Malware Analysis Report

2024-09-09 16:06

Sample ID 240725-prnasssalc
Target 6f97af07bb256b736313e842aad4db36_JaffaCakes118
SHA256 58f161cdf468811e0d061f12136a1f7981427adf2651351597e995473987f45d
Tags
irata banker collection discovery execution persistence evasion
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

58f161cdf468811e0d061f12136a1f7981427adf2651351597e995473987f45d

Threat Level: Known bad

The file 6f97af07bb256b736313e842aad4db36_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

irata banker collection discovery execution persistence evasion

Irata family

Irata payload

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current nearby Wi-Fi networks

Requests cell location

Requests cell location

Acquires the wake lock

Requests dangerous framework permissions

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-07-25 12:33

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-25 12:33

Reported

2024-07-25 12:37

Platform

android-x86-arm-20240624-en

Max time kernel

38s

Max time network

131s

Command Line

ir.mizansoft.parvareshkaktus

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

ir.mizansoft.parvareshkaktus

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 tcp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp

Files

/data/data/ir.mizansoft.parvareshkaktus/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

MD5 153f4697cc8255ea831d2ce158dd9a4d
SHA1 4e53f9d187dda20437d59cc827d620b790d9926c
SHA256 9de20d93a4534e4c9a6d5a6250fffba2e384e9e462535446156c497ee160fc16
SHA512 2b7c09a4f60ece25522574b8c90f41135f929cb0ddbabaa95e0cdb773e81bbf13865cf8bc22b89f632f1237fb22a307c945ec01531d6143396a7a82b85e7fad5

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 978fdf85b8448e3a7c9015e51477eb49
SHA1 793bb88398dc9457935a4416638d5ed3974baf19
SHA256 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92
SHA512 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal

MD5 dabd7c6d8e20137df0694eff1defa8d8
SHA1 d5875b3efb46e641a9bdc949d7c18e4aedcae16f
SHA256 01381e7ed89d7c4a653251cd49bdf90c97f86475b52b6bb7257059476360dfc6
SHA512 c46f8c188eab32fb199a6c68a6e73dbaaf40d123dbc57c00921c341e4a81a4c1c68ad0b882ef264e3c32e7009797e2d089dece9a7a97858cddc719d03da212aa

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal

MD5 a3ecd6bc2e0c5fb908b8f15c8f042bb4
SHA1 7fd4201460f0e19cd0066fadf3d85130bb5789d4
SHA256 50a44a415415ffe5f8ea010b60f4d219a7f3f79156343273cf4713494a96f177
SHA512 3609952dd20235d8f8c89955b92ee1c33ab63b3736ffbaad3c11f594d50090b488ddcfe99b276110fc7cc833d73384d54998cf76a452e29fc50235e56046f459

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 81c5364af84cb258f4c2bfc5821603e7
SHA1 1b55f7b245a799638a39dc30752fce04f1cfecc8
SHA256 cf97a8e060e5bccd2157f0db0a493b14c58388a0953896d545ba6acd2b70b82d
SHA512 874d621d75451d6948727b4af164c91afd36da4240cc4cec7a99ed94f95f38839b13bc0c9df62f7f13d07d06b102ca124194ec1cc6985027d12259a7dd4fb39b

/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

MD5 538110330202604b1a37fb16130a21fa
SHA1 2cf140f9bf3a43814d0706f6eb7de84bd9ef217a
SHA256 a8737048ca9513af30008c541a961cc8e2820cfdbea9909f74342f7375bd719b
SHA512 6ccb1f8044b30b118f04d9ff1bed42a976a5952b557ef86f6fc75fa379ea59791bc6da80623108b1681ce5cab617cf7e5c441d3de144c96db50d7657ce7ac684

/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-wal

MD5 18dbb8a467ee1f3550306068b70bb053
SHA1 5ad3d401c1c5a94d5c3bec0a3eb55037b4766e75
SHA256 1ee2a6ea127202ea90b7029bf88fd17117bb62b9bffca69d5e0977e493d7bbdb
SHA512 90dcb2490f08e34bd7d99a6cf557c2cf76f3969901794357d94fcf393b33276c5926fcbe7e7d46f5e5fc4311886efe34efad2e802c6487a1fe11acd3e8336bef

