a3ccc3afb1d1b27f38d84d1c07 |
| SHA512 | 3d1217369acb8bae1308c33533c84b010b53467ac613fdad27032df0923f40eab5a6e71ed09bc19b96327c9778d44a16201d1cc96723a834cf4d5fd7f8f848c4 |
/data/data/ir.ziba.kuku/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/ir.ziba.kuku/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/data/ir.ziba.kuku/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 09:35
Reported
2024-05-27 09:38
Platform
android-x64-20240514-en
Max time kernel
65s
Max time network
176s
Command Line
ir.ziba.kuku
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ir.ziba.kuku/cache/1582435991586.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.ziba.kuku
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 1.1.1.1:53 | almabala.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | admob.mehranarzani.ir | udp |
| BE | 173.194.76.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 216.58.212.226:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 172.217.16.238:443 | tcp |
Files
/data/data/ir.ziba.kuku/databases/db_default_job_manager-journal
| MD5 | 333f8b11982b6f6bcee1a1dee6c4166e |
| SHA1 | 0e20633a9690b60332fca92e19b80186187f34dd |
| SHA256 | fc23c2d63eeec5c4680f47d28ef66e230d335556867879059d16a1c4cb43b04d |
| SHA512 | 155702b50b967632a32f1a555a5fb4d67f7a1581e0901be3806dbc9cd473398bbe587a0eddeedc7a613fc8205876570bf61cfe7ad18dfbf2002c3a6d312c396d |
/data/data/ir.ziba.kuku/databases/db_default_job_manager
| MD5 | 4adb7a83903a01e4bc957df50590782b |
| SHA1 | 4e35b4e34baf2a9c7a7509acbf46802ce1c052b5 |
| SHA256 | 52109b2a4b4395f5c201a57f25f043d95e4fab7ec7708f0e197a7a97ddbe2039 |
| SHA512 | 3c5849e5471821de9940154a045cde13b0373b93fd0f0d682d64c7e538552cadf48e5d15da5ae2ff1a8fe87f7e55d758a4a4bcbcb4d06bd34e8862be619bca32 |
/data/data/ir.ziba.kuku/databases/db_default_job_manager-journal
| MD5 | f1d42ddd47991089c32999951e69bfb6 |
| SHA1 | 849f48cddffed62687ddd0577a939f53dd32bd5e |
| SHA256 | 14c9cb798915b122fd67ba490340e7902cf90f870e161c9554527fb432012026 |
| SHA512 | a12535ec9e8dfa05752283d411dea8801491a9dbe15e37feb6d6741e4e4bb0e5596fa632f1b98567a1e0d465e1a67575ea0c2d6bde4311e75f0bda658facb039 |
/data/data/ir.ziba.kuku/databases/db_default_job_manager-journal
| MD5 | ef934eb790eee8a8fed0b6f6a3010d8b |
| SHA1 | 8e63b075323372529c24c7b884fa27e7b0dd30e1 |
| SHA256 | 1a696fb09986b051f2a425927b0e3492e4d3a56bd5a5e89b1941544ea13d2f45 |
| SHA512 | 4220b8be0eb6a4fd77cd2732e88476bf9f6949f1a63f65c866ab54702d58c3a35dfe0772bdd3c6637451580e502e888f8c0474fe24998ae572d8a9336766965a |
/data/data/ir.ziba.kuku/no_backup/com.google.InstanceId.properties
| MD5 | df88a9b108314dbf96029396ff3009e6 |
| SHA1 | 2abc0106ee62eaea15a59b6c1348905e9e9f17db |
| SHA256 | 430ad806173274861199b6c87ab5a3bd4ccc3780a7d442a59736d76325d6ab22 |
| SHA512 | 4075219995ead45334551997035bbf34589eca86a89f7504ffd27b2c57e794dae8ae1bcf6a7fab7bf984a9292b0436da0468fcb1c9147dcb5efd2ec393c07ec6 |
/data/data/ir.ziba.kuku/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/1f9fe285-f575-4fd0-a0dd-0695f74754ac.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/ir.ziba.kuku/databases/db_default_job_manager-journal
| MD5 | 072c884cb0b616cd271fbef664c66046 |
| SHA1 | 5ff2b872d21e0c0001b04d41fa45f01c03ce5014 |
| SHA256 | 1f76be7517f6b602c9a392201c61c62059e83646eeec89fcc3bdf9cf32f04ef5 |
| SHA512 | 922db0d1c806169973b340c03cf39fe5f38d707c760898625342a82b63c22a3fed13f44d10c7e1066275c8665f1236fc4b2a2b9cf8acf4663839a283c855d233 |
/data/data/ir.ziba.kuku/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/d9c54db8-df65-41f3-b4a8-149f22725a69.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/ir.ziba.kuku/databases/db_default_job_manager-journal
| MD5 | 2995516132f57f2cd02bb6c1f9f90306 |
| SHA1 | 643c34c66076e0aa20b26f31feec8621634754a2 |
| SHA256 | 1f4d443bce689fa32598f11028bf9105f60cfd9274e64223893b4795a2299e54 |
| SHA512 | 4875a032d99f8601967b02d7d05a924233696a029bce83c2178c5826321cbbcee5684ded6fff80de82b61148dea9f367fc6a8ee91598bf6add1fd9ef2d2fbbcb |
/data/data/ir.ziba.kuku/databases/cheshdb-journal
| MD5 | 9a882e6974645d95bbf5964a8c19e74a |
| SHA1 | b159bb309eb9bb437c2934d502ef1df977d4dbaf |
| SHA256 | 256e1c70421eb1392f38eb90baa57f3f1a0e6ac33e81b680401ed85f98c6d4ff |
| SHA512 | a1e665c2b5aa242346930a0dd26541583f0325c946f1505209e71a01ec5f578ecde1cbec9db8e18a26376152d1fd9862de355f79dfa04e7c96067baaf2ceb1af |
/data/data/ir.ziba.kuku/databases/cheshdb
| MD5 | 259a1e4e7ebc4b0d0341ffcf0c3bc2ea |
| SHA1 | 9b8da5a0b24833a3e84567d9d8ee0d2f54d7b48c |
| SHA256 | 4f4987ac3d84abad3490459fa7a32b7bfadaae5f329e15dcff36e07d34faaeb1 |
