Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

6

5dd0da0d19...68.apk

android-9-x86

1

Analysis

  • max time kernel
    2612442s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23/12/2023, 17:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5dd0da0d19d386d950d473903309b9e92ce76ec1c6b5c0b83a545a8308dc7268.apk

  • Size

    9.7MB

  • MD5

    3dfc0723eb435b74d4eb11a387f40fdd

  • SHA1

    7583c0c48b1a8fd808665c421fc942f4b339a86f

  • SHA256

    5dd0da0d19d386d950d473903309b9e92ce76ec1c6b5c0b83a545a8308dc7268

  • SHA512

    3a16ff3ad6fe87b1a7d00916aee535ec5092a9a18891c41d9798323045aabcdf9c5825ec6437a80d4be9053803b5645e93fa5743c4d54b31da91b3c921251b03

  • SSDEEP

    98304:Fw6MMKzdbtmmwZxKgwd5jhed7XT2md1BoQIEwdaA:FuxB2wd4j2I+/

Score
1/10

Malware Config

Signatures

Processes

  • com.nobstudio.chengshuwan.prisonLifeRPG
    1⤵
      PID:4258

    Network

    • flag-us
      DNS
      semanticlocation-pa.googleapis.com
      Remote address:
      1.1.1.1:53
      Request
      semanticlocation-pa.googleapis.com
      IN A
      Response
      semanticlocation-pa.googleapis.com
      IN A
      216.58.204.74
      semanticlocation-pa.googleapis.com
      IN A
      142.250.200.10
      semanticlocation-pa.googleapis.com
      IN A
      142.250.187.234
      semanticlocation-pa.googleapis.com
      IN A
      142.250.179.234
      semanticlocation-pa.googleapis.com
      IN A
      142.250.200.42
      semanticlocation-pa.googleapis.com
      IN A
      142.250.178.10
      semanticlocation-pa.googleapis.com
      IN A
      216.58.213.10
      semanticlocation-pa.googleapis.com
      IN A
      216.58.212.234
      semanticlocation-pa.googleapis.com
      IN A
      172.217.16.234
      semanticlocation-pa.googleapis.com
      IN A
      216.58.201.106
      semanticlocation-pa.googleapis.com
      IN A
      172.217.169.74
      semanticlocation-pa.googleapis.com
      IN A
      172.217.169.42
      semanticlocation-pa.googleapis.com
      IN A
      142.250.180.10
      semanticlocation-pa.googleapis.com
      IN A
      142.250.187.202
    • flag-us
      DNS
      stats.coronalabs.com
      Remote address:
      1.1.1.1:53
      Request
      stats.coronalabs.com
      IN A
      Response
      stats.coronalabs.com
      IN A
      172.67.133.28
      stats.coronalabs.com
      IN A
      104.21.13.209
    • flag-us
      POST
      https://stats.coronalabs.com/analytics/device/v1
      Remote address:
      172.67.133.28:443
      Request
      POST /analytics/device/v1 HTTP/1.1
      Content-Type: application/json; charset=UTF-8
      Content-Length: 156
      User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
      Host: stats.coronalabs.com
      Connection: Keep-Alive
      Accept-Encoding: gzip
      Response
      HTTP/1.1 200 OK
      Date: Sun, 24 Dec 2023 12:04:42 GMT
      Content-Type: application/json
      Content-Length: 29
      Connection: keep-alive
      CF-Cache-Status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lCQcBjaA5HLKNq%2F9r%2BTsfXx9D19qCZrSf14NLeflEkWX1xNKIxKmypWilJKhmD1HT44tP%2FZaI6Y63XN9ysFMYJN555on%2BC3euUA0lPMNlI%2BhN2UBx0z0GTm0Jha2AZQ6gIt2JCYwrw%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 83a8b555583f63ce-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      data.flurry.com
      Remote address:
      1.1.1.1:53
      Request
      data.flurry.com
      IN A
      Response
      data.flurry.com
      IN CNAME
      flury-ycpi.gycpi.b.yahoodns.net
      flury-ycpi.gycpi.b.yahoodns.net
      IN A
      87.248.114.11
      flury-ycpi.gycpi.b.yahoodns.net
      IN A
      87.248.114.12
    • flag-gb
      POST
      https://data.flurry.com/aap.do
      Remote address:
      87.248.114.11:443
      Request
      POST /aap.do HTTP/1.1
      Content-Type: application/octet-stream
      User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
      Host: data.flurry.com
      Connection: Keep-Alive
      Accept-Encoding: gzip
      Content-Length: 300
      Response
      HTTP/1.1 200 OK
      content-type: application/octet-stream
      content-length: 0
      x-envoy-upstream-service-time: 1
      date: Sun, 24 Dec 2023 12:04:42 GMT
      server: ATS
      Age: 1
      Strict-Transport-Security: max-age=31536000
      Referrer-Policy: no-referrer-when-downgrade
      Connection: keep-alive
      Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
      X-XSS-Protection: 1; mode=block
      X-Content-Type-Options: nosniff
    • flag-gb
      POST
      https://data.flurry.com/aap.do
      Remote address:
      87.248.114.11:443
      Request
      POST /aap.do HTTP/1.1
      Content-Type: application/octet-stream
      User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
      Host: data.flurry.com
      Connection: Keep-Alive
      Accept-Encoding: gzip
      Content-Length: 392
      Response
      HTTP/1.1 200 OK
      content-type: application/octet-stream
      content-length: 0
      x-envoy-upstream-service-time: 1
      date: Sun, 24 Dec 2023 12:04:52 GMT
      server: ATS
      Age: 1
      Strict-Transport-Security: max-age=31536000
      Referrer-Policy: no-referrer-when-downgrade
      Connection: keep-alive
      Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
      X-XSS-Protection: 1; mode=block
      X-Content-Type-Options: nosniff
    • flag-us
      DNS
      android.apis.google.com
      Remote address:
      1.1.1.1:53
      Request
      android.apis.google.com
      IN A
      Response
      android.apis.google.com
      IN CNAME
      clients.l.google.com
      clients.l.google.com
      IN A
      216.58.213.14
    • 216.58.204.74:443
      semanticlocation-pa.googleapis.com
      tls
      1.8kB
       6.3kB
       12
      13
    • 172.67.133.28:443
      https://stats.coronalabs.com/analytics/device/v1
      tls, http
      1.1kB
       6.1kB
       8
      9