/data/data/ir.mizansoft.parvareshkaktus/files/parvareshkaktus.db

MD5 5d7be72751c19f05b932a5fa4c136354
SHA1 d3e5a6ffec59bdc37dfb5a2d84fbd604fb25f34b
SHA256 0bc318bf2590ad63a249dea5a9f0390b41aa6b5768a2cc3c49838a9f2b1b28fb
SHA512 38afd0d0e3b87fd33fb27a9bec2cae033efef2062a535675e63bf63137e226012610207e79e401f6628b338b67d330b377b5f97ac141b6b2e53db0b2c2f4d44d

/data/data/ir.mizansoft.parvareshkaktus/files/parvareshkaktus.db-journal

MD5 9c507b439004d082cd65394e95cee186
SHA1 efdcf936503e79b1afd3cf40835ee33cd6293df4
SHA256 58975920da190d9c1e806757431cadd8c3766fe1fa44fb04a3e21bca089a70ea
SHA512 191fce96e4681c378dbbacf87e6db9e75af311179b5e499d5b592c44a94c3c2cd529c27aae1376fa658607ac5c5876b7853956676a95bc68ed3ce1283440e3e6

/data/data/ir.mizansoft.parvareshkaktus/files/parvareshkaktus.db

MD5 b25970f02db671c22b66221ff8c9e39b
SHA1 c592ba793f0006288ee9fe867be171b5d3f3dd93
SHA256 cd232e45e78d6ad700ecf11f6b6ed8e0eadec475586ef9cfae0b4bf1dc8a7ba5
SHA512 e6274aece21b54027c3905cf1f8a8c660bd590444c92e2443ae258f7c6de08535d7bb4056fed29e063134b815d34a7b579cb75a6a2033ada966d9dd8f55f9fbf

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal

MD5 43e0b2c2d26139ac065e4823be49fc8b
SHA1 7df33a1cc80b42eaafa6533fa645aa39c62b1cab
SHA256 fba31f842ca288507d7fc525ff09cd48ff166301b9e066e22b7fc0f7b949b612
SHA512 5ac282ccf99a31884fa7fd0e29b86d344ad2acb7b86e8b150df27d3882497eb39f6aa4cd43bdf478b812f53a1101bc00c3683884b47c2e4a341139919de52527

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 69601f8e3b1e064b967562ca31f20736
SHA1 d738558363ff3fae116da770fc84c95005b09e07
SHA256 8bd0ed016ff8a3d801b6a89e9be3424eb5b719a578e5ff05e9c473d8b7095717
SHA512 8cd01833bc87bce1c5aeef70632760b896792135528a833944e1b8d77faf4300f5ae6dd93b9a1c066a73286a0694340bd26aff9352d861ef41c77e69514e51f1

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal

MD5 da23bcd39c3cc8d13d19248e0a09f179
SHA1 678963473276afb207e1c3e0127f794773d33f87
SHA256 6ac0eb6f409021b15f2ccec57cf6394b1001ced4f0291517ef9767194f7557a4
SHA512 942b1888f195828ed461396f22f105f6cdd863e5499224c33e32e9f08e423fcf680d8cca332e701e6862ad8b297f04a6812837bd43f737ff8928d37261fdf4b0

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 d30d3a36a77fbf93e9096744810b3c4c
SHA1 660ac94f3334e5f847a7173c63c21cdab083b5a1
SHA256 160d99748f6802a722dea8b1660bcf48c63156f331273d776788edc700fac0fa
SHA512 cebf4cded1aff9c07a073bc2bbae2b4d59e3d26a63aa7b1619288afaa3f270dd0e23b5df7bfc58d930154897846ed9d6ea588c06aadae07991e269a4c8235376

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal

MD5 d81029f4cc39ffb95e0afadf6c24be6b
SHA1 8c4170d93b97a70523603fce66ff3a1ea2b53da3
SHA256 d5d16dfbd4fbee7cc2c7a059efae4a14e55f20f0123546502d01ca029beafc3b
SHA512 c2894307abdb21a27ecf00e6712e013c1bb3e23c727d4ccba18b5eea7d6fac155767280bc1c79f40cd9baca5c7a1b726d906df4908137fcc77cc6655b3949bae

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 9b2caa51b9327dcc3b6463b0e3a76c85
SHA1 a7d9abf90664640ddd03210b754c4c02ff57263f
SHA256 0a0d5de82d7fabbc5d5bf2c9d8dc5920760614be91d15b6e04ced507faef02b6
SHA512 29546108e74402a615d37e4b1ba51bbb1ddd21e74b18a10f3500b4c1b3197f321ed1799cfd8e3b069a00ea4b2d397ef0e457fd764e2938f92599c7d9ec414bdb