| SHA512 | dc1296e2b0b18dd83a3782acb700e155ea9a60ef193bfa8c98999e7cc3c5b73a97c20a974cc956ab438aeeba812ec2d2f401fb2e714bb9bb5fb421fa4b7a2313 |
/data/data/ir.ziba.kuku/databases/db_default_job_manager-journal
| MD5 | 51ec54754be20780cd5333a08d93aa95 |
| SHA1 | 4e29003551cd5a3b14053321c3fab6da10dc9f92 |
| SHA256 | 5768e31d38e7b1c4fdc535041914c18f59fa92dc032b69363ec5989286d7aae8 |
| SHA512 | 8cd1d4f996bac878504bfb1830f09b76e8559f0e05058b8976313e219e5075a513fc6ba7f640ef6ccd1891079758cfb18216df2f6e031e007c7042b53e91bea4 |
/data/data/ir.ziba.kuku/databases/cheshdb-journal
| MD5 | 8b927abd524a3df93d12decf412f01e6 |
| SHA1 | 532f2edb565164edab1423084fbb0f1abaf6bf64 |
| SHA256 | b09ff59c9e2d7118f4b4cb517b405f5b849f16562de8ca38840c43c98f001e6f |
| SHA512 | ed512018b8085fb6b1b88b0d784189b60f919dfb9ae3b10227bddd9e38b98edcdaad5a626a50de54daea9ec5dbbbffab253dd375ac4077ffa036ca82ffff850f |
/data/data/ir.ziba.kuku/databases/cheshdb-journal
| MD5 | 1ce0ebc4409c93a0b9f8c3cbb9379392 |
| SHA1 | da2ab93f9fcbc7c85f27127ccf6faf7488fca781 |
| SHA256 | f883fc24e70e140717fea7bf8ac63425155f783cc88a2fe1299a79121944b928 |
| SHA512 | 9596064fe6e15eab5efb127a6b2080fcf29ffda41f8861b233b1186dc957847fe63ade7e9a7b73f809dd8ba519a2d490e09c6edc7d6ad4669971a63ca8a8891d |
/data/data/ir.ziba.kuku/databases/cheshdb-journal
| MD5 | 6da074e2745e2976091226734cfe1431 |
| SHA1 | 1fdee0726f39fa33708317fefe59abcb9e8aab49 |
| SHA256 | a5414524e88003eb4dd20f49160d97ea6e8f3877878b426907ee047f41959402 |
| SHA512 | 25eaff136b8d699cb4bcc7e2c60d36433b6480a8b2bcb599a54867232973cf4a488dc61d3267c6a2c5d105b7ddeeaff04dec46632e02829a0cec70d1cde8c4d0 |
/data/data/ir.ziba.kuku/databases/cheshdb-journal
| MD5 | b851f7c145af9501b908ac4497d9b53e |
| SHA1 | 926c9f497c7477dc3a5ce88cc1498827dfcca768 |
| SHA256 | dd131e1c80c5359efd4480bd5e27c0ca7d6780eaebc1226c49a341cbecff1f41 |
| SHA512 | 67e9e8f08f4c54c3eb13a62575181377e66e376256903578f7712b03ecd4b1deb9e990d9e62c76687c54fbc3d20fd3f522261c29f539bbe944cace6ed6e3c188 |
/data/data/ir.ziba.kuku/databases/cheshdb
| MD5 | 143ed322aba34b18e4ba464f0e26e236 |
| SHA1 | b072771fecb1222863d3071788e455c363ae5edf |
| SHA256 | db1a37a93b08115e2ad1433f881635056108e6915a1d01f383810d5725a3fe6c |
| SHA512 | d8666ecaae21936453f4f5dc0388cb55ec65a8935b6cdc2b9704991c7dc3f12a943103ff350d3230145534707554494f99dcaff6b1fcf0c9c295a28ee433baf0 |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db-journal
| MD5 | 5e714268965229e1421c785d03832792 |
| SHA1 | 3c398cb0ad153f29d3c05099b9706e5af0fcd798 |
| SHA256 | 4e3c4496a1f0e0c59d71455c430f5748b03930c0d278969196a0aae99afa9bb6 |
| SHA512 | 1875a9c39ec9d2a7926657435174165e6fe288b0a81097864d04b025c98b442121756920dfc6d9b23fc0cd293e3d5fd96dbb1a094f79d3eb391a09c7f171a030 |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | eb52a90bb70b76e946b62f50b6f7fb85 |
| SHA1 | 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0 |
| SHA256 | 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4 |
| SHA512 | b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db-journal
| MD5 | 4d895d5761417d100b86c6b7e8573ba5 |
| SHA1 | 65821c684a4c8156dff7cda2c710a674cb8a9a55 |
| SHA256 | 293e9c3ef663b01abce0be089887504fc0014b974ce877238dff1d8b9c4eb5c9 |
| SHA512 | e330e8c5a918ad0ec633b91429a2d5f77d733d781513d2c3119e667b724afe32f441b54122d57652706e722f5e5eab7d8d630caf648b8294286d97697931bc0d |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db-journal
| MD5 | 214fb8c1d0bf63b139e8b8b7c7170cab |
| SHA1 | a90df4742edfa9795fa79b01b1dda821871ef8f2 |
| SHA256 | dfae44d2a3872b79b366fe81130623f61ff62151c2376108fc9fa766098ea6bb |
| SHA512 | d8ae6e50895c53c34ceacf283dbbc2403f06a21acd3870eef8cd813b0f72acb502ef53df30e820592aedf920091d186fdf988a0dcf09d26c4606a053f63bee5d |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db-journal
| MD5 | 1d7c90ff00c7bf5cd0a9403d8ab2e21a |
| SHA1 | d8d6e66a510b67622d862807ac0d56725bf58ef4 |
| SHA256 | d2a70c846faf0599b45169e7eb1d18f00d8099a35f8a9d9e2a76c4d4ab7fcf76 |
| SHA512 | 5e07614f2b46de5812574b4315667fdf7cdecce44ff574a0bf4b0daa88a3e8480864e6cb786c5e31806f0914b94e8c7c4b92afade32dd34b94d9cb5e2e3ca26a |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db-journal
| MD5 | 840b47f18d4027e9e256b4a5071f0265 |
| SHA1 | b102a96e8d131366af51d06b4f42f2323d31b925 |
| SHA256 | c84e39b7f98dc673629d786ea8a5c8b5213fa0e8a6e1bda054acc11ebfb086b6 |
| SHA512 | 8719bb17748fb830f4f5f57b1f537781960a2af2caeb00cdac55cb19e4c8e6144fccd205f19e34bfe223572348e8b93e757a8490726ac48129c1e1d57f3f7c66 |
/data/data/ir.ziba.kuku/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f0653c34-32dc-450f-8ebf-fb9aa1c86c78.jobs
