Analysis Overview
SHA256
0813f423639b63645104b7c85f20a245d83dd3c61badee2de231da66fe9b4d70
Threat Level: Known bad
The file 78bd894d527bf6e5e36b87f4436155f5_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata family
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
Obtains sensitive information copied to the device clipboard
Queries information about the current nearby Wi-Fi networks
Checks CPU information
Reads information about phone network operator.
Checks if the internet connection is available
Acquires the wake lock
Requests cell location
Schedules tasks to execute at a specified time
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-27 09:50
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-27 09:50
Reported
2024-05-27 09:53
Platform
android-x64-arm64-20240514-en
Max time kernel
40s
Max time network
186s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
khone.deservashirini
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | ce1f04e906c64be4a5ab7d21062b6d0c.s.adad.ir | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | lrwzefasvurhdk | udp |
| US | 1.1.1.1:53 | tdisvrdpq | udp |
| US | 1.1.1.1:53 | hmrwkrgmihgrum | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 34.172.225.131:80 | 4.ifcfg.me | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ca.pushe.ir | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| GB | 172.217.169.34:443 | tcp |
Files
/data/user/0/khone.deservashirini/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/khone.deservashirini/databases/evernote_jobs.db-journal
| MD5 | 45c34c4b7dc58fc7550fb000f0aa6364 |
| SHA1 | b54cdd21ee4a7f63709ac84f3f058e67435f86f0 |
| SHA256 | f13a037dfb21cd873ac0a9e0fe3603aa03656947952a1d4a74be91d8bd2f65a3 |
| SHA512 | 3180ca1282ad2ab964c31bc2b6f056e1f1174e09e7eb8d40945f0e2e0024032e3e520381fe26989632b0cfb2614d55198955cbc640bf8d29df6bdfc5bfea5395 |
/data/user/0/khone.deservashirini/databases/evernote_jobs.db
| MD5 | 47080e3bfcf2db9b8620f2faf6c5857a |
| SHA1 | 6f63c1851255e0fa99567f047382074b086d38bc |
| SHA256 | dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb |
| SHA512 | e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473 |
/data/user/0/khone.deservashirini/databases/evernote_jobs.db-journal
| MD5 | 65488f26a9771fdde5dceafbca175362 |
| SHA1 | 98044a5649c38a541dfa921ec90c08cd0600a519 |
| SHA256 | abcf6fe49ad47bb9c981046d7069ab0641aa921482e1bd24c7adc7a0d210162e |
| SHA512 | 2cc80d4a7958ad1bc3c5d5b9947a519916cfd1dc3129b33cb2f596e3107ae17d65e46c55422a2d3904ee6bc2ecde9c4753cb0f6f27338600b95b126378eda77f |
/data/user/0/khone.deservashirini/databases/evernote_jobs.db-journal
| MD5 | 964d5592cd12f453d4cc92d5aa92a6d0 |
| SHA1 | bc70b34e0789cffe85fb2755c3b1da6aab747d0b |
| SHA256 | 8990443dfc84c97fc83a7b5d319ac18077f1324b0301f2ace2de07f7c2d687a1 |
| SHA512 | 6b906a9752e1c9a40c7c5e828e03f9f1456d14dd644536f7f440942a860c678ea1daa625f862cd85bd9877e6a8a9fe2cbbe10a0e295bad66227f0dfa71e8c816 |
