Analysis Overview
SHA256
58f161cdf468811e0d061f12136a1f7981427adf2651351597e995473987f45d
Threat Level: Known bad
The file 6f97af07bb256b736313e842aad4db36_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about the current nearby Wi-Fi networks
Requests cell location
Requests cell location
Acquires the wake lock
Requests dangerous framework permissions
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
Schedules tasks to execute at a specified time
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-07-25 12:33
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-25 12:33
Reported
2024-07-25 12:37
Platform
android-x86-arm-20240624-en
Max time kernel
38s
Max time network
131s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
ir.mizansoft.parvareshkaktus
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| BE | 74.125.71.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | tcp | |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
Files
/data/data/ir.mizansoft.parvareshkaktus/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal
| MD5 | 153f4697cc8255ea831d2ce158dd9a4d |
| SHA1 | 4e53f9d187dda20437d59cc827d620b790d9926c |
| SHA256 | 9de20d93a4534e4c9a6d5a6250fffba2e384e9e462535446156c497ee160fc16 |
| SHA512 | 2b7c09a4f60ece25522574b8c90f41135f929cb0ddbabaa95e0cdb773e81bbf13865cf8bc22b89f632f1237fb22a307c945ec01531d6143396a7a82b85e7fad5 |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | 978fdf85b8448e3a7c9015e51477eb49 |
| SHA1 | 793bb88398dc9457935a4416638d5ed3974baf19 |
| SHA256 | 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92 |
| SHA512 | 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38 |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal
| MD5 | dabd7c6d8e20137df0694eff1defa8d8 |
| SHA1 | d5875b3efb46e641a9bdc949d7c18e4aedcae16f |
| SHA256 | 01381e7ed89d7c4a653251cd49bdf90c97f86475b52b6bb7257059476360dfc6 |
| SHA512 | c46f8c188eab32fb199a6c68a6e73dbaaf40d123dbc57c00921c341e4a81a4c1c68ad0b882ef264e3c32e7009797e2d089dece9a7a97858cddc719d03da212aa |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal
| MD5 | a3ecd6bc2e0c5fb908b8f15c8f042bb4 |
| SHA1 | 7fd4201460f0e19cd0066fadf3d85130bb5789d4 |
| SHA256 | 50a44a415415ffe5f8ea010b60f4d219a7f3f79156343273cf4713494a96f177 |
| SHA512 | 3609952dd20235d8f8c89955b92ee1c33ab63b3736ffbaad3c11f594d50090b488ddcfe99b276110fc7cc833d73384d54998cf76a452e29fc50235e56046f459 |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | 81c5364af84cb258f4c2bfc5821603e7 |
| SHA1 | 1b55f7b245a799638a39dc30752fce04f1cfecc8 |
| SHA256 | cf97a8e060e5bccd2157f0db0a493b14c58388a0953896d545ba6acd2b70b82d |
| SHA512 | 874d621d75451d6948727b4af164c91afd36da4240cc4cec7a99ed94f95f38839b13bc0c9df62f7f13d07d06b102ca124194ec1cc6985027d12259a7dd4fb39b |
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal
| MD5 | 538110330202604b1a37fb16130a21fa |
| SHA1 | 2cf140f9bf3a43814d0706f6eb7de84bd9ef217a |
| SHA256 | a8737048ca9513af30008c541a961cc8e2820cfdbea9909f74342f7375bd719b |
