Malware Analysis Report

2025-01-23 12:46

Sample ID 230605-13jyasba45
Target oSiNT_1.3 signed.apk
SHA256 a1037af0665526dc314ef08cb1bdfe409d5b9a31b733173469bb1990283ba573
Tags
spynote evasion
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a1037af0665526dc314ef08cb1bdfe409d5b9a31b733173469bb1990283ba573

Threat Level: Known bad

The file oSiNT_1.3 signed.apk was found to be: Known bad.

Malicious Activity Summary

spynote evasion

Spynote family

Makes use of the framework's Accessibility service.

Requests dangerous framework permissions

Acquires the wake lock.

Requests enabling of the accessibility settings.

Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-06-05 22:10

Signatures

Spynote family

spynote

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral9

Detonation Overview

Submitted

2023-06-05 22:10

Reported

2023-06-05 22:11

Platform

android-x64-arm64-20220823-en

Max time network

12s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
DE 142.250.184.234:443 udp
N/A 224.0.0.251:5353 udp
DE 142.250.184.234:443 udp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2023-06-05 22:10

Reported

2023-06-05 22:11

Platform

android-x64-arm64-20220823-en

Max time network

12s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
DE 172.217.23.206:443 android.apis.google.com tcp
DE 172.217.23.206:443 android.apis.google.com tcp
DE 172.217.23.206:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 growth-pa.googleapis.com udp
NL 172.217.168.202:443 growth-pa.googleapis.com tcp
DE 172.217.23.202:443 growth-pa.googleapis.com tcp
NL 172.217.168.234:443 growth-pa.googleapis.com tcp
NL 142.251.39.106:443 growth-pa.googleapis.com tcp
NL 142.250.179.202:443 growth-pa.googleapis.com tcp
NL 142.250.179.138:443 growth-pa.googleapis.com tcp
NL 142.251.36.10:443 growth-pa.googleapis.com tcp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2023-06-05 22:10

Reported

2023-06-05 22:11

Platform

android-x64-arm64-20220823-en

Max time network

12s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
DE 172.217.23.206:443 android.apis.google.com tcp
NL 142.250.179.206:443 android.apis.google.com tcp
NL 142.250.179.170:80 play.googleapis.com tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2023-06-05 22:10

Reported

2023-06-05 22:11

Platform

android-x64-arm64-20220823-en

Max time network

11s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.251.39.106:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-06-05 22:10

Reported

2023-06-05 22:11

Platform

android-x64-arm64-20220823-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
DE 172.217.23.206:443 android.apis.google.com tcp
NL 142.250.179.174:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
NL 142.250.179.170:80 play.googleapis.com tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2023-06-05 22:10

Reported

2023-06-05 22:11

Platform

android-x64-arm64-20220823-en

Max time network

12s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
DE 172.217.23.206:443 android.apis.google.com tcp
DE 172.217.23.206:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2023-06-05 22:10

Reported

2023-06-05 22:12

Platform

android-x64-arm64-20220823-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 growth-pa.googleapis.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-06-05 22:10

Reported

2023-06-05 22:12

Platform

android-x64-arm64-20220823-en

Max time kernel

2375968s

Max time network

75s

Command Line

com.oSiNT.Dev

Signatures

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Processes

com.oSiNT.Dev

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
DE 142.250.186.174:443 tcp
DE 142.250.186.174:443 tcp
DE 142.250.186.174:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.168:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 soon-lp.at.ply.gg udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 soon-lp.at.ply.gg udp
US 209.25.141.181:17209 soon-lp.at.ply.gg tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
GB 216.58.208.106:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp

Files

/data/user/0/com.oSiNT.Dev/shared_prefs/com.oSiNT.Dev.xml

MD5 e0ae18ee51f8080061f538d00a4a2b1f
SHA1 b39e93a0da5a827e9154142070e5eb93eb2a6314
SHA256 cb60eb5f68387d91f47eecbf64f465400f1d0dfd29dca34c2f7835a381f2c1ee
SHA512 646b099795a1e9232a3548f78cd3e0025695f2cfd002cb9eae73c0ce14c64dc253ad3ceb7dd53e6289b38b5f556ed511c103e99c197c0685f80361aa0d97c96e