/data/user/0/khone.deservashirini/databases/evernote_jobs.db-journal
| MD5 | a0b4ab0ea4678584a54d319eecec74c7 |
| SHA1 | 0f8762681b09fffd407cf5bf0dcb16942bfd8826 |
| SHA256 | bb65e696709d9cc86b4a2e309f30546551d1d26650aa2b163d73d537c70b1ce0 |
| SHA512 | 585dec343e4fc6d4a65fc5ba559f5d061351ef5870cebb6e3f3dc9d13639cc7340ba13cfecbff6f87d342b95808e608d292189935a33157168a7aae4a5dd6e87 |
/data/user/0/khone.deservashirini/databases/evernote_jobs.db
| MD5 | 000b95f2bc5a8f56e0aee563c1046575 |
| SHA1 | 03f8e9a434378e066779319d875cee162919acea |
| SHA256 | f2e73ae0ec6d6a2b256de2f0cd99ae221a1e3b54b4a1cae9bb0eb2c7101d3f48 |
| SHA512 | 11e27f401a2c45c5493cf002e8da025f78c32760c1798dbff3bbd00ed2237a910771688c7dc59cccda2714f9b6167b141486fb11bf2ab6d9539fb377cb74fff2 |
/data/user/0/khone.deservashirini/databases/__pushe_base_lib_db-journal
| MD5 | 38e3b5578e129759d2e660de0e07d209 |
| SHA1 | ae2ae132bd2cc4644d28bae9d258f3cd16010815 |
| SHA256 | f099cd12dcd3bbcc920202d7ee0754a6d1c7a4426993e131a96fa951eaba29fe |
| SHA512 | aeac96ff9b9167529599bf139bd11e0dccfc89fa8fcb946bb6b21ca129a971e203ebad54f810d410e38fd125d3aa234f2a77fc7236c9956293c4f8ca878a3ba4 |
/data/user/0/khone.deservashirini/databases/__pushe_base_lib_db
| MD5 | 3257f1f35fafe2d93e2f75eba3c69b29 |
| SHA1 | a74e218a3b8c77c08c348fd1fb090af0df82a263 |
| SHA256 | f2be8055b666d65981445b7c18cee2bc55d09e65591dd424569b15737d21aa67 |
| SHA512 | 05b45e1515f0cd094624425a2267a85a45a49dfd4e5651cf0462614c2853f796b7dd119d24157109208b2733268a8e66cb62555cd3d4113e618e532722773b01 |
/data/user/0/khone.deservashirini/databases/__pushe_base_lib_db-journal
| MD5 | 15d875aa1ac3c44282448998c6bb55ed |
| SHA1 | 8953f2d7d4b0194c524d958d3f36800e6d0f7cf9 |
| SHA256 | 51bc7c2ec36d52a92df5b51636343c4afe3423193c4a0a8dfcf036783260239a |
| SHA512 | ed42a86a37f1b8aa0ef716694f7f6fe089adbf07b1d596d736f1921937abce55f31742870120562075e4a94226f15cc288d955638847161668c101cf84a28e80 |
/data/user/0/khone.deservashirini/databases/__pushe_base_lib_db-journal
| MD5 | e8c858f7d043f0bb868833e00eeb10fb |
| SHA1 | a6418785e169813d89d498b5c7836ad8e0bd479b |
| SHA256 | 3b5a69c8c497d4418c7cf83544ea2fe3149055c1da24e9675004f6c9e9b8b51b |
| SHA512 | 1bd5504c5a28bbab510a1825a069b4cdddf0d08f9eec3c8f9b7ed8603b6e87f76690d588ae1eeb81b84a00ddee2176b124ba1b2536b6f2d69073797fadd1674b |
/data/user/0/khone.deservashirini/databases/evernote_jobs.db-journal
| MD5 | 0c6a92f2bb941cd31ba70c38817da7d7 |
| SHA1 | 4b8dbc390640c95e099febf0e920b2004f949ea6 |
| SHA256 | 1b5582da42e4fe66fb9328732f06f7f9db936a1e2fb56375306e30525346b914 |
| SHA512 | f87d9fbbb6adf6627fffae9b0276894005592204ce4a9c541dd3b49d9a0d47d4f13059880a4a8ef488ee98b561a13a8e8758cfcc9a6ed7df66af8dda407792fd |
/data/user/0/khone.deservashirini/databases/evernote_jobs.db
| MD5 | 3c2abe32664ffac9bbf8e84763afd1c3 |
| SHA1 | d7a7eff4ad5546953551e1f009efa0ae86ace0a5 |
| SHA256 | f5cda75ea20bb3e7c6e7df388336e93fd02faebfc7f6fa7fabced7cf09cfc12b |
