Overview
overview
7Static
static
7FunGame.apk
android-9-x86
1Android
windows7-x64
1Android
windows10-2004-x64
1Android.manifest
windows7-x64
3Android.manifest
windows10-2004-x64
3GameSkins.xml
windows7-x64
1GameSkins.xml
windows10-2004-x64
1LobbyData.xml
windows7-x64
1LobbyData.xml
windows10-2004-x64
1PokerNewFeatures.xml
windows7-x64
1PokerNewFeatures.xml
windows10-2004-x64
1RuntimeIni...s.json
windows7-x64
3RuntimeIni...s.json
windows10-2004-x64
3ScriptingA...s.json
windows7-x64
3ScriptingA...s.json
windows10-2004-x64
3Settings.xml
windows7-x64
1Settings.xml
windows10-2004-x64
1TeenPattiG...ns.xml
windows7-x64
1TeenPattiG...ns.xml
windows10-2004-x64
1TeenPattiN...es.xml
windows7-x64
1TeenPattiN...es.xml
windows10-2004-x64
1TeenPattiUserData.xml
windows7-x64
1TeenPattiUserData.xml
windows10-2004-x64
1UserData.xml
windows7-x64
1UserData.xml
windows10-2004-x64
1appbackgroundstheme2d
windows7-x64
1appbackgroundstheme2d
windows10-2004-x64
1appbackgro...nifest
windows7-x64
3appbackgro...nifest
windows10-2004-x64
3boot.config
windows7-x64
3boot.config
windows10-2004-x64
3data.unity3d
windows7-x64
3Analysis
-
max time kernel
140s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
16/11/2023, 09:02 UTC
Static task
static1
Behavioral task
behavioral1
Sample
FunGame.apk
Resource
android-x86-arm-20231023-en
Behavioral task
behavioral2
Sample
Android
Resource
win7-20231020-en
Behavioral task
behavioral3
Sample
Android
Resource
win10v2004-20231020-en
Behavioral task
behavioral4
Sample
Android.manifest
Resource
win7-20231023-en
Behavioral task
behavioral5
Sample
Android.manifest
Resource
win10v2004-20231020-en
Behavioral task
behavioral6
Sample
GameSkins.xml
Resource
win7-20231025-en
Behavioral task
behavioral7
Sample
GameSkins.xml
Resource
win10v2004-20231023-en
Behavioral task
behavioral8
Sample
LobbyData.xml
Resource
win7-20231023-en
Behavioral task
behavioral9
Sample
LobbyData.xml
Resource
win10v2004-20231020-en
Behavioral task
behavioral10
Sample
PokerNewFeatures.xml
Resource
win7-20231020-en
Behavioral task
behavioral11
Sample
PokerNewFeatures.xml
Resource
win10v2004-20231025-en
Behavioral task
behavioral12
Sample
RuntimeInitializeOnLoads.json
Resource
win7-20231023-en
Behavioral task
behavioral13
Sample
RuntimeInitializeOnLoads.json
Resource
win10v2004-20231020-en
Behavioral task
behavioral14
Sample
ScriptingAssemblies.json
Resource
win7-20231023-en
Behavioral task
behavioral15
Sample
ScriptingAssemblies.json
Resource
win10v2004-20231023-en
Behavioral task
behavioral16
Sample
Settings.xml
Resource
win7-20231023-en
Behavioral task
behavioral17
Sample
Settings.xml
Resource
win10v2004-20231020-en
Behavioral task
behavioral18
Sample
TeenPattiGameSkins.xml
Resource
win7-20231020-en
Behavioral task
behavioral19
Sample
TeenPattiGameSkins.xml
Resource
win10v2004-20231020-en
Behavioral task
behavioral20
Sample
TeenPattiNewFeatures.xml
Resource
win7-20231025-en
Behavioral task
behavioral21
Sample
TeenPattiNewFeatures.xml
Resource
win10v2004-20231023-en
Behavioral task
behavioral22
Sample
TeenPattiUserData.xml
Resource
win7-20231023-en
Behavioral task
behavioral23
Sample
TeenPattiUserData.xml
Resource
win10v2004-20231023-en
Behavioral task
behavioral24
Sample
UserData.xml
Resource
win7-20231023-en
Behavioral task
behavioral25
Sample
UserData.xml
Resource
win10v2004-20231023-en
Behavioral task
behavioral26
Sample
appbackgroundstheme2d
Resource
win7-20231020-en
Behavioral task
behavioral27
Sample
appbackgroundstheme2d
Resource
win10v2004-20231020-en
Behavioral task
behavioral28
Sample
appbackgroundstheme2d.manifest
Resource
win7-20231025-en
Behavioral task
behavioral29
Sample
appbackgroundstheme2d.manifest
Resource
win10v2004-20231023-en
Behavioral task
behavioral30
Sample
boot.config
Resource
win7-20231020-en
Behavioral task
behavioral31
Sample
boot.config
Resource
win10v2004-20231023-en
Behavioral task
behavioral32
Sample
data.unity3d
Resource
win7-20231020-en
General
-
Target
Android.manifest
-
Size
1KB
-
MD5
74cf204e243fdd671740f9c7e2065474
-
SHA1
d0054d1eb07c877ac83cd7f892201a0462e04760
-
SHA256
5f6be846e62b453a9255ae400dacb089506cf8833c70308977019adc842794f3
-
SHA512
1b5df1ebcc152335b93366e20b1d8facac8fe4515b3840d4750e5f5280f17ed9acf334c83e39edde83cc454e52131887aee419e00f31d5e8284b44be28fd250c
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2084 OpenWith.exe
Processes
Network
-
