Malware Analysis Report

2024-09-09 16:10

Sample ID 240617-vrddgswhrf
Target b9108eafff97b9d290fe0eea39139ad7_JaffaCakes118
SHA256 25bc19747c8bf50ae06a694e473b3db5d58e9047f9c41e4b54b18e4bb99f0ca3
Tags
irata banker collection discovery execution persistence evasion
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

25bc19747c8bf50ae06a694e473b3db5d58e9047f9c41e4b54b18e4bb99f0ca3

Threat Level: Known bad

The file b9108eafff97b9d290fe0eea39139ad7_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

irata banker collection discovery execution persistence evasion

Irata family

Irata payload

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Requests cell location

Queries information about the current nearby Wi-Fi networks

Acquires the wake lock

Requests dangerous framework permissions

Queries information about active data network

Queries the mobile country code (MCC)

Reads information about phone network operator.

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 17:13

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 17:13

Reported

2024-06-17 17:16

Platform

android-x86-arm-20240611.1-en

Max time kernel

41s

Max time network

131s

Command Line

ir.amir.sandevich

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

ir.amir.sandevich

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 srv.magnetadservices.com udp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
BE 74.125.133.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp

Files

/data/data/ir.amir.sandevich/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.amir.sandevich/databases/evernote_jobs.db-journal

MD5 1638f9830ec45b4ad37343c46bc66883
SHA1 b75420949ae6bd469b992879c190de6e91812397
SHA256 4c8988363b1268e3bdf271b7eae7daa7a3c4bf707e4fa762485e7d6f0169d99c
SHA512 21c15634bec53e115fd2c7cf119babbfc8265df5326828e4ac69eb823f1f8cc2f7271e02c0b1143b9b0e6f9d0bbacc5fe0f3520e3c19f95719f7ace67e52e060

/data/data/ir.amir.sandevich/databases/evernote_jobs.db

MD5 978fdf85b8448e3a7c9015e51477eb49
SHA1 793bb88398dc9457935a4416638d5ed3974baf19
SHA256 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92
SHA512 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

/data/data/ir.amir.sandevich/databases/evernote_jobs.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/ir.amir.sandevich/databases/evernote_jobs.db-wal

MD5 40ae9375d994b11070f796ce932017d4
SHA1 f98e5b31ea814738bfbc5aca8605eab7f9e7367c
SHA256 ff00e19ffa4d58249fd7e543202466dafef959868dc19d415604cabb4fb2818b
SHA512 879b3a58cc5ff35d2715ecda18473c3990e47deef049c9930cf7f5ec4d37232c12d260ec08bfa09279a42170943df7b4a2c49aa97146c8fe900438d40936672c

/data/data/ir.amir.sandevich/databases/evernote_jobs.db-wal

MD5 30325a4abee44afa00ff1e505f6f652b
SHA1 885ae70b0f3bfb78e2b1569dc95ddab0d6ccfa8f
SHA256 07dbe84522f7627907d7657b48b364f86e394d34e0ff50c2a3f1c11436bda08c
SHA512 44ed6d6f53186f0fde4619a14ecd8765f57728d4b2191c6f70dfd2c7156b8f6aa7159ba92909856787af3e0c6dc0a169b9d66f73dfb90929352864451a4c8cb4

/data/data/ir.amir.sandevich/databases/evernote_jobs.db

MD5 63c89b33f9c9edccec2a03931d70f396
SHA1 f06810ab1bd77ada9273daef5d64452020e20282
SHA256 f3341b96c5dba5a57f4f21a199007baef6555790ed05929ecddf748d2fcabae1
SHA512 2e35f7dd36f272f803e9f6a4945a3a8fcede69e3c9eebde9ecee9d80ae99921f8c0bab2612bb73265b7479406d1e1ca6f6a8ac45a13f58b274960e0802ab0dde

/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

MD5 9261fabbddd293571e828e3390e03fde
SHA1 16badea2aecea40756733a5962caa519386b6d79
SHA256 63a32b4ebf2b63cc172c83d303fbb8232627b624736f6ec714a88a80d8f91811
SHA512 de051244f0095f2e47030be89030b4021db8f2ede7e1a47ee50a36f00c75250bf2df4b527af8e75522e42e18e74376d3088e3b9e53c28299c78ce1bc60cd35e9