| MD5 | 2beda353a0e70c9a68e88fd9a2b812e3 |
| SHA1 | f8a465b594165af0f90680449c87dbd383e79fe2 |
| SHA256 | 7b8f1b78ee6c789e9c7f191b034b61a5afc9269d82fb0fd2aa8c3a76055fe2e7 |
| SHA512 | 8a0b6d8e3d4f9b792ef3823034094d6bc9423299dc42949fc1add9cc64f046705475831ef9d5bb8f933d698150dcc6f5c3d854f9303f97f4df08a09c8bcccf27 |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db-journal
| MD5 | 500187b6faecef11f3c0b600c60b2f92 |
| SHA1 | 1f26f2a1372842ea9fcd41ee8eb259b32f24d23c |
| SHA256 | abeb294fc222fbd99d6983e59d3602670d5827d1ed53572aa1ed8f91b63815a2 |
| SHA512 | 0e69603b0b32b7bbc529aa2ceacb658d5fe2f4dae72b8f90c792894dad857d21450be096fc8e0f69a26f6b2b26da5ecaf92e8e5f34f2238af16545c04c594aa7 |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | 509cfce954027c7b1105ca5b97c018b2 |
| SHA1 | 80db6573043b887ddf5421544543f287f6158b01 |
| SHA256 | 01cfa9eb10cc94d809d80c7aebf3b28551c454c45e999fcfda6442a5c46f3c09 |
| SHA512 | 435f1e6fd8aafdadef9500a2833240c466b937084c10f0c8d180ba4c4e0a8b114e738892204ca3ab723a3388db90b6685a5902d329b18374c9b032f8a0a43ae5 |
/data/data/ir.ziba.kuku/databases/__pushe_base_lib_db-journal
| MD5 | 87d4e004291d6f4297ca5c9458f1cfb5 |
| SHA1 | 60e0c6f13710bc68ee4782557b33c9623fb19000 |
| SHA256 | de457adeab09c4694920ff42b7b7c79928cb5688a5e819b157fd6b66ae97a5e8 |
| SHA512 | 63d4d5ab88c77238ea13b65f89f53a07ac6fbe33696abf8df79191db878d95210ae81302b553a4fa7dcc9e14f2dfc27d237c55e7fb591228c56255830fe18f02 |
/data/data/ir.ziba.kuku/databases/__pushe_base_lib_db
| MD5 | 5f5002b054938356da85e163118afa81 |
| SHA1 | a5913210273644f5f37cacd14c8bba37793169f8 |
| SHA256 | 7eee7a269afd7375faf459de7f497d13a6ad371cc7abbc0696cf9f2f7f9b8cc1 |
| SHA512 | df70579f2c787f0fee9b6f99cd81abfa6474ab771d4a2e1e75f6a8ce01f77f6021f5618686ed164c44071c034cdbed4baa302613d460bb5a4d3fe6d90ef33c8e |
/data/data/ir.ziba.kuku/databases/__pushe_base_lib_db-journal
| MD5 | e2bbb0c4340b42a0741851f132bf6de8 |
| SHA1 | 8d647b96b89f1f201d7af35a0df505e363c01706 |
| SHA256 | b1885e432945e02a1c0963bd510023f097600b26279cd7d3313ad48095a2cf92 |
| SHA512 | b49d142fa2cfd3b56f5312509d427ecb4856af25a3d10798fb6c7c136278b2ab36b873928f4bd8694e4efe65b41ca2994c48834744139d2264e265fcad9614d4 |
/data/data/ir.ziba.kuku/databases/__pushe_base_lib_db-journal
| MD5 | 9dbffd78aa58594e31bd0ce27fd3d08e |
| SHA1 | 68dc68e43426b54e87ad0c3347231685b61c8028 |
| SHA256 | e2183cd35680a9943b094896a002c0c4d9761fcc74b9d4ed3f5e8738c2ec150f |
| SHA512 | f9d413c57ac1d3748248a17aa6bd83407e972992c4896d3069d3244cfea5a611fc51407d29e7842d7b6bea31da9bb18639fc96640c75e6c7a6bde4bca3606a35 |
/data/data/ir.ziba.kuku/files/info.db
| MD5 | 8bedf997089a2734cd138da037dbe00c |
| SHA1 | 86d4064bc54dc8e7d06c0e03d21921f2f5c00ecd |
| SHA256 | 742b2d55b43405d8eebdc38cac728b3c0f63e1af3817d9eade6f67cdaaa73414 |
| SHA512 | ce38ef86fded49c53db632126b3b621efff4eee6e1478ed79c011aefde72cc6cb4c63bca60df340af1ea6846a4deefe3b63efabdaa804b698b5144dac1f0da1e |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | d6ea0f3116d6863699a23ef2cb39f87b |
| SHA1 | 7711f2fb3812cbdedb1fe9650df46c443a0b8214 |
| SHA256 | b18732e92e2fb9fc7b860f0be8722ef7459362ce609d0fdf1519c549c1cf5aa3 |
| SHA512 | fdacfd825ccd82bb546500e3b049d6169fe0804d9f9b7332320a59ceb223509a1f5e5c0463680a6a5a478f1d9f548130591bf97cc230eaddf2ea80269f65d1a5 |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | 7c7ff19012a7d3439c0e8f682590b5a7 |
| SHA1 | 168c2fd4827c6d7b408968f5d3000b3db46d78b0 |
| SHA256 | 7deecdb1446d11ed0598cca25a71594c8090d43e58e16e92684c0c21d8cd2c27 |
| SHA512 | f5749943fcddc5d0df8d5c0c8bd5c492913a693256b4eddc2fd02199bef89cd238ac8395ae196e62090fc4ca1e87a679f35aa04d5c87da55d14acb754d5c4dc2 |
/data/data/ir.ziba.kuku/databases/__pushe_base_lib_db-journal
| MD5 | 7ef42da0136cd7028981b3a897a8205a |
| SHA1 | b097792cf4dbcee27fdd82123f859fcce6ee68b9 |
| SHA256 | 7c9d34fdcc8642d76cc394d40f03859d0436c6bc82de673d5868f89b428a45a5 |
| SHA512 | 30ea7339d3c479358286c746c679ea9d38bd3c14e96898400feefdf18b9983c8954bbe0014d59be8dfbea37b83774f9314f62f497e49c4a7844885be8a3d6edc |
/data/data/ir.ziba.kuku/databases/evernote_jobs.db-journal
| MD5 | 0d1d353a7e06edef2b8b52d75ca4afcf |
| SHA1 | a16ee7caa3ebea37e98c8a342be8ab9ad1073654 |
| SHA256 | b62ec50ce753d276003dcf2d798b2a8d04f83bd914a90ee34a8a2d38fe432984 |
| SHA512 | a9b57739f54ad81363524c5e7b88dc73e36a075c6e033e7b7bb26ef3657a663a11fed3b86d4026ec4c76cc0e77ed0f90f50f4d32aeb72186ae9e87b058e00b65 |
/data/data/ir.ziba.kuku/databases/evernote_jobs.db
| MD5 | 250977c31d2d57214e0c619da6a7644b |
| SHA1 | fa34d27cbc66d6983c8c3d7afc1b65af22ec1040 |