| SHA512 | 9c73359289d1d43239188fb282bc762f277514c025cb66cefacd7b0c8d0f8c64b8991bd97bb9a9d5028d32adbb3edd943770441271937b4a166435c880925470 |
/data/user/0/khone.deservashirini/databases/evernote_jobs.db-journal
| MD5 | 922221e7ab5c903d3d0aac032a54af1d |
| SHA1 | 07b02925155480da9fe94231c445896a09f1e73d |
| SHA256 | d201055b5f3879b4a07f2ed5c4ecc395c3afb6a185c5e81e5160dc471f3ff308 |
| SHA512 | ed23665a686be216523f3eeadc7045c8e92806c2a351cd5067bfb542db36dc57cb143c76284dcae9da2db69ac94225553218d8936604e2e2f82353a412a01b3f |
/data/user/0/khone.deservashirini/databases/evernote_jobs.db
| MD5 | 814cc975ffa88c80c056f10e842bb758 |
| SHA1 | b3592c1e83ad9e6a4df7a86c9ec2683bde3c40c4 |
| SHA256 | b893299effc14e233be369caa69089ce4589dfce1980d3cbb6a863c1ab0aab37 |
| SHA512 | 964af37a9ebcc033ffdab59daeb00838cf4482dc56a9c3a72fee4aa52d1faa5ec99b51b36060d636624ab0ec483cfe14bd5b20824267e52fe3ea713c761de4f7 |
/data/user/0/khone.deservashirini/databases/evernote_jobs.db
| MD5 | 17c71870d2f71429d546581065c65a80 |
| SHA1 | f92e5217ffa26589d851f7e03edf275264267fa3 |
| SHA256 | 6098133537da5a65e73b8f9afed438286d1aabb0090eb3d77618eeb470df055d |
| SHA512 | f97c3f705b38424350f1f725fd69101a29208b4aff2957c07535bd01fc5346cbe02277576c62f5d734b7e0f8c3fb3640ca18fd3f23f9ad3c1cb5637a76dfc4a7 |
/data/user/0/khone.deservashirini/databases/evernote_jobs.db
| MD5 | 4d8e811b4649fb16fc6250cf24edc4f9 |
| SHA1 | bf9cb310b6b15ade130bb09a08f83b1bd4c1f41e |
| SHA256 | c7930aa0539efa87036b27f8da4f5dda34ce4f48de44232b0bcca3603da013fb |
| SHA512 | b5c7f1862eda09ae5581d7eb845a9448f99a6c9a5d6f5eaf20fcdc1298d5af03adbae5987e67055bfdd39a0a983474b1a15c6970ba74997de323c54e40562ffa |
/data/user/0/khone.deservashirini/databases/__pushe_base_lib_db-journal
| MD5 | 9c6ad31d01ac38ab5f8bd3746a24dfc0 |
| SHA1 | 5c17f3d1393b78b5f018402d454b083041ddec6c |
| SHA256 | 7fda89cc732f6884e01486c098788fff231e332b7943abbfca7effea66b933b4 |
| SHA512 | 55fa9d3b3bfb8405ed2137e10e7c0be0ab3255f0bdd7b5a3910b0ddd47c7031fb335bb2d38168fc56b8e69a34cd7a993c4e788ffec577ea76b9dee3bde648746 |
/data/user/0/khone.deservashirini/databases/__pushe_base_lib_db-journal
| MD5 | a768923da7aa5202f72e7d7e60050d7e |
| SHA1 | a477abca241c5d030dfbbfa9250a1309d83c4ff1 |
| SHA256 | 24323d45093f69fd9aea3abee05fa36de51227938580b618e3c453c200da1636 |
| SHA512 | 0629b18f80d353ff5923ff60f992788fad12476569c5a1ee48eaf799ac8b66cae7b5d2741201703b60b769079de81849073fb6ce74313181ab495aaf8e20bf34 |
/data/user/0/khone.deservashirini/databases/__pushe_base_lib_db-journal
| MD5 | 0a6e3c7441f4c7dff991b3dd40cb38e6 |
| SHA1 | 6b8dbd1a851e613afb46ac27690078e594ea8f05 |
| SHA256 | cad1e71c4b64db26d024155c047d4f1459fd76847d7a3a113dfc02812bbae917 |
| SHA512 | 4753e5ae436955485bff3c4cdd4837e19d1049120f3d2c79332e45310ff3aebf224bbdf0f1256338af1c72f761ef98d0e621c20ec6f0e3f20c5551e073df239d |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 09:50
Reported
2024-05-27 09:53
Platform
android-x86-arm-20240514-en
