Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

Thermal Ca... 6.apk

android-9-x86

7

Thermal Ca... 6.apk

android-10-x64

7

Thermal Ca... 6.apk

android-11-x64

7

Analysis

  • max time kernel
    3892384s
  • max time network
    71s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231023-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231023-enlocale:en-usos:android-11-x64system
  • submitted
    19/11/2023, 14:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Thermal Cam scanner 6.apk

  • Size

    5.4MB

  • MD5

    b78f64daf602c2dbe0bc890f2e2a47cf

  • SHA1

    43c3fb4997ca6facf0e2f4a677c63b8e6b072b15

  • SHA256

    396e7916dbfbe89206cd0f98167a15489e73ac56b7d6b29375adb5002928757a

  • SHA512

    a67d78c0d9a1db012f2824b46c168a7589ec676c6c159e3db138d47d894203ed27e9e3d7337705a52d00ac5773290ea42d9cf79c34aac46ea005af1a99dc45c0

  • SSDEEP

    98304:mfI8zpOQzfr9O43VrFhKGUjEyjN7p8HbSPmnzfz1KYE+NnmpXvYGIaD25W1xgtyG:mfI8Ar4lrTKDgyfSnz71K1OdaDwaViZH

Score
7/10

Malware Config

Signatures

  • Acquires the wake lock. 1 IoCs
  • Reads information about phone network operator.

