Malware Analysis Report

2024-09-09 16:07

Sample ID 240711-3qq7yssbkb
Target 3b2f79fe764223ac02b59d3792034762_JaffaCakes118
SHA256 62bfb163d55007771500547ffb6d7493896d5c6b05032ac569d3b1cd0e2cf3c1
Tags
collection discovery execution impact persistence evasion irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

62bfb163d55007771500547ffb6d7493896d5c6b05032ac569d3b1cd0e2cf3c1

Threat Level: Known bad

The file 3b2f79fe764223ac02b59d3792034762_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

collection discovery execution impact persistence evasion irata

Irata payload

Irata family

Requests cell location

Requests cell location

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Loads dropped Dex/Jar

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Requests dangerous framework permissions

Acquires the wake lock

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-07-11 23:43

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-11 23:43

Reported

2024-07-11 23:46

Platform

android-x86-arm-20240624-en

Max time kernel

61s

Max time network

181s

Command Line

ir.teliyam.kerem

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

ir.teliyam.kerem

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 sdk.cheshmak.me udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 almabala.com udp
US 1.1.1.1:53 admob.mehranarzani.ir udp
BE 74.125.133.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 tcp
GB 142.250.179.228:443 www.google.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 1.1.1.1:53 sdk.cheshmak.me udp

Files

/data/data/ir.teliyam.kerem/databases/db_default_job_manager-journal

MD5 053a3033506c89e014ba77453a11857c
SHA1 709ff650cd341a771847eea32d86c03a851eb4ab
SHA256 a147b2fd34a38080c91e3f5631a19850f8e22c7695d75954cd5d269f7918e90e
SHA512 e0f3c97e73e156e8fd93c8c28aecc0d68042d57bcb7ce1f50f02dd15bf3c0680415352aa9278bce09a874e6502fe3fe2e2dd2d4dff78d82cc205d4a29fb85161

/data/data/ir.teliyam.kerem/databases/db_default_job_manager

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.teliyam.kerem/databases/db_default_job_manager-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/ir.teliyam.kerem/databases/db_default_job_manager-wal

MD5 bced8e046c55ceb8552c610040b0d21b
SHA1 cefc4f0cdcedbc4bb532cd50b208ec70735cd9cb
SHA256 bf8ad4153bcf8456253b894919a4fd150bcb57eb2c15f9ef5fdefe8f6be3d05b
SHA512 2de5f99c7aaab53a99889bb09bfcf1957e70be9b6d3d6c737655589c08305445998d8c6cd659b7c2f2bc0ad1d69c4c977ab12f9800f9cedeb1ba33809c195555

/data/data/ir.teliyam.kerem/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/9549e121-32ea-4ab7-8425-6281fa5c2c12.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.teliyam.kerem/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/558a8476-e585-4d8f-8f12-e40c04eadbc9.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.teliyam.kerem/databases/cheshdb-journal

MD5 971f4b28f1af9185871d41e0316edd64
SHA1 d1c06b2540c8943c141fa2e72d45fec3bfa7d430
SHA256 ee3392ceff0c35c80d3606f843e33feabd5bc4e1efb7d19c2eea7a0effdfea6b
SHA512 1735c906ad6327ba342e484942e190b8624013c180185053d538fd5320843abaf179c4d0943688d0581625b6e8128f6691fd50362e8964a9c7c12f8a0105d509

/data/data/ir.teliyam.kerem/databases/cheshdb

MD5 1f347cea6a53594be878e35079bdabc4
SHA1 ae24631f83d3c875dd678040baafb5e64fc6ba6e
SHA256 46cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5
SHA512 6f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9

/data/data/ir.teliyam.kerem/databases/cheshdb-wal

MD5 83c3fa17f751e552b782f338ee3600cc
SHA1 fba3199f3ef93f0037f8e6b578422e4df1a885b8
SHA256 eec9a51ec8fe64adca21ca9ec489a9780c19602552aaf84eb496102478bcfd1b
SHA512 2114abfe07af9045bbc40e2a4075636148d2d2becbe0b7fbd1d90a9ffbd39da4e03b5bcbe0b33df010c34710ff4718e011147a2cfd817f600a906b0b0f1bb2d0

/data/data/ir.teliyam.kerem/no_backup/com.google.InstanceId.properties

MD5 73e335c14ef0a86253e354b384861e83
SHA1 f5c5777c8af42117d5161d5adfe2c932a8bd2832
SHA256 d7e15de61959898dcafb8f68db21bd955a76b9a3f8e1c39c1a535ad21e828def
SHA512 27afdfdbc9a9d0b0b6abb0d53844e0336d6f8896d2b8e1837a8e11e2beb109c0fd3d363f9316a41a3b1f8e7547e67974fbc80bd6ef8ee394679ba67a0722bb33

/data/data/ir.teliyam.kerem/databases/cheshdb-wal

MD5 a55c9b3d03981194695c3d8bf295541d
SHA1 7c1f606b574fee963462252cbf53412e8e27f40a
SHA256 3c51c1664e68bd65798021fca8435930f4435b73bb3779e179ab7e665add6104
SHA512 88999d616ae717dce4aa112031d86ebe3aa94df1417df074159ef175d3ea604a10f601f52e9bd181d072bd44fad0fbe0ceb18abd43d6760a1fc66730bce5b551

/data/data/ir.teliyam.kerem/databases/cheshdb

MD5 5ed03017366dc798026a1487c365ebb5
SHA1 5bd50c2c4d583eeaf2e4faf6283b95877685bf48
SHA256 0f67a8f4e4c26ac897ea132d66815ce573746c3ba2f4ece16622ad71b4bfcaee
SHA512 d385ecef441c04ab49659d3ef30533c416399eda462cb90c63cf4929e9f9d63b3d6c9aa2a4ef9c615e92679698c73e7649c51d206ef049751ac89721255e71b0

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-journal

MD5 dfac29d95878b84731f67bb312536ecc
SHA1 60310ce17ece1093df0916c256ef9bff7b95fd9a
SHA256 9855f46f4f92cecac63f3a6cd2854ba00f9bf24ed4c3faccccd14e61b671c0a8
SHA512 7d69c1da962b3efbc21404d40e5111b9b158962921607272fdce966c49342d53a0994e267c8e92467c73e90892e250230416af597ede9e2c7ad1e5f79152887c

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-wal

MD5 6e9b09b547d18e027a5cd8e0d4254a8a
SHA1 a3d4d3a8a4ad6697e1af2a48fc440fadc60a252b
SHA256 671db6f0f58663b2e2d3b899cbd9d50070d4400077ee0e640b220a205c8383ef
SHA512 b0a669b36f77eb399b03da829243b9fbb0b6b18da0e4b140cb25aabf44eb96749cfb4c547583515d68732abe7ecff6be48ff37ada572edf770e90297509901bf

/data/data/ir.teliyam.kerem/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/bb2c21f1-a7be-4f99-8e8f-51867344efb1.jobs

MD5 7505f07b58a4ac624d694a32ca42f25e
SHA1 7bf440e25bf5a54cf0b6098157f79a9921253c4e
SHA256 d055c527fd41552f95f1427c0a3c59837eebadabad61ef076ecf62eb54dd8848
SHA512 3139498276a65d0e6d5cd454cf4b2d9bf3f3f8748ffd83720506a31e4f8ff87908539c43d95c1d0749bce565d27183d28e7b57d1b101db0b7a03d1544dfaf423

/data/data/ir.teliyam.kerem/databases/__pushe_base_lib_db-journal

MD5 d6812731efd8edc069d02ab541f1272c
SHA1 4da89537fbad0e551b17f292b7c00d54637eef6d
SHA256 f34e8bd59746400db8a243633dea28a71e2b08faa7f75c2aa0b8cd6903bbdd4a
SHA512 9ac03b011f895590ad90c7eef4ceadf4e24c80b2d1a9b46d14676bd3fa9b6b0f022d228bebe395a78078cf35cf276cb45d12d9b3bf861d5b877beeeee762fa59

/data/data/ir.teliyam.kerem/databases/__pushe_base_lib_db-wal

MD5 771148d94c2e5fcdd2caf0dd5e77d6c3
SHA1 baceb816ca3d7083695ecbb5028fadebbe35db4a
SHA256 a8d5fb0d64f5003f872580bf4478125fa71ab9f501d2ab7217d27905a6696800
SHA512 347c216c4d3efe02b2df95e915fa04dbca2e443fe79532fc311de8979644cd30f553c5fed03ee6c0a83a5533920fd3faf38aa7f805d8baf819048050824225f2