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal

MD5 1119cc410e0a8a38b0aa7db34ba2572c
SHA1 2849b51d799b40e9145af01f13db0509ac105ace
SHA256 2277be81d16821da1e438df6a7626c46c6d63374f7c74cd6c7a796e42637c68e
SHA512 1ad821e5e8fcbd15fc1eb91eb9050729667f6453a5d971391335ab97846407f367fd1cb27587950aa8d1dd17cb4e5b5b7a6b472f7266d64ce16f4e6fd2acd8b2

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 aa1dfbc04d0f9541a9b2cba2d679d6bf
SHA1 4bc0f4707af156087c330f2fd98230b3eed38a78
SHA256 df553d785b5802d3ed67f068236b5a0abcbd60fb5668e7cc82df304cd7bfb5c0
SHA512 4127b4e9d8ce8011a58bc759249cab63032d9bf1420ca46e921f7b482605d19e49fc0ac1df9a0c7c98d4b39d7527185cf25bda35bd2bd1e1282e972c066822dc

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-25 12:33

Reported

2024-07-25 12:37

Platform

android-x64-20240624-en

Max time kernel

29s

Max time network

178s

Command Line

ir.mizansoft.parvareshkaktus

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

ir.mizansoft.parvareshkaktus

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
BE 142.250.110.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
GB 216.58.201.98:443 tcp
GB 172.217.169.46:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.178.3:443 tcp
US 216.239.32.223:443 tcp
US 216.239.32.223:443 tcp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 g.tenor.com udp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 216.58.212.202:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 172.217.169.74:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 142.250.200.46:443 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 1.1.1.1:53 ip.pushe.co udp
GB 142.250.200.10:443 growth-pa.googleapis.com tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.179.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp

Files

/data/data/ir.mizansoft.parvareshkaktus/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

MD5 4ea060486ffebac83e25dce7eff87b26
SHA1 85ae4ddeea9efed582ef530fc67531b674e3b6fd
SHA256 c93bbc8c451528bbb688f7d2e46042657d3a460789ce46cc7b16ab77a9e6d5e9
SHA512 7b215e31857ed8cbadc4e680adce043a44c882e46ccedba7fd0a2bc56b0d5ddb70006676c319d8ee30825b0c2ec5693cad604e008de7c3e1b094b292aa0bde25

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 00e829076f54c72b50b63fd6de296a03
SHA1 fbeb1b8be863931f98a7c29224a03b89f9616ab2
SHA256 c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df
SHA512 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

MD5 7e07c5aa073f3cdf8724f19156735ee1
SHA1 d96a3a3e6804ef48b7f2694820337370bdc472bd
SHA256 730eac8e6d8bffdd597f54e700a0f6ef4ac3b4499ebbcf955b483afaa25b47b7
SHA512 612a74e4dcfdf0c251f18f5772d40371fc4b914be3dfb68e2b613b4d787ec8484372a19cd9b3779bcc3aa64b2c9843fe20b0f7f30eae6256f4de6261d39a270b

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

MD5 812311c1291df597f82c7b0424cf1eeb
SHA1 243cf84b2745270ec789d36872dd39044ab0ed6e
SHA256 b10328f6bf584f9d3305030ac38411ccb56c0dbbd565b12697eaa1be4e67eef6
SHA512 43604108fd3d5d971b3274475dd2c3682b42139d4108b1909f23205af2dc66e49269da3861e3f9fbd576e5586155a757c07688742c66d2a589a892f28cd9b2d2

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

MD5 5cf80968502bc447986b050a6a355e33
SHA1 cfa405cc1f150e6495e0138774215d9ed2e8147a
SHA256 ba70350338789cdb26055fb5ce1541b7aefce64181da44272e5ce0b65c69a7cf
SHA512 08f3d17485583dd3c8426ab7f29c67c6705121fbb32f76653d9d920ab04637999f7ef5595dee2f315972ef8d7cbc6f5fbd4d36052c17710b5f6e38ca7c2e1010