Processes

  • org.jackajks.thermish
    1⤵
    • Acquires the wake lock.
    PID:4569

Network

  • flag-us
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
    Response
    accounts.google.com
    IN A
    142.250.179.141
  • flag-us
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
    Response
    accounts.google.com
    IN A
    142.250.179.205
  • flag-us
    DNS
    infinitedata-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    infinitedata-pa.googleapis.com
    IN A
  • flag-us
    DNS
    infinitedata-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    infinitedata-pa.googleapis.com
    IN A
  • flag-us
    DNS
    pkxabsratp
    Remote address:
    1.1.1.1:53
    Request
    pkxabsratp
    IN A
    Response
  • flag-us
    DNS
    jkllldlkkxw
    Remote address:
    1.1.1.1:53
    Request
    jkllldlkkxw
    IN A
    Response
  • flag-us
    DNS
    qcvnmkcadm
    Remote address:
    1.1.1.1:53
    Request
    qcvnmkcadm
    IN A
    Response
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    142.250.179.200
  • flag-us
    DNS
    nkarem.su
    Remote address:
    1.1.1.1:53
    Request
    nkarem.su
    IN A
  • flag-us
    DNS
    nkarem.su
    Remote address:
    1.1.1.1:53
    Request
    nkarem.su
    IN A
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    172.217.23.206
  • flag-us
    DNS
    infinitedata-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    infinitedata-pa.googleapis.com
    IN A
  • flag-us
    DNS
    infinitedata-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    infinitedata-pa.googleapis.com
    IN A
  • flag-us
    DNS
    nkarem.su
    Remote address:
    1.1.1.1:53
    Request
    nkarem.su
    IN A
    Response
    nkarem.su
    IN A
    188.114.96.0
    nkarem.su
    IN A
    188.114.97.0
  • flag-us
    POST
    https://nkarem.su/click_2/index.php
    Remote address:
    188.114.96.0:443
    Request
    POST /click_2/index.php HTTP/2.0
    host: nkarem.su
    content-type: application/x-www-form-urlencoded
    content-length: 36
    accept-encoding: gzip
    user-agent: okhttp/4.10.0
    Response
    HTTP/2.0 200
    date: Sun, 19 Nov 2023 14:34:04 GMT
    content-type: application/json
    cf-cache-status: DYNAMIC
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zYnooIWSAzElFVlbfEXDmXZNu9nAq%2F%2B4ukdAbFVd2RlpYpn5ByHT9uhyv%2BrjFCaMgocNSE3OuaLEZ%2FY3ql513GLHlFagllCYSJUg77RtZCj%2FTUqg2cWreiZnGmc%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 82892c034c3eb981-AMS
    content-encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    infinitedata-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    infinitedata-pa.googleapis.com
    IN A
  • flag-us
    DNS
    infinitedata-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    infinitedata-pa.googleapis.com
    IN A
  • flag-us
    DNS
    infinitedata-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    infinitedata-pa.googleapis.com
    IN A
    Response
    infinitedata-pa.googleapis.com
    IN A
    172.217.168.202
    infinitedata-pa.googleapis.com
    IN A
    142.251.39.106
    infinitedata-pa.googleapis.com
    IN A
    142.250.179.170
    infinitedata-pa.googleapis.com
    IN A
    216.58.214.10
    infinitedata-pa.googleapis.com
    IN A
    142.251.36.42
    infinitedata-pa.googleapis.com
    IN A
    142.250.179.202
    infinitedata-pa.googleapis.com
    IN A
    216.58.208.106
    infinitedata-pa.googleapis.com
    IN A
    142.250.179.138
    infinitedata-pa.googleapis.com
    IN A
    142.251.36.10
    infinitedata-pa.googleapis.com
    IN A
    172.217.23.202
  • flag-us
    DNS
    update.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    update.googleapis.com
    IN A
  • flag-us
    DNS
    update.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    update.googleapis.com
    IN A
  • flag-us
    DNS
    update.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    update.googleapis.com
    IN A
    Response
    update.googleapis.com
    IN A
    172.217.168.227
  • flag-us
    DNS
    edgedl.me.gvt1.com
    Remote address:
    1.1.1.1:53
    Request
    edgedl.me.gvt1.com
    IN A
  • flag-us
    DNS
    edgedl.me.gvt1.com
    Remote address:
    1.1.1.1:53
    Request
    edgedl.me.gvt1.com
    IN A
  • flag-us
    DNS
    edgedl.me.gvt1.com
    Remote address:
    1.1.1.1:53
    Request
    edgedl.me.gvt1.com
    IN A
    Response
    edgedl.me.gvt1.com
    IN A
    34.104.35.123
  • flag-us
    GET
    http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
    Remote address:
    34.104.35.123:80
    Request
    GET /edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3 HTTP/1.1
    Host: edgedl.me.gvt1.com
    Connection: keep-alive
    User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
    Accept-Encoding: gzip, deflate
    Response
    HTTP/1.1 200 OK
    accept-ranges: bytes
    content-disposition: attachment
    content-length: 35043
    content-security-policy: default-src 'none'
    server: Google-Edge-Cache
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-xss-protection: 0
    x-request-id: c95da4b0-f60e-4245-aceb-3d44083b271a
    date: Sat, 18 Nov 2023 19:53:05 GMT
    age: 67300
    last-modified: Wed, 20 Sep 2023 15:00:41 GMT
    etag: "1b45ddd"
    content-type: application/octet-stream
    alt-svc: clear
    cache-control: public,max-age=86400
  • 142.250.179.205:443
    accounts.google.com
    tls
    2.0kB
     7.2kB
     17
    12
  • 142.250.179.200:443
    ssl.google-analytics.com
    tls
    1.2kB
     5.6kB
     7
    5
  • 142.250.179.142:443
    tls, https
    1.3kB
     40 B
     1
    1
  • 142.250.179.142:443
    tls, https
    1.3kB
     40 B
     1
    1
  • 172.217.23.206:443
    android.apis.google.com
    tls
    9.8kB
     10.8kB
     28
    29
  • 188.114.96.0:443
    https://nkarem.su/click_2/index.php
    tls, http2
    1.5kB
     6.8kB
     12
    10

    HTTP Request

    POST https://nkarem.su/click_2/index.php

    HTTP Response

    200
  • 172.217.168.202:443
    infinitedata-pa.googleapis.com
    tls
    897 B
     5.4kB
     10
    7
  • 172.217.168.227:443
    update.googleapis.com
    tls
    3.6kB
     9.1kB
     17
    13
  • 34.104.35.123:80
    http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
    http
    871 B
     36.0kB
     9
    8

    HTTP Request

    GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3

    HTTP Response

    200
  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
     81 B
     1
    1

    DNS Request

    accounts.google.com

    DNS Response

    142.250.179.141

  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
     81 B
     1
    1

    DNS Request

    accounts.google.com

    DNS Response

    142.250.179.205

  • 224.0.0.251:5353
    3.3kB
     10
  • 1.1.1.1:53
    infinitedata-pa.googleapis.com
    dns
    152 B
     2