Remote address:8.8.8.8:53Request0.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request9.228.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request59.128.231.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request107.175.53.84.in-addr.arpaIN PTRResponse107.175.53.84.in-addr.arpaIN PTRa84-53-175-107deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request39.142.81.104.in-addr.arpaIN PTRResponse39.142.81.104.in-addr.arpaIN PTRa104-81-142-39deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request158.240.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301209_1YG8XJG78E6WL3S49&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301209_1YG8XJG78E6WL3S49&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 482655
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 61E030ABE3E44408822A7D7CA6947F92 Ref B: BRU30EDGE0518 Ref C: 2023-11-16T09:06:57Z
date: Thu, 16 Nov 2023 09:06:57 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301236_1F0R8LNJXXE73BCIY&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301236_1F0R8LNJXXE73BCIY&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 394186
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B9834640E191454FADAB25FEFB919311 Ref B: BRU30EDGE0518 Ref C: 2023-11-16T09:06:57Z
date: Thu, 16 Nov 2023 09:06:57 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301618_18EK60OU3ULIWMD9V&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301618_18EK60OU3ULIWMD9V&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 508694
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0CF2B1BAE9D34053A36F3772D9165C6D Ref B: BRU30EDGE0518 Ref C: 2023-11-16T09:06:57Z
date: Thu, 16 Nov 2023 09:06:57 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301324_1SLSYLL5I5UMQR5DX&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301324_1SLSYLL5I5UMQR5DX&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 314274
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 444A428EE24444A0958484A07BE06A61 Ref B: BRU30EDGE0518 Ref C: 2023-11-16T09:06:57Z
date: Thu, 16 Nov 2023 09:06:57 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301733_19PD903XZK3PU2L7I&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301733_19PD903XZK3PU2L7I&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 322267
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 17A7B69815E74C72B0960071DD2C7F7D Ref B: BRU30EDGE0518 Ref C: 2023-11-16T09:06:57Z
date: Thu, 16 Nov 2023 09:06:57 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301645_1DQ842AA5KWZY6AM7&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301645_1DQ842AA5KWZY6AM7&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 305935
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9F0E28FB0EF9408B8BBE4C505B7AC917 Ref B: BRU30EDGE0518 Ref C: 2023-11-16T09:07:00Z
date: Thu, 16 Nov 2023 09:06:59 GMT
-
Remote address:8.8.8.8:53Request138.175.53.84.in-addr.arpaIN PTRResponse138.175.53.84.in-addr.arpaIN PTRa84-53-175-138deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request34.175.53.84.in-addr.arpaIN PTRResponse34.175.53.84.in-addr.arpaIN PTRa84-53-175-34deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request22.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request2.173.189.20.in-addr.arpaIN PTRResponse
-
1.2kB 8.3kB 16 14
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317301645_1DQ842AA5KWZY6AM7&pid=21.2&w=1080&h=1920&c=4tls, http283.3kB 2.4MB 1753 1745
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301209_1YG8XJG78E6WL3S49&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301236_1F0R8LNJXXE73BCIY&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301618_18EK60OU3ULIWMD9V&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301324_1SLSYLL5I5UMQR5DX&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301733_19PD903XZK3PU2L7I&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301645_1DQ842AA5KWZY6AM7&pid=21.2&w=1080&h=1920&c=4HTTP Response
200 -
1.2kB 8.3kB 16 14
-
1.2kB 8.3kB 16 14
-
1.2kB 8.3kB 16 14
-
71 B 157 B 1 1
DNS Request
0.159.190.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
9.228.82.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
59.128.231.4.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
107.175.53.84.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
39.142.81.104.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
158.240.127.40.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
86.23.85.13.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
72 B 137 B 1 1
DNS Request
138.175.53.84.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
34.175.53.84.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.236.111.52.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
2.173.189.20.in-addr.arpa