| SHA512 | 6ccb1f8044b30b118f04d9ff1bed42a976a5952b557ef86f6fc75fa379ea59791bc6da80623108b1681ce5cab617cf7e5c441d3de144c96db50d7657ce7ac684 |
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-wal
| MD5 | 18dbb8a467ee1f3550306068b70bb053 |
| SHA1 | 5ad3d401c1c5a94d5c3bec0a3eb55037b4766e75 |
| SHA256 | 1ee2a6ea127202ea90b7029bf88fd17117bb62b9bffca69d5e0977e493d7bbdb |
| SHA512 | 90dcb2490f08e34bd7d99a6cf557c2cf76f3969901794357d94fcf393b33276c5926fcbe7e7d46f5e5fc4311886efe34efad2e802c6487a1fe11acd3e8336bef |
/data/data/ir.mizansoft.parvareshkaktus/files/parvareshkaktus.db
| MD5 | 5d7be72751c19f05b932a5fa4c136354 |
| SHA1 | d3e5a6ffec59bdc37dfb5a2d84fbd604fb25f34b |
| SHA256 | 0bc318bf2590ad63a249dea5a9f0390b41aa6b5768a2cc3c49838a9f2b1b28fb |
| SHA512 | 38afd0d0e3b87fd33fb27a9bec2cae033efef2062a535675e63bf63137e226012610207e79e401f6628b338b67d330b377b5f97ac141b6b2e53db0b2c2f4d44d |
/data/data/ir.mizansoft.parvareshkaktus/files/parvareshkaktus.db-journal
| MD5 | 9c507b439004d082cd65394e95cee186 |
| SHA1 | efdcf936503e79b1afd3cf40835ee33cd6293df4 |
| SHA256 | 58975920da190d9c1e806757431cadd8c3766fe1fa44fb04a3e21bca089a70ea |
| SHA512 | 191fce96e4681c378dbbacf87e6db9e75af311179b5e499d5b592c44a94c3c2cd529c27aae1376fa658607ac5c5876b7853956676a95bc68ed3ce1283440e3e6 |
/data/data/ir.mizansoft.parvareshkaktus/files/parvareshkaktus.db
| MD5 | b25970f02db671c22b66221ff8c9e39b |
| SHA1 | c592ba793f0006288ee9fe867be171b5d3f3dd93 |
| SHA256 | cd232e45e78d6ad700ecf11f6b6ed8e0eadec475586ef9cfae0b4bf1dc8a7ba5 |
| SHA512 | e6274aece21b54027c3905cf1f8a8c660bd590444c92e2443ae258f7c6de08535d7bb4056fed29e063134b815d34a7b579cb75a6a2033ada966d9dd8f55f9fbf |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal
| MD5 | 43e0b2c2d26139ac065e4823be49fc8b |
| SHA1 | 7df33a1cc80b42eaafa6533fa645aa39c62b1cab |
| SHA256 | fba31f842ca288507d7fc525ff09cd48ff166301b9e066e22b7fc0f7b949b612 |
| SHA512 | 5ac282ccf99a31884fa7fd0e29b86d344ad2acb7b86e8b150df27d3882497eb39f6aa4cd43bdf478b812f53a1101bc00c3683884b47c2e4a341139919de52527 |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | 69601f8e3b1e064b967562ca31f20736 |
| SHA1 | d738558363ff3fae116da770fc84c95005b09e07 |
| SHA256 | 8bd0ed016ff8a3d801b6a89e9be3424eb5b719a578e5ff05e9c473d8b7095717 |
| SHA512 | 8cd01833bc87bce1c5aeef70632760b896792135528a833944e1b8d77faf4300f5ae6dd93b9a1c066a73286a0694340bd26aff9352d861ef41c77e69514e51f1 |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal
| MD5 | da23bcd39c3cc8d13d19248e0a09f179 |
| SHA1 | 678963473276afb207e1c3e0127f794773d33f87 |
| SHA256 | 6ac0eb6f409021b15f2ccec57cf6394b1001ced4f0291517ef9767194f7557a4 |
| SHA512 | 942b1888f195828ed461396f22f105f6cdd863e5499224c33e32e9f08e423fcf680d8cca332e701e6862ad8b297f04a6812837bd43f737ff8928d37261fdf4b0 |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | d30d3a36a77fbf93e9096744810b3c4c |
| SHA1 | 660ac94f3334e5f847a7173c63c21cdab083b5a1 |
| SHA256 | 160d99748f6802a722dea8b1660bcf48c63156f331273d776788edc700fac0fa |