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-wal

MD5 c619e83195282e6d3d109dc884b73719
SHA1 d9490570f6d769d1c61d7f20c35fdfb654d9ee48
SHA256 c48d5dd7bc49a4442928cd9806c8fb15440d767d567f145123ba3481c6c48cea
SHA512 3a35f67b52a86dd8a31cd8d31beea6703b7fa4006410ec153297138a5725c0b168a05a97cb73bd9cf6f62c52c4ee8aa39b996728e5abd3d78fb52907bb676331

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 577c40c882e58a8e6faef76537dcb20e
SHA1 361c98f0843102f7b8e70bcf2d65e113a18ac360
SHA256 7d2477a7480064bedb1bc7d52112613aff14df8aba9a26c59f8f223ebd11b586
SHA512 97c931b1ee27df1139e868bcdc37a68a038813fff31ecb5a54574117ab98cde94b47509b5a6a45c1f4be6ad78289671861d711e529a6ab18d2939c3682922349

/data/data/ir.teliyam.kerem/files/info.db

MD5 c89f9c9aa82da7efb89ea5bb6a924df1
SHA1 b5b3bea704b826954640536896aa012dab3dcaae
SHA256 85ab6af6a561dc1450240cb9cc85e81cfc722e54869ce7aed2ee9b9a255ec8ab
SHA512 33016709c276fa85f09e8609a569e5d3a9da96de1d86fe1fc3ef29764f8324ac36c6a5ab74548831799b83a40477097b12d693549b7e32eff04301ef2fd6e01b

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-wal

MD5 c73900b094eac3a81d5e8eea5d6cb571
SHA1 eed4b4d9492f2e4d2deb96be220edfd754955f79
SHA256 b33fdb8e647cf78be9dfeef3722b5607e8d78671dc50160360b175ad94e66012
SHA512 add4224cd0cc6e9228fcb0648bbf8955fbb3145419b4fc8d0dd012a2544fbc4531d4b0b038af826ab6bf54724d18552669d1f4ac508269df3d9e66603894a384

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 686acdecc73a9a26171a84e3d25fb79d
SHA1 b8434a59af7558b707ddd8e13580d75da3fa1c80
SHA256 c585ba59fda5c87ffc1f08b36c5ec50fc9166eaa356ec6cb0f88771568fee3eb
SHA512 b046fb245fa387c1a7d8b3263157bd10429ddd683439a0e3ef18f5db7f557a96b76730294a2be8d0cfe5a51ca834d0d9c5615a92d59e1122db4dc3ff6f9a98e8

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-wal

MD5 25f1d46d2c844dece97d9b69bad0e42e
SHA1 d1c6b1b1390954a8b51067780458124f67a06882
SHA256 82a03398ad828aa7c198c5acfafb5f2473e91e229e71f810bbde36ad61becf6f
SHA512 88174cf3a7643143f3492b81b66e05678df057fcd387a333a287694093bd214eb0b44f099a05d3b80cd615c81a08aca88ec660c0182a27f73d086c980be5c290

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 27a65690ea1503a0d6fb5152c437074b
SHA1 c0868b48fb90fdfc67bd1ec5bc39cd734f58221c
SHA256 6c4bc03a43cce90881a496b16a6731a15fab87a707cb3d22e42830eb10222bdd
SHA512 35ef07f12278dda1eb4ae52c8306533607438750921e75979d488848df562021a059aa4d74382e0a79335a2875de122e124de053ce1369b1dc77ea4dcebb929e

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-wal

MD5 497b7b1374543a6239c39a8a911e6934
SHA1 9ee7ba335ab2f069e7af1b73d65cf4d53bc44b4a
SHA256 1daa9c0da0fbcb605290c2987f7f9e71bb9ae701ea612d7c6c61ca54fdafa0bf
SHA512 30c2f2e745bf29200b2821d926fecb96d66c3ea0a0be27cca5d1da675fe39a424eb1c5a4d7b335309e99a33dc81452f134c0928bd56be548645cbe973b4e9a34

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 81260c7979bebe07299afab8a3e9bd69
SHA1 567f992474d0208076d69329482918da3aae110a
SHA256 dfc8974dd44198c4959f9872f5ba1983afd7e61a1fadc12435750c08408505c7
SHA512 f4fafb71fef9225381fedd9653ffc858e8b8bd934425d6d9f31052c35976112e51b39441a4a117be183b6ee4e93045748c3adf1f960b713db9a7ea439d93fd77

/data/data/ir.teliyam.kerem/databases/evernote_jobs.db-journal

MD5 4d01f6219574397949dcc3a98fcc579f
SHA1 e0ec2d240be54eb7604a0907a4342c775b3a60d6
SHA256 32af7f9dda9d4cef578fd24d9d2eadd9cccf64158c3725749357e0f154e7621f
SHA512 d0c47a47fdd9bc61e97c04f8efaee6d43873730f76467049e0d62e8480ff9a69942995ea5f7021a77821f2c688c1451962d9e30ef989ed6ab1d9b55860cbe3b8

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-wal

MD5 5fe88ccca4819899bd09721123c81815
SHA1 459b01e24eeca49f2e69325d8645a0df994881af
SHA256 4bf590894aa4eed7949c048f3f3846106f6d3c8e1c9156988bdb218dc9eb808c
SHA512 d5497b5f73674683720676e0361baf3256e9148b2546cbbd9cccc6dc02152c23f227a673653a037eddf2846b3f410bc4a68982f24bb2f142a70d6d73bbfdc8af

/data/data/ir.teliyam.kerem/databases/evernote_jobs.db-wal

MD5 cc94a7d70f99ca2aac255f6398ef62e6
SHA1 776ca3b74f6b8b7be6b57ba8be2180d9f516e7a9
SHA256 e5df7abf5cefed84f9a3d6a65fc3b9772c4ae87feb5850e10ed76c235837036c
SHA512 bd1c3d16516bf322273fc3589ffaf5bdf5bda33870a516f656766cb75014b279ba8e3400b867ed1e43cced11b56b12353b22dc1dc5d68f9e3d52fd2f3f8f852e

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 ae40eed41112b3a4aeebcd6aade5f5f2
SHA1 7eb0be0aeacc160ed4e8ab173d9b42b204be6de7
SHA256 ef05bab1a95992ea26046167012f1d67767d18e08f60e416f659027fa0b41855
SHA512 9cc6d59cb015beef6527c185ae271a12e487fa055761c525d8ee946d555fe56a631662efb73270f44d65dd02ed95012849a8572297f5c5f7ca040dd362427d2d

/data/data/ir.teliyam.kerem/databases/cheshdb-wal

MD5 2e7faaaff81abdeb7529b45d361ba1e0
SHA1 452e9e854090c76651ac6be391f9c8749dec2823
SHA256 a48e1d195ce83a1b63a86e1ccf1af012573f0c1f10b9b4ff58b3e5c20ea5bff1
SHA512 7715de4da3e900cebcb86f41af396953b50bab1b9df6d894657c564a3e3f00bfe88f74df58cd11c29d1f2d003bd91b0507f5609365bd871d367473b0a2467cf0

/data/data/ir.teliyam.kerem/databases/cheshdb

MD5 82abba93ae0f0eb95ddcd64c674cb588
SHA1 f20b910ca407b8184db9e47ed9cddada23a1effc
SHA256 034f1978116c409418e2b537c5d80448f2f3e6f43f4f88905af6a0a089a85fb6
SHA512 c2125621de7f3a2edb33a521516a19361d17bea6277292ec83db602b70a25f149d3ed8bff5db9c90f011abd4101601ba26d63fdaa68d1799689c6adad551a761

/data/data/ir.teliyam.kerem/databases/cheshdb-wal

MD5 28d60f548d5058c0a9e9d6b30c8851f4
SHA1 b8ec67c15193ab046fd625f6d5a15104a11d2885
SHA256 0306579de2604d40b2df706d4f320f2239c8e310a8b00e10496cfb51db9d3ebb
SHA512 7de7b526b570e2b1ae32e526155236658f2aca0c4b7ba4d0ba043b6c3e8792d19c1d6261995fcf9f24c411c8896fed6447a61edfab72dc011e8eb4410f8b49ea

/data/data/ir.teliyam.kerem/databases/cheshdb

MD5 5137560093b29ce19ea3372a2edf6965
SHA1 2181664d94c99b776e0d809a797b05c3a03ce04a
SHA256 91c615cdc2ccf7199294a4a4d944dca43a4e44185aa3b5ceee551f43c9fb4c70
SHA512 9505e3d8c2a25cdc611085e718724ef1478a1e48669fb3506dfafbd6482a14e4939d89fdfdc80e86ea13a03722b2fc7f6e1499c54eb629293cae9920c8994a2f