    DNS Request

    infinitedata-pa.googleapis.com

    DNS Request

    infinitedata-pa.googleapis.com

  • 1.1.1.1:53
    pkxabsratp
    dns
    56 B
     131 B
     1
    1

    DNS Request

    pkxabsratp

  • 1.1.1.1:53
    jkllldlkkxw
    dns
    57 B
     132 B
     1
    1

    DNS Request

    jkllldlkkxw

  • 1.1.1.1:53
    qcvnmkcadm
    dns
    56 B
     131 B
     1
    1

    DNS Request

    qcvnmkcadm

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    142.250.179.200

  • 1.1.1.1:53
    nkarem.su
    dns
    110 B
     2

    DNS Request

    nkarem.su

    DNS Request

    nkarem.su

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    172.217.23.206

  • 1.1.1.1:53
    infinitedata-pa.googleapis.com
    dns
    152 B
     2

    DNS Request

    infinitedata-pa.googleapis.com

    DNS Request

    infinitedata-pa.googleapis.com

  • 1.1.1.1:53
    nkarem.su
    dns
    55 B
     87 B
     1
    1

    DNS Request

    nkarem.su

    DNS Response

    188.114.96.0
    188.114.97.0

  • 1.1.1.1:53
    infinitedata-pa.googleapis.com
    dns
    152 B
     2

    DNS Request

    infinitedata-pa.googleapis.com

    DNS Request

    infinitedata-pa.googleapis.com

  • 1.1.1.1:53
    infinitedata-pa.googleapis.com
    dns
    76 B
     236 B
     1
    1

    DNS Request

    infinitedata-pa.googleapis.com

    DNS Response

    172.217.168.202
    142.251.39.106
    142.250.179.170
    216.58.214.10
    142.251.36.42
    142.250.179.202
    216.58.208.106
    142.250.179.138
    142.251.36.10
    172.217.23.202

  • 1.1.1.1:53
    update.googleapis.com
    dns
    67 B
     1

    DNS Request

    update.googleapis.com

  • 1.1.1.1:53
    update.googleapis.com
    dns
    67 B
     1

    DNS Request

    update.googleapis.com

  • 1.1.1.1:53
    update.googleapis.com
    dns
    67 B
     83 B
     1
    1

    DNS Request

    update.googleapis.com

    DNS Response

    172.217.168.227

  • 1.1.1.1:53
    edgedl.me.gvt1.com
    dns
    64 B
     1

    DNS Request

    edgedl.me.gvt1.com

  • 1.1.1.1:53
    edgedl.me.gvt1.com
    dns
    64 B
     1

    DNS Request

    edgedl.me.gvt1.com

  • 1.1.1.1:53
    edgedl.me.gvt1.com
    dns
    64 B
     80 B
     1
    1

    DNS Request

    edgedl.me.gvt1.com

    DNS Response

    34.104.35.123

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/org.jackajks.thermish/databases/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/data/org.jackajks.thermish/databases/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    eaf65cb1b0053c49ce5e2492bcb33467

    SHA1

    63afaf90540bbd1e1000e939058117ae0c13006c

    SHA256

    7cadd9aa88bd5e079c0565cade7cae8c79dea2ec23dc0dc230c4cb6b747f2bbf

    SHA512

    57a5db6c40a240a008d1227714787fa71126c57eedb5236a800266dc86305b32278a245c9a498182c58a831869602eef9b82a0cb9646fd5e648c262aac0c8759

    Download Submit

  • /data/data/org.jackajks.thermish/databases/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/org.jackajks.thermish/databases/androidx.work.workdb-wal
    Filesize

    88KB

    MD5

    9023fca45f74b07d0f967da72478ee24

    SHA1

    84f8411296becb1308ffdccd25ab95e77ddc5626

    SHA256

    431d08b2edef29208cebc5daf344124d90a2c25fc6fcf41afb8cf5da0b5f1e2b

    SHA512

    4a4a752f4a52baf18a7e87fc16d8f03bf57ec44b421c0e194ebe2781c72e8f25cda3c750ff317f9f97b6f334acb824b30cfe2741df544ac8f810ffacce81a695

    Download Submit

  • /data/data/org.jackajks.thermish/databases/androidx.work.workdb-wal
    Filesize

    148KB

    MD5

    22db3b01f89f20cd7c9c8611cecce146

    SHA1

    cca459a193ca00aea1d790eb34f969904953506b

    SHA256

    5310c3e732a8af27b14bb7ae0dcc07fbeb85389c1067bcbdfb74451a4db92ec7

    SHA512

    6ca116773f84c17dd1b2173bdc7c0b95aa54b8d1e3cd6493d54ff43fdec08ab013eed85cc4fd87c58bcdeb381d8f4e0b53e086c1b694719d20c9a9e7c10532a9