      HTTP Request

      POST https://stats.coronalabs.com/analytics/device/v1

      HTTP Response

      200
    • 87.248.114.11:443
      https://data.flurry.com/aap.do
      tls, http
      2.2kB
       6.3kB
       13
      13

      HTTP Request

      POST https://data.flurry.com/aap.do

      HTTP Response

      200

      HTTP Request

      POST https://data.flurry.com/aap.do

      HTTP Response

      200
    • 216.58.201.110:443
      tls, https
      858 B
       40 B
       1
      1
    • 216.58.213.14:443
      android.apis.google.com
      tls
      4.7kB
       8.8kB
       14
      21
    • 224.0.0.251:5353
      3.7kB
       11
    • 1.1.1.1:53
      semanticlocation-pa.googleapis.com
      dns
      80 B
       304 B
       1
      1

      DNS Request

      semanticlocation-pa.googleapis.com

      DNS Response

      216.58.204.74
      142.250.200.10
      142.250.187.234
      142.250.179.234
      142.250.200.42
      142.250.178.10
      216.58.213.10
      216.58.212.234
      172.217.16.234
      216.58.201.106
      172.217.169.74
      172.217.169.42
      142.250.180.10
      142.250.187.202

    • 1.1.1.1:53
      stats.coronalabs.com
      dns
      66 B
       98 B
       1
      1

      DNS Request

      stats.coronalabs.com

      DNS Response

      172.67.133.28
      104.21.13.209

    • 1.1.1.1:53
      data.flurry.com
      dns
      61 B
       138 B
       1
      1

      DNS Request

      data.flurry.com

      DNS Response

      87.248.114.11
      87.248.114.12

    • 1.1.1.1:53
      android.apis.google.com
      dns
      69 B
       109 B
       1
      1

      DNS Request

      android.apis.google.com

      DNS Response

      216.58.213.14

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.nobstudio.chengshuwan.prisonLifeRPG/cache/.system/.com.coronalabs.corona.analyticsData
      Filesize

      173B

      MD5

      56dbd98690708cc6d7ebf330cc307204

      SHA1

      049772e7288612c92bafac8196548822b05edfcb

      SHA256

      5fe1d497abe4e7353589843a42f7e2d5ff0b2952d677e4af51a1b2c88d0850bc

      SHA512

      a4fbff0e7c40446bca610dfb2a78902b330a888e469c88708467164cac877b2f7d1d143c8d1aa9981c8a2aed459c8e1cbac58f284bb7e3c61640911d40c8770a

      Download Submit

    • /data/data/com.nobstudio.chengshuwan.prisonLifeRPG/cache/.system/.com.coronalabs.corona.analyticsData
      Filesize

      2B

      MD5

      d751713988987e9331980363e24189ce

      SHA1

      97d170e1550eee4afc0af065b78cda302a97674c

      SHA256

      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

      SHA512

      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

      Download Submit

    • /data/data/com.nobstudio.chengshuwan.prisonLifeRPG/files/.FlurrySenderIndex.info.AnalyticsData_72YBXMB4B5KVFF78C34Q_171
      Filesize

      42B

      MD5

      ebdd21ca6db9ca79f6634313aaeb25c9

      SHA1

      cb56d5291c67f5656038b4de3b32e725fc138c5d

      SHA256

      308be59dd7269de883cb533d6f90b54bb182c958744f5b5e65865e7c1f7777b7

      SHA512

      bcbc129ce0c8ac422df93b6c53dc9b04d4046aa2dc9d7ad88d2e16abb79add6a5857a5fa70412eee6571d57f50d46ee3ec0ed5b49baf294496694feea38dd1fd