/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db-wal

MD5 5d0b46f89d5f89604b4ecad5c4b3d332
SHA1 38bc3d8568fd45d938f2a172f03d0b099539a29b
SHA256 c502717c68bd431a71d154b6ad88fa9441c01992431580e8d9d427f4f886143d
SHA512 72eff2c0e961af1fb1749e84877f5cd095bc5d679e8da077a21b408c88a766efa1a712ee22feaa8f9dfc28668c795d1d1b65496402bde1cabe9f01bec30d0c79

/data/data/ir.amir.sandevich/files/ashpazi.db

MD5 aecfe638d8b736fa6e00e7bd1be431a7
SHA1 9267ad7543515bcdd6a34e163faf094aa09ad646
SHA256 e3e85aab3d739a112898ed37f501e3f16e7346343b0324e5f97ea6acd78dee34
SHA512 f64c4538de25c712712aa9432c5cae82fbfef477332700289f350b6c64c252a92c9a340cb64cb1e8e9914f25f298e46efadab5910954c66460a998c73e50120d

/data/data/ir.amir.sandevich/files/ashpazi.db-journal

MD5 21d2789f032426f888bf001753766433
SHA1 b7e4f724793772cdbc7019c2799edc787ec300c4
SHA256 d7b2bd49318be2effb783ddd199c65c8350086a96a9eddbf4f8a1f3b23f338c4
SHA512 4d52c5ab00012df859ba4175247b2fe030df786c24872eb350b575bda13ce4af4f88987271ba382dcdd2b912eaa2cbc76dd5e26b4005de3fcf52147948bfa9f3

/data/data/ir.amir.sandevich/files/ashpazi.db

MD5 955b937bcc21cc5645f5e3de65ccecb6
SHA1 efaac4fe5b687a4970bd6f2990a1364f0ef368bc
SHA256 62efb63e63838192197a7f254887ebac382dd55e76293a1f59c75f86989e1b41
SHA512 37880c0f8a11405631c7255241936a5fd5e4cb5758c9cff61decd39ddd9610cc306e94c363e6c9fb28b947d7487e42132dc327262a8e77bf98d68eafeef55af7

/data/data/ir.amir.sandevich/databases/evernote_jobs.db-wal

MD5 c10cc877d64853473204694b4271d7f0
SHA1 703ec7bbba4d188fa2424373dac64579763e55d5
SHA256 156ee9e4fa1ae2b34c356ddfca6d8d42e1028ae374fc273c19f97d8237945a3e
SHA512 47b036b4408a25baf93875ee05092bb1d8ed296ffff85d734475c5f364556d0e3a19cc6c3274f930d900775485d5e9622e595c6c2612c37c90c81f8626c2f955

/data/data/ir.amir.sandevich/databases/evernote_jobs.db

MD5 a90b181e610f2de0b63d63263237631c
SHA1 def4a6b12b39196f6a52cc03be1eece781c69baa
SHA256 bb12a0e4f670dc7eb011ac966ecf97fdefd9b674af187d10e45b9f5f6d89fa83
SHA512 0b7ea884565436126f3fdabaf352983f38b39a523050c2cd8d0780fbf0aa656aa02957460408193f5ff106a0cbecd45f1027ff908183cf9a79e8556e12b23c21

/storage/emulated/0/Android/data/ir.amir.sandevich/files/Magnet/magnetLogo

MD5 e0aa021e21dddbd6d8cecec71e9cf564
SHA1 9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
SHA256 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
SHA512 900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874

/data/data/ir.amir.sandevich/databases/evernote_jobs.db-wal

MD5 bf0badfa40ec4bdb76510e9a4299e604
SHA1 892c2d39bbc47462ae41e33ddfcce478d2151f4a
SHA256 ac58c040d4b7419f7fc81e225478a75947e7572f20491dbd06f82461c575f7aa
SHA512 83119b33422209297e4ce6c11c5785daf146cec6d6ffb357cadf60406def9db7fe08dac5400adb6b4477fd55e9949b287ca1beb52fd282e05b949cf59c0a7d07