Max time kernel
28s
Max time network
156s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
khone.deservashirini
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.195:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.3:443 | tcp | |
| US | 1.1.1.1:53 | ce1f04e906c64be4a5ab7d21062b6d0c.s.adad.ir | udp |
| US | 1.1.1.1:53 | ce1f04e906c64be4a5ab7d21062b6d0c.s.adad.ir | udp |
| US | 1.1.1.1:53 | ce1f04e906c64be4a5ab7d21062b6d0c.s.adad.ir | udp |
| US | 1.1.1.1:53 | ce1f04e906c64be4a5ab7d21062b6d0c.s.adad.ir | udp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 34.172.225.131:80 | 4.ifcfg.me | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.201.98:443 | tcp |
Files
/data/data/khone.deservashirini/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/khone.deservashirini/databases/evernote_jobs.db-journal
| MD5 | fa45e8cdadc720e40a830554f95ef8d7 |
| SHA1 | a3a85a54fb47cac9d8b71d65c2a074a48b2b98f1 |
| SHA256 | 141e1174c70d455795a068aa5c55ddeb6360437475d2187ab32a498cd7db794c |
| SHA512 | 99790fdce92ab9f04e4831114775d2f629cd0ae98a9458727413b593afd4a5c71b0f9575005802d3b026ceb4405c7c7e22d0861e98370a8fd08340435f088c59 |
/data/data/khone.deservashirini/databases/evernote_jobs.db
| MD5 | 978fdf85b8448e3a7c9015e51477eb49 |
| SHA1 | 793bb88398dc9457935a4416638d5ed3974baf19 |
| SHA256 | 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92 |
| SHA512 | 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38 |
/data/data/khone.deservashirini/databases/evernote_jobs.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/khone.deservashirini/databases/evernote_jobs.db-wal
| MD5 | db5129f69f4cd52f1b15f604111bb050 |
| SHA1 | 77ed01d6e989e21c108f53c7ae5ad47dfcfb488f |
| SHA256 | e3fdee9fc65e5f3c9d435c7ab2a8f6b7d441462c554b75e7fd0770189eabc99e |
| SHA512 | 2580098298e78bfad373c7904b9ad2605156bfe6442e8852226beba5c7f2d1e9de4836a1aaff44893e7636e4c4e79c54343196ffa9e9234ec4d75d86c3efdb21 |
/data/data/khone.deservashirini/databases/evernote_jobs.db-wal
| MD5 | 04cd8175f936ecd11f8d9faadececca2 |
| SHA1 | 5e31f781453b82028a798d4794ca269b69e0c4d9 |
| SHA256 | 3f29ed7da8e693aa39ccb3cc92c03cc8c0b23da2934cd2e578b6ad678616ef62 |
| SHA512 | 619ce013261fb5f92f1e9232c309a21225bf093b49c1348632ad73823126ea45a6f628522b04fc2232f0212c28679d8abaff4473272585fbec4b1b616a024974 |
/data/data/khone.deservashirini/databases/evernote_jobs.db
| MD5 | 79b35fe1b88796e60c7b97a53fc35abc |
| SHA1 | 6ab07ac24d58e2d4b44ed11a762e8603721b5cb8 |
| SHA256 | 34bf26fbbfa3917324678b8cc6259f3e843241cb51928620febf9ba26e210604 |
| SHA512 | 5b3c093987074bf49ca1bbf9baf39611abb6bd6d8e07d793ecff1c200cf89be88d67a678b2d7d992b5183e3b5f277656d2cb366d16e23ce84eb94097786d7f1d |
/data/data/khone.deservashirini/databases/__pushe_base_lib_db-journal
| MD5 | 525c6ba42fb647e58a41e4b8b019f3be |
| SHA1 | 702fb966246127c2283cf6e214b3d1965ecc4256 |
| SHA256 | c72610fc78a6f109ff5e0dcfac8bda21b1252a355b78d2831b746999bb44dac1 |