| SHA512 | cebf4cded1aff9c07a073bc2bbae2b4d59e3d26a63aa7b1619288afaa3f270dd0e23b5df7bfc58d930154897846ed9d6ea588c06aadae07991e269a4c8235376 |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal
| MD5 | d81029f4cc39ffb95e0afadf6c24be6b |
| SHA1 | 8c4170d93b97a70523603fce66ff3a1ea2b53da3 |
| SHA256 | d5d16dfbd4fbee7cc2c7a059efae4a14e55f20f0123546502d01ca029beafc3b |
| SHA512 | c2894307abdb21a27ecf00e6712e013c1bb3e23c727d4ccba18b5eea7d6fac155767280bc1c79f40cd9baca5c7a1b726d906df4908137fcc77cc6655b3949bae |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | 9b2caa51b9327dcc3b6463b0e3a76c85 |
| SHA1 | a7d9abf90664640ddd03210b754c4c02ff57263f |
| SHA256 | 0a0d5de82d7fabbc5d5bf2c9d8dc5920760614be91d15b6e04ced507faef02b6 |
| SHA512 | 29546108e74402a615d37e4b1ba51bbb1ddd21e74b18a10f3500b4c1b3197f321ed1799cfd8e3b069a00ea4b2d397ef0e457fd764e2938f92599c7d9ec414bdb |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal
| MD5 | 1119cc410e0a8a38b0aa7db34ba2572c |
| SHA1 | 2849b51d799b40e9145af01f13db0509ac105ace |
| SHA256 | 2277be81d16821da1e438df6a7626c46c6d63374f7c74cd6c7a796e42637c68e |
| SHA512 | 1ad821e5e8fcbd15fc1eb91eb9050729667f6453a5d971391335ab97846407f367fd1cb27587950aa8d1dd17cb4e5b5b7a6b472f7266d64ce16f4e6fd2acd8b2 |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | aa1dfbc04d0f9541a9b2cba2d679d6bf |
| SHA1 | 4bc0f4707af156087c330f2fd98230b3eed38a78 |
| SHA256 | df553d785b5802d3ed67f068236b5a0abcbd60fb5668e7cc82df304cd7bfb5c0 |
| SHA512 | 4127b4e9d8ce8011a58bc759249cab63032d9bf1420ca46e921f7b482605d19e49fc0ac1df9a0c7c98d4b39d7527185cf25bda35bd2bd1e1282e972c066822dc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-25 12:33
Reported
2024-07-25 12:37
Platform
android-x64-20240624-en
Max time kernel
29s
Max time network
178s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
ir.mizansoft.parvareshkaktus
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| BE | 142.250.110.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 216.58.201.98:443 | tcp | |
| GB | 172.217.169.46:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| US | 216.239.32.223:443 | tcp | |
| US | 216.239.32.223:443 | tcp | |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | g.tenor.com | udp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | mdh-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 172.217.169.74:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | growth-pa.googleapis.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| GB | 142.250.200.10:443 | growth-pa.googleapis.com | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 1.1.1.1:53 | lh3-dz.googleusercontent.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | i.ytimg.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
Files
/data/data/ir.mizansoft.parvareshkaktus/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal
| MD5 | 4ea060486ffebac83e25dce7eff87b26 |
| SHA1 | 85ae4ddeea9efed582ef530fc67531b674e3b6fd |