/data/data/ir.amir.sandevich/databases/evernote_jobs.db

MD5 4ff822ef77d832b643e1a818d08f4a84
SHA1 2ed2aa38f1065c2bdbe69882371f98affd21e986
SHA256 9e9b3b326d758d1e227e84f16c51cafc556b37630535dedbc80c820bfd26afe9
SHA512 5d52a07703ee9ae9d02ff85f3df4c77de413f3b035c6228a054e1a8dea61248fcb0db6aa2818636e19eb0b0528239e4e7398295918f3b4fe5870dac9d271c9ab

/data/data/ir.amir.sandevich/databases/evernote_jobs.db-wal

MD5 96033d0a7f744641f17555cbf73bc931
SHA1 890b17f34f8af586708256f7387a4c0524d55c49
SHA256 25c642c837cd7d8cfe3f32eca9999ebdf658deeffd9e159b1d08e8f674c361ea
SHA512 f6a4458174fe5f8e1d732bf9822f45eaaad79477a10d019c80270b5274d8a068bba1042032faa4361b5157f1ccc2e05e65871f40678cbd644ca3e56e00566c57

/data/data/ir.amir.sandevich/databases/evernote_jobs.db

MD5 9ed52d5eb0c896af1e63a93606f99bd9
SHA1 7c07f497a56535ae501bca889f35faf3966aefc2
SHA256 d0f45c29674093710f0f98d9d0c84335caa35e22cdd0c255b84d260a18d2379d
SHA512 01ea6ebace39623f178ed66478a83a02620f2922cb8651ab718fb45f2a8b6b51b2178d1794bf1146221594aa8a640f964b8c8e9cc45d088bd599d86592287406

/data/data/ir.amir.sandevich/databases/evernote_jobs.db-wal

MD5 c62ff847e2c1951748ed2ec8711bf26e
SHA1 94364e63e3f818f979c75636b7ee749a10bcc33b
SHA256 40c75650981774e680b51b3e51fc4c39d835278638f286fa6eef0e221393a12a
SHA512 2f14484c89b5f2e7b9699970d6ad480e79ee2d1b0bcb0c178d643bd89b91b2dbef5d9f4ae8e7af92662c9f087c9c4f167720883268862db4affcba2db3eadca8

/data/data/ir.amir.sandevich/databases/evernote_jobs.db

MD5 77002ca4f7270a7348addcc886e0b88f
SHA1 8d6a89db9009bbfd5ea35c4d7a2f63d0e6113c64
SHA256 aed5d323223e149768531477ba1c542dea01659fc429edb4718250c44766717e
SHA512 d297c9d2419ab3100b62272c5abde351109ca0ac91ee442b3e21f028eabaf75b71822fcbce244f36a7866ee10e17cd79393babb190324d55f863acf68b0689af

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 17:13

Reported

2024-06-17 17:16

Platform

android-x64-20240611.1-en

Max time kernel

47s

Max time network

169s

Command Line

ir.amir.sandevich

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

ir.amir.sandevich

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 srv.magnetadservices.com udp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.200.46:443 tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/ir.amir.sandevich/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.amir.sandevich/databases/evernote_jobs.db-journal

MD5 3246fdcb681c3894cfc4a7c646e1c0f6
SHA1 13b13e53d89f153b991fc4cf5fb356f8f5976f53
SHA256 f56088822db8db83136feeb15979f0a124e532a6e0e824e92b287cd0cbb832b0
SHA512 7b1ddd499969915dfdda5031e80d389891d1ba8fed56ffeaa91b1d371bf607e319eb86103088efb81007bdea3b33db65fd2e9fb8fa9346c86de180ab012b01e1

/data/data/ir.amir.sandevich/databases/evernote_jobs.db

MD5 00e829076f54c72b50b63fd6de296a03
SHA1 fbeb1b8be863931f98a7c29224a03b89f9616ab2
SHA256 c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df
SHA512 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc

/data/data/ir.amir.sandevich/databases/evernote_jobs.db-journal

MD5 282622811eb1de8694c7ea0c1202e022
SHA1 d199c708cbec90da76f712cc1c6a566f4f1ebfd7
SHA256 dcff8d5ba81208b38796b2a643dd454aa57c1ee6cf5438af299d60ec48daba96
SHA512 2c27bcab286b21e2a5ccf6f15d69bc23e6fb72928d593141e8ed83ad835671dd0243270b1345c0c9008e697d0f6e9be739fb0dbf1faff222bb5f30fd5d27321f

/data/data/ir.amir.sandevich/databases/evernote_jobs.db-journal

MD5 9af95beda667e3740f8c9327c12143db
SHA1 9bfbcc43fbf4058fa1d0b2bf735eab43ca58d3ce
SHA256 d515d620800fc71ae5a1c5af0302ff3b2bdb7472b30fb0ab5f8e4bc1a1e4d630
SHA512 f586774f0b9a6090c83e46e0ca2d4c94dfc84fcc2b11ca1399073c67b5c64a16250ecd1b1c90c9f2e0b38665648dabc99ed3ac9f328b1d0c7c10c5095dc9a190

/data/data/ir.amir.sandevich/databases/evernote_jobs.db-journal

MD5 64ffbe2ec76d8d9619f9db644b315873
SHA1 48b403c5fc6eb3fe67fab52d0c689399058dc5d2
SHA256 dfb5d99a27185ea4f85e813d791196a994266d09f5283fe2626edaa372df9b58
SHA512 d4565ebea92ab8aaf113ba8a31d5b5bcd0a4cbb24c06083c00864563b5dc200ddc0065e25dd3abee0ee075a17a627d4a7af01ebb902fa5897139fc4a6bd810b3

/data/data/ir.amir.sandevich/databases/evernote_jobs.db

MD5 28970ea9dc7002600686782acfe28154
SHA1 27d8260356de42178c21e025dc4148e1b2aeaa6a
SHA256 4452287aaa3d13b769636cbd2ef44f174c01b62777ef9a7dea3c47dc3560eecc
SHA512 bff78d0ea2929d6bc63324590b3eef6786c9a326608d34fea54d1a803978e97bf3c3a979dd097dbf2f69287e9d92d7e403523c9ed28a4f8c7d91d8f794d26b21

/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

MD5 6885cb498a8e0bcfdfa3d6adc6e6d673
SHA1 bfa1d38d86322e036f77141469a5082ecc46e224
SHA256 67608740d6014bc86ef208e4ce81b95124960be9a257579c2363c4bce8b17d04
SHA512 ff349fd64d550a7a0ad618af1aeede9418960c6e39683c62408bcebfc3b3de0228e876777d12b49a56d5c390596f9cdb3682cfcd817946610fd05d93697e6f4b

/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db

MD5 8c5307f2224c816bdbf5bb938ef4dec1
SHA1 d448585350ac25025de0e2145c9acbb4176db89e
SHA256 b202ab0c2c00affe3e289e2be126bd4fff19a32b4bfe81c7ae22e02160684f49
SHA512 f8eafbf657e3a479534979633729e77774e2c1119f70019fd6cee7b9a035f411f405f6ee68ce6fdf3b34a40401ad469873f19d2956237f82dc1f79939e0c39bc

/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

MD5 669a3a33669f7c365950a7cdcaa757ac
SHA1 fe2535905c586d851f22c918af1132e4d30ef9b2
SHA256 4a08efddd7ba3ee6ac611d80cddf8890c6e045d742c96b81490d9b5f4e829cc0
SHA512 1190098030edfb7928e31e17b3a839f90e93f35af5aaf35647791264ee1f0a7060d8c64261bc37ef492c4d1970f69467b5bb766781a202e8f3d814048d9fa9ab

/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

MD5 13ec27458ec7b4ff45b1ed331554458c
SHA1 446b0c0c3f87797800b4e3d6829032ff2cc91471
SHA256 10050a8be963d66383e9741de4908b0791f9a20b987e5a94bcdea830ead5345f
SHA512 3c520a7c38c4be2cacdff56e6dcb373f03d5b47354d2b4f778b15fbfe5ffaf77bea156d9b93da77038d05f09c9ecb4d26dcfd5078d849bf78a3c9ba52583475a