| SHA512 | 79324857ee54f5f5c11803e352518bea2e931c11baef02ded6c6163f359f3603176f17ee2ed44ab6afab95a833ee30ab7c27da8856ace9160ccad9652718c1ed |
/data/data/khone.deservashirini/databases/__pushe_base_lib_db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/khone.deservashirini/databases/__pushe_base_lib_db-wal
| MD5 | c75e9ea2c2a6700c1d374fb13f51a59c |
| SHA1 | 94effb3b3000a3c30bec547f0f9a93154a078815 |
| SHA256 | 584d4eadc0b070342e921d5a172217c583079f3f0e611b3b422c9d0211a3e1fe |
| SHA512 | 2eb1d29bd2fe72cefb924b3b1902713260509cfc0e941ca45d767d73cfc3e5c6c369086c8c933299d6b8af974caac3dc48167b5342f0c8dd12693ce697d32e99 |
/data/data/khone.deservashirini/databases/evernote_jobs.db-wal
| MD5 | 7fd503c4865998fcc2262e2081a8f94d |
| SHA1 | 06d9a6a74338e3dc57c3ad36f204abd190133a33 |
| SHA256 | 449ccb52d1f856d05d1831abfc5c623a333d666bc3f91ea4a5e9c04d4d11673f |
| SHA512 | b62118c50b062dc74743d63ed4351399d9d751dcb8e4a63d180e433b32ce50473b487b5454430548a2372c4f596df9b67cf4ad341e0602cea6dc6431058b9d98 |
/data/data/khone.deservashirini/databases/evernote_jobs.db
| MD5 | f8323d60aa312ed3b37c5a326d208a09 |
| SHA1 | 5ca422772e2e18ca60582b0722e2b140b9d6784a |
| SHA256 | 4cad21457cf5e13fa2ce645b8b75da2164a7a0c6039e0caa4d82f6fd23ace64a |
| SHA512 | be4b602b9e09411f8ef7f36fe15464aebe2926a42772001921ba2a8f25d0f7a6c1e024aff2890385a171e22f96dafd111d8ce8fc3d2907a08fe41bf37547ab8b |
/data/data/khone.deservashirini/databases/evernote_jobs.db-wal
| MD5 | 546f005e57e4a4907e1c612cc637fd50 |
| SHA1 | 822f74998b413494a047459daf081ecae4c302d2 |
| SHA256 | 026ffcce2d12e24c1bb0aed0fe591a03a02ec7cb355492973bb71c22b15285f7 |
| SHA512 | 6944f830d8cbcf49a3526acba7948901e2b14d005c957788cfe11e0471327020a45c1e4816e82f533f5c71caab23b27f606b2da7061e85327629d81c6fd09d3a |
/data/data/khone.deservashirini/databases/evernote_jobs.db
| MD5 | 40e7ce69872c5ce8b961b25c5ec4117e |
| SHA1 | e77b1a9712313e4c69aaaaa5244360d58d078c6d |
| SHA256 | d97c3c9ddaf4255b157ad541c3b1f1f8ad6ccd8bbdb05edeb2f5682a042daba7 |
| SHA512 | 3ebf4cac7b20e3985243664fc9169d41655dd15e52a1ae86cbab488fa89591daab66d8fcbe23f8c1fb7208f6e670047459ac3261cce82e703f0f2be2908db62e |
/data/data/khone.deservashirini/databases/evernote_jobs.db-wal
| MD5 | 08815508f25c7bddb49136efe93031f2 |
| SHA1 | ba3690068c324a1cfbf1f7e82d447f8d69bbdf2b |
| SHA256 | 57d3e663ae31df70d232fb57f55db93f165ac044372aaaed726994961de12d6c |
| SHA512 | 0cbd65ca52b530f49f6a62803340c098e424826dc0f2c23be9db2520e933438fa509912d83dc17b0bba78dc6f3fd907bc6c4cabbd19f5cbe71dc995add49dadb |
/data/data/khone.deservashirini/databases/evernote_jobs.db
| MD5 | 09a8d47f1621806543942bd759c8fe91 |
| SHA1 | 0104fb12b70a6b4b186e1f1083272f12953091bb |
| SHA256 | 6a79188e1a74f45021ecaec8997ab01ab5d581e8b7e8faa0f8655f810ecd58b5 |
| SHA512 | 03adfcebcdeadd840b2f602039cf8cdc92b63e6a4d9513040e67f25a037be4336b2d70b24a71e0b1c959133ad7a2b68de1139c5e47cda121c7b76fcc7e9cbeec |
/data/data/khone.deservashirini/databases/evernote_jobs.db-wal