/data/user/0/com.oSiNT.Dev/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.oSiNT.Dev/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.oSiNT.Dev/shared_prefs/WebViewChromiumPrefs.xml

MD5 97ccd9a2b2063143df56b6937f961ca4
SHA1 5e78a91ae5df289ce83443cb7d5589dd3504fb5d
SHA256 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd
SHA512 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

/data/user/0/com.oSiNT.Dev/app_webview/webview_data.lock

MD5 60238c102fe4e92982e44fef17ab775b
SHA1 b744ccc95a6a4587081b021ebc33360c5b13f740
SHA256 c945ebdec584f81f4a0a5ae048e23b5c80c7ac1d1eb47a62a382f66f4e7fd15c
SHA512 c6e1c681e71bb6c7e6b79926ef80be6a9f951bdf5ca870b1eddf535c3d989a72a88978727cdae5ba41986cb54c410e0f03059abfee768ab45ad96be40dd4e720

/data/user/0/com.oSiNT.Dev/app_webview/Default/Web Data

MD5 a48cd9324b1f8754b07f00d863b840f3
SHA1 11c6614775b35a58f440971dfc87c8aaac6d6173
SHA256 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420
SHA512 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

/data/user/0/com.oSiNT.Dev/app_webview/Default/Web Data-journal

MD5 7945ce6fbd3f33fb237ecedb2d8c031a
SHA1 17295ea5abd593a7e4a66b52f498fe8fdfac7e8f
SHA256 dcddbcc861777747b838e8e5e0614e3253298041060baf4521f0378f378c0fa8
SHA512 5a3afe3c01bfeb9178552efe101a2fa55c68c015757fc9324bcdb530e826e44808fcd0eb950b441f0ce20864d986b7a98b02eb5ed61bb47ade7072693c6d1a82

/data/user/0/com.oSiNT.Dev/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.oSiNT.Dev/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.oSiNT.Dev/app_webview/Default/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.oSiNT.Dev/app_webview/Default/GPUCache/index-dir/temp-index

MD5 ee98498706da7c94c753c0dea32df5d9
SHA1 f4f15f6ac8e93c57679f50b3afe582d12a4b8247
SHA256 ed688d8281f5e1cf5d8fbc3c56e5f976bb34c6f937496a2dbf351871ad240321
SHA512 c610a72db34689836fd28af86e226956569046e43a7ad93b376c79e67b865d7b8cb6de4097675b0671179d6ef476bbbb89f0f3839ec33d96e19524a7d411c5b7

/data/user/0/com.oSiNT.Dev/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5 1799617240097c0cc3c3bd17a6c239b9
SHA1 4fbb0b02ffccfe196b28c7725858e1591914630a
SHA256 02bf10421925236b7d7e00ee25b08f9c29377af07b7e3879243899b5b2710f06
SHA512 3ecc7afb5729a62d89c0fb485e14605bb50274e9056e699e3c5307ab5958bd7018f5bc6e4c652d4ef1d3ab994f7656de889b5377b16c16840a08743cdeea98d8

/data/user/0/com.oSiNT.Dev/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5 e750c8f59adcee2247508f3670abb572
SHA1 e0ca911747cdfb2859fed49f2ebd894e137d4eb3
SHA256 85df3ea48a2bb8ea715b8c0ab316dda53eece2b31fbf889d95fcc3ccfee48598
SHA512 7df45f31f740c2b65dbdedffb5d7c4e9fc79a01d5fcb4cd6c712f25338d9611359fed2c01b8e53c5aa1a88f8dd4934737f513c8e25964f6fc5eb0cf9c933678e