/data/data/ir.amir.sandevich/files/ashpazi.db

MD5 aecfe638d8b736fa6e00e7bd1be431a7
SHA1 9267ad7543515bcdd6a34e163faf094aa09ad646
SHA256 e3e85aab3d739a112898ed37f501e3f16e7346343b0324e5f97ea6acd78dee34
SHA512 f64c4538de25c712712aa9432c5cae82fbfef477332700289f350b6c64c252a92c9a340cb64cb1e8e9914f25f298e46efadab5910954c66460a998c73e50120d

/data/data/ir.amir.sandevich/databases/evernote_jobs.db-journal

MD5 5acf42056f301be6699457a6ca6ff2c3
SHA1 5090a5f144d709cf3efaee0cbeba71751722927e
SHA256 fb40c2c6abe420406d1396a7c605b9e46649bbac118470af636e439af7b9c2c4
SHA512 ce59620deaaee02929af26315a1bca76ff2e5c4d706e355305dc5979b2d04a0e870bf8fffb6d2f63a01ce096d12a413348caa2b78a39c01ba7e5dd254663918d

/data/data/ir.amir.sandevich/databases/evernote_jobs.db

MD5 9c92a857a856d8d8e47fc78114f41fcb
SHA1 3c480966d777b1a35b096e6d48dd7c5381b3890b
SHA256 8d3f941c1c63b0aafa716a658a23ff3c75de3d4284898c51645dae0a64345769
SHA512 6a3f7877995f83a4068d2250282c3eded695e1f58204e8f9e1c1e5f34edcb05b892ef9411f56272b7e58e96f28c626de644927e16fa4e97399c1b91329071480

/storage/emulated/0/Android/data/ir.amir.sandevich/files/Magnet/magnetLogo

MD5 e0aa021e21dddbd6d8cecec71e9cf564
SHA1 9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
SHA256 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
SHA512 900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874

/data/data/ir.amir.sandevich/databases/evernote_jobs.db-journal

MD5 2191e9d531840561b12cd40aa464ed28
SHA1 9911a9f348baa039288133eae4fc84bc3fef8a43
SHA256 9c80b43d80de49a1376b70380390e995d50fb6bc889387d4338500175fa4f2c8
SHA512 86edb5bc0f92f05bddcc75d7df61e4da65a16ffb625113b1f71ae29bbd1cfd7e05c5717cdda78061afc3e1430f77f396c97120eac999b2d31f641d08ad5306c0

/data/data/ir.amir.sandevich/databases/evernote_jobs.db

MD5 fd8f545fe2714dbcd233ab8acd8d24c5
SHA1 ed50230e76e445e04075266afa515b62aac11c9f
SHA256 ae80efb3921034f36de23694aa05581b6c4819c40c05f2dcedfef6f05e26f91d
SHA512 d03ac863c5cd809bd9b6505e0c9c37604479dd3fe714fe50cd3f52c5b31136b538dee02e4f7384cde2c49137b8bdf5a3cb3581ad4c5cbe4403f66b228bb88c69

/data/data/ir.amir.sandevich/databases/evernote_jobs.db

MD5 c42dc6f6088d07857912122fa26a31a2
SHA1 d75026ccf9a8d4c14b33d19493e430177ea21760
SHA256 b99db3dd0ad82386a265661a870eeaf06742d941494d0e69ba5b0c2d06dc9acd
SHA512 f11d846b824d749ee1c237cf84c15c21b2de0071e46986127951a759471101280069bc2bf5dc6ff076ec657abadcef90b544849d15ea8fdb438b7c2f09291d84

/data/data/ir.amir.sandevich/databases/evernote_jobs.db

MD5 78e46f5b851b2c0d298317ffa8818580
SHA1 e0c8c8dc71ac508c54b284694b688501a9ac2781
SHA256 500e46bc6c07fec1c894b83cb732ce74d79e49aa2634a14ecfd2de4063225d51
SHA512 a9a818ff34c8db5be00fc960c3291325fe0b4d44ce078e21d17a03fb492d76ec610a342c28afaf2150838690c1eb4319c4e312dd515728275eead746a6560e1f