/data/data/ir.teliyam.kerem/files/info.db-journal

MD5 534949e2cb57378038f6ca8abbb09736
SHA1 7639be45bf9ff537fd58c0e018c23a97ed7f6eb2
SHA256 3aeea45c62b4bce9c13571a8e1312ac8c51b66be791588606ae1aa93dc317011
SHA512 07b6dd0c221927aaf1bac62ed34485d2ff1fd31d85fb491668169d412af602661ec0ce9f56258a676180638e2343912e45e9481c2ed7f24e126a33cbaaba27f6

/data/data/ir.teliyam.kerem/files/info.db

MD5 e8394f4aad6ba804336d4dc1273b931a
SHA1 62d13d65ce6d72e05e7b71ab680106c9dc19ac6e
SHA256 1fb4e2d455b31069032fa51f56c68ba41850b4cc7002b22e01a906c65c86a1fe
SHA512 51e93d0ed188855fec15e708abb5f70c8231b1361f2628367c9016984f7baeecb4cfeb95fbabfbd1f6fdaa1eb3501df477639278d935f3d33a12ac0691f18db6

/data/data/ir.teliyam.kerem/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/data/ir.teliyam.kerem/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-11 23:43

Reported

2024-07-11 23:46

Platform

android-x64-20240624-en

Max time kernel

61s

Max time network

150s

Command Line

ir.teliyam.kerem

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/ir.teliyam.kerem/cache/1582435991586.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

ir.teliyam.kerem

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 1.1.1.1:53 almabala.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 1.1.1.1:53 admob.mehranarzani.ir udp
BE 142.251.168.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
GB 142.250.187.228:443 www.google.com tcp
GB 172.217.16.238:443 tcp
GB 216.58.201.98:443 tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
GB 74.125.71.84:443 accounts.google.com tcp

Files

/data/data/ir.teliyam.kerem/databases/db_default_job_manager-journal

MD5 81215b89a354045abd35f276b5e188bf
SHA1 6618a5f4b61e2f3e0b2ba8b852342c78e8f33fb7
SHA256 b5ad8ac3af2f28edad1eddce9bd38baba41b361f3dc59e0c3ef9cd3ffac97bb3
SHA512 8b44b203d86189bc3d6c8eca812264423e58fe5f179a9f6aa6b05af605e08c0b043bbb3a7d70c17a26d7d8a1f12d9bcdd7d4cfb0eae74e35da46d696a3f2e448

/data/data/ir.teliyam.kerem/databases/db_default_job_manager

MD5 4adb7a83903a01e4bc957df50590782b
SHA1 4e35b4e34baf2a9c7a7509acbf46802ce1c052b5
SHA256 52109b2a4b4395f5c201a57f25f043d95e4fab7ec7708f0e197a7a97ddbe2039
SHA512 3c5849e5471821de9940154a045cde13b0373b93fd0f0d682d64c7e538552cadf48e5d15da5ae2ff1a8fe87f7e55d758a4a4bcbcb4d06bd34e8862be619bca32

/data/data/ir.teliyam.kerem/databases/db_default_job_manager-journal

MD5 d43b1c30a1aec6aa0f76bb4a477ef9a2
SHA1 0cbc50b3a6b0107bbe75d8eb6890fd924965e2c8
SHA256 b2b16af1cb1832955c6bec857d6ccbd1aa77efd739e80dcb45298aced2b56b8c
SHA512 8ff193d2ab367e207227487ca8399cbb30dfe2f910d14c2d2b433c7a91f0c03c6ded700fbe0bc300df8da57d3c8b27c05c6262d25b4e2d24cd948cae3a1f943f

/data/data/ir.teliyam.kerem/databases/db_default_job_manager-journal

MD5 5774ed87ad904ead93fd2bc4c42b95a5
SHA1 ea9cd04be75d7847c4fe98e5541495a9a8bc31b3
SHA256 5b53109bbb6ff29b70a6483eeaa1129ac1f75142b2e5ec25239501f7641a2c3c
SHA512 7b45ae225a2e91b7f1782f0ac355cea095775cac697f2d23771ca4af4a422b04392c835ae1d7a66714920795037e17a47c9fbebbf34603d66cf23f752ac4ffd4

/data/data/ir.teliyam.kerem/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/8dd781f0-4712-4f48-b19d-b131b844c9fa.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.teliyam.kerem/databases/db_default_job_manager-journal

MD5 bd6321a5cbf4be0b8c2f8f2f0aa5aa1d
SHA1 19706ae4892a5c2b3617f534c4ffb1553bc2f106
SHA256 93a916e42147cca88d3a11fe2dcf3c050c7a1a73e830dea65615f6f18dc10630
SHA512 26be1e422a707c4cffaf813671ef781ae86020a780d54d716b133400c1bd35b9250ea73f9cfef45f5022a0d93fb5c0ea5b980067c0378df967038c7565e8e262

/data/data/ir.teliyam.kerem/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ca202d83-c985-4f84-bfce-0f0bef39bfcf.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.teliyam.kerem/databases/db_default_job_manager-journal

MD5 a2a36a90a1ad77fd19e40df43ddd928f
SHA1 76b379b8ba12de791e24a34bc3439d2d2b5e083b
SHA256 89a97198331382eddcff1dd676e085fbed6e7468c019e9184622213ea39b8301
SHA512 a3a365eca8acec1be8e89958d5d2d38207349f35b2e2aac55fd15c92f0a4826a171ddc96f49541dfac06f602e410a1ecc74215169669b7bdb1f553bc32bfb00a

/data/data/ir.teliyam.kerem/no_backup/com.google.InstanceId.properties

MD5 77b24d1b1477e7b05c066d4978be6f6f
SHA1 13335e4d5726c23357448d03cdcf0f2c24700d1d
SHA256 0845ee97abd38d197ed220d187e777fbdc5ba4f0b42362c3bfc2110c1ad18200
SHA512 002dae0bd70c3059bb5d8defbfcd424277c1454b47da46f7da6a718e14ca807b1a966e980e70b544a966a1d6caeadfb34f20929b57084a915f85634d21ec1a9e

/data/data/ir.teliyam.kerem/databases/cheshdb-journal

MD5 9f01ada6b5a310694465b80b3393eeee
SHA1 ba4aa2c4d88d54cc5c990ac1e682ed8d41985f06
SHA256 4a01bfcb60732502336f5db58728f521dceb8750f8adea70c73460fb0b2d2562
SHA512 a0196cc240161d81dc05d7f74ee26b5df2b91b8cce32b1b3266ed2387163c5a0a6d2bbf55b8de2190effcc95247b1e6f1d6de2404ef53d9635916e29400d464c

/data/data/ir.teliyam.kerem/databases/cheshdb

MD5 259a1e4e7ebc4b0d0341ffcf0c3bc2ea
SHA1 9b8da5a0b24833a3e84567d9d8ee0d2f54d7b48c
SHA256 4f4987ac3d84abad3490459fa7a32b7bfadaae5f329e15dcff36e07d34faaeb1
SHA512 dc1296e2b0b18dd83a3782acb700e155ea9a60ef193bfa8c98999e7cc3c5b73a97c20a974cc956ab438aeeba812ec2d2f401fb2e714bb9bb5fb421fa4b7a2313

/data/data/ir.teliyam.kerem/databases/db_default_job_manager-journal

MD5 5e261a68779a459af9005748c01fa2c3
SHA1 d3267b62d4a8c73c1640e30f6621ff59585736e3
SHA256 775700da022e1bf09f7a00aa44c511c4c2dcac55553ab01a33f33938af6e637c
SHA512 01cb5847da5b59f9d9eda2cf5c23f61e1b632ee249785f2eef175421dfae63644c4a1439b32c261ba3cda346470cd237a3b9d6d8eda3b31fbf76582a47e64e50

/data/data/ir.teliyam.kerem/databases/cheshdb-journal

MD5 ce3caab1093d45a21213b864aaa0860b
SHA1 0b509191000edd14e82540e26fa115f56c3c2ecc
SHA256 a0563d623f9f89bb1a3d87b150cdd0439621e320e9ff4c278bb43dae2f9cb7ee
SHA512 25fcd150d286c507338b520f59150f84bb395ea21503c7308f035163f2177bcba412ccd512dfccdc94f0aabdf1a3c8e42e9df49d34010378af74794aa69ef7e3

/data/data/ir.teliyam.kerem/databases/cheshdb-journal

MD5 d4fa3748bfbb05b7f62c52a9d028c81b
SHA1 f3316e0bb4981b38ff37e7e2d60fbbe3da9acd12
SHA256 008fbda8eb655300b7c31f5bff9bdb432c5fdb27759d05c5a64152611babe98b
SHA512 20e07bd3875da16f5e97ce3c18eb208ddbb2ca7af89cd9e8b128000b1acf9b177bd806142fb54fceb128667630f209636b91653e6a1ee98ec21cd41f90d2cf40