/data/user/0/com.oSiNT.Dev/cache/WebView/Crashpad/settings.dat

MD5 c4fc982e82aa3be5188429435501467a
SHA1 ba60b83203abfc9b47c8e880e605bae2abf7f58f
SHA256 293470dc8031b35eb8fd55d9b38e3a1792b548b4649c71506d30e4f50707426c
SHA512 60f6aa7622da61a6879e110bc65385409a20661097263f4f73a1db70c325c15c4a422b2cdbcf49f9ff4ef986047e03748e19b2e8dffaa57438f2ad2803f780dc

/data/user/0/com.oSiNT.Dev/cache/WebView/font_unique_name_table.pb

MD5 f080fa2a56ab5479d58063e5ea871447
SHA1 4b3fd57a98916fa5784305b76ba30af26b5253d9
SHA256 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815
SHA512 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

/storage/emulated/0/Config/sys/apps/log/log-2023-06-05.txt

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.oSiNT.Dev/app_webview/.com.google.Chrome.CIdoDg

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.oSiNT.Dev/app_webview/Default/Session Storage/LOG

MD5 06510d6730995444e2ab3d5484e06fdc
SHA1 d9bec02a8324bff0a6350b999b2786513a679d3a
SHA256 103e4452530f892f989cb8c32002251432c54b3eb1b0798ecdaac0bc84c2b9df
SHA512 876e5bfec59eaefc879d0bb38330cb5e2293654cb1dae1ead68bd12bea89c7d11d9090bda92627ab02a14d92b515acda5a5ea3b7fa7ed5efdfa57fe59efdc8b4

/data/user/0/com.oSiNT.Dev/app_webview/Default/Session Storage/LOCK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.oSiNT.Dev/app_webview/Default/Session Storage/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/data/user/0/com.oSiNT.Dev/app_webview/Default/Session Storage/000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/data/user/0/com.oSiNT.Dev/app_webview/Default/Session Storage/000003.log

MD5 9f7eadc15e13d0608b4e4d590499ae2e
SHA1 afb27f5c20b117031328e12dd3111a7681ff8db5
SHA256 5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923
SHA512 88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

Analysis: behavioral4

Detonation Overview

Submitted

2023-06-05 22:10

Reported

2023-06-05 22:11

Platform

android-x64-arm64-20220823-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
DE 172.217.23.206:443 android.apis.google.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
NL 172.217.168.202:443 growth-pa.googleapis.com tcp
NL 142.251.36.10:443 growth-pa.googleapis.com tcp
DE 172.217.23.202:443 growth-pa.googleapis.com tcp
N/A 224.0.0.251:5353 udp
NL 142.251.39.106:443 growth-pa.googleapis.com tcp
NL 142.250.179.202:443 growth-pa.googleapis.com tcp
NL 142.250.179.138:443 growth-pa.googleapis.com tcp
NL 172.217.168.234:443 growth-pa.googleapis.com tcp
NL 172.217.168.202:443 growth-pa.googleapis.com tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2023-06-05 22:10

Reported

2023-06-05 22:11

Platform

android-x64-arm64-20220823-en

Max time network

11s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-06-05 22:10

Reported

2023-06-05 22:11

Platform

android-x64-arm64-20220823-en

Max time network

12s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 growth-pa.googleapis.com udp
NL 142.251.39.106:443 udp
NL 142.251.39.106:443 tcp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-06-05 22:10

Reported

2023-06-05 22:11

Platform

android-x64-arm64-20220823-en

Max time network

12s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
DE 172.217.23.206:443 android.apis.google.com tcp
DE 172.217.23.206:443 android.apis.google.com tcp
NL 142.250.179.130:443 tcp
N/A 224.0.0.251:5353 udp
NL 142.251.36.10:443 udp
NL 142.251.36.10:443 tcp
NL 142.251.36.10:443 tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2023-06-05 22:10

Reported

2023-06-05 22:11

Platform

android-x64-arm64-20220823-en

Max time network

12s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp

Files

N/A