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 8dc71c284372a650a2cf3c636732360f
SHA1 bacc4683e0cf47c5a1f3a0e044baebc9eb2de872
SHA256 474ceb2dfc42b23ac127105b7048112b2fb1bd78396389245bef9f0684a87e9a
SHA512 207f2d3fd8c87fd30861a1073def22a5a86757058b98925af941ed9e9083e09ead0daeeed236eec6779da56665a5e080bdd28402ab35e7cdbeb09481e18927af

/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

MD5 182bdb93ed0f0a0fb0a2cbbb6a886081
SHA1 b38f4a3d6cd52fb0c5461ce1688fd6be25f59fe2
SHA256 1234791403c0237e2280de8bb8ce32f396e02dd60c12f166081323b8a4839017
SHA512 1512a1219f5cb5b08210b9e53a90201774ca0582b6cad0b5631d524741ab0617aba7605f496f42f26ba6f8afbb91706dc3184bec7a4f3f8c97340dc64beb8d17

/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db

MD5 a4e797af5194eecba5756b37073d3204
SHA1 32015288e7706c133ea3f77e3dd1f275ed1e4bf8
SHA256 60cf013cdfd3d9f1a736635cf1186a6be30d8e1da30501422aa76829f11b5ed8
SHA512 8fc2fdd67b890e0c40fb300c0a4fd96c7a306d49ab868cad7230faa88cc4ba1be2407df0deffd4a3e50a954694f31175f11e43e48c86c415498982c2d09bb3e6

/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

MD5 c948b739c29c2ba40ed9da9b30dc2059
SHA1 bba26f820fe8e734e9d5731f0be8fbafa8d25a3a
SHA256 fed2f5fbceeee810ade9eddf7d9b06919e6f6a02365aa164e8de93098a3d1d72
SHA512 3518f592e8d37f67563485b7ebefca9b578645c12b39ab23683d708399a01edc18026bf6e1740e4531035a6aca4227827b28546fbcb74514eaf60308cac3aebc

/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

MD5 94186e412612732b073949bbd4483465
SHA1 9dd4fd31afc785d8ceca8cccbd795ba69f9560bb
SHA256 947707df19536ed38d8261dad77a0db7df8847e8838934f0ede29217d6ee81a1
SHA512 61d3e66b4754316ea9ee2b5e7d664cada0da20237a68a1454ecb81580cc7c36340e28be86da9758199402fc43b63bf7d2a0842f8b2fdefa47c307e5f124260c4

/data/data/ir.mizansoft.parvareshkaktus/files/parvareshkaktus.db

MD5 5d7be72751c19f05b932a5fa4c136354
SHA1 d3e5a6ffec59bdc37dfb5a2d84fbd604fb25f34b
SHA256 0bc318bf2590ad63a249dea5a9f0390b41aa6b5768a2cc3c49838a9f2b1b28fb
SHA512 38afd0d0e3b87fd33fb27a9bec2cae033efef2062a535675e63bf63137e226012610207e79e401f6628b338b67d330b377b5f97ac141b6b2e53db0b2c2f4d44d

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

MD5 9bdf78782c005e7fb1737e61db20cf18
SHA1 5be747d6dcd47dfde43962dbaf0564b05e40d925
SHA256 7d4d77b76382681f1ac56839c9b4ee239741cc72b144b60e4a174c1700bc84f6
SHA512 b4758ba6329739631acdeb38255c70a5918c5320f7aeb6b7c8ea4ebd5068d3016ab924eff5f39733a2440aeff3fd80f9bb90e4dc051bc776a796ddb94fea1f3f

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 e6adeb0f8f512e4c3115730b042a5d5b
SHA1 572bff35c10db589d2c8c1a38fa3a90aa4794296
SHA256 b3d28c2012a723028f9ef77319adc2beebe2ce44285caf61aa8ec27ff172e6df
SHA512 8c0d592a37617d2d1f574e7ee85f157e448e824f92cad533ea8e5476f13313793965ea979b0ae1a2377b287804301beb407b2daa834e6eee8204216eb31207da

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

MD5 38e11da7218975c5d181841e378ecd6b
SHA1 9b0626d4018adedf148dc5d74844b7057e1257c6
SHA256 199e57e83cb47c5f753cc6ce89d87da27d83aedec85ac3faa06d9091ae9902d2
SHA512 d6c8b0fa3cffb931c2a364b6846143496fefb14a3843b86e76f1b601c24e88fb5bd62447388f8a194eb2ad992f69c0f92ad2a8295426c045020cb2a9ae93526f