/data/data/ir.teliyam.kerem/databases/cheshdb-journal

MD5 6939caf5e29906234d090b3a285397aa
SHA1 bda75472ecc56cb5e6c257226586a6eaa954d4b5
SHA256 e696dc9a306436c0e2217c8c80511ba3e575ea3cf37c20ac1ff139d2469d471b
SHA512 17a7935d8e28150b16802e9ee7387459078924ff493d21cd4321a7a71ca74303247e6b31dad5f4f896e89c0f60766620819ea92cbcf1c1de06df3b66f21655ed

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-journal

MD5 7401308b1d60fe28552fd43bb0b28460
SHA1 c244811735c54ffb542b8e39d32c741e5721abbe
SHA256 00c5ba72db63bb02ac9f3e23d67badad6a95690bddbed6df2618dc9f43833b8d
SHA512 d108d79226bfcfe1262f5cfc2188c35aa9852a9998ea442a2407d803d9aa007b603d0b1dd8c0a9debeba0fcd1a3c8556c2ec186833989477aa8a178fa40131fd

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-journal

MD5 279988f71f2596c34cd9715dc8444af3
SHA1 11f14d14ea3bc5e9b3fec9259b94278a4329fcf1
SHA256 34ca670ae401632bf72db84e8b2182aa87a154fbcd4ed662344f5b1f186b6b52
SHA512 6c696ee9fd17f1efaaaaa297dd915629e920d36fad030e4873af052aba45e3c7061ff70e05d3dd879b7d7ee1fa1d7532efbfdc6f46529c0b94fcd001d93ede15

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-journal

MD5 be157163674ddb5570e483e27112a19f
SHA1 0f1fc50e4431734f669526dff29bdb7a1b60b984
SHA256 d12c38113587fab0af9cc127915dbb6ee9606fd966ff93d4a72192281ffa7cc1
SHA512 e76da317853d38e0ca0b16e3901da1b1420cbb8fa58db1e802f7dcf92a00f2304e2c0dea63e2273d18a0df28d87a69b0a7037811cd396407226d85f2924c9f1e

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-journal

MD5 bef1eeecd64e9bfcdc6cb0a189af181c
SHA1 0d99d560505d8b16723008eb08eeec7ff9cecf3d
SHA256 c95851e22b97e9bbb1bb14b3940a64439f4e5289a18e0046d32633199c513ab3
SHA512 58ad0e1f01d5b5a3c012057fe9aedc32fd93d8b5af865a0531dcdd0adb7b1ce0e25c5a61472209be07dcdeed0d101dbe8000c8797fa43e2a1a00d9bd2b27cba7

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-journal

MD5 ac7009d4a80b53b953c7f16375b13f87
SHA1 6e7816bbeac5e41141aab35691cbf64441aa5cb7
SHA256 656a0f720fb1640d4bdff6c885eed14f1148d92c1888522f578d9b56872147e6
SHA512 bc57a1321b8a30db3b837f0e187c12c88b27041446b09ad283d29f5c1842c607b2f66bf9d154da3fe144317bdb1e6dd33216bbdda866b7248801caea2d9b7603

/data/data/ir.teliyam.kerem/databases/cheshdb-journal

MD5 34b8dc022f710e1e2ca275ca4b3ff413
SHA1 cd5c4328f16b7b271794a38c035f9b0e240aa17f
SHA256 c072de3841b169f40c707910f350ba56ec1d7f694c26a79413973f0f34a0530f
SHA512 da592b8109d37991ab04bf47a99c39bf7c0cad5656aa66400be95a2f9221d7d6859940461df63efa3db8c6fb77c7033ece6649dc891e5a5fc9643c52bfcae90e

/data/data/ir.teliyam.kerem/databases/cheshdb

MD5 44b1a649f5ee882c13eeb61b77de1b4d
SHA1 1b412edb10b3286ce4297283d2c502ae4cf0c113
SHA256 effa950ba643bc7c737a16f82889770815254c5f543130fe347eb9666006a97a
SHA512 1c3dec335da2070933a434a2d1cb4356d3787ccd14c8eec53f8bc667a0e0c4fcc19b8006da5a714c006e1782a35751d40b93c65e7dcbeed2ee297136208b8607

/data/data/ir.teliyam.kerem/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0525192f-ba50-494e-b1c1-b6839895ec8f.jobs

MD5 2c15e0163be9e48a2b4629d526a4027b
SHA1 232e82c1ea978dbd611813e6e40614429fa8228c
SHA256 f57858c46e41823c90826e027c418ab4de6178a9783c17f268982d4f7e2675f1
SHA512 7c105ee3169792368be8b084d11b25da2ab44ff0d393a686bc5173f5013aecdbffab34e0535c5437785997b8d279a2d0a3e427e78fba8c408aa0cd6a4755ef31

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db-journal

MD5 d17d4b8b01a653ab166c13e8f5911cf3
SHA1 2c58aaa10d59c185572e30f01ac1fc24cda42911
SHA256 4d8770688e277490ba9f464f22c3cdb13dec37ec65159bba36b58df77c568a16
SHA512 a2bef0afa564778608ef2dafe8b37ae95a3fd37424dee40f7edc57db9ac91478332bfc9348b2ac0ff393839392a25b69521fa16525fec7f8d8da432a98027e3b

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 860e91edbb6b4e895fc1e2de1e4ba25b
SHA1 db94cddcf5ad058e1b05a9314e2b51ec6e9ed3f1
SHA256 c0b56a9f242b29f0cf888b6ba628d2e722fb31523f1dae322e47a7fb8ae31bc1
SHA512 940b85a3cdeef261ff3067df98356784d3eeb4024ae02a7a59ad3c27c6cfc31a75eea59af0e0bb1ced7a4e63c6201dd02e33c013696af1b3aafe692dae898df3

/data/data/ir.teliyam.kerem/databases/__pushe_base_lib_db-journal

MD5 330acc3e12785b16222395e885d190d8
SHA1 d547be7c04a3e9faf5bc6338b54a4486cfc759d8
SHA256 8a2331607b1b34dadee7f5568f7dc2d852bc8422d6ed67470581f6ff67f1312b
SHA512 53ed0e8619057ed01890b04de0eb97be9c04146a29c45687988cabee7f78ed92b5fd479b4f3491fb61bfeee35e0a8b24bf60d4fa3cdc3586477ffd452a0b8998

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 9bbadb33c306c52bed858040cf8888bb
SHA1 f170f8796f0d699762c597ea52ccf496c4433263
SHA256 d876716bf948d0040b4dd45a34fcffcb385e0a545575c3847fd34058fcae8f57
SHA512 3775b0ea686bda7cfe4e472ae620b4c15dcb9c185c8087216987997833d89f206259c36fad43add6f288a8144b992a8a70a2131b668224b15d80bdd9aeff19fa

/data/data/ir.teliyam.kerem/databases/__pushe_base_lib_db

MD5 d3abde6b2fc47ef19bd6f59f3752e982
SHA1 fb80eefa90f38a108a0b851c2a19a99a092db617
SHA256 b572dc501ed6d563d74c9ee7b814434a033e7f5802152af81f7f4a2cffc067c3
SHA512 f4c265e1a41d4a6520477f0421ff9713ec7d4a4d4878ded6f221340d58e50431249cc5c746cebd48869cbcad567d6ea16c6c1977ca2193d826ac6aa879be7914

/data/data/ir.teliyam.kerem/databases/__pushe_base_lib_db-journal

MD5 257d07b7433309524d88184193973f3f
SHA1 b9826d7c0a2a4f0c47005678a1918f67fdff7b85
SHA256 ecaa60d2f25fbc2383b05d2fdc15c1adc476ab94f18426adac22d6c44ec907f0
SHA512 21e26fa17b9719ebbb31df1c5ac9045112af093ba75c94c161c56c7450cfa651f23334a8b1e50d1ae5ff9ccf9de0e352fca05b9c14d837c60fa9901f5f64db8d

/data/data/ir.teliyam.kerem/databases/__pushe_base_lib_db-journal

MD5 3ad459ed93caa80952e2951835e54699
SHA1 a6cb589b7cf1b9ee77776fd6786f48abe56295e1
SHA256 935bdd6984916ff8679b9a99c2adad62e92256e92e239f545ce912238f6ee99b
SHA512 bc2c97d9a4e516f133f737c99c373719a02eb8933f9685332182e9248bfc58a59e49d617811ef7c79980367b030a9f8798236ceb10211a93b1139fd7a252603b