      Download Submit

    • /data/data/com.nobstudio.chengshuwan.prisonLifeRPG/files/.FlurrySenderIndex.info.AnalyticsData_72YBXMB4B5KVFF78C34Q_171
      Filesize

      42B

      MD5

      25cb4db2064aa65cc04dffffd925e11f

      SHA1

      6ddb6937ff2732930dbd57a1c78720849c3b78f1

      SHA256

      2a3b020134080456ee65b231e0c1717bc1cab3502aa61182876329887572af26

      SHA512

      b6189f33e5b33e442ea453b46cb1955d38921d68dd3e88f57a828c308e9093ce42aabf1d3bfa2ae10eee04bc7b279d6b9b97291a3de96978691de8c271f9814e

      Download Submit

    • /data/data/com.nobstudio.chengshuwan.prisonLifeRPG/files/.FlurrySenderIndex.info.AnalyticsMain
      Filesize

      44B

      MD5

      e2d1ede5d0f718754bdbc3cc36a94a3f

      SHA1

      d29512a2af785818e208134b20e5a441dd1a6f00

      SHA256

      237cbfab4068484f57d26f74a0c7ae3d6a2d47d08b8399e87bb19452e77bb66e

      SHA512

      ff37850b16737041151863703040e07fa84ed60ed4ca4d38a286887247bc0a0b1188650916f2d25cfc5a8a60d9a23cd0cb15625f5aae3d4382e3ea994fff88dc

      Download Submit

    • /data/data/com.nobstudio.chengshuwan.prisonLifeRPG/files/.flurryagent.-40460489
      Filesize

      58B

      MD5

      c40c69b902a5742df6f5be3e1805d28a

      SHA1

      119802827c9e34475c6494dcc4a31f8b1ea27271

      SHA256

      31ba3dac4f1a9f009876a88676110be6d809b789ddf94ea210411a9c0c3f924c

      SHA512

      85f7d555cbb1c1852d0d1cd7aab734152004bde645cc036201d827a2730138ef01e3e57c70724261d6add711238bad2e1ca141bab38122ddd8044dd8622784bd

      Download Submit

    • /data/data/com.nobstudio.chengshuwan.prisonLifeRPG/files/.flurryagent.-40460489
      Filesize

      152B

      MD5

      12f1d60149dc9d519fb99e19b9f889a5

      SHA1

      f7c1fe4b73dd68671a6b0adc51f9c252f7b9028a

      SHA256

      75f5cbea8a309b8e9c0c9afc747aed71a08bbf5b82c2f4820684eecaac9262a3

      SHA512

      7aa50562269a4a7e58e8b4d63611434f256e3a14bfd36b70272272f0990fa96c0b5f8051e615933223180acb89c9dafac355a77a807489b35361cce8a6056d2c

      Download Submit

    • /data/data/com.nobstudio.chengshuwan.prisonLifeRPG/files/.flurryagent.-40460489
      Filesize

      58B

      MD5

      6e09e1d9b85f2177bf9c67c052c28a30

      SHA1

      48f6db429d6be5e7f460f5b72ff3c1d060e003c6

      SHA256

      57e0a5811a2798f696a7b6ee37d60e57d748a41d62f51856b481099720c7020a

      SHA512

      8c4fbea3f29fac898a567c049c3e99a73da6167ac4071cf05693fb936960772d1c351f0b634e4101b59a04a401e6fcf62d3053620bedd7cdc6c05ab991c22321

      Download Submit

    • /data/data/com.nobstudio.chengshuwan.prisonLifeRPG/files/.flurrydatasenderblock.0e27a467-cfb2-4c61-943a-eeb029e722a7
      Filesize

      396B

      MD5

      8f3da316f69c29465bf0d6b43c6f1b01

      SHA1

      36ee5d4a420809a85905238b837a5acc50a8195b

      SHA256

      4a9b38e164c6674b29f88b949b1a465f58f6408ab808b1574eb9b24a498c0158

      SHA512

      d8c65d98996ab3042b2392c6a4787319acddfea0fc435ebce6ee11a70fa86f0c80417986013e2df3798c98e3dc03206a9a88ebda502fa018f99d92a1e6fbeff7

      Download Submit

    • /data/data/com.nobstudio.chengshuwan.prisonLifeRPG/files/.flurrydatasenderblock.576aab1a-1b0a-4b21-a3a0-1b4a85ad47fc
      Filesize

      304B

      MD5

      99a7015a37e4e75041eb498af8b31e7e

      SHA1

      319ddccd0b79b99745fe6ba988626557e2c1f098

      SHA256

      83a88b0a26b1882f24aafb34a12b16d116ede330ac69dcb3e390a4d432ca7a70

      SHA512

      555f1749dfe8b91af794bcfd1e8822247263aa10aa0672f58e78bdbf6063d87118cc306a76f8fdaca8107cd368423d6f93c7cacdf619990d463d270335e80738

      Download Submit

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.