| MD5 | 323b3ea0bef035781f062d701f1445ea |
| SHA1 | be08830bb1bbd74ce3b6d628cfc0e6372b182a22 |
| SHA256 | 6afe18d953a57f8da2a6b22ed5056489c0807803b9679db7d234692fe3dda1aa |
| SHA512 | b04ef0054a9bdacbf0c213324083589ef8409dac9bd17149bcd71806c1ae098b0b9d2a24915544458beec170bae8a4ce3bd748cb61400708cf12b7b9582fc09f |
/data/data/khone.deservashirini/databases/evernote_jobs.db
| MD5 | 60fabb7199883ea2d249873e0082ed4c |
| SHA1 | 3687721768290863b44ae6b181481006ba3dcde2 |
| SHA256 | eacf2e421ab56d7b64490e7420aa05ba7da45ac5841d8dbadc147cc8e06fa6e9 |
| SHA512 | a583d7d108963ef679ad76ca5714e9a1a7764d03733d700d739c1d199bb1745a83ecec80f2eb5a5ab0366aa9cc6efd7924332cef224d39542bc3be44342f4cde |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 09:50
Reported
2024-05-27 09:53
Platform
android-x64-20240514-en
Max time kernel
50s
Max time network
184s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
khone.deservashirini
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | ce1f04e906c64be4a5ab7d21062b6d0c.s.adad.ir | udp |
| US | 1.1.1.1:53 | ce1f04e906c64be4a5ab7d21062b6d0c.s.adad.ir | udp |
| US | 1.1.1.1:53 | ce1f04e906c64be4a5ab7d21062b6d0c.s.adad.ir | udp |
| US | 1.1.1.1:53 | ce1f04e906c64be4a5ab7d21062b6d0c.s.adad.ir | udp |
| BE | 74.125.133.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.16.226:443 | tcp | |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 34.172.225.131:80 | 4.ifcfg.me | tcp |
| US | 1.1.1.1:53 | ca.pushe.ir | udp |
| GB | 216.58.204.68:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 172.217.16.228:443 | www.google.com | tcp |
Files
/data/data/khone.deservashirini/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/khone.deservashirini/databases/evernote_jobs.db-journal
| MD5 | 30d86864a170979b0ad633f8793ab609 |
| SHA1 | 7ca450d241bbb52d3192eeea2a138cb1a61bbf1b |
| SHA256 | d9d57dff722729e8a6eebf4dd9b0d2ef6fa266b0cb03e7da70f73df2298f6309 |
| SHA512 | 9658ddb0c7e932dbc867f61d6c16b97064f6fff892f4d8460ad482853b204400dfd6509ff5f9c45191e44c1267ec69c48ac949f88cebcaf05d6a2c4aed55b2cf |
/data/data/khone.deservashirini/databases/evernote_jobs.db
| MD5 | 00e829076f54c72b50b63fd6de296a03 |
| SHA1 | fbeb1b8be863931f98a7c29224a03b89f9616ab2 |
| SHA256 | c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df |
| SHA512 | 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc |
/data/data/khone.deservashirini/databases/evernote_jobs.db-journal
| MD5 | ef76423cd0f40218293cdb56a965df12 |
| SHA1 | f9888687373736e5bcdcbefa1e97b67d581fde05 |
| SHA256 | 382a38f2ca68dcd198445af467bd776551658ff9586f6533fa46a994a76e771c |
| SHA512 | 5f5d29748eaeb9a1b3b62ee45bea4de07f04cfc3509aad8a6e984fde57f3249fc2461c3c7c15322adf5ea335ccb10676eb0dab4944377468293b51c9b55619ad |
/data/data/khone.deservashirini/databases/evernote_jobs.db-journal
| MD5 | 9daf04b39884c246c0e0e373d42162b8 |
| SHA1 | 8e0d2b57e9c1b0f3294423cbee380857c1a9ff0e |
| SHA256 | fd30c5deb33794a80ebe7c143196af7d505754c38db80b1b0e64b816d66afee3 |