/data/data/ir.teliyam.kerem/files/info.db

MD5 c89f9c9aa82da7efb89ea5bb6a924df1
SHA1 b5b3bea704b826954640536896aa012dab3dcaae
SHA256 85ab6af6a561dc1450240cb9cc85e81cfc722e54869ce7aed2ee9b9a255ec8ab
SHA512 33016709c276fa85f09e8609a569e5d3a9da96de1d86fe1fc3ef29764f8324ac36c6a5ab74548831799b83a40477097b12d693549b7e32eff04301ef2fd6e01b

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 2033d74235e0c3b45cbbbc9bb4e36be4
SHA1 30d942719ce68047bd96b3c59f48522ed1416999
SHA256 93b4cd631d172a96ed0f92aee93d565adcd829015cbeac002b5f067ba2b70aae
SHA512 15a11b2fe9e452ff70f5b87098949d17d43f48191d3f0e46b48b5948d3f59b256836e4a90b6d418acc8a62115fc4b32436b0886f85d526a4d07c6c9f4657af80

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 de9181d0b040793b1072ceecc4ba4707
SHA1 a8437c9353796e2454a4e007e2e9574c09d86114
SHA256 27cde50364c9a98f02a7092c0165b228783c78007f67587991a247ecc00eab89
SHA512 94f262a78a861c52d51636221407cfafafa0593219797e9847b0d4eb4465bc824acece66c38a5d50cf863feed45c5ff56f129e622c39020dde02c3732d00359a

/data/data/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 d2845eee747d763d7fcd0542c31e4578
SHA1 e3c77884173f1d760fc4af130a3572094aefea10
SHA256 acb3d51741d0541bede39514a7eb7329b793164de404bd840abc165ce01a1314
SHA512 8e116650ded8ca5087671390b11811512c72b1d235fd8228d7e6952dacaf4df79380e6f0be1b5568ac831696956a615f6ee0247d138c271ed042e91cf6b6e218

/data/data/ir.teliyam.kerem/databases/__pushe_base_lib_db-journal

MD5 53a4cddf223e8347e2ea0829b62966f0
SHA1 fac238d48f7252df03fa14e73cf35e8ab237ab74
SHA256 ffded5fe0937db6fb0fbd888d77fec76aa2da43de7103333e1ec9e47f5d8ebcc
SHA512 fca65110c8f9c4b2b9d87ecbc4e73722739c960636a8ddec819f8fb15f6689fbaa6c26bff9734f141a9a06a226731d5a40b560074ccf51b527cb9f5c17036e72

/data/data/ir.teliyam.kerem/databases/evernote_jobs.db-journal

MD5 5a517ad8b1fcfaf4798b9997845810b9
SHA1 f4a3bcb1a641e219dda03a91b98061ff58eae644
SHA256 ac640e9379ffa2369a707c30f771236ee8b37c1ad82e4e9fc0da06283e3f4945
SHA512 8951f13f789be87a47648c8ef0f78bb07d225042edbd572ed2f464cf67a725c14cf7a5a13271321eae721074b45ee0d89ed5260999a34cc437f5abb83d590050

/data/data/ir.teliyam.kerem/databases/evernote_jobs.db

MD5 3aa294595955bdce05165069513daa9e
SHA1 7995ae855d8055b796bbfca3efe5fdda22fc56f0
SHA256 9c2d3cf52a9ae282b689ceb53913dfda81f6fa3ae554c99a72ec1352f6ef9f9a
SHA512 88240ecf832d954dca019f349d644605b8443d3b31b2745e49c187c32a3ef6a5b196b70df40ce03ea3e332f6938293dba2393fe547b1acd3fb83795d540300d5

/data/data/ir.teliyam.kerem/databases/evernote_jobs.db-journal

MD5 b25fa2d948b3ff90251dbd1c71d0c54e
SHA1 72983457c34729f30c5cd0e9ed56915bb43cd8f8
SHA256 da5a84cef4e5310fc4e3299233e6e0c2620656391c2c59387a53213c7af51f6d
SHA512 a6593f34b399854c1904afa6acbadc82fdaf4d9ad45cd9b5ef588df685ae27ccff02a27e897a6d0984f67b6689c40b12a15f5f199953aaa616d402b71d928606

/data/data/ir.teliyam.kerem/databases/evernote_jobs.db-journal

MD5 c42bd67734c6a0c0e5fec8fb602bd43e
SHA1 97e3f922fee76bb21295c17a78a5ec6490c7266b
SHA256 9cd3d9c41fd4226c92637a5bb09277b823c743583e2507ab9e640bd0deea31db
SHA512 b7bc4e32153eef47c5f9cbe6d685262b082c7722d2ebb54333b3c2f71b51803554635c6cd16e6de00433b085895f815633ac63d7a9007b19f2c6fa5d7d3e22a9

/data/data/ir.teliyam.kerem/databases/evernote_jobs.db-journal

MD5 c3c1afafbb8456ef683874fbd7aabf46
SHA1 e75d8b41a39021ad6e73be1d26e20d387b2d51f7
SHA256 42752e4f1ea03015e970700f557525864973445f990eca3fe3842a3157fd09e8
SHA512 42ed4dd42438b28dd5885ddd3d9f9d9583683a1e342b8a175b0d6270019e4b8627c637947ea70e7eae85968c2ec21c12276b683792098dbefe716fcab7165374

/data/data/ir.teliyam.kerem/databases/evernote_jobs.db-journal

MD5 5531da30fef73b2f3403bf8b11eb47da
SHA1 e8eda05ba9838e28fc94176b434565d90ffbd8d8
SHA256 d3e15b564c9083d211bb54e2c5b1e2653cc17b9094884565228be3b7ba8df82e
SHA512 7f3ac8adc1ef150c2992a25892ca876471710c17570dcfd547830fd985906e8e814ebb785966f6d1137400903249d8a66027585c4fdf315b05d28649a3731cce

/data/data/ir.teliyam.kerem/databases/evernote_jobs.db-journal

MD5 f962617370935dd658987d2310334f2f
SHA1 d1bf4846152f4074feaacf3d9dbfb37237fb89fa
SHA256 ea4d65620703e45208bb66d08e4416375c9562c89df4fc30b1801de7c0c56d4d
SHA512 7d3345a09b8c32009efb731e80509b5e93f9423b42602c805c0da9fff79e38b8f36d9e7fa310f003ee3fc8b995136aad2bb63cf1f16d67847e8ade7fef9a50f9

/data/data/ir.teliyam.kerem/databases/cheshdb-journal

MD5 0cbc871ebad49e15f5ab6bf3a4ce8f49
SHA1 677bbb4b6f3f75f40b48f92a9e38997d2023a021
SHA256 379da9d746dffd8583cd05e1fb4827f39c674c519a6019629eb233858e7610d9
SHA512 ddc73e94905841838a3b7621c91b46104d2fe7e8534a446a950bca8f5f42d8e6351924e0614ed3c8d23b6294d4d0d1e729048f4f61e5a1cf6c0f82b16da3627c

/data/data/ir.teliyam.kerem/databases/cheshdb

MD5 206c87b19d67110468759a35337c713e
SHA1 eed7781be0e45ba731e09507ae27c28c5df681ff
SHA256 538079275b940d72fb551789616ed72cc0dc11f8e728b69964f2f209bed2bc80
SHA512 3e8d0ffe967d068061ac84dcb5c466e20d767fc37a32ba84d8f9857a0292b2cdb4fa52dfc0c06bf75c54171d15a99fbb1ffd2ccf3b13742cf7d07e3107fb7031

/data/data/ir.teliyam.kerem/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.teliyam.kerem/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/ir.teliyam.kerem/databases/__pushe_base_lib_db-journal

MD5 1a453ac54cd65686c98f633308ccab18
SHA1 720ea6fb4009378674b840ea71cbd11d3c469a9f
SHA256 efdf9630e8d86f650dfd3f3e9ad0f1fe992888bdb329d0238a25468642bdd268
SHA512 b6cae2d00c4d4b27181649c357ec91d851b45f248450bc4e51d66c2ddec29881e599912cdfa6035f831d10037240a33f579985986011ab97f1011fd7b53e5356

/data/data/ir.teliyam.kerem/databases/__pushe_base_lib_db-journal

MD5 187d8d1ba6203334b8464710bbda50a0
SHA1 b15b8b6685b59ef57d0588ed7196679f445007b4
SHA256 c7285978c7e740375771a4adf50b80d6983494521b748dca9dbf483af936e964
SHA512 892304f2789f0625095f7a0ea822b033b543933dd67646ca6898bcb0659dc91c09a35574dab89b27e6b7ea3c9c5f7dacf17d81289aad62c67fbdb4b7a1c028d0

/data/data/ir.teliyam.kerem/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-11 23:43