| SHA256 | c93bbc8c451528bbb688f7d2e46042657d3a460789ce46cc7b16ab77a9e6d5e9 |
| SHA512 | 7b215e31857ed8cbadc4e680adce043a44c882e46ccedba7fd0a2bc56b0d5ddb70006676c319d8ee30825b0c2ec5693cad604e008de7c3e1b094b292aa0bde25 |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | 00e829076f54c72b50b63fd6de296a03 |
| SHA1 | fbeb1b8be863931f98a7c29224a03b89f9616ab2 |
| SHA256 | c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df |
| SHA512 | 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal
| MD5 | 7e07c5aa073f3cdf8724f19156735ee1 |
| SHA1 | d96a3a3e6804ef48b7f2694820337370bdc472bd |
| SHA256 | 730eac8e6d8bffdd597f54e700a0f6ef4ac3b4499ebbcf955b483afaa25b47b7 |
| SHA512 | 612a74e4dcfdf0c251f18f5772d40371fc4b914be3dfb68e2b613b4d787ec8484372a19cd9b3779bcc3aa64b2c9843fe20b0f7f30eae6256f4de6261d39a270b |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal
| MD5 | 812311c1291df597f82c7b0424cf1eeb |
| SHA1 | 243cf84b2745270ec789d36872dd39044ab0ed6e |
| SHA256 | b10328f6bf584f9d3305030ac38411ccb56c0dbbd565b12697eaa1be4e67eef6 |
| SHA512 | 43604108fd3d5d971b3274475dd2c3682b42139d4108b1909f23205af2dc66e49269da3861e3f9fbd576e5586155a757c07688742c66d2a589a892f28cd9b2d2 |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal
| MD5 | 5cf80968502bc447986b050a6a355e33 |
| SHA1 | cfa405cc1f150e6495e0138774215d9ed2e8147a |
| SHA256 | ba70350338789cdb26055fb5ce1541b7aefce64181da44272e5ce0b65c69a7cf |
| SHA512 | 08f3d17485583dd3c8426ab7f29c67c6705121fbb32f76653d9d920ab04637999f7ef5595dee2f315972ef8d7cbc6f5fbd4d36052c17710b5f6e38ca7c2e1010 |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | 8dc71c284372a650a2cf3c636732360f |
| SHA1 | bacc4683e0cf47c5a1f3a0e044baebc9eb2de872 |
| SHA256 | 474ceb2dfc42b23ac127105b7048112b2fb1bd78396389245bef9f0684a87e9a |
| SHA512 | 207f2d3fd8c87fd30861a1073def22a5a86757058b98925af941ed9e9083e09ead0daeeed236eec6779da56665a5e080bdd28402ab35e7cdbeb09481e18927af |
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal
| MD5 | 182bdb93ed0f0a0fb0a2cbbb6a886081 |
| SHA1 | b38f4a3d6cd52fb0c5461ce1688fd6be25f59fe2 |
| SHA256 | 1234791403c0237e2280de8bb8ce32f396e02dd60c12f166081323b8a4839017 |
| SHA512 | 1512a1219f5cb5b08210b9e53a90201774ca0582b6cad0b5631d524741ab0617aba7605f496f42f26ba6f8afbb91706dc3184bec7a4f3f8c97340dc64beb8d17 |
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db
| MD5 | a4e797af5194eecba5756b37073d3204 |
| SHA1 | 32015288e7706c133ea3f77e3dd1f275ed1e4bf8 |
| SHA256 | 60cf013cdfd3d9f1a736635cf1186a6be30d8e1da30501422aa76829f11b5ed8 |
| SHA512 | 8fc2fdd67b890e0c40fb300c0a4fd96c7a306d49ab868cad7230faa88cc4ba1be2407df0deffd4a3e50a954694f31175f11e43e48c86c415498982c2d09bb3e6 |
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal
| MD5 | c948b739c29c2ba40ed9da9b30dc2059 |
| SHA1 | bba26f820fe8e734e9d5731f0be8fbafa8d25a3a |
| SHA256 | fed2f5fbceeee810ade9eddf7d9b06919e6f6a02365aa164e8de93098a3d1d72 |
| SHA512 | 3518f592e8d37f67563485b7ebefca9b578645c12b39ab23683d708399a01edc18026bf6e1740e4531035a6aca4227827b28546fbcb74514eaf60308cac3aebc |