| SHA256 | fe913cc2ec525566edd7d2c84a7fb3e6f78d45b45629f22ee6a06a8e12e43764 |
| SHA512 | cecd1fed712ee69eb72d05215feb603833a5cb77efeeba572b13225d2a5820444d9459e03ee7eee401e76cb9b4f11271efdba04bd01098168d42775c8a9ea30a |
/data/data/ir.ziba.kuku/databases/evernote_jobs.db-journal
| MD5 | 5af835e7600fbcd84cbb287a255f56b3 |
| SHA1 | a0e7b9b939ea94007b2f82c8e745bfd559df1950 |
| SHA256 | 28a43208868dfe8f733252fa0c2c11a1aecbd99a6a22c6442635173781204620 |
| SHA512 | c964fe36e9850645f10bbb150dc8219aa4d7d9b042fc4fe8f18e43b4c239ccd36670da2dc04bd9c963f5f376e6be624abf43feb7237536f5a0c4bfa0248a2f05 |
/data/data/ir.ziba.kuku/databases/evernote_jobs.db-journal
| MD5 | c0d4b95f5605acf215ca3350b96aeaee |
| SHA1 | 3086c79326509791fa9d53bbb91e0eeab168d352 |
| SHA256 | bdd1e6bb5313bac990be41c4a36efff27e47d492ce16153d575cb15ea621f9db |
| SHA512 | d5bf55e2b7d43a45248fdfbb93df18c6b78a5a68c5548439ac25ab3e8e2d154b20507b2c80820a579de66199596cb836418a9645eafb35a3d73ad0e97fbf8445 |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | 847fcad4256817d0f88d0d4a24d84e8e |
| SHA1 | 2a3060e63db577ec4c6b2a0a302a0bb32bbd77f9 |
| SHA256 | 55ee9c114fe30bfc7fc20a66565169416b586215ba80f0b7b0491fa3fa04d2b9 |
| SHA512 | 886a7123b9579b625b2abee3b09ae8df90bfe0bf57fb34fb11d559a370aca9d59e92a073884d1d17a3f839e14a0cde1d3f4522b2c0b2776292780476a8b636f6 |
/data/data/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | d2845eee747d763d7fcd0542c31e4578 |
| SHA1 | e3c77884173f1d760fc4af130a3572094aefea10 |
| SHA256 | acb3d51741d0541bede39514a7eb7329b793164de404bd840abc165ce01a1314 |
| SHA512 | 8e116650ded8ca5087671390b11811512c72b1d235fd8228d7e6952dacaf4df79380e6f0be1b5568ac831696956a615f6ee0247d138c271ed042e91cf6b6e218 |
/data/data/ir.ziba.kuku/databases/evernote_jobs.db-journal
| MD5 | 68a8fb37be8027f18fe063b02c581b92 |
| SHA1 | 88d5580dc1f3ba34ab6de8852e79048ee46030e2 |
| SHA256 | dba37972d50a47db42a93ab38afb4b0f7a85321bd1bf199bb1d3f5f1d1dc4fce |
| SHA512 | f4fb88c7cb67c3aad426d0de5981341fa41329f50ec837f8f0d66259e84fe3a84210fd83d694569547630112176d479cc806478ab9ea6df3fd9771d96d6f742e |
/data/data/ir.ziba.kuku/databases/evernote_jobs.db-journal
| MD5 | 91159dd2d2d8168aa8c6a7dc7fb0076d |
| SHA1 | 0afd6af9651421600261dc752f9f7da1ac6f4a86 |
| SHA256 | 45c36c912315415f244cc3af52adf6c099f9569d48a92f7cb80c4ba3629f40dd |
| SHA512 | 6b807afd551dd0a43455911b753b0bda9f89c3c39cfdf1b733dcb6f829fe9a03786caf91ae30200faf428058671d7f3b781e908503e3849f30099f795942d171 |
/data/data/ir.ziba.kuku/databases/evernote_jobs.db-journal
| MD5 | 356582cb0d0b8d14853e1976119f2f12 |
| SHA1 | bd9163e75eabd7bf3d9535d3a995f8269a511d14 |
| SHA256 | 7745d3acc265858cb01302d07cadf245c093154309787438d7761de9925e0694 |
| SHA512 | 84d822a2a77a4bc24904f1922e2f166a291fbe6bce15b6d8cee08d65caad0bdd8c876caed678686552deb8047a25f7242bec0cdfd9e788d86b8610412d8b2737 |
/data/data/ir.ziba.kuku/databases/cheshdb-journal
| MD5 | 5c4c9761348a9b1bdc91c8eeb7f3941b |
| SHA1 | 623348b8d384efc63b4203580b88e876236dd55f |
| SHA256 | 71f4e26c032763b5a52e147e413178e677adcf9189402aacad283a55aecc116c |
| SHA512 | 659f07f1f803b466ce9aaf5a592a761b836d774f86a4f530640296ad461efb40bc4e2ea4b1487ce9631d977d5175927ec72c1bf1ef30b49bc96524ee9585f789 |
/data/data/ir.ziba.kuku/databases/cheshdb
| MD5 | 7741e134c0fd0ce00a3035553caf4a37 |
| SHA1 | 41180ebf079dcc61c6f010656ff08569f748fed5 |
| SHA256 | 204bb09ae9afe7e944b4ee977dd4a42ee6e9b983f9ba2133874b034de2cf87e8 |
| SHA512 | 2d92be366d98d221b9a6162ba2ace51300d22528ced54d60be5769a524d3b80d7f822e3cfcabe2bea4c44766ac46531106c965fb26b0225105893febf9277dee |
/data/data/ir.ziba.kuku/databases/cheshdb
| MD5 | 71238a2eab270a6f5d99f9d5d5640888 |
| SHA1 | ede363e1a57bc47127fea41b9917a945da1c869a |
| SHA256 | ced6cc5477eebf068c8ec568dac33ba4554724b69b3a2007b616fe0cb447b521 |
| SHA512 | e0d5ce7f32383b17e493549e4655b1252de134251d2d4be7a4f9c790518bf37b3b0779d6c95b12e1eeab75376807277a45fb476f0bd07b92a5ba4169442757df |
/data/data/ir.ziba.kuku/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/ir.ziba.kuku/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/data/ir.ziba.kuku/databases/__pushe_base_lib_db-journal
| MD5 | 5f6e773ae9e2eae10d19075bfaaa235e |
| SHA1 | 9c25cdf7bdc2f8b75828e264c2a69d2d044e823c |
| SHA256 | 09f0ffe42d46986f5ebde5cafe29745a6c1c86910c7ad64423a6d24f297c3559 |
| SHA512 | ae416ec6f68b3678442494332620b6b45bdd53883cd6b6b5bc7b8714d87905885f0f8853ccd1e2a5ae9472f9bab0bfc16060f70ee739e6c37c2be3852bb36de5 |
/data/data/ir.ziba.kuku/databases/__pushe_base_lib_db-journal
| MD5 | ae7594f1c3bd449ffe44a260a2de4e5a |
| SHA1 | fbdec281a99ea9ab76222a3e03ccd29af07b0994 |