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 d87f009e773d046ddedc8630e670aef7
SHA1 2e5c72baf7e098f10d2a76cd15eb8017a399c586
SHA256 e22f9df500c5de4070bcdacccad034f91c89ba0001cdeb5c40a5ad379394682e
SHA512 283d8e58d2e1930642959fbc08f4619f3a2dba788d6f88ccf1c999b052c3af03ff2e6a8278c1cb3d09fdbf1156a7755a08b410007903dc27c701d0d60617c760

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 f9d2261af99fa061faa1e1d173cba804
SHA1 4562bab2c6d92848455672195914e8d83f0062d2
SHA256 0ce4da81d3717aa18d92355d3e230ba4b0caab65219bf7dd0bf7a3e17e7fd270
SHA512 435a326795bce22d1c2c36b82715b41515770b57b75a0af29357359817292324f2e174906731033cf94652a72d02db1a99e6f78a782001804eaf4d6a8bad912b

/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 714a6d77a9e2573d60f91892032c16fb
SHA1 fc7de9b4fc5ab0c94584f626e05d7a70d8f5a8f3
SHA256 a315d39b18459d0e739c7d2b8d3db1d20cb32ddc4bb8d144db380b929a80b87e
SHA512 bc0311cfd8d80eb15eb8fbb5561c2ea46e02ba6613f06398cc6127b566706ae888362214a7e915aa169f1395ee84c062df1bd7b1af096d4b81fe9441dae7aef0

/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

MD5 568c967f341de94844dc7b546f419521
SHA1 e51487d3ba302d96a4e2b1adf1a0a02361c39d0b
SHA256 54ecc853b483755d6c17db756589fa6a1d832f0d0bc3242ca4c6cd5221ab9a53
SHA512 9f21f84a0a6d2c98e42eb51c45ed478a209b52d6e29d1c2a0be04f424901f3ec6f57dbedd90bc2cc6893283e58e184612a97f191d0cb1097e8bbf2ff3e875126

/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

MD5 7fe7581fd390e01b2d7656558c2290a0
SHA1 11c2d2f37f2175592604fe8fbcc87746639a4ed8
SHA256 d8db4c585b772354f350e7d6660dd0ed8c64923054172b04d26b4b3de08fd52b
SHA512 156f3387bfe3813abf5d59b289d42e2964b5cd6f28caf7ba87b47425727952e4c18132846daec579caf9737d5cc8bbfb26bcf3803db8adb8162892cc71bcf3bd

/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

MD5 5a72b9c54133b5a26f9f4b981f7d90de
SHA1 dfc98d742cc858c19299cbef7bef979bc4ba6947
SHA256 ea9affd3fb496276a2b9e0a549597a84128176470141e39a0573adb85a34b029
SHA512 dcaed8d89734f2909b087e2ee376f882860a04822b5e2c25fd762131755234a23a909d8bc0f9962c2fe33f67379d9894f237b739bb69e2977e011fb547cee204

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-25 12:33

Reported

2024-07-25 12:37

Platform

android-x64-arm64-20240624-en

Max time kernel

139s

Max time network

148s

Command Line

ir.mizansoft.parvareshkaktus

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

ir.mizansoft.parvareshkaktus

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
BE 142.251.173.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 accounts.google.com udp
GB 173.194.76.84:443 accounts.google.com tcp

Files

/data/user/0/ir.mizansoft.parvareshkaktus/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

MD5 cd7b5506952a7b89a3be69714c02e90e
SHA1 7c21a738db3e832b26a52e5afaf784611e4b15d5
SHA256 a9a1ef97950a065711f3eabdda1507d102deba672ad7d88d8c2aff2dbe1520da
SHA512 455c01d1ccdf29be4c89275d3b4f18f6a4b0a0c4bc1dadc5ddc1dd03f5f3c172c4ee98ca49e5cd78409848afb1f08b75f72b0b9c6b24fa7094aed4d4f804a1c1

/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 47080e3bfcf2db9b8620f2faf6c5857a
SHA1 6f63c1851255e0fa99567f047382074b086d38bc
SHA256 dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb
SHA512 e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

MD5 9f9a76c7cc95e4e35b6ce93d225ff708
SHA1 531b4abfc2256483d4b5288b1c237cd72764ef8c
SHA256 6b3f04d4d6c7061198847481fba10a805322b58a16a0a9b23ca24aaaf537bfce
SHA512 bc41bf0603610ab3cf87da4f4e92d8520d8fbc50e9202aee6dd35e57bae1b68cf6f904b6b6e25d1119dc0620afbab162af301f07bc44457715a8ee2519e2b9dd

/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

MD5 21c98a5b26da177103ce1aef8cd3649e
SHA1 2338d6a6ff4cec2780a183885d1e3853c6f798fe
SHA256 6b82504ec5c9696d49d5521309d42bd3d93780def3233a7588f0df5545574edb
SHA512 8a6a755e9a165b037c71be097807ddd8b21f97f9d5db69046935214546a1954860336598e6b7ebc0efad2c5b6b3d85c095414e20942e0ccf5e41c9b747c605dc

/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

MD5 b20e44e3e24bb6508583589084e5c276
SHA1 b4263a266abefd2088abb30f3038075c3eb4786a
SHA256 9cd4bf9126322d71b59b00aeac64c295b2c377cb1df3f8bb04c848b27d23e2dc
SHA512 4c91d5a575feff94af72da0f4a41524603a9c42a51f0d300888c42e10c8dabedf8858b3f089c16387c3a11f1c9f76430aa93ab539eba2b4150016ccb869fd846

/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 be73485ccfd2d9932542f82c18b68852
SHA1 67da5c59f2c25370bc07e1ecbd003cdc060ae474
SHA256 f2db79c7eb0f852712ba03474f57fe623fdaa10e35d5cfb48ebe7186f6b7392d
SHA512 e8445604459a7897b8239b34762212ad8e54a445ebe9f2b537c1b03aa9a8440d9e8316e598e4487f4d17e2cb7d8a3b0ce96637f0a3814d1f30ff36fd425c73fc

/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

MD5 0eb8d41020994a95c82da2c8bd7b7969
SHA1 bb28fe1355be409bd7ee835fc7927ea8c34474f8
SHA256 97da3f0d8425072f428f1564efc859f18c6bd7bca478561bc2e533fdbba14bad
SHA512 af4862fefefbc2025adb2211840b4b4dc58fbd04a62df9780621352f6800f7ed7aebfea333161982fc3868560ba54a2cce3327a32c007172d980b50037dc891e

/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db

MD5 3e174b2bd92633df5aef63b2341e87b5
SHA1 e1b0a422648c64d76ad1efe5f4759a3c5b941b7e
SHA256 3b467238b4d06ce3f3051f93e52ad3295d86efb11440ad619b759979bc635546
SHA512 49fe1f213ec19e34a8c33e39e7f07bd8b6b314a4d95aecdb2d422d27d2229b27cdc2fd4b4c652e1cc49c515999fdef7aeb90ce7503e24ca1e08e23a511d3d3be

/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

MD5 1a2e993e167e6ef4b9e78509c50015ed
SHA1 7092df7deebdeef3f4917a44d67fc8e46604d65e
SHA256 7a0a15c52bec386746377adf8057ed4bd01c93b938c81d15c8e78e327b66325a
SHA512 f5f6cb7ce04340f52d7db6314043a21513de219e9eb2bb3d6fb98bc62cb1d28e36d85f3369b86a96e2eefb3a9334326e76102ee0f3330516b9a0857488604edb

/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

MD5 86910890f801942a80eb862418b1fb3f
SHA1 90f3860f8679ecb487109c18e20fa7a76bddd11d
SHA256 c4068ae674ac31abc31c6e39be7c1d7651571c2f0c7045f00edac7d01ebd70b3
SHA512 b6d1d4346f28e06deebc8509bae68d6327f724fefb84a4d0cba06713d4e362f95d8abef7dc4ed6f46ef156ef290e6717fa351a681df908ad569f6ae7e251be3a

/data/user/0/ir.mizansoft.parvareshkaktus/files/parvareshkaktus.db

MD5 5d7be72751c19f05b932a5fa4c136354
SHA1 d3e5a6ffec59bdc37dfb5a2d84fbd604fb25f34b
SHA256 0bc318bf2590ad63a249dea5a9f0390b41aa6b5768a2cc3c49838a9f2b1b28fb
SHA512 38afd0d0e3b87fd33fb27a9bec2cae033efef2062a535675e63bf63137e226012610207e79e401f6628b338b67d330b377b5f97ac141b6b2e53db0b2c2f4d44d

/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

MD5 a8bcb5e712309028494d53d9f9a36803
SHA1 1d68138ec645ed3bc072589b13b4e36b4585d942
SHA256 2a8f5086834f3da920c161f5e2a66be8a9ebd2f8390dacdd20afce119f1dca97
SHA512 9f9a9439b8643fd2df36e1729bb7bee7c5b3614c2c9d3aaf952dc89c82f8d585ebe076a40047e54ea1d820022b19267bc0c844802e4061ccc02d56635b7c3890

/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 67a95effb90ba8130d98778b3045b75d
SHA1 f768f3e4ae48707dcf4776af98a64ede3279ad60
SHA256 4cd28d7e3fe0bdf5b248d1873747e627c28c2ff441b48db6423d3af61e21ab43
SHA512 eaf26369f73fc2b84ac771456dbfd11c60fda784048f24d3e706f27765c3ae0d7dd0e09c5cafbb915a5474be1717aef4c3901055b382b7f9a04a8b46cf1d75da

/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

MD5 2d2daeab5ac1222157de11b8f01df1e9
SHA1 882b8537f6d895850d2e8f955c703a612371f519
SHA256 aa6aaa541a63d6b9a16d0e95972b4a930ecf33ad58e39e54e12d69ae6af0abf0
SHA512 5685afb1ae19d70611b3fc5189054184664ab0c66642b95501347c7504e525a8881e45a33d126328ee4b0c160003b74dd010073b3a1bddc80631a34e0d379fb4

/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 734302eefc97c52a4858bce6ac5a2fda
SHA1 3638f54b3780255d96dc158274209d433b02ab66
SHA256 061ac4ccc61614dfecb99ac2dfa1585bb3c18456f242dd7c7948af872ac825f4
SHA512 902af9e497a8adabfba965062ec67698055b940f725bea938539c06aca865f3a8b232e3d9c4212218981cd3592189c5b49c45bea94097c818c8e6da5776fdeb3

/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 daa13b0d327e9d9cc6ffc8a283958db0
SHA1 597e66316be9bf955f0563218d41f8bf5ba7020a
SHA256 70dc4fc00e9e97e3ce96357a511cdcf8613bc31388aa2ca26786cb906ef458bb
SHA512 a9ad3232803ee3a46f8138668adb7d7cb3e9846b6425677b778320c423e79ff6c6f9d14fbc8f1891b87522ce5890fa16acd7a44fc9f6f6be0b4087818bb0d370

/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

MD5 11464849dbc0e99244387782b32be195
SHA1 c7631d41a34b171eb6b3cfa9eb1d355cc97e251e
SHA256 d3f91840ac083e18424a937a3989acc7a1098f2992c1253522eeadb89364ebad
SHA512 82229580f8791e1e2aeb752c69f915a22944bbfaba4607ed4f76e9835854492f6512c175c5aadd17e4cdd1b5f68cd391a355c9a9edcba59f90825121b3b20b97

/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

MD5 ef30b55107d0b52a29f919492e284da9
SHA1 d26f0174152621ee374f606b72c01e55ba25af7c
SHA256 ff74082f306621e2003366325571bf7a13acc7ad3f26750e6d451f2552928753
SHA512 c379dbba776b56b8c704c55a2928bccf6e04849d98aecfbd8503fae1adeb634794e3455dfb6860d012f269cb43b809ae05303a8e69bf78b433be09d0f8a50c4a

/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

MD5 3c2077b0c9addbd07b797c13db4e661f
SHA1 9e9d61749226a3b397ebaeb37fa12f06d8e99e11
SHA256 142971e231d5bf6c956a6e8fe9095b048af9de702b85e4af5747463e1a6045ff
SHA512 445200e9bd66e1e497658be744ed9db88acfcde2a489373115082abe42eff8b637ff92431d72393df3638aeda6497464d7cb56b10fe780ef3d7d52c894c76969

/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

MD5 0d19ed13b6d7a6874329b566c68a8688
SHA1 a286a55f24398db578297c8549b331e5c06e21bd
SHA256 39cec4022287a4a39d590451b791253f0f9f6130d94ded25bfef7796aae1f72b
SHA512 ec866471a77b5f7d5574b24a23740b52493e2ed9fa8b1579a5a17178708e1ceb27cc91b8ae8ce95ee98f29bde2e6dbe36dca74bcc05d73e1fd529d5e87d03952