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal
| MD5 | 94186e412612732b073949bbd4483465 |
| SHA1 | 9dd4fd31afc785d8ceca8cccbd795ba69f9560bb |
| SHA256 | 947707df19536ed38d8261dad77a0db7df8847e8838934f0ede29217d6ee81a1 |
| SHA512 | 61d3e66b4754316ea9ee2b5e7d664cada0da20237a68a1454ecb81580cc7c36340e28be86da9758199402fc43b63bf7d2a0842f8b2fdefa47c307e5f124260c4 |
/data/data/ir.mizansoft.parvareshkaktus/files/parvareshkaktus.db
| MD5 | 5d7be72751c19f05b932a5fa4c136354 |
| SHA1 | d3e5a6ffec59bdc37dfb5a2d84fbd604fb25f34b |
| SHA256 | 0bc318bf2590ad63a249dea5a9f0390b41aa6b5768a2cc3c49838a9f2b1b28fb |
| SHA512 | 38afd0d0e3b87fd33fb27a9bec2cae033efef2062a535675e63bf63137e226012610207e79e401f6628b338b67d330b377b5f97ac141b6b2e53db0b2c2f4d44d |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal
| MD5 | 9bdf78782c005e7fb1737e61db20cf18 |
| SHA1 | 5be747d6dcd47dfde43962dbaf0564b05e40d925 |
| SHA256 | 7d4d77b76382681f1ac56839c9b4ee239741cc72b144b60e4a174c1700bc84f6 |
| SHA512 | b4758ba6329739631acdeb38255c70a5918c5320f7aeb6b7c8ea4ebd5068d3016ab924eff5f39733a2440aeff3fd80f9bb90e4dc051bc776a796ddb94fea1f3f |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | e6adeb0f8f512e4c3115730b042a5d5b |
| SHA1 | 572bff35c10db589d2c8c1a38fa3a90aa4794296 |
| SHA256 | b3d28c2012a723028f9ef77319adc2beebe2ce44285caf61aa8ec27ff172e6df |
| SHA512 | 8c0d592a37617d2d1f574e7ee85f157e448e824f92cad533ea8e5476f13313793965ea979b0ae1a2377b287804301beb407b2daa834e6eee8204216eb31207da |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal
| MD5 | 38e11da7218975c5d181841e378ecd6b |
| SHA1 | 9b0626d4018adedf148dc5d74844b7057e1257c6 |
| SHA256 | 199e57e83cb47c5f753cc6ce89d87da27d83aedec85ac3faa06d9091ae9902d2 |
| SHA512 | d6c8b0fa3cffb931c2a364b6846143496fefb14a3843b86e76f1b601c24e88fb5bd62447388f8a194eb2ad992f69c0f92ad2a8295426c045020cb2a9ae93526f |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | d87f009e773d046ddedc8630e670aef7 |
| SHA1 | 2e5c72baf7e098f10d2a76cd15eb8017a399c586 |
| SHA256 | e22f9df500c5de4070bcdacccad034f91c89ba0001cdeb5c40a5ad379394682e |
| SHA512 | 283d8e58d2e1930642959fbc08f4619f3a2dba788d6f88ccf1c999b052c3af03ff2e6a8278c1cb3d09fdbf1156a7755a08b410007903dc27c701d0d60617c760 |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | f9d2261af99fa061faa1e1d173cba804 |
| SHA1 | 4562bab2c6d92848455672195914e8d83f0062d2 |
| SHA256 | 0ce4da81d3717aa18d92355d3e230ba4b0caab65219bf7dd0bf7a3e17e7fd270 |
| SHA512 | 435a326795bce22d1c2c36b82715b41515770b57b75a0af29357359817292324f2e174906731033cf94652a72d02db1a99e6f78a782001804eaf4d6a8bad912b |
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | 714a6d77a9e2573d60f91892032c16fb |
| SHA1 | fc7de9b4fc5ab0c94584f626e05d7a70d8f5a8f3 |
| SHA256 | a315d39b18459d0e739c7d2b8d3db1d20cb32ddc4bb8d144db380b929a80b87e |
| SHA512 | bc0311cfd8d80eb15eb8fbb5561c2ea46e02ba6613f06398cc6127b566706ae888362214a7e915aa169f1395ee84c062df1bd7b1af096d4b81fe9441dae7aef0 |