| SHA256 | be67aa9c3174c9816ee09bd773a2494be270a25d38e373ebe300a121eb1b7a71 |
| SHA512 | deef517bf7d5482484723f984d5824e7d27e8b92756929a927ba979f7c11729b03fbc3a26135f91cebf0f9716996ee2dc123e46bafed4ddfcaee4416d56b4604 |
/data/data/ir.ziba.kuku/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-27 09:35
Reported
2024-05-27 09:38
Platform
android-x64-arm64-20240514-en
Max time kernel
106s
Max time network
172s
Command Line
ir.ziba.kuku
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ir.ziba.kuku/cache/1582435991586.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.ziba.kuku
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 1.1.1.1:53 | almabala.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | admob.mehranarzani.ir | udp |
| BE | 74.125.71.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 1.1.1.1:53 | pbsrqdtpvon | udp |
| US | 1.1.1.1:53 | idqpmjc | udp |
| US | 1.1.1.1:53 | nqbozxdhyexbsyk | udp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.3:443 | update.googleapis.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/user/0/ir.ziba.kuku/databases/db_default_job_manager-journal
| MD5 | 06cdac3ce0c65fb8df827ce91548281d |
| SHA1 | da588e19f11fdaf638effa4d10a21b795f71099b |
| SHA256 | 878efebd04a61f145b25a9eb62e360dae46477514e7e5a9b1a0f1043289990d8 |
| SHA512 | a4300323f74264409a2bf42ef140c687d12fe7dd8e20514e078ef0f8b7143299383acffd03481d80ee0c678c290db92c4d8fe2bb043e471202dec254ed206930 |
/data/user/0/ir.ziba.kuku/databases/db_default_job_manager
| MD5 | acbe6507c4ee08675128ae77ea493add |
| SHA1 | d609289b26fabccb90251e86b7169271e7c5a3dd |
| SHA256 | 465e665486cab28a43fe488ed1747ec4e6a19d2aad178d6fc25a60e1831ac550 |
| SHA512 | 8e9d736064b7b937a4e5e19ea8e73abe19e1f3abf70ae2f40b641545bdb08799e784bff3f6610af2ef471582591c0dd5ca1db16d4c2af685bea50927765a126e |
/data/user/0/ir.ziba.kuku/databases/db_default_job_manager-journal
| MD5 | 2f3438526fe1133e611782ec27021fed |
| SHA1 | f391fde74d576baa5ae09748564b1ea1daa6a6c9 |
| SHA256 | 2660a2115ac534891f9f9ee006e13c515cc756252ed1aed13ff64b7616b83890 |
| SHA512 | fc2a1430357206123cf0e3cb230e450e3f4d732907eeaf591d28d2a1ea45b0b7e9b5e1b36d989d0a714c6287bb434f3a09b1aca6c60001e5d7a008bfb9c13715 |
/data/user/0/ir.ziba.kuku/no_backup/com.google.InstanceId.properties
| MD5 | 72895b52856e14c8c0a3d505d49ed4c6 |
| SHA1 | f5f4bd5b4cb01faaa5d419b92697fc05cf7a2f49 |
| SHA256 | 02f55885f0c3b8429a17d933ee73df4b43a75fcb65dfdb8cbb00b53a36a47731 |
| SHA512 | 419f2f70f5903508030338269de6a13f7ab7960a354ff6d3163008da8576703486da4ca60ff7e9bbfc86d02de4dd85a64095f401870a54e0d319e5364eb63717 |
/data/user/0/ir.ziba.kuku/databases/db_default_job_manager-journal
| MD5 | 6a31abefdfe3d18e80373c7d2c6c3e20 |
| SHA1 | 78ef1c130959d093ae8cf45f4176596832e98bb0 |
| SHA256 | 7fd76f4410f427e8d9904719ce5c584425a484c2d1e736c1b092a0e329000bd5 |
| SHA512 | d7036087591968b0cea74ed382b20fe739a8e1424ba5616d30783a3baa3a4e5842800c2363e436c23998a786719babc2f7889890130746380ffb4c895344c959 |
/data/user/0/ir.ziba.kuku/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/9d0b8f83-e8cd-4d67-b1e3-19f3694ea627.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/user/0/ir.ziba.kuku/databases/db_default_job_manager-journal
| MD5 | e315978ad4784a033b48dd99663cca9f |
| SHA1 | d729f21bc1f34c5ba896ceb119198e3a6e1116f9 |
| SHA256 | 1062736128dfc87ca1f1aa391d261b56288eac69a58f8bab020aadde8e49cb2d |
| SHA512 | b0262f4285e2cf6b5889c1fcb639bd7f4d38a000437a42b0201c737fbb7e393c92916bd086dcc23b358437a52cc9a0e26c3933ee56544c4116de19bbe0b31015 |
/data/user/0/ir.ziba.kuku/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f6e3e1af-4736-4cdb-b8d3-d0cc9a19a2a4.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/user/0/ir.ziba.kuku/databases/db_default_job_manager-journal
| MD5 | c25046750a017bc64d51f9735b070762 |
| SHA1 | c36fb1cb3ef804cc7caae06960822e4830a0df42 |
| SHA256 | ff15910ddda1fa3489571f2da482dd22232483d78a53aa90dabdbee49c0a1fa7 |
| SHA512 | 2f054b275803b410799319906552570fcd45e516aed699e1a43874454651f7969393db076b9c9ea5fddefe4576548593d736df8689b7f437199ddf5846425736 |
/data/user/0/ir.ziba.kuku/databases/cheshdb-journal
| MD5 | ba7cb0438a4fd5716fac4423a1d3168e |
| SHA1 | 1fc41debe6a81cb31828cf05951a153ee5f31811 |
| SHA256 | 4b246165ab8b3aeacea9eb76b648ee42273036c54a66feb8fe2600ab05be455e |
| SHA512 | c3694935b2337431f068592789a70f3da0f124127bbf9b974ab750f61fc4b380d32897bec25e63412c7089c875bb2f41ee840496a09f6aa963044a66fe6a36cc |
/data/user/0/ir.ziba.kuku/databases/cheshdb
| MD5 | 0660d3ef5f0245096a9fa0f61d6a8666 |
| SHA1 | 282222362a5a05e3153b7f6b49ef35c667b19542 |