/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

MD5 261a969e393f4f1cbb611fd60a1bf453
SHA1 6a955f441b7c7fc99778500a9acc0bde81cee9ff
SHA256 cf9759b955259170c0e065dcb2f9f48c270fde04f375a284dabcce19b4b1193d
SHA512 6d6e231a4e995312ea54aa1ae13093bf1ba7e76cb718ec08e6ee529ab7feaa0e1927761fd06c7518b4771e0994c095415f851ac8373951e40e03726940c98f63

/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

MD5 c9a3e626410cc61053131bfb628a3fb4
SHA1 0f7618b33e3a3c781bbdcad00d750713cf579025
SHA256 6d36a2c58a6192dafae6bef6dfc505f179733972794393e301bf8417ce34251b
SHA512 59648b1f82cb6f901b5abdcef0914298cbbbfcb83c2aacbdda28e82fdf9c2931e9b4958dafd8a63f4ff8c4d2f551481d55d8147e3e025ea2f0ab8936a3091ced

/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

MD5 8868bf3804d01527b294df27e7fb663f
SHA1 f1b40d726350ae1e2bcb6578c65a1f56b1ae1ef4
SHA256 c85f2d82efef612a2bba0d2a2e8b74bb61a2df8d91b93ed75baaf7aa7dd6d6f6
SHA512 d0ea2f58bf5a757b8138fb2da1cebc1cb515f7ed1c7823f10a11d23409ee8aaea7e9676c8e3ca89430c0af91247bb64b3c62e7b0e8742060f8fc4b649773adbd

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-17 17:13

Reported

2024-06-17 17:16

Platform

android-x64-arm64-20240611.1-en

Max time kernel

37s

Max time network

132s

Command Line

ir.amir.sandevich

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

ir.amir.sandevich

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 srv.magnetadservices.com udp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
IR 185.49.87.170:80 srv.magnetadservices.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.238:443 tcp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
BE 74.125.133.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/user/0/ir.amir.sandevich/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal

MD5 b8c48cab829a38bd55adbace07c1345d
SHA1 fd36dd3ee02ed464cab938b43983bdbda96d4996
SHA256 241430cfe92ee3e641deeafc09d4e0d6f4c79cb84a495c1b7bc9b6cced75a1fe
SHA512 f141a43315e67bb6d7f62ec8b2efc6fde9ba88926e541ba233a3fac7a29151820183379bc290b0e26b2f275418588383cb76dd75782c62de0175508f9c86ce66

/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db

MD5 47080e3bfcf2db9b8620f2faf6c5857a
SHA1 6f63c1851255e0fa99567f047382074b086d38bc
SHA256 dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb
SHA512 e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal

MD5 0d7f1dd853c2463b18188c017c140c84
SHA1 e61aea9aa634463cad16b57cfddeb32ba4231dd9
SHA256 809762d435c92365a830601d4a346e4a04f5b6030f52ed50025a3582e99885cd
SHA512 7ba203b59dd31379d9639ef51c1be64c3f18d03d004acb74a876ac81e077243eb6197392f1a4eb4ebba883d38fd4b8aebbf5d535e0cb2b6d6bfd33f28cc75f25

/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal

MD5 e9cf8c0e0de3e35dae55ef1113ad70e2
SHA1 bad47b96f3ad5ff9ab9459f8e729484b2b061c2f
SHA256 749265123006bdd7881e810c9bebf51d22284a9856541bce3b770453c9ff683e
SHA512 61aef0e4248c6fc3ba2ac1ffbdedce5d71ad536c70a433c1a63cceb7ce5f90b9d58993ed2c7984ca67cc57b1d8c2e8e950b13d59ad12c2eadfe2539251953e88