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal
| MD5 | 568c967f341de94844dc7b546f419521 |
| SHA1 | e51487d3ba302d96a4e2b1adf1a0a02361c39d0b |
| SHA256 | 54ecc853b483755d6c17db756589fa6a1d832f0d0bc3242ca4c6cd5221ab9a53 |
| SHA512 | 9f21f84a0a6d2c98e42eb51c45ed478a209b52d6e29d1c2a0be04f424901f3ec6f57dbedd90bc2cc6893283e58e184612a97f191d0cb1097e8bbf2ff3e875126 |
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal
| MD5 | 7fe7581fd390e01b2d7656558c2290a0 |
| SHA1 | 11c2d2f37f2175592604fe8fbcc87746639a4ed8 |
| SHA256 | d8db4c585b772354f350e7d6660dd0ed8c64923054172b04d26b4b3de08fd52b |
| SHA512 | 156f3387bfe3813abf5d59b289d42e2964b5cd6f28caf7ba87b47425727952e4c18132846daec579caf9737d5cc8bbfb26bcf3803db8adb8162892cc71bcf3bd |
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal
| MD5 | 5a72b9c54133b5a26f9f4b981f7d90de |
| SHA1 | dfc98d742cc858c19299cbef7bef979bc4ba6947 |
| SHA256 | ea9affd3fb496276a2b9e0a549597a84128176470141e39a0573adb85a34b029 |
| SHA512 | dcaed8d89734f2909b087e2ee376f882860a04822b5e2c25fd762131755234a23a909d8bc0f9962c2fe33f67379d9894f237b739bb69e2977e011fb547cee204 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-25 12:33
Reported
2024-07-25 12:37
Platform
android-x64-arm64-20240624-en
Max time kernel
139s
Max time network
148s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
ir.mizansoft.parvareshkaktus
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| BE | 142.251.173.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 173.194.76.84:443 | accounts.google.com | tcp |
Files
/data/user/0/ir.mizansoft.parvareshkaktus/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal
| MD5 | cd7b5506952a7b89a3be69714c02e90e |
| SHA1 | 7c21a738db3e832b26a52e5afaf784611e4b15d5 |
| SHA256 | a9a1ef97950a065711f3eabdda1507d102deba672ad7d88d8c2aff2dbe1520da |
| SHA512 | 455c01d1ccdf29be4c89275d3b4f18f6a4b0a0c4bc1dadc5ddc1dd03f5f3c172c4ee98ca49e5cd78409848afb1f08b75f72b0b9c6b24fa7094aed4d4f804a1c1 |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | 47080e3bfcf2db9b8620f2faf6c5857a |
| SHA1 | 6f63c1851255e0fa99567f047382074b086d38bc |
| SHA256 | dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb |
| SHA512 | e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473 |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal
| MD5 | 9f9a76c7cc95e4e35b6ce93d225ff708 |
| SHA1 | 531b4abfc2256483d4b5288b1c237cd72764ef8c |
| SHA256 | 6b3f04d4d6c7061198847481fba10a805322b58a16a0a9b23ca24aaaf537bfce |
| SHA512 | bc41bf0603610ab3cf87da4f4e92d8520d8fbc50e9202aee6dd35e57bae1b68cf6f904b6b6e25d1119dc0620afbab162af301f07bc44457715a8ee2519e2b9dd |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal
| MD5 | 21c98a5b26da177103ce1aef8cd3649e |
| SHA1 | 2338d6a6ff4cec2780a183885d1e3853c6f798fe |
| SHA256 | 6b82504ec5c9696d49d5521309d42bd3d93780def3233a7588f0df5545574edb |
| SHA512 | 8a6a755e9a165b037c71be097807ddd8b21f97f9d5db69046935214546a1954860336598e6b7ebc0efad2c5b6b3d85c095414e20942e0ccf5e41c9b747c605dc |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal
| MD5 | b20e44e3e24bb6508583589084e5c276 |
| SHA1 | b4263a266abefd2088abb30f3038075c3eb4786a |
| SHA256 | 9cd4bf9126322d71b59b00aeac64c295b2c377cb1df3f8bb04c848b27d23e2dc |
| SHA512 | 4c91d5a575feff94af72da0f4a41524603a9c42a51f0d300888c42e10c8dabedf8858b3f089c16387c3a11f1c9f76430aa93ab539eba2b4150016ccb869fd846 |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | be73485ccfd2d9932542f82c18b68852 |
| SHA1 | 67da5c59f2c25370bc07e1ecbd003cdc060ae474 |
| SHA256 | f2db79c7eb0f852712ba03474f57fe623fdaa10e35d5cfb48ebe7186f6b7392d |
| SHA512 | e8445604459a7897b8239b34762212ad8e54a445ebe9f2b537c1b03aa9a8440d9e8316e598e4487f4d17e2cb7d8a3b0ce96637f0a3814d1f30ff36fd425c73fc |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal
| MD5 | 0eb8d41020994a95c82da2c8bd7b7969 |
| SHA1 | bb28fe1355be409bd7ee835fc7927ea8c34474f8 |
| SHA256 | 97da3f0d8425072f428f1564efc859f18c6bd7bca478561bc2e533fdbba14bad |
| SHA512 | af4862fefefbc2025adb2211840b4b4dc58fbd04a62df9780621352f6800f7ed7aebfea333161982fc3868560ba54a2cce3327a32c007172d980b50037dc891e |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db
| MD5 | 3e174b2bd92633df5aef63b2341e87b5 |
| SHA1 | e1b0a422648c64d76ad1efe5f4759a3c5b941b7e |
| SHA256 | 3b467238b4d06ce3f3051f93e52ad3295d86efb11440ad619b759979bc635546 |
| SHA512 | 49fe1f213ec19e34a8c33e39e7f07bd8b6b314a4d95aecdb2d422d27d2229b27cdc2fd4b4c652e1cc49c515999fdef7aeb90ce7503e24ca1e08e23a511d3d3be |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal
| MD5 | 1a2e993e167e6ef4b9e78509c50015ed |
| SHA1 | 7092df7deebdeef3f4917a44d67fc8e46604d65e |
| SHA256 | 7a0a15c52bec386746377adf8057ed4bd01c93b938c81d15c8e78e327b66325a |
| SHA512 | f5f6cb7ce04340f52d7db6314043a21513de219e9eb2bb3d6fb98bc62cb1d28e36d85f3369b86a96e2eefb3a9334326e76102ee0f3330516b9a0857488604edb |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal
| MD5 | 86910890f801942a80eb862418b1fb3f |
| SHA1 | 90f3860f8679ecb487109c18e20fa7a76bddd11d |
| SHA256 | c4068ae674ac31abc31c6e39be7c1d7651571c2f0c7045f00edac7d01ebd70b3 |
| SHA512 | b6d1d4346f28e06deebc8509bae68d6327f724fefb84a4d0cba06713d4e362f95d8abef7dc4ed6f46ef156ef290e6717fa351a681df908ad569f6ae7e251be3a |
/data/user/0/ir.mizansoft.parvareshkaktus/files/parvareshkaktus.db
| MD5 | 5d7be72751c19f05b932a5fa4c136354 |
| SHA1 | d3e5a6ffec59bdc37dfb5a2d84fbd604fb25f34b |
| SHA256 | 0bc318bf2590ad63a249dea5a9f0390b41aa6b5768a2cc3c49838a9f2b1b28fb |
| SHA512 | 38afd0d0e3b87fd33fb27a9bec2cae033efef2062a535675e63bf63137e226012610207e79e401f6628b338b67d330b377b5f97ac141b6b2e53db0b2c2f4d44d |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal
| MD5 | a8bcb5e712309028494d53d9f9a36803 |
| SHA1 | 1d68138ec645ed3bc072589b13b4e36b4585d942 |
| SHA256 | 2a8f5086834f3da920c161f5e2a66be8a9ebd2f8390dacdd20afce119f1dca97 |