| SHA256 | 1091580378b83e0ab3222d05659ab9aef1d2c65d766d5e04735b628d7a760ba2 |
| SHA512 | 18bbe88051278314b76611bd68156ce60a9c3af3818d39991fa58d28bd9bcb8476eb00ef52ad8ae7d16c1d7ffcd9f2e8a858e2fd806ae59b5d85a8c3a9ca12a7 |
/data/user/0/ir.ziba.kuku/databases/cheshdb-journal
| MD5 | 4c943c929256cf6d097d13f3d4cb539f |
| SHA1 | ea8981b82bb6308def53807b71d6310c9cf5404b |
| SHA256 | 336ad9b14bc7b4a6e329e8a09aa59dc93409b12bf169040ff450642d6970bb88 |
| SHA512 | e5dd2f4738ec91b0d3c7acdc519f25db2438b4c50666d5dbd3009869caeaac1bd218283d9a80ebbd369d770176095f91a05016463f9af7bc387fcf2ea4e48052 |
/data/user/0/ir.ziba.kuku/databases/cheshdb-journal
| MD5 | 0ca68ece9f497a1cc99d8f48a6b01446 |
| SHA1 | 3b94b147e4dabb1cb228b1fbd0a627d04a814c61 |
| SHA256 | 21ded031d1a9fbb79928111e4e211bf569fb4beeda04ccf4a4550c7c5bdb1b8f |
| SHA512 | 9ac88f72666ac65d64679f408458016574196c0f9049e78711ce59aeaa48ab6143ecc552e454ca2c855cdbdc4b031255989978f343745e2328b4e07e0c5e4145 |
/data/user/0/ir.ziba.kuku/databases/cheshdb-journal
| MD5 | f11a8711bf00682e143d214ad3ff4cd6 |
| SHA1 | ef5f1908304ca11be09cc43e4061f52a91b3bf57 |
| SHA256 | 4fb8d9f78b87a57ea6632db507abc3f76d5f795ed08bfde2f46c2c66e4cdac4d |
| SHA512 | 63c71076b16c4795956a345a6c0ab4e7e87197becede09f66b07aa455d6dfd106f21d9141df2f72c3c157e5fffc5f217a84a6b00430b89787632adf0e3a30d84 |
/data/user/0/ir.ziba.kuku/databases/db_default_job_manager-journal
| MD5 | b8763a4c574cb66c3174eb8fb666b893 |
| SHA1 | 240fed5e52b5fd55014fc3ff52a6c16f53a6b313 |
| SHA256 | 0f503b7316ca5b5dc3c082ea7d70c2075920caffa4e0cea0a619e02aba7f359b |
| SHA512 | 92ab677aa3bd441184b9ee7e91018e2effa7bd11379904d0016302381dd9522859770040e5ba4b72dd5fe891854048f6eb6d9873c33b0fe76d32a1bd00069052 |
/data/user/0/ir.ziba.kuku/databases/google_app_measurement_local.db-journal
| MD5 | 6c2edfb821c347d1b168176074b939b4 |
| SHA1 | f73bb2583923d87d4b665396b8319404c0964007 |
| SHA256 | f994871d1788eaa406eb991071ecc1b2cb4021194d74240495ccd1416c0ff5b3 |
| SHA512 | 004d8bfaa2a0cd7847834f99f1c81d6990782e19f8527b4e19433f64efedbbc9a0a8cf55cd1165c80131dab2419001072e52a5cc5fb0d6b41c429e46b3e3bf33 |
/data/user/0/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/user/0/ir.ziba.kuku/databases/google_app_measurement_local.db-journal
| MD5 | addd7b7c67dca813f526c4e3d36fd993 |
| SHA1 | 31fb1df3d3d2157e138f9c6848a58aa181c5387c |
| SHA256 | c74ae6b6693c50777ff5f45dfada3b371b666f2b474fbf5bbbd31e05dcb629a2 |
| SHA512 | 97a55fbef48e8b95baf8964cd0b4d5c3b42432ab6338a9c3c7607c9c6a5d4ffe129de7080d7051f11b27313dd099bf85a04c0d6e226a8864474fdfb1406e3846 |
/data/user/0/ir.ziba.kuku/databases/google_app_measurement_local.db-journal
| MD5 | a998252f0ef7b61d1e463687fd866fd3 |
| SHA1 | 816ce6dfc4fea75462fca28f1d7a0c3fa8f05d61 |
| SHA256 | 410164347ee07d9778a892d210ade7e12b04bd80cbbdb1880797ba991d9d2665 |
| SHA512 | 055c8c30cf61a2adcf06c5de13376edf19f618b2c4895ac7095e649c643b94a6df2c1e812a3663d5e28f380b7cf746c6b288288d2f139524bcb88c8ee90c0d12 |
/data/user/0/ir.ziba.kuku/databases/google_app_measurement_local.db-journal
| MD5 | f7e66894f3efae38581cdc93c4a49dde |
| SHA1 | 6413a3b8995f39508bcd2677e4df4216e0bf2b44 |
| SHA256 | f5557e916a41601067793ed1450e107de9de8693b01d4bf545932fe17cbdb114 |
| SHA512 | cd9632012821bf4193034c52593396b2d4d52900fc38b9d2c8ede2baebe16566bb197c814567e167a5468971dfa871b829d6803c10ebdf6de348be60299f45c6 |
/data/user/0/ir.ziba.kuku/databases/cheshdb-journal
| MD5 | 54589528429b090cd4fd19d25bd2b1b6 |
| SHA1 | e1b6cc59d38803a77b744b44e3588aed5a34e481 |
| SHA256 | 284632f7da0856c967ce31f02ec7436b7914d387521dbbd5030eb5d819fba2ae |
| SHA512 | 0684c41fe3baa01ef2767d7eb2c1a1f0f591e1b4492de2d7aa39874c24c9f8cfe7fa7bfbd03a6f8bbe184141b60f17cb00739bb3dab6152c051462fd266bb1ad |
/data/user/0/ir.ziba.kuku/databases/cheshdb
| MD5 | 9d795d55388ddd51603dd5b9fc9175ab |
| SHA1 | 57443d4d437173fb2a5a39cb21bf9be298fc3deb |
| SHA256 | f1faec60f808bd84ac15069fe4c61e3fa1b5f5b294a2d64af9f1c5fb2cfcb1da |
| SHA512 | e1f2684dc693162d14d647bdd30bf04dd34f3abf4c5af5388951d3dba60a4db5b3cc1b25ac4b30332c77baab15b15df9a8fbf9b62d261f1c7e13dae71c0b466d |
/data/user/0/ir.ziba.kuku/databases/google_app_measurement_local.db-journal
| MD5 | 8d168bfc7b1ae497c345d78871cc91e7 |
| SHA1 | 152df08780c1146ce2bd898eea80653d763db706 |
| SHA256 | e2e0b6c5a1912cd740efbe7c5f2d54ba27d8a11757e25646f244452ec5b61251 |
| SHA512 | 654644e9e2a61e39ac041462d2adb18056c189d1560044c3244a2631701ebace1cfb31d86272cdd025b77241758aa61818cdcdcc191847618195981cc52b63d4 |
/data/user/0/ir.ziba.kuku/databases/google_app_measurement_local.db-journal
| MD5 | 3227646332cda47db869288e55e75ab8 |
| SHA1 | 4e802c280df3218583985a929e2dd309702a0957 |