Reported

2024-07-11 23:46

Platform

android-x64-arm64-20240624-en

Max time kernel

153s

Max time network

132s

Command Line

ir.teliyam.kerem

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/ir.teliyam.kerem/cache/1582435991586.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

ir.teliyam.kerem

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 1.1.1.1:53 almabala.com udp
US 1.1.1.1:53 admob.mehranarzani.ir udp
BE 74.125.133.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.227:443 update.googleapis.com tcp

Files

/data/user/0/ir.teliyam.kerem/databases/db_default_job_manager-journal

MD5 821585a7f6b9b2ba0d962bc9799fede2
SHA1 a6e9c30e3af65f325d7dda7f794d9a3324c5b9f9
SHA256 fcec049c31df847b9afe5a52e56ea912bef053614ce048389bbd0767613f0794
SHA512 887459eebe67655ebab4ca806e3be041ca51992b523a97b9fed1c6a84cad6b809456d18d996015bd354bef5100dd20c5819766a54ab3d9695b4a94b2e14641a7

/data/user/0/ir.teliyam.kerem/databases/db_default_job_manager

MD5 647a49bffcb77065a64663348b7f6b4f
SHA1 5f412fe324ade573c467441025da02a29ea1c8f4
SHA256 a14813768b086d60125d2ec41643251f3819fec22896ada9e9990e7397d1f06a
SHA512 a6ab499231c2e4243744d2bee29e33b974d39509823bf0e2d176cd99a710a0171c9b7fffe42958d4ee71f125a13dac27e195ea1e069cd33a6f9160ea405c0404

/data/user/0/ir.teliyam.kerem/databases/db_default_job_manager-journal

MD5 2efddc377434567206949335081a502c
SHA1 69e9c0518d539cb09450268d7a2948844760cbc1
SHA256 d6e4856b7c684fa20033f21d8f1acb76d810a24debb4788e46bb6b170bb173f2
SHA512 13a6402d38ec7f311e7a3eadc4d6194a87e7aca74355a40199ac5b379753762999978d316860cc707157fc3e4f0bd3f9d9f23dbdd1e115330f7c8469863c090e

/data/user/0/ir.teliyam.kerem/no_backup/com.google.InstanceId.properties

MD5 0b8f3622b207ed90f7b0cf2ccafa2997
SHA1 66ec9ed4cb087259b414371ad042fe13b654e05c
SHA256 12d22385b019502cdd24daa9adb50b92facbd3136620ab21b926a602dd37e050
SHA512 a1c253f6f9a55df2e60d3f1dd0072455cba39727819981311191085b37ac29f199e949f158a59f4922df606762def557b920e06daeb774ccc32c7d20853f4263

/data/user/0/ir.teliyam.kerem/databases/db_default_job_manager-journal

MD5 5129c707e229e36d94657404167dab29
SHA1 d2ceef052f187bb9fde6d7ef5d3ae4006bd69ca2
SHA256 28d894abfb78c3d9a31698cc50833918fbaac2de7508f562eae2d8e770d1cebb
SHA512 8c889eea19c583d001237ce41d076e5a3f0806bb5a5865ee0600a687948ebe8e72a710c96381786f36c9ffb17c013f2460123049b799156021cb00628922939f

/data/user/0/ir.teliyam.kerem/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/21efbcb5-98a7-429d-a5eb-adf86de9000d.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/user/0/ir.teliyam.kerem/databases/db_default_job_manager-journal

MD5 11e71d95f96cbb86b7582d28df3ed11a
SHA1 6173af77988d92cfa8c96bab4534396c0185d460
SHA256 67c11fd4eecb62904a4bfdf2e8e864a6c00f27a559cae3052d5425457f149a56
SHA512 8234616ad6e100708549f85d75d8d8982651870dd7eab45afa18fa7efee18bce5f1b9ebcb0aa08b32467474a2a73dcf840ef7d3c7117a3996d7a82e90152fb15

/data/user/0/ir.teliyam.kerem/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6a2143ba-6c62-4ca3-89f6-33a6a55c5a7a.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/user/0/ir.teliyam.kerem/databases/db_default_job_manager-journal

MD5 4b4a3b1d478f733cbe49200a27a08ac3
SHA1 53eb3fcdd8643f4f737efa35b710db27ec35fbd0
SHA256 d6a388874c1bce40d01573463c345f458042992f102845fd131a60d42c02de39
SHA512 07c05f1f8a48dbbd8de92c95868d146607a6970ecee4ce8f860ce9adc3cf5975b503db0bef819bd5e09ec1e95ba170e9971ba49357cb8e65f8fe9287fe04d666

/data/user/0/ir.teliyam.kerem/databases/cheshdb-journal

MD5 b824720cf3cb4400590bce00fa9b3ed1
SHA1 710cdf1ee31238d78fa6c3efebcd7686c9946920
SHA256 a5fd0ad70943a5bd0a6b3123b0f4edccf72b4ea6326b61704436178df0c72e0c
SHA512 25fdfc9db2088c3a08f9ee93e1e6ec003d5d5061465ca6e2775fbe395271e9b25a463cf2c8311d50eb8c9aea3931464111044bfa95285af81e90f822f8902f66

/data/user/0/ir.teliyam.kerem/databases/cheshdb

MD5 0660d3ef5f0245096a9fa0f61d6a8666
SHA1 282222362a5a05e3153b7f6b49ef35c667b19542
SHA256 1091580378b83e0ab3222d05659ab9aef1d2c65d766d5e04735b628d7a760ba2
SHA512 18bbe88051278314b76611bd68156ce60a9c3af3818d39991fa58d28bd9bcb8476eb00ef52ad8ae7d16c1d7ffcd9f2e8a858e2fd806ae59b5d85a8c3a9ca12a7

/data/user/0/ir.teliyam.kerem/databases/cheshdb-journal

MD5 00381f5f1727c153cd88093b5a594d04
SHA1 4a83d3dd28dbe42b4b1df69f2a407493022cb689
SHA256 142dad843a911f19170156c378e00876cacadb80ba44b711496934bf4da30306
SHA512 c4443e3a2ffa934a8cb0aca672a68443709d744d0c3e7c1e38d2d452f9eedee02dc454b819d7626bfc5b572e24248cf2bac39dbdd23742aed178cd912e764468

/data/user/0/ir.teliyam.kerem/databases/cheshdb-journal

MD5 8f05583f562f747b369b2741752819b5
SHA1 863ca5094afa5f43c9efc4fd7ef6f1af0b185d4b
SHA256 80d785245178eb2bb72daf855010b0323349d2cf373ff4df4d46c286e9240080
SHA512 01e66711aad448ad525af93556ac006cf56ef0c1fd54324a9b62ef7a8f9161d9bbd28ad139baea9ad6f8a8823a57196d6d7c3689045592e2b235cdea190e99b2

/data/user/0/ir.teliyam.kerem/databases/cheshdb-journal

MD5 36d1a6d40e6551f3adf78f77a0f14c4c
SHA1 3b3debe1299f1361dd960bcd3a217411e1605235
SHA256 cd827d863aedf480eb98e6914125a0e879020b525d8e3287a53f585fb59c8979
SHA512 40b2ff898bec61f5dd2aa700b30a2779021a5c251e5ed29cb9ed6fc1385c64deadc5ac284d48037f8f84f3b2493cbab9d0f264ef892ec9024781e1ccef94cf1d

/data/user/0/ir.teliyam.kerem/databases/google_app_measurement_local.db-journal

MD5 e893ab581b205391a2470e24fe6dd926
SHA1 cb69f572b41c321d4b16fae9e23f424d88ab2798
SHA256 f00a91f51d8a2bdb333e64fbcd24f718e10b342fbfebdcfb0d3f1b63e2b18d39
SHA512 c2443ea980986df0f4cce01316d223fcf0584c32160771039920eb1fa8fea932a10c739b063fda9cfe233234f354057fb82237ab2961279f99e481f27c487b61

/data/user/0/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/user/0/ir.teliyam.kerem/databases/google_app_measurement_local.db-journal

MD5 3ed04ec28736d1a90b4b637173bc0820
SHA1 aaf885a399de2c8f008782c347082dfe905048c2
SHA256 2647c9e57cdce2a80975f09cb358ecf770a6ec5a671a86ac8ac6c03c35e02ccf
SHA512 116d8ac0c6ec12cfe1b982809e426da6e71c08656033e14e96e2a5ef252540b7e7f6d4ae909eb3ec6008139d303930aa3fcd8d3f02808080c5c357702043d2ac