| SHA512 | c8e7ef6bfabc4fd6cce7654829f76e5dfc049206c542c5cc02e2f630eb4205ba1fbeb7abe8a4432f28e9d65b26071d8fb85fad61e70c8f5718892ee4367f9df8 |
/data/data/khone.deservashirini/databases/evernote_jobs.db-journal
| MD5 | 4a566301abd3628647add781d45da1d3 |
| SHA1 | d4c323875a64a28e2ecb93a0b94d619d3ee32f84 |
| SHA256 | 6ae9f998960a35169dfa4dbb1b1b695ab10c4b33caf4fe39cdde84ddd62d8814 |
| SHA512 | bc12f77cb58aa686d186cf54fec2806d49562846af284e17ff8419820f10430cd6c887448e4126b05f70a596ee448660d4543270f9c5617f88d6f02713c84bd6 |
/data/data/khone.deservashirini/databases/evernote_jobs.db
| MD5 | f13bd78a13a165bb5030037558619a18 |
| SHA1 | 203521b9c8e85d2ba6c58c3f023717a1ebe5fef8 |
| SHA256 | 2a91184659114e4971b4d9d481fe2b18b18fa9bc7ba26a0d31d42c8ed2d1f461 |
| SHA512 | 7bd962a701a12d1611a8c455a7a76ec3bf3965e2508e503b1d8c7858f4f45a054a554ce91f0819e2508c296e8a0142c42f866f839d5124eca01f3550346fad4d |
/data/data/khone.deservashirini/databases/__pushe_base_lib_db-journal
| MD5 | f75d8e14aa9a54d7b77afd007b00c0f2 |
| SHA1 | b9aac4953ef8f1693950f6494d854fc10aa6c674 |
| SHA256 | 51a7fd2dc121546e577fd08e15d94d9f2e15825d50a6651a1486bf3ea556bad7 |
| SHA512 | b1586c640b3b81a77a5093008d28548dcc613725341583eb41b02377a4e30a6e831f3c51de1b26013ae22f9c84e48fbda42ec0e514600be069d65d4c3d82636d |
/data/data/khone.deservashirini/databases/__pushe_base_lib_db
| MD5 | acfb31786adce6eb83f66e7c4e1a64a7 |
| SHA1 | 6dd06392f7474f00c462a423813de76e242c76d4 |
| SHA256 | db7c068162e5e2886e7a560d5d5ae09b3b5c273f67ad0211721e6c10a6b79e7c |
| SHA512 | ee33af5a1cb92990b8369321d029bc2d03342e0a634619a134e6c7bf7c6be38913f9541da4272c61881ffeef0b66e437969e0067fd3f3e52363249f57085a1b4 |
/data/data/khone.deservashirini/databases/__pushe_base_lib_db-journal
| MD5 | dcfee748509ca46f15a8891f69ec7980 |
| SHA1 | 4c5c1170d381511d335de762ccd11cd17a65fea7 |
| SHA256 | cbf280a8c053821b765176dcae95b36665be4b519cf486c2f2ef691aa74f88ae |
| SHA512 | d71be7559973e4255a28ceb44a4649dd9556afd24860b48db8285b069625ace3ff21beaa10b9d832290445b4a1e8fb0c3c8fc4f0534437ea9bf9f2284c3616d0 |
/data/data/khone.deservashirini/databases/__pushe_base_lib_db-journal
| MD5 | 5e7e54e5c01fcf99a4133e450291b4c6 |
| SHA1 | e485870ad7449392b57591e13c41460c72530aba |
| SHA256 | 0e08101781dfc12f19ffe5eb54ebde43d8c9ed24e8cdb6e492529bf8189cd347 |
| SHA512 | 9b46226c0e91b34da5e15caa72732bd5c25062f47351af474f12f4f8996f6157de7afa7bb4c1b0ad2de8948a982d04baad8a462fdf9a671237b188670d81104c |
/data/data/khone.deservashirini/databases/evernote_jobs.db-journal
| MD5 | 4d846afa379b24d785838b37ef183b43 |
| SHA1 | edd4f0a686059111e20476842770119523983948 |
| SHA256 | dd91a045c7eee55448d1d33b484bee107d6f700fbb735e06dc3528b7eccec01d |
| SHA512 | cd24ce43c222a9a7a94c1b987c7900de7513dce89fa44ab23f45097728dd5ea3da63b8ae6662a9e90f4ea66d65881fd75d2dc46c1dd5a7410bcce1f62b096f96 |
/data/data/khone.deservashirini/databases/evernote_jobs.db
| MD5 | 0f633fe3df0b0584a03782c8c82dd6d3 |