| SHA256 | 91a200b344cecce5bcce9cc4740036c1d18d69ff42607cd377a1d7ef98c6a649 |
| SHA512 | d88e32458cee4423c21df1dc03436129a76d0966abe1cdff07498fd2f0103e48f3fac896a871e39542e7fe8b4339934941d80609cf508e393cf701cf03ae5530 |
/data/user/0/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | a87146d523a71a935861a85e1ae0c1ac |
| SHA1 | 9ea31458469d57947f0cbe35183a17f412f15dc3 |
| SHA256 | 1125f74e501c666e94ae4f4f086e81dc38c76eb89ea09ea5c5898360281863f6 |
| SHA512 | 7944f52d5fb327f455f7316831942af41591ead41319ddb349082910f3d9ba89059c6f5fcd1bb0e3adcf0edb441e43b0ca77491f86894aaf328ef3e24497a092 |
/data/user/0/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | 77ece321274579ecb00ff2ebefd62572 |
| SHA1 | 0dfc23deadc477947d9e1d22a9783bb62cda8a39 |
| SHA256 | 0e62c1ed45051fa4d95698dd5c5b2e223c0f1f2b0920cfc44c1d0a70c986de0f |
| SHA512 | 2682f3cf4d6be407400428529afb4d27fc10d3cc072816068989d29e746a40774a572adfc67eea617043a2b430a748cc02f8de646ed00a7e9014cbb8f5ea5cbf |
/data/user/0/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | 1264e7a8d78a644c72d955f4659d7670 |
| SHA1 | 426f2cd5c6933092cd3b1714acb0c3c9f72d739b |
| SHA256 | 1316bc795063415e78c9e31dd768c7f4c29c337c82874ad5b2afeef008d67de0 |
| SHA512 | 9a97ea1c8f72cd1a90c9fd733051c880a215a5514be49575707420336784a6ce89f0d3b9ac897baa757b2704fa7aa19cab2eab6f3eac99b16adb706eacb42ce3 |
/data/user/0/ir.ziba.kuku/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/acc88c35-6068-4501-adea-3844dffb7a86.jobs
| MD5 | a23a4c61acb2e05b9e259ddb5770e6e2 |
| SHA1 | f55e68345c2f4a64bec8ada8fc5fec3fc4f73a48 |
| SHA256 | cb8d1058c1ecc093378bf7310d80f518115b8358e4e42d3bab9319c8f3b47787 |
| SHA512 | f3318a940eb6b79a318ff7f34209eac33472b883332283b991db52ee67ccfc17de2ee41d73877e7c2e3d080ee7b7b398ece0bc39b3c89531f95874938878c4af |
/data/user/0/ir.ziba.kuku/databases/__pushe_base_lib_db-journal
| MD5 | a145fbda78af7a3ac683a639d4f860eb |
| SHA1 | 5c4e0187352500090e9189df0528583f8599a2c3 |
| SHA256 | 5b6a13c95fc718265ee236c0e58ec9deb202089a0bb195e848c931104069437f |
| SHA512 | 87813d12b43ee25d07c1075e4fa7a2e445575ba85e2ecf5f3f884def54d8be5fa2f6def62878c6f3a7fa28ba5fdcadfd8ed084fefcb756bbe4c937d21d16bbf2 |
/data/user/0/ir.ziba.kuku/databases/__pushe_base_lib_db
| MD5 | 19f254c3d228c389b0f8cfd9b6312b0f |
| SHA1 | e97013337826d02ea26f264a76c9a16570b87786 |
| SHA256 | fdde6299876940da06386f5c0b8fe251c2ec1e5fc268456b749879b0257f0854 |
| SHA512 | de9baa8d9d4fc399afd04c1e2f21a9e5adad1f02794b69dbb7ced7969cb36d145bfca2aacbb95317d5b72d9b2f0170c0eae1b48d211c0d0aa75f1662ac37aaac |
/data/user/0/ir.ziba.kuku/databases/__pushe_base_lib_db-journal
| MD5 | 9326319abc9b37968cd21e211e680a30 |
| SHA1 | 1d9fc6f09cdb369bcc7d3fc80a09ef4c6437cb10 |
| SHA256 | 9c0b6d83b9b32e1d7ee1d85850a07f163232d1055d056391bf26f9b5181ea696 |
| SHA512 | c53e13e9551a75e5b1b938107d6cbe10f7050eec53153634c5a64ce0a8baa28d08cf5db64ace5399fa4217ac6ad38899b168a1c495095e00ce9f45746163184d |
/data/user/0/ir.ziba.kuku/databases/__pushe_base_lib_db-journal
| MD5 | b66c898e091f982514d478274c2cfe11 |
| SHA1 | d734fff4e2427f676ca298be872bbeabf7025ffe |
| SHA256 | a50383c713867010a19c9fc620d2ad8247f351a3e479d7f4e4de4e833272ae3e |
| SHA512 | 037a3984b8a7828bfffd0d09a5b411e24179749db7457a1517852725b1da1a963f5843ad486283753b4aa84fa927bbd54816ca2145e31d716bd211f242afc477 |
/data/user/0/ir.ziba.kuku/files/info.db
| MD5 | 8bedf997089a2734cd138da037dbe00c |
| SHA1 | 86d4064bc54dc8e7d06c0e03d21921f2f5c00ecd |
| SHA256 | 742b2d55b43405d8eebdc38cac728b3c0f63e1af3817d9eade6f67cdaaa73414 |
| SHA512 | ce38ef86fded49c53db632126b3b621efff4eee6e1478ed79c011aefde72cc6cb4c63bca60df340af1ea6846a4deefe3b63efabdaa804b698b5144dac1f0da1e |
/data/user/0/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | eb78f560fc67e8c1d9d4dd30694a050d |
| SHA1 | a9c088ed3042cb6bac9e15fd29d8afe2d8f028a3 |
| SHA256 | ac5d5bb67b5902fd0cb3ff67d7798abc5183e360be24e680f616f9320e4dcd46 |
| SHA512 | 612761a52baa11903ebeeb8c3bbbaff19e069b4bf2f2cc276b974e7dce398130544fd65b3b175bcfae6fa83bfaa38313d486fc6d7d9c4e36c1e91f09f807e1a4 |
/data/user/0/ir.ziba.kuku/databases/google_app_measurement_local.db
| MD5 | e11508d350c851e5ff3f545f75b13340 |
| SHA1 | db5dca6efba82aef45e193a1b812cfdb80883e06 |
| SHA256 | 88d8c9eadce4fbd9b93b7400b96dbc534dc0d221f79a8a1a38e456e06ce49f6f |
| SHA512 | 0e3a2cd80b52f60fb1c070ac99cca14d4579499f1bc498818c57670fc4e79d9c75ecb06a3cd2df16510a3649203a613ea8489fe999cf9475b8558980cfa9330a |
/data/user/0/ir.ziba.kuku/databases/__pushe_base_lib_db-journal
| MD5 | 5272b3df4911f2288cfc8fdde406f41e |
| SHA1 | c992311bce8cd08ed5456980d0096d981e8b1c74 |