/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal

MD5 20f16c19a35888b016b3d5377748ce47
SHA1 9b0c53050f6f1aae402304b2cf0fbe48e1138de7
SHA256 2f9f1656c648069e55ca02cc73a0027b3da01e00198848ed55654907db640a98
SHA512 9a9387c1abbbb0cdae86f68738967b8e629f8c55852ba1f7aab40f89defea8bab7c8044cf7cbfaf072831d1343f137805764a041036d0873316894bbeedadf17

/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db

MD5 9724f46196c7bbecd35b8b2a8a4cd198
SHA1 9bbc16373cb30ad7c5cc20b03efa5ff4ea532807
SHA256 68a4e7eedb95872746ab7acb6ae3d9c738bb6a0c5eed73525fad5366d6da52c2
SHA512 f24766aa54e42eff94f04060310398c471a7de9300aacf3e8e0880a8bb6ad8d9cdb51ea1ba32c318e051270c857f8b242a3e6bf8a28a65d9aacfedcf5ccbfd97

/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

MD5 8a7c445a12f9632dfd3c932fa3aa873f
SHA1 d1d6bfe1537581f3128c7ffb5d1808d7c766009e
SHA256 acf5c3b8542354dbc1da70f999fa7a5a3d2fe004b15738cd011d136494847583
SHA512 4dcdc18a2bbf22b572cd95179c9b234003acba59377b3100298f65912c96416f156eba52eb3e111910374ec838bf68ae81ac061707c9935d0f097db976214e7f

/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db

MD5 0cacc868d0f799eb4d993b322cb846e8
SHA1 e4213ca4559b065460ff43046ad7df68fd2b52af
SHA256 0d7614e74fc3fa4a46da56cd65030245ed1cb39fc3e1abace5b56aee18d6388b
SHA512 aa0a782bc8b4ad373f134dfdc37d7f563c99bb82a1b4a6aad3eeff3d8571ec8c55d9afa9107ab5d8c477bea137efea41f57c052616e24883517bbb760ec57f5f

/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

MD5 ed686b7d7d21f734b5ed2889d9e251a0
SHA1 f4bde276b3314e594bd99f3896ba7214ff906f1b
SHA256 1842875323e6b62de79b5612805f4a7950cdf3fecf19fa5aa525fc728eeb3704
SHA512 a824d9d24a2aa0490aacedae4a60bae96800035273eafed639550a753c71e3bfc69b17edf3d74b04325a9cefab40a0cacc6ccb031daa8de48513432eea7043b0

/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

MD5 b51f586cd29d29a124e47a9de306b0fa
SHA1 35d615b8131cd74b86adc64a3de1f2346e781997
SHA256 b8d6352ee3eb7d247a621f95b53183296950f1d4f2ba095cc9be0e2fead4c022
SHA512 6cb18a567ad75dcb615684b87aec67b76bbd5fd1cceb1da9c88ca11a2adf48eb4db2c7ac99a9014910a92e04565a0262ebaa4712cdb6b2cd7f951da498268d9f

/data/user/0/ir.amir.sandevich/files/ashpazi.db

MD5 aecfe638d8b736fa6e00e7bd1be431a7
SHA1 9267ad7543515bcdd6a34e163faf094aa09ad646
SHA256 e3e85aab3d739a112898ed37f501e3f16e7346343b0324e5f97ea6acd78dee34
SHA512 f64c4538de25c712712aa9432c5cae82fbfef477332700289f350b6c64c252a92c9a340cb64cb1e8e9914f25f298e46efadab5910954c66460a998c73e50120d

/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal

MD5 df9143a34f91c3373ecf15a87be2475b
SHA1 e1c2bf19ed8a3ea0533b7cd42ff4864cbe35851e
SHA256 176a210c123d7eb3d4a6aa944a92fd969cd2c1a925a8fd3904e7eb78ecd463db
SHA512 4b71c74e9d1003fb9486be7f8d26e72b6f249902516e4a66708fdb15709612d3960c78c101f9681f9e9c09a3ebff571405351a79460d54424ccc6e5ae7ef62bb

