Overview

overview

10

Static

static

7

Document P....7.apk

android-10-x64

10

Document P....7.apk

android-11-x64

6

Document P....7.apk

android-9-x86

10

Analysis

  • max time kernel
    187449s
  • max time network
    150s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220823-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
  • submitted
    13/12/2022, 11:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Document PDF Scanner_8.3.7.apk

  • Size

    9.7MB

  • MD5

    d647a07d7492da4dfc2d5a0165fdb044

  • SHA1

    deaf44286b05f93a079dbddfc52013f7f114015e

  • SHA256

    fc303334334b87655463ccbc523da805e4b30085e0b690f5f48637f872f0a676

  • SHA512

    f1ef534fffba4bc934b6f4f344db1fbda22d2522c40acc5c3b9313083886388e4eb9cbcb1b0b9b7077e2e7504e648ef1e3924ab61cf0d1a3e1f83c3b329c6cd9

  • SSDEEP

    196608:N+GCjxVA0s8tWLJiV8/VQjga2lKOTA9MAdRPWn8WGZ:oZkXNFwOTAF08We

Score
6/10

Malware Config

Signatures

Processes

  • com.hddoc.hink
    1⤵
      PID:4546

    Network

    • flag-unknown
      DNS
      infinitedata-pa.googleapis.com
      Remote address:
      1.1.1.1:53
      Request
      infinitedata-pa.googleapis.com
      IN A
      Response
      infinitedata-pa.googleapis.com
      IN A
      142.250.179.138
      infinitedata-pa.googleapis.com
      IN A
      172.217.168.234
      infinitedata-pa.googleapis.com
      IN A
      216.58.214.10
      infinitedata-pa.googleapis.com
      IN A
      142.250.179.202
      infinitedata-pa.googleapis.com
      IN A
      216.58.208.106
      infinitedata-pa.googleapis.com
      IN A
      142.250.179.170
      infinitedata-pa.googleapis.com
      IN A
      142.251.36.10
      infinitedata-pa.googleapis.com
      IN A
      142.251.36.42
      infinitedata-pa.googleapis.com
      IN A
      142.251.39.106
      infinitedata-pa.googleapis.com
      IN A
      172.217.168.202
    • flag-unknown
      DNS
      android.apis.google.com
      Remote address:
      1.1.1.1:53
      Request
      android.apis.google.com
      IN A
      Response
      android.apis.google.com
      IN CNAME
      clients.l.google.com
      clients.l.google.com
      IN A
      142.250.179.206
    • flag-unknown
      DNS
      sites.google.com
      Remote address:
      1.1.1.1:53
      Request
      sites.google.com
      IN A
      Response
      sites.google.com
      IN A
      142.251.36.14
    • flag-unknown
      GET
      https://sites.google.com/view/document-pdf-scanner-dyuh/home
      Remote address:
      142.251.36.14:443
      Request
      GET /view/document-pdf-scanner-dyuh/home HTTP/1.1
      User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
      Host: sites.google.com
      Connection: Keep-Alive
      Accept-Encoding: gzip
      Response
      HTTP/1.1 200 OK
      Content-Type: text/html; charset=utf-8
      X-Frame-Options: DENY
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Tue, 13 Dec 2022 11:08:46 GMT
      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
      Cross-Origin-Opener-Policy: unsafe-none
      Content-Security-Policy: base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'nonce-4pMUcDzopAryqWSN6FS11A' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/
      Referrer-Policy: origin
      Content-Encoding: gzip
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Set-Cookie: NID=511=EhUf6HCFlOd5chnNkCxsAw-6P9A7AeWFCFCQTXBwImEXazWFfB4cyS4RGGYXvEVLcXqzp8VnBk3u6NUIlIR8r978KotfT2EO3URDN7THnOeCK8mRL3_RHfOSBgZC-V7jvbvh6HsruOkayMkriSWWJwtRCh0rqcyLbtB3n0KOSKo; expires=Wed, 14-Jun-2023 11:08:46 GMT; path=/; domain=.google.com; HttpOnly
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
      Transfer-Encoding: chunked
    • flag-unknown
      DNS
      sightly.oss-ap-northeast-1.aliyuncs.com
      Remote address:
      1.1.1.1:53
      Request
      sightly.oss-ap-northeast-1.aliyuncs.com
      IN A
    • flag-unknown
      DNS
      sightly.oss-ap-northeast-1.aliyuncs.com
      Remote address:
      1.1.1.1:53
      Request
      sightly.oss-ap-northeast-1.aliyuncs.com
      IN A
    • flag-unknown
      DNS
      ssl.google-analytics.com
      Remote address:
      1.1.1.1:53
      Request
      ssl.google-analytics.com
      IN A
    • flag-unknown
      DNS
      ssl.google-analytics.com
      Remote address:
      1.1.1.1:53
      Request
      ssl.google-analytics.com
      IN A
    • flag-unknown
      DNS
      ssl.google-analytics.com
      Remote address:
      1.1.1.1:53
      Request
      ssl.google-analytics.com
      IN A
    • flag-unknown
      DNS
      ssl.google-analytics.com
      Remote address:
      1.1.1.1:53
      Request
      ssl.google-analytics.com
      IN A
    • 142.250.186.174:443
      tls, https
      695 B
       40 B
       1
      1
    • 142.250.186.174:443
      android.apis.google.com
      tls
      999 B
       4.6kB
       8
      6
    • 142.251.36.14:443
      https://sites.google.com/view/document-pdf-scanner-dyuh/home
      tls, http
      2.0kB
       23.3kB
       23
      22

      HTTP Request

      GET https://sites.google.com/view/document-pdf-scanner-dyuh/home

      HTTP Response

      200
    • 224.0.0.251:5353
      3.7kB
       11
    • 1.1.1.1:53
      infinitedata-pa.googleapis.com
      dns
      76 B
       236 B
       1
      1

      DNS Request

      infinitedata-pa.googleapis.com

      DNS Response

      142.250.179.138
      172.217.168.234
      216.58.214.10
      142.250.179.202
      216.58.208.106
      142.250.179.170
      142.251.36.10
      142.251.36.42
      142.251.39.106
      172.217.168.202

    • 1.1.1.1:53
      android.apis.google.com
      dns
      69 B
       109 B
       1
      1

      DNS Request

      android.apis.google.com

      DNS Response

      142.250.179.206

    • 1.1.1.1:53
      sites.google.com
      dns
      62 B
       78 B
       1
      1

      DNS Request

      sites.google.com

      DNS Response

      142.251.36.14

    • 1.1.1.1:53
      sightly.oss-ap-northeast-1.aliyuncs.com
      dns
      170 B
       2

      DNS Request

      sightly.oss-ap-northeast-1.aliyuncs.com

      DNS Request

      sightly.oss-ap-northeast-1.aliyuncs.com

    • 1.1.1.1:53
      ssl.google-analytics.com
      dns
      140 B
       2

      DNS Request

      ssl.google-analytics.com

      DNS Request

      ssl.google-analytics.com

    • 1.1.1.1:53
      ssl.google-analytics.com
      dns
      140 B
       2

      DNS Request

      ssl.google-analytics.com

      DNS Request

      ssl.google-analytics.com

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/user/0/com.hddoc.hink/shared_prefs/policy.xml
      Filesize

      113B

      MD5

      5252b4bc37fe2da3de6eca03403b4ace

      SHA1

      a17e255f70f1dfd4942d31dde9df85b051cc85dd

      SHA256

      2d3aaa2d1fb54c12660174ccad96c889b9b2f28ebeadd8fae6149ec48b1531b4

      SHA512

      d61cd07f8c15e1ff3773655051013fb03059df330b9b81bed1f1dd8a4319b5d0ad760b375114783ed2ad4a41a70c07a3330718ea1c53b2a0e905775e4a0aeeba

      Download Submit

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.