/data/user/0/ir.teliyam.kerem/databases/db_default_job_manager-journal

MD5 88fa973851523e51c56cdfcf2b49d7ac
SHA1 a4489794f803aa6b7f3a09b416b3875e31cdff86
SHA256 d5c2882b680a13bb123e8735a7a95a25420ffd52da2e740fb7c957f3fae24d46
SHA512 fb81451a2b52da5f2f5e934a0bb648aa5110b2110ad8c881eacc827d2e9256d3a193c34fc702136629422614ee67cdb24caf58900be72b86ae30147930695186

/data/user/0/ir.teliyam.kerem/databases/google_app_measurement_local.db-journal

MD5 1cb5f82ea8a5d2274886646ef5e46201
SHA1 f19e1eed2a7f19f0fbdf0ab056cbfc1dc81db4a2
SHA256 70a6ce76fa8bac4c9e2519d936c2fda515f9a2149f560afddd3d522241aa026a
SHA512 d29d93a24dd984727ff72a9eb8218fcc63aeaaed0435381033ee1d0fb1ae95a628a8901001a9a3ea1daff30253f043c1f7e213bc47ba185576e140cd425e130a

/data/user/0/ir.teliyam.kerem/databases/google_app_measurement_local.db-journal

MD5 5d880d2140fbbe341bde3bdb511fdfec
SHA1 eb44145158f16637ca1b2aaae91f8bf2cd227b4b
SHA256 1327b6b8c1bff981b9613981a10573dc82ba6f19d079b08a038e4ff0e51dbc3e
SHA512 fc1c7f1ea68d8ef842faf03cdd1e5eeb7d20b2ddd27f4b0736484b827c6c92d192c9c2d3be8efe2c629e540931a977f63ba230836f3a5b18063c34b924fb737b

/data/user/0/ir.teliyam.kerem/databases/cheshdb-journal

MD5 3e38316f11a627919d94ec43a2530c59
SHA1 1bf38ec2ba17d136680fa6f452209b79837dc3d4
SHA256 cb869cebb32b534b713d1477ef99b9574003d4275e682d35f3d4d128c749918d
SHA512 8ceda82ce9030e913f1c2a02be1c638b9975b117a20a0bae431d08ce4f1b512392c074c5640dc972c1f9d5a6a80de30c571d8db3084b7715914197ce57feaac8

/data/user/0/ir.teliyam.kerem/databases/cheshdb

MD5 216eb9b109507f2d482fb59be8b799b0
SHA1 92c3e61a44e09824917425b2e2ee16537602b15f
SHA256 94ca25cb21d20b259753842ad72e7eabbe1954ffc31d82a7a37dc0c00fbdc431
SHA512 20095ec62686982fb60248957b7f40ddfb6cb796b9c76164e7a2ad39faea9ca55b028c50c0ebb136a5533fc1be58bb568853b9a7dcd0804cfacdfef36abd7300

/data/user/0/ir.teliyam.kerem/databases/google_app_measurement_local.db-journal

MD5 1480ac7ea815be1f4e0cbba004372979
SHA1 27901be74137bbccc5e76d1f7862454d6547642e
SHA256 dca59bf60e2a40f9052798e628f58391216328c5344f907f061f62cf0b8fde93
SHA512 767fe42147bdb5abea360312ab18fb545a72fa2d1a557afc93aae5f6bb1b710f602e1b2a1280449bc56b0edf38764a1277cd5dfc9d11d6a7680aea0e0a3a76a2

/data/user/0/ir.teliyam.kerem/databases/google_app_measurement_local.db-journal

MD5 d639a2e26c43035de86f627ecc0cc708
SHA1 26a29b162e713993c50092dd05c8a4f71f1be9a6
SHA256 afd481a351bb083171efc7b5c39de73025dfde4c43be8cfd45c218f4d374ba67
SHA512 4c59c3eea4e211314e4f14759e7d90045b77a76fc3ce088d61b167fe2b7f6d08c7f44956a53ba6a8ec150234d62b249256ce0576b0f518c6953cb0ae84aec214

/data/user/0/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 d760406e66454dfa057f17cc1b7d8892
SHA1 73f876913228606e85886b6068edddbc920975c2
SHA256 a89c8961d37ea763b9ddd08f9f09342dc7e174c4dee32b03a3b4103a8cb2ffcd
SHA512 9fd6e121392f1a8e1e7c157ba18416db56437a60ae7d47516e16b788eb67c23bc1f4b80384a68ed75fb641f1f525350b7aeaa379aa39613938ba253f9a98263c

/data/user/0/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 d39ad796df30a16d71710cfd8252f100
SHA1 93fc5842486721fe25623a26c8b8c5ee62c0f2ae
SHA256 67370a92ed56c56115a80c3a4f9aa14c27ab8f74815ec8388c2d1203de44efaa
SHA512 e859e5612f0234889edb5d861e356f5c4ee9066f598a7a1824c697f5af06d4205d3c41ebfe8e5d74858cf28846bda63dc4825d4f8104d56e459d2d651d95f5fe

/data/user/0/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 e23798d97ffcc728408dd2717c31ca01
SHA1 c7aff5c9c8adff68ec26efe4e4fd9691b0e4bfb1
SHA256 b3b6263826805c7fc7b563fa17db0f33f006b509a3b424b9992c2e61b75cd825
SHA512 9530fae0b83976268bf697343eb355bee78211659eb887f0e308082993cb56ce10007acc2626eb08d6c037a83ec57b6b59b0004d7a15215c74c936fc09be731b

/data/user/0/ir.teliyam.kerem/databases/__pushe_base_lib_db-journal

MD5 1d51c949d0f8706edcb8b6c4d1e8570f
SHA1 8911acd7779a60e5fe3e28c2c690489dd1174999
SHA256 01303530c9cc92799d86bd2fcbdf1c25fd9b284748ffac130e808f7a599bc6aa
SHA512 1dfa05d917eefdb97b40278056e73081d372d5fdfc9e144720d4007cb68c33fd2127f30902f966de498c4de1191005bd6553237b5a611d8694d9c54ceefc217c

/data/user/0/ir.teliyam.kerem/databases/__pushe_base_lib_db

MD5 d7d5f03f1cac8d706d951b8497ff35c1
SHA1 84dca453d26918742fd482f0a3e220b8ea4c2510
SHA256 34e38ff02ae309bace4d692f551a7abd181689b1f927be353459c62b438ed6ad
SHA512 660100e6aa0a13bd9690815818829796804d23e85b4661c2ad724fb426bb9fde13c2a0da4eb24a703f1f7b3d6a0a63ad4c095eb6dc6c7ab4e06ea3b663e5ab30

/data/user/0/ir.teliyam.kerem/databases/__pushe_base_lib_db-journal

MD5 83de7cf0793cb41ef94bd390a184a902
SHA1 94d5c70f0098417fdaf69004e23ee1b0e92607b3
SHA256 8b9dbd3745b9e895e019cddaede2eab0f680b74b74138ee5f1049b21a72bc96d
SHA512 68168889e144bed7950c21b0f38ba8aedca3ad223f6c6d8ede3838ade03cfe667f373930c38d44f77fcef9485c04e5925500eb5ad749239f0581f8f01b7177f5

/data/user/0/ir.teliyam.kerem/databases/__pushe_base_lib_db-journal

MD5 08877fe20f69ea1f9ec61e07980343e4
SHA1 eb167f05d5db9e358aa2ea2f571d9ccfd20dc350
SHA256 f0368a42f508723069c0373130e602b6c6400e19ae0f8e04b59ea3631c95581c
SHA512 3dad26e08e57652fa4a23c94de9944d8140c042bd11a56757d66440d89010ff7e45aaa61ea6d2f28b006ec6d0a911c80a67a55a2922bf09bdd72de0a82c7aeab

/data/user/0/ir.teliyam.kerem/files/info.db

MD5 c89f9c9aa82da7efb89ea5bb6a924df1
SHA1 b5b3bea704b826954640536896aa012dab3dcaae
SHA256 85ab6af6a561dc1450240cb9cc85e81cfc722e54869ce7aed2ee9b9a255ec8ab
SHA512 33016709c276fa85f09e8609a569e5d3a9da96de1d86fe1fc3ef29764f8324ac36c6a5ab74548831799b83a40477097b12d693549b7e32eff04301ef2fd6e01b

/data/user/0/ir.teliyam.kerem/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e57d55d5-d9fb-4403-9fe3-311c6ce6eea6.jobs

MD5 f916e2c1a6c57afea591d8ea7ea8544b
SHA1 1541a63da24fd56b5c372369a43e459819af1492
SHA256 17b346bcbee996a9f7594b8645a893191f697c534c71124ca7500100b4fdf23d
SHA512 12291e4d03fe47a49b12838b0c34a4721bc5a5d32232677ea5882261ee46aaff1ae53e6b6580aa63ffbf37925b476436dff9b348fbd0bd0f3e25124233899a99