    Download Submit

  • /data/data/org.jackajks.thermish/databases/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    c6198e56467c5005d890b96b2b2d0f42

    SHA1

    371ec57b102d5e4bd63b7ee132d8655457b72038

    SHA256

    b49a3cb4e410d2680279efb57fd01f45d33aeacd85ada570bb9cf7bc1fd87537

    SHA512

    2ef376b171d8f59b724eb643343717097cefd50980a326d819f69850652c47caf40386c6cd4721b41279a6179436189852b43cfa0dc6594e9966bc47ed33d67f

    Download Submit

  • /data/data/org.jackajks.thermish/databases/com.google.android.datatransport.events
    Filesize

    56KB

    MD5

    04d5fd928b83b455df1544cbce40d1cb

    SHA1

    16f6ad6969020c32de21b92d15a4eb11744b1d24

    SHA256

    bf34418bac8770c020c58f3f4d9505cd2ea2256dddbdefcfb5faf4bb6f143d6e

    SHA512

    18781622efe5f093b86a1cb49a44e2d854fb20f6aed58e2aba9095f81787a26c225490e59c09662e6e78ec07d687940364b323b25a28f601e45149695f8bb1bc

    Download Submit

  • /data/data/org.jackajks.thermish/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    d62f8e772c3afdc0c403f114720c1997

    SHA1

    e6725fa01bcb95250a38c326808400d6ba4478df

    SHA256

    f2e30e493e0cd8d679e60f080bb30baad752874847b8e15144e03a96868ba3d8

    SHA512

    004bf388e14c1b9c9b9ea90a699f63a5e0502b6d5f44cd91048c717e2c68f6d12a2594702c9b78b2bf2f38013190882cef0b472d6def5ee97876276bfb5e69dc

    Download Submit

  • /data/data/org.jackajks.thermish/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    7343a13fcf4d4d97931d89aba04f1c4f

    SHA1

    c1d090c892de31d10a563533767caaef213156da

    SHA256

    a77228e1c38bb6e65a2263beecfb78071faace06fcd11eae70b4c25cde2b58b7

    SHA512

    0cdcc75ce7685a9382db7ba6ff2e917963263d1c188670b6c8cabcf66643a3885403fd7915f6f37dc3a40d6cd38d000ffb45ddcc3eb6b776631efb207df4d002

    Download Submit

  • /data/data/org.jackajks.thermish/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    1f35ac8749708241490b66c1314140d0

    SHA1

    e7569c557c33d815e0085bdb50d8f767ba44646f

    SHA256

    2504eff4fbebae42b1b18cfc754590a603e8313e048cedea76ac36f75a8cfaf2

    SHA512

    8670b5825fa80cba002dd42694b308ff6f222bd8a11c00f8225968ac1f3bbb5193b3253f05c63323a3f8981fc77d3b1690153b729bf7bb9295b97ff049cadcf3

    Download Submit

  • /data/data/org.jackajks.thermish/files/PersistedInstallation4231556047863531422tmp
    Filesize

    90B

    MD5

    6f023060bd22f690f3c766683b84520e

    SHA1

    978e1d1bc10419773f1df044b8141ba390135df5

    SHA256

    2faf2ce2ccceeb934e14eb792395dba188470a750740a6c5128c02ad10fc0eb9

    SHA512

    c3f0d315099b03f72c95590d4d0666022f8b13fcb79aad86ee3f9fa0e7a86a0e9b2e10198d34b689875840c0afe9aa5622c9526e2a759e4e6884932434835bc4

    Download Submit

  • /data/data/org.jackajks.thermish/files/PersistedInstallation4489964190558733612tmp
    Filesize

    570B

    MD5

    88df7e1280d28720a8d6654775996a6c

    SHA1

    b798c52afe6dc2ca2bdd60812a72d1c31e0aa4f0

    SHA256

    b4d1c25c63d00339605896c2c9b2c299f30f1146c397868b08899d5b4097a153

    SHA512

    e652590dc9382a6155bb38f4d3380825f8899f7b0be32170b5c9cedb8aafda82dc554a50d1bdecaa31d3e3b4671a03356dfa8a91b9a56cc6dd571ccfe9e8c097

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.