| SHA1 | eea049b3035b7d12f2e3af28ff0eceadd2fbc59c |
| SHA256 | a4817840c79bb978b4642ed44a0de0ad5981c56a4701394da2cb951679ce9c08 |
| SHA512 | f551bc3ebfbf095362439b19b8dc0855d00a2f68cfd51543c77fa2f9d55c76b81ade12d8c798c0bb42bef18eafde898d7ec243f32dba518389f50246d9b3b0d1 |
/data/data/khone.deservashirini/databases/evernote_jobs.db-journal
| MD5 | a8d287010c91c0f1d0227c5fbaae1e79 |
| SHA1 | 9cfc43e1b5245db603ad9024bf241ce918b77d2a |
| SHA256 | 6c31fcc5217c53d3eba8cdc2eeaf421d77efbf34929c5a580640f493c6afec36 |
| SHA512 | 94091ea6490b75819bc55372ebd2044fbb9a62500a52ccba0ebe7f57cab57b18787bea69c979bcec1a4c32bbe176dee99968abff5755231a613bce0d6891cc94 |
/data/data/khone.deservashirini/databases/evernote_jobs.db
| MD5 | ec46d0aa0840e132227badf57edcf4ad |
| SHA1 | 73a119f3240a3ee71ca277dcce4dc60c5fb0985d |
| SHA256 | 27e51e72236feb24eed27df209c65819ac48d5e19fadf91820e966054ecf535b |
| SHA512 | f7ed5d28b935f0415f8b0bb02914d0c2a0b5b63cc59fea9cc85e4fa1f6d2b5da22d75bd0636757d75feaa7252045f9c6023a1dee176d52066d64cf142dc4ef47 |
/data/data/khone.deservashirini/databases/evernote_jobs.db
| MD5 | b8f678f6d85fe543e6a7c236581c9010 |
| SHA1 | 68a5830f4c20e52b8b1fda5b6207ca1b5d936aac |
| SHA256 | aad1e3e93fb591494646021824df435e07ee06a74e21e1099fff02fd3239d910 |
| SHA512 | 6b492b7264f70b09065f59f85a4c32d46c8241ac79db30bcd445d16fb3b96792337afe7ad18243883b9f263be6c61c5812605d73fe7213b1588d1c4812e78b6d |
/data/data/khone.deservashirini/databases/evernote_jobs.db
| MD5 | 73dbd02ea33757e0df3c2a2eda0a1bc8 |
| SHA1 | d302d4afea394417bd0a67da20ba95844f3ee2ec |
| SHA256 | 00fba2f2f6bee6a289154a31a907f1cc91a895ea2805241ad68c474fc9e1958a |
| SHA512 | db367b7d3c5816a7db7bb2d4ec90862d885c954aca8a6ca7376605dca95e4057a0d2a55abbccf920aed6ae54d4a1d178b5a754093ae3f41180deb15ba329f130 |
/data/data/khone.deservashirini/databases/__pushe_base_lib_db-journal
| MD5 | c731f61037d92277190161f56109dfcb |
| SHA1 | 73ca2dea7ecbda8e80159f78b2146aef3007356e |
| SHA256 | 5b9ca7752bd079a1c79b2585373b2566edf45a0abec7f2f30d8084476d5cecd3 |
| SHA512 | d23f62e31563d1153978c628c1195d406e09cd6d925ec5e8facb43ea63645b007ea01f3de9d422b0f94bdefcaf517f297edd856e5ac7e97c4289ba1d07f35744 |
/data/data/khone.deservashirini/databases/__pushe_base_lib_db-journal
| MD5 | 3c7fbfd852d6cd976c72006ab333b6e5 |
| SHA1 | 20c27c17dc3a4477699813829cccf866eebfedab |
| SHA256 | 66ff434a02be70aac47a0c09da7bcc091156416ce9daa114964ce435a95d1c54 |
| SHA512 | 4d52535ce9e590c7d3cc685216109599ebdce22130847201ec947e8d113dc94de15901af4de63ad6e94bbe7759964641532e9b2dca1f0238861c2fd081a11593 |
/data/data/khone.deservashirini/databases/__pushe_base_lib_db-journal
| MD5 | 133c1a49a40886043f554fcdb4278c39 |
| SHA1 | ad5c64a7cc53feb105f62a7bc58893b722693c4f |
| SHA256 | efbcd28c5af1ca0ca9426fbeedb522a6b8fea8883c806f3e8ae0f1261c103808 |
| SHA512 | 40f7188d8550f89ce5308dcb1649ec6805fc31bde9708dbcc5f81e1dc1a553f5421a5b0bbad32450128cf5bdcfba19c5871d442d7fe3ca8b2d22fbae583dd671 |