/data/user/0/ir.teliyam.kerem/databases/__pushe_base_lib_db-journal

MD5 2f886934f917ec8091ecf26c98fae060
SHA1 c37d6ff441ab843ef0bcf9af6a6effa596ec91dd
SHA256 a635d1d4315e0e0a91dd028f397f1a2f1ab71995aece83bdec0f30885a4dabc9
SHA512 c573935bed0d2c0c69ed0b8b7b892da01f3ec0c4119bb4ab6036afbf6a18604dfe8cbd637fba6385339babf2b5e94bc130bd681371661411f3d9b073c465b547

/data/user/0/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 8b0ae3fa8a0628961b4b867b6563af31
SHA1 ebc67a82e99ec0c7873e1b24ee544e983242a5ec
SHA256 907f91284d89a484dc6295b0c926bb399cc9e013a88db5e76b7e80fe5aa3a51a
SHA512 4971cd6b37c21cfcced3ae8759dc165aaffad0596b89b0bd0d1e7bac9ef09d29b3544b58245e49942beb2a095e0e339cacb22133ad8932ef5cff17ef72011117

/data/user/0/ir.teliyam.kerem/databases/evernote_jobs.db-journal

MD5 e21206760fd2cee5515405f9ed2f6481
SHA1 db41d62930760bf887294b310086f4af5a4d0dbc
SHA256 16b22e3d1289aef1f15c7d8803b3af25dab24076b3767a2d83c45fcaa59a5ac4
SHA512 de7b7db063282e349c22be3e4006677f6ed4a5cb626a57071196d2f71093259d5fcf1cea76b3ecc340b2598706b5821c858661f1871321f3c7257166b6c23379

/data/user/0/ir.teliyam.kerem/databases/evernote_jobs.db

MD5 1458f64a13c2b8125586544f6bc2a341
SHA1 ae0e50e2fc96d745ff1b46269430a26262c613b5
SHA256 0b2b4fbdfab32b3ff07b011937e6503f61e31fb878f3f621b2a6a8649842606c
SHA512 1221cd7e75fced832ef5f750f4a3cdef8ac3aa65cab486afcf48d755db19b7245f7bec1bf25eecae6a1dc99fac7486a57871d1d8301209b67a02731d55bf25c0

/data/user/0/ir.teliyam.kerem/databases/google_app_measurement_local.db

MD5 e11508d350c851e5ff3f545f75b13340
SHA1 db5dca6efba82aef45e193a1b812cfdb80883e06
SHA256 88d8c9eadce4fbd9b93b7400b96dbc534dc0d221f79a8a1a38e456e06ce49f6f
SHA512 0e3a2cd80b52f60fb1c070ac99cca14d4579499f1bc498818c57670fc4e79d9c75ecb06a3cd2df16510a3649203a613ea8489fe999cf9475b8558980cfa9330a

/data/user/0/ir.teliyam.kerem/databases/evernote_jobs.db-journal

MD5 79c670eb13e85b24fc2ec649cd25c214
SHA1 a0c3a57723fdea716b7ce58c93c533ced875f409
SHA256 3e0d7faa08a5311281a7c7cf9d25a309a3e64abbeb1856613a51c7fc7287dbb2
SHA512 acf4712c58ea069f3cc5e98ee5a139a49d7ae432ad104b1883a5e5fea09d0644a7e76143a3c41495a0ce95b95fb37db4dd6b5579e6a6844705c28db36c317d8e

/data/user/0/ir.teliyam.kerem/databases/evernote_jobs.db-journal

MD5 45acd5c6d71f655c2f918edcd4023a68
SHA1 317b50e3435839671e29d199386d9293e455f5fc
SHA256 dea1e43f10d2508a7e910a549a3567c757212183e44e445b8071e5e92599cc01
SHA512 2531439c521f5918a4f8a0ba63e312fc6d91ca7ae3fede7d32f2c058a1b67cc08cec1e4aa5b42b97c9c46b22230a701d52c8ca607c4cc8747a5d20e539a6d0a0

/data/user/0/ir.teliyam.kerem/databases/evernote_jobs.db-journal

MD5 82df110a462a02a1077d699b9c7b397b
SHA1 98ddcc657429f23162b4928fc333e0a1342fbd6f
SHA256 6e60211ed31ab73f95175be7ed72f29c14a5a39ab0b186737a6ea5554195df26
SHA512 3fcceeb219a2f756eca0c0443d6d3159f378de889d7244d47691aaf8a0ffdd60092a1bd1ee5b87bc37379eb7394d96b6ff3d3699b3d6938dc8c5ec89940d1f8b

/data/user/0/ir.teliyam.kerem/databases/evernote_jobs.db-journal

MD5 750049c13056889559833d5dfeb9e2bd
SHA1 74e4488729e9d181d5e5be00002290431d97d778
SHA256 ed2f329b71f3fd11a79a180372badc587d875ecd2883790ce13bc6b2e53d062c
SHA512 c0368367def1ab75f3495d2ebd903c8559e977c05b98b37100fce9722007a35475455a502df9a94e5d8e6903aaa27aee2fdcf3982224d97a754d9c54ec27191a

/data/user/0/ir.teliyam.kerem/databases/evernote_jobs.db-journal

MD5 0a40934da80401ecb2ff5ef454e59d65
SHA1 f4ea1c8e0e85d013d2d69e89f5047e62c7ee0d76
SHA256 ae746b4d359ca3be38814dec3e7ae7fbd85b312d68894f0b17f38420f7b5468e
SHA512 f7ecb30eeea6bb22b4550d2192c8e8e75bb48da1cdebb8295e5e6fc31e9f74f7ff0ed85a5688ca3ad8caae5ba5051cbfa7c801b37fc966f759b3a4bda8a2e025

/data/user/0/ir.teliyam.kerem/databases/cheshdb-journal

MD5 25a0ed28935272df76c0bfd632a7ace1
SHA1 aa487849e6244270919639e6d9534915461b3bbd
SHA256 5c5604a970f195a907c7f208f4797fec6c0fa0a4efb70555545ca26ce2ba8750
SHA512 35e73f3deb9e471db89265db5f7ae9de3b58fe1ad289328c5a19be08bccb4e8f00c78a78c083db1f26619895d2af278e5a5941e589a546f5a172b5f4f788562c

/data/user/0/ir.teliyam.kerem/databases/cheshdb

MD5 9340b0b0deae1a45d6c2270aaae973dc
SHA1 fff70c4f99b871c8acb11f0cacb69f1a4ee01b4d
SHA256 a36fa85e3d15f59a2887e0dd6132bc4c50e9932a43fe1007ad166d05bd205c0e
SHA512 c3cd2d1c4f69e1490d4c30c940fe31ed97d643d009bc0c06007f4298b73b7ec1ed4a7e4a8f16f114bc9cdf65abdacb1f5f46ff454c70f9e400b48f09260ee59b

/data/user/0/ir.teliyam.kerem/databases/cheshdb

MD5 3afaf22a23b1af464ae799b49ef98a75
SHA1 358de3f746d36bdbf766beca535ca6c89f1cfbb9
SHA256 f36b878392696944a81b53564952554ab432f8ae9f6b63e988c73054fac0b783
SHA512 c6ea2104921f2843b4e6c228f27692d736ae30b15eb364b6b78e9efdf8b598824d460292166fe3e17c13d70c9c30e9354233da768577bbd9dbb26b68ecf8d4cc

/data/user/0/ir.teliyam.kerem/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.teliyam.kerem/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/ir.teliyam.kerem/databases/__pushe_base_lib_db-journal

MD5 7427a3eb4b1d65d3e08a0d77e0568f40
SHA1 a0fb2829ed3107abc84046a090e0bf8093c222c1
SHA256 e4602ac1e028784e1ae57aafe66ad75978fad4d305e01f663ac55b8d01df6303
SHA512 fb4fa4648ac303eee88d8454891da68b065d8589762fb8fcb1c833a69c9080d0b1384e407d2eb7625c02c93176cf83d1ef38b06c080ef1a986c3c23a82848744

/data/user/0/ir.teliyam.kerem/databases/__pushe_base_lib_db-journal

MD5 b95bffdb78d0ee7fc556d9f1e6ab249c
SHA1 b6127d6dd1f7ecdf63c56bab94f9041876fcff98
SHA256 58bc4d576f6dda3ef5a35a19f1d409aeed9afb18fbf490a3fd8ce246d56e4a6e
SHA512 fff4d5220dc7346f48ffae020b006623e53ad8a7b5a17f9020c3809b95ceed123660349e5fa570d6f18879ec4593bbdb27bfe365a04dc259534b36065aa4bbce

/data/user/0/ir.teliyam.kerem/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff