Analysis Overview
SHA256
2baadf48069e44b89f4cb749105eabe87c32b0a45669cef246e8e3a46a3b3ec3
Threat Level: Known bad
The file c01b464dea561c3c5e084eac0276a1f1.apk was found to be: Known bad.
Malicious Activity Summary
Spynote family
Makes use of the framework's Accessibility service.
Acquires the wake lock.
Requests dangerous framework permissions
Requests disabling of battery optimizations (often used to enable hiding in the background).
Removes a system notification.
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-05-29 14:16
Signatures
Spynote family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. | android.permission.PROCESS_OUTGOING_CALLS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-05-29 14:16
Reported
2023-05-29 14:19
Platform
android-x64-20220823-en
Max time kernel
1742755s
Max time network
160s
Command Line
Signatures
Processes
ash.conflicts.mistakes
ash.conflicts.mistakes:remote
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | dibaqu.vip | udp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 172.217.168.232:443 | ssl.google-analytics.com | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
Files
/storage/emulated/0/Config/sys/apps/log/log-2023-05-29.txt
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ash.conflicts.mistakes/shared_prefs/ash.conflicts.mistakes.xml
| MD5 | e0ae18ee51f8080061f538d00a4a2b1f |
| SHA1 | b39e93a0da5a827e9154142070e5eb93eb2a6314 |
| SHA256 | cb60eb5f68387d91f47eecbf64f465400f1d0dfd29dca34c2f7835a381f2c1ee |
| SHA512 | 646b099795a1e9232a3548f78cd3e0025695f2cfd002cb9eae73c0ce14c64dc253ad3ceb7dd53e6289b38b5f556ed511c103e99c197c0685f80361aa0d97c96e |
/data/user/0/ash.conflicts.mistakes/shared_prefs/ProtectedApps.xml
| MD5 | 214fb59450fb63c2eba0eb00cbef71bb |
| SHA1 | d55306c66d10c8256ced135b9a245fb3de50b096 |
| SHA256 | 29cd87115f57a3d714e8f666d08c6d1bd53fd644a77b8172dfa29ac2aea1bf46 |
| SHA512 | 83c6d8af079e1224d78056316e5bebc3947871194afe325493599131b82fc6a381cc7c72ab93378ddcca3ab6b5ed9c14c6da2e73086e29d48c6dafa550a1622b |
Analysis: behavioral3
Detonation Overview
Submitted
2023-05-29 14:16
Reported
2023-05-29 14:19
Platform
android-x64-arm64-20220823-en
Max time kernel
1742759s
Max time network
162s
Command Line
Signatures
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Requests disabling of battery optimizations (often used to enable hiding in the background).
| Description | Indicator | Process | Target |
| Intent action | android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS | N/A | N/A |
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Processes
ash.conflicts.mistakes
ash.conflicts.mistakes:remote
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.36.46:443 | android.apis.google.com | tcp |
| NL | 142.251.36.46:443 | android.apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.179.170:80 | play.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | growth-pa.googleapis.com | udp |
| NL | 142.251.36.42:443 | growth-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | lh3-dz.googleusercontent.com | udp |
| NL | 142.250.179.161:443 | lh3-dz.googleusercontent.com | tcp |
| US | 1.1.1.1:53 | lh3.googleusercontent.com | udp |
| NL | 142.250.179.161:443 | lh3.googleusercontent.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 172.217.168.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | dibaqu.vip | udp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| NL | 142.251.36.45:443 | accounts.google.com | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| US | 1.1.1.1:53 | ylhrzdd | udp |
| US | 1.1.1.1:53 | mtlzuerhaw | udp |
| US | 1.1.1.1:53 | dhizgcyycwjmh | udp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| US | 1.1.1.1:53 | ylhrzdd | udp |
| US | 1.1.1.1:53 | mtlzuerhaw | udp |
| US | 1.1.1.1:53 | dhizgcyycwjmh | udp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| NL | 142.250.179.195:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | edgedl.me.gvt1.com | udp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| US | 1.1.1.1:53 | edgedl.me.gvt1.com | udp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| US | 1.1.1.1:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
Files
/storage/emulated/0/Config/sys/apps/log/log-2023-05-29.txt
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ash.conflicts.mistakes/shared_prefs/ash.conflicts.mistakes.xml
| MD5 | e0ae18ee51f8080061f538d00a4a2b1f |
| SHA1 | b39e93a0da5a827e9154142070e5eb93eb2a6314 |
| SHA256 | cb60eb5f68387d91f47eecbf64f465400f1d0dfd29dca34c2f7835a381f2c1ee |
| SHA512 | 646b099795a1e9232a3548f78cd3e0025695f2cfd002cb9eae73c0ce14c64dc253ad3ceb7dd53e6289b38b5f556ed511c103e99c197c0685f80361aa0d97c96e |
/data/user/0/ash.conflicts.mistakes/shared_prefs/ProtectedApps.xml
| MD5 | 214fb59450fb63c2eba0eb00cbef71bb |
| SHA1 | d55306c66d10c8256ced135b9a245fb3de50b096 |
| SHA256 | 29cd87115f57a3d714e8f666d08c6d1bd53fd644a77b8172dfa29ac2aea1bf46 |
| SHA512 | 83c6d8af079e1224d78056316e5bebc3947871194afe325493599131b82fc6a381cc7c72ab93378ddcca3ab6b5ed9c14c6da2e73086e29d48c6dafa550a1622b |
Analysis: behavioral1
Detonation Overview
Submitted
2023-05-29 14:16
Reported
2023-05-29 14:19
Platform
android-x86-arm-20220823-en
Max time kernel
1742755s
Max time network
158s
Command Line
Signatures
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Requests disabling of battery optimizations (often used to enable hiding in the background).
| Description | Indicator | Process | Target |
| Intent action | android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS | N/A | N/A |
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Processes
ash.conflicts.mistakes
ash.conflicts.mistakes:remote
Network
| Country | Destination | Domain | Proto |
| NL | 142.250.179.202:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 142.251.36.42:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.39.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | dibaqu.vip | udp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| US | 1.1.1.1:853 | tcp | |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| US | 1.1.1.1:853 | tcp | |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
| HK | 43.154.116.147:4000 | dibaqu.vip | tcp |
Files
/data/user/0/ash.conflicts.mistakes/shared_prefs/ash.conflicts.mistakes.xml
| MD5 | e0ae18ee51f8080061f538d00a4a2b1f |
| SHA1 | b39e93a0da5a827e9154142070e5eb93eb2a6314 |
| SHA256 | cb60eb5f68387d91f47eecbf64f465400f1d0dfd29dca34c2f7835a381f2c1ee |
| SHA512 | 646b099795a1e9232a3548f78cd3e0025695f2cfd002cb9eae73c0ce14c64dc253ad3ceb7dd53e6289b38b5f556ed511c103e99c197c0685f80361aa0d97c96e |
/storage/emulated/0/Config/sys/apps/log/log-2023-05-29.txt
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ash.conflicts.mistakes/shared_prefs/ProtectedApps.xml
| MD5 | 214fb59450fb63c2eba0eb00cbef71bb |
| SHA1 | d55306c66d10c8256ced135b9a245fb3de50b096 |
| SHA256 | 29cd87115f57a3d714e8f666d08c6d1bd53fd644a77b8172dfa29ac2aea1bf46 |
| SHA512 | 83c6d8af079e1224d78056316e5bebc3947871194afe325493599131b82fc6a381cc7c72ab93378ddcca3ab6b5ed9c14c6da2e73086e29d48c6dafa550a1622b |