| SHA512 | 9f9a9439b8643fd2df36e1729bb7bee7c5b3614c2c9d3aaf952dc89c82f8d585ebe076a40047e54ea1d820022b19267bc0c844802e4061ccc02d56635b7c3890 |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | 67a95effb90ba8130d98778b3045b75d |
| SHA1 | f768f3e4ae48707dcf4776af98a64ede3279ad60 |
| SHA256 | 4cd28d7e3fe0bdf5b248d1873747e627c28c2ff441b48db6423d3af61e21ab43 |
| SHA512 | eaf26369f73fc2b84ac771456dbfd11c60fda784048f24d3e706f27765c3ae0d7dd0e09c5cafbb915a5474be1717aef4c3901055b382b7f9a04a8b46cf1d75da |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal
| MD5 | 2d2daeab5ac1222157de11b8f01df1e9 |
| SHA1 | 882b8537f6d895850d2e8f955c703a612371f519 |
| SHA256 | aa6aaa541a63d6b9a16d0e95972b4a930ecf33ad58e39e54e12d69ae6af0abf0 |
| SHA512 | 5685afb1ae19d70611b3fc5189054184664ab0c66642b95501347c7504e525a8881e45a33d126328ee4b0c160003b74dd010073b3a1bddc80631a34e0d379fb4 |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | 734302eefc97c52a4858bce6ac5a2fda |
| SHA1 | 3638f54b3780255d96dc158274209d433b02ab66 |
| SHA256 | 061ac4ccc61614dfecb99ac2dfa1585bb3c18456f242dd7c7948af872ac825f4 |
| SHA512 | 902af9e497a8adabfba965062ec67698055b940f725bea938539c06aca865f3a8b232e3d9c4212218981cd3592189c5b49c45bea94097c818c8e6da5776fdeb3 |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | daa13b0d327e9d9cc6ffc8a283958db0 |
| SHA1 | 597e66316be9bf955f0563218d41f8bf5ba7020a |
| SHA256 | 70dc4fc00e9e97e3ce96357a511cdcf8613bc31388aa2ca26786cb906ef458bb |
| SHA512 | a9ad3232803ee3a46f8138668adb7d7cb3e9846b6425677b778320c423e79ff6c6f9d14fbc8f1891b87522ce5890fa16acd7a44fc9f6f6be0b4087818bb0d370 |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db
| MD5 | 11464849dbc0e99244387782b32be195 |
| SHA1 | c7631d41a34b171eb6b3cfa9eb1d355cc97e251e |
| SHA256 | d3f91840ac083e18424a937a3989acc7a1098f2992c1253522eeadb89364ebad |
| SHA512 | 82229580f8791e1e2aeb752c69f915a22944bbfaba4607ed4f76e9835854492f6512c175c5aadd17e4cdd1b5f68cd391a355c9a9edcba59f90825121b3b20b97 |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal
| MD5 | ef30b55107d0b52a29f919492e284da9 |
| SHA1 | d26f0174152621ee374f606b72c01e55ba25af7c |
| SHA256 | ff74082f306621e2003366325571bf7a13acc7ad3f26750e6d451f2552928753 |
| SHA512 | c379dbba776b56b8c704c55a2928bccf6e04849d98aecfbd8503fae1adeb634794e3455dfb6860d012f269cb43b809ae05303a8e69bf78b433be09d0f8a50c4a |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal
| MD5 | 3c2077b0c9addbd07b797c13db4e661f |
| SHA1 | 9e9d61749226a3b397ebaeb37fa12f06d8e99e11 |
| SHA256 | 142971e231d5bf6c956a6e8fe9095b048af9de702b85e4af5747463e1a6045ff |
| SHA512 | 445200e9bd66e1e497658be744ed9db88acfcde2a489373115082abe42eff8b637ff92431d72393df3638aeda6497464d7cb56b10fe780ef3d7d52c894c76969 |
/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal
| MD5 | 0d19ed13b6d7a6874329b566c68a8688 |
| SHA1 | a286a55f24398db578297c8549b331e5c06e21bd |
| SHA256 | 39cec4022287a4a39d590451b791253f0f9f6130d94ded25bfef7796aae1f72b |
| SHA512 | ec866471a77b5f7d5574b24a23740b52493e2ed9fa8b1579a5a17178708e1ceb27cc91b8ae8ce95ee98f29bde2e6dbe36dca74bcc05d73e1fd529d5e87d03952 |