/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db

MD5 16b3d9eb3a15c6e7ba10e05fe9d0a335
SHA1 12d785c446c6234250bb78fb49cb65b84e4588c5
SHA256 11639cb343d8c1c11ac79e13db9c6ebf7010065cdde4da1e2f0e0e5f6fb5df31
SHA512 d438d06a828395e0bc0135c5dde30ae12941a2c16a418e8c45679affbb8e5a23823f55cbea8de69aeae41e568ac09d54a18cc0da80e58dc7ec2179fc0277533f

/storage/emulated/0/Android/data/ir.amir.sandevich/files/Magnet/magnetLogo

MD5 e0aa021e21dddbd6d8cecec71e9cf564
SHA1 9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
SHA256 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
SHA512 900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874

/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal

MD5 e1bcb70a01287569c0c7c98503118881
SHA1 59ed7a5740392cd9a6c8b6b74192a64d7c3edda6
SHA256 b448d80a944b785c8ce71c314645149d6439645b9e46b1df731ef7dc579d29a5
SHA512 82f86a9bddfac2d8b6fb6d32919c256607adf3ca9be2d1bde78fc0628b937146b658e9715684d88ad7c45eb1261d216de9ab7869a432d63c4b2d15d46046fa0a

/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db

MD5 957fa04eeb2663c116c4dcf8ffa88f6d
SHA1 a64797f7f1f9f52030d25c88e5edc2860f197709
SHA256 484edc8a50ca63db7d38991bfc342227a4e8c7d42ff315834ae3df8b1e555e5f
SHA512 2fc6b20f7c91ef4df603858015897de0a7ce5e94ee2f60093c92e383f6d238b84d5aa06d697fe0c15a14f4f45e5589eee87fdad6bd32a1220f4a1ec84e806a41

/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db

MD5 594c920195f0863589e513b8045026c4
SHA1 0f7f0687c44b618f22501a91d250d67726751260
SHA256 f4b2873c0052fb2260ad1a5c3969c1d26ccbb631795ae178b7710d6078045a7f
SHA512 fe63b0d69a62b28cbb82922a1833140a754753ca547e54cb73f0d4d377b0f324e21c47df4c3577b194302fd14c8ae6de2092d35709171ea57342b6af3252c289

/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db

MD5 78b387106aa43a3291fe7a5b8c6bcc96
SHA1 1d7b5a4fbf637b9673c38f5d6cd2c692736b6a09
SHA256 8999afc995c7a13b6b94b9a35b7ae37ad4567dd884502a7100acb4ae7cef4d37
SHA512 04cb91e1e4d1db8848f3ce7b176a284bb01160c9b2f939324790820b393e4d728ddc4811bcf6d1eaa8c9e7ba56bd33cd21deb30527f92aa30c1a362878dec10a

/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

MD5 97d58bcaea194b3f3dc5fb1885546cf8
SHA1 0bdff0339ea031f9ce91a5a3aef77f7d239ddf90
SHA256 2ea1df0b8c0b494b6282dc5a2145e02e6db0e918aa13fa3010158149a8d64427
SHA512 765a51209451cf925d6afed55392c99ff01f9cdb2a5137072d6e2903493054242fd7cd3fd537ad1a96a6feaa5920475234aca31a9c9af478c8be532336276a4f

/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

MD5 39cc8b25849eb20d5dbb2fdb28436bd1
SHA1 f8b70519f56025948a3809a9c9d5b08d7c202505
SHA256 8cee114361a374fad6f5fac1da3579561890e56d633d93aebddc8f524fab981e
SHA512 1ea9b5bd063a3b23481ce3376011196c4ed61220bbf2a0c3a646f01955369d5b50c1b812020d33edf59c4c73ef70cc662f5a5c8220762ca24795024819dcaf0b

/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

MD5 97c6e1ce1e677e8b987cac5c8f953f71
SHA1 02df9f88cbd7a3beafab4f062518d55fcbd53f72
SHA256 6a2a00f6dff4e0d6eaf4bc0481dd234593fcc9f08a405b86394eac293f840491
SHA512 bdc1f3e65db6f96a372b144305c4a349b6d5a212b7832f4da0c43c47baa86b67d91be233cd43e2fb977ea3940eabe364e548f40890a15780b14034721f971879