| SHA256 | 0e33bc9d35282f3542fa4c1d18ef975e4c6752930debfbcb96b3a92983acd0e2 |
| SHA512 | ff39cdb8c06f301e01ea4490b21646b46d6075495f965dfec576a6646ebacfa331219190d6cdc7519b65bdc05a4a1f3558509d7ee9ab0f4a3476f0437852966a |
/data/user/0/ir.ziba.kuku/databases/evernote_jobs.db-journal
| MD5 | df4899ac5f0b5c86fffc1f8c2642972c |
| SHA1 | ea27c5f8ae737f64284bcfae22b6c0c8ce514ed3 |
| SHA256 | 1b760b6e9259afba9cd01384c846a333a77e93d689cec0fb756ebbb5b53a0019 |
| SHA512 | a3a817355479a1e74eb74ed6ff4f638c60553754d5f5e01dd0635000706e3d41f7eee5872bdc6ea7935727c2248f7c7bcf4e3f6675f279d082f77dc44aad6d21 |
/data/user/0/ir.ziba.kuku/databases/evernote_jobs.db
| MD5 | 387e85f5daa29343e1e75576a3c40fd4 |
| SHA1 | a647ff7deff08673a5ce792f896250fcef65402d |
| SHA256 | 8736868cb3c3f001b0e3de69adb63825883b26c59761de7d1e3268a100b5f02e |
| SHA512 | 30bdf48e685937674e00c5d84be99fc9138f746ba627fc5d3ff0602810f6e748911e824b2864b311c2704e76b345bfa23cf9af58e90086d2867999b856093cb6 |
/data/user/0/ir.ziba.kuku/databases/evernote_jobs.db-journal
| MD5 | 0af3b5d31a10128cff8c6e2a524bacd8 |
| SHA1 | 60e2402c17e5ad578dda5d63b300f93cd44f58aa |
| SHA256 | a10bbeeba74178d578d177c07669e5309c849dd036acb865132a79cc6a7daa53 |
| SHA512 | 304cae3580117b60b1a6f450b20e79f852074a64173d7c21b13fa1b908c8135881874f12f7446ee1f7e47befc254f01be2cf62b76710fef57f8f44df78eb2886 |
/data/user/0/ir.ziba.kuku/databases/evernote_jobs.db-journal
| MD5 | 2f3f1271e86d9c185f05b655ca0c8c8f |
| SHA1 | 4bb3e7ec4b78e9d58c541c32490f90569448d038 |
| SHA256 | 776d7464da44b5aa68b3e20876fc56e83dd7aad4db5fad919ecb56ea16a8b267 |
| SHA512 | 9c44c3d6d6ec687fbba7af927e5fb1cd5b7e1ae3f5d568b127de292e500ddf0b404d4f22174d4cfea59699a136abbe6c86d7cacd596e41ec48853f8da958202e |
/data/user/0/ir.ziba.kuku/databases/evernote_jobs.db-journal
| MD5 | d503ecaf4b16af3cc46c8c4e7edaa6eb |
| SHA1 | 5c8e54f9789aaf324941a1fe3ebaa6c74d3898b6 |
| SHA256 | cb485f31dad45b915942c298ad923ddb30b646c81390b9c4fe5441e245df89f9 |
| SHA512 | 470c07143c3ca423b63a9640d6f87feffa62a06c2fd2648857726c9379e986228c416cd7848d2adb58b0e889911e246deb542320ad2a0c9da46fe92bf258176f |
/data/user/0/ir.ziba.kuku/databases/evernote_jobs.db-journal
| MD5 | ab01fa43a74d39cf38a0fc51faf86b02 |
| SHA1 | 33a62786b7c55093c4d3f463c61e0b0d9eb3aab9 |
| SHA256 | 0b9296755bf98f06dfa92c66dcae087ed30ecc0466e4eeeb2cb457ae14a7ef4f |
| SHA512 | 64587cf4f737eacf09292c90b812a6e82d8d221fac6f512cd4d665ee2877f138cca2d1e605082c86b52877cc419999dba4bafb50048b1ec550f700681647a4d1 |
/data/user/0/ir.ziba.kuku/databases/evernote_jobs.db-journal
| MD5 | 58d46c058e9aea00a30deed30545519e |
| SHA1 | 04e6c6fd8a81d338bf9aa2157d62cffde20609f0 |
| SHA256 | d977a8e8bab147a996408bfa97c4b34fe93e8002d81fac3710344e4e0d4cd0c7 |
| SHA512 | 877ccbcf00c3b251122a7c7993a4be23564580b428adf1c5c00362de4cb57d583a809b78d21f7a54688f00f29bccb54a4e924d84582685a5c048d75464f32b28 |
/data/user/0/ir.ziba.kuku/databases/cheshdb-journal
| MD5 | f9236ecf2974d43957b06b73e8e08160 |
| SHA1 | d55d692a52d45bf9d90da2559e3dc66f5d726466 |
| SHA256 | c29bb9a95220a9c4149fd8c85a7d450763e8af31c32dfc1865c4c95bce768a43 |
| SHA512 | 52bb3be6d7cbacbff1d32a16a974afa901cb129ce7ff70b2f5eecd05b98c2cb2da38beee61a87f382c25f87fad0d8e88df3c5cf0f649c8a678d555afdeb37ca0 |
/data/user/0/ir.ziba.kuku/databases/cheshdb
| MD5 | 70a15274db6bb5918af1bf60293a6e50 |
| SHA1 | 868c4ff4aaeb09fb4282435790da3d4d0993bb36 |
| SHA256 | 219cc1587234655dbdf7fb7e9ba8c13815866b0c3f04f51ddf7be69b66024802 |
| SHA512 | 0b4dbf01ff6cb8bea0a6e6a4c8d24b34564428648ba68f6c4f16a6d0d63795e50c4a570325da249feeaa43c5c24be38b33165af473cdba29da1a3c16804a2084 |
/data/user/0/ir.ziba.kuku/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/ir.ziba.kuku/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/user/0/ir.ziba.kuku/databases/__pushe_base_lib_db-journal
| MD5 | 97e3eec18b0c1b8864db7f3064fb0c46 |
| SHA1 | 9e2f15f79e58295a8cb58195914eae2f9f509bfb |
| SHA256 | 1897a13ae0c7c68681e6719be0c387077c4a658c960781ed2c79f89d93764c4e |
| SHA512 | ed473c26f2090f2767cc3cd1a87236deb370aef26e769d59a96bc161aef07b03a4e5018e97486d5f610e955a9ce7b3e7c134164ad6928a070e9c7bc79af83114 |
/data/user/0/ir.ziba.kuku/databases/__pushe_base_lib_db-journal
| MD5 | c84dee9cbb8af5c0fb40bbd26beb1fe8 |
| SHA1 | bff5ac2a18d742616aae40c2be7bcc3b83edc71e |
| SHA256 | 95798e6dc29ada873803d1923ae82757a8d6f0d46c52f6b5f1b50299bf224861 |
| SHA512 | a09617f4e67ab829d90c902c08f484ce64102fd203fe9328866bd8074341459917b3d44f2b7e63bc0097ae278c6aef6e58f1de038290c63090d0b4f346ba4d23 |
/data/user/0/ir.ziba.kuku/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |