Analysis
-
max time kernel
4033802s -
max time network
139s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system -
submitted
28/12/2023, 23:21 UTC
Static task
static1
Behavioral task
behavioral1
Sample
ff88655c7078c46852e0e758ffa2bdeb.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
ff88655c7078c46852e0e758ffa2bdeb.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
ff88655c7078c46852e0e758ffa2bdeb.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
ff88655c7078c46852e0e758ffa2bdeb.apk
-
Size
516KB
-
MD5
ff88655c7078c46852e0e758ffa2bdeb
-
SHA1
f1a06231c59346d1d4a6f170973457cdb3e05ef5
-
SHA256
c57d7db302de417c7d444478379cbf5c70e3ff839a9fc7a1bd844f087acf49b2
-
SHA512
5d073e5095f968a611d46896ef59fa977e86d7a28ccac76a5b7d95544a4bbd6ad266fc024f861f980d580f7ca69c7e3c7a910258bcaef8ceeee8ef57a0ab9fd3
-
SSDEEP
12288:KdNevVTX89hc6pMbgztokQ7903pcClHaWpHM4ai9aKhTY:KdAvJapMbgibB057dM4j9ay0
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
description ioc Process Framework service call android.content.pm.IPackageManager.getInstalledApplications com.g365.accelerate
Processes
Network
-
Remote address:1.1.1.1:53Requestcp.g365.cnIN AResponsecp.g365.cnIN CNAME365yz.365-yz.com365yz.365-yz.comIN A154.211.12.106
-
GEThttp://cp.g365.cn/register.php?code=pDMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRlmJwRemote address:154.211.12.106:80RequestGET /register.php?code=pDMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRlmJw HTTP/1.1
Host: cp.g365.cn
Connection: Keep-Alive
User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
ResponseHTTP/1.1 404 Not Found
Date: Tue, 09 Jan 2024 22:51:45 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
-
GEThttp://cp.g365.cn/register.php?code=jNMDAwMDN8NTAwMDF8bnVsbHxudWxsfFBpeGVsIDJ8MzIwKjU5MnwxMXwwfDEuNC4zfDE0M3wyoTbRemote address:154.211.12.106:80RequestGET /register.php?code=jNMDAwMDN8NTAwMDF8bnVsbHxudWxsfFBpeGVsIDJ8MzIwKjU5MnwxMXwwfDEuNC4zfDE0M3wyoTb HTTP/1.1
Host: cp.g365.cn
Connection: Keep-Alive
User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
ResponseHTTP/1.1 404 Not Found
Date: Tue, 09 Jan 2024 22:51:45 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.178.14
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN A
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A216.58.201.104
-
GEThttp://cp.g365.cn/register.php?code=qyMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRl4KaRemote address:154.211.12.106:80RequestGET /register.php?code=qyMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRl4Ka HTTP/1.1
Host: cp.g365.cn
Connection: Keep-Alive
User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
ResponseHTTP/1.1 404 Not Found
Date: Tue, 09 Jan 2024 22:51:47 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
-
GEThttp://cp.g365.cn/register.php?code=FxMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRlUHgRemote address:154.211.12.106:80RequestGET /register.php?code=FxMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRlUHg HTTP/1.1
Host: cp.g365.cn
Connection: Keep-Alive
User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
ResponseHTTP/1.1 404 Not Found
Date: Tue, 09 Jan 2024 22:51:47 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
-
Remote address:154.211.12.106:80RequestGET /icon.php?userid=-1&product=00003 HTTP/1.1
Host: cp.g365.cn
Connection: Keep-Alive
User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
ResponseHTTP/1.1 404 Not Found
Date: Tue, 09 Jan 2024 22:51:47 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
-
Remote address:154.211.12.106:80RequestGET /announce.php?userid=-1&product=00003 HTTP/1.1
Host: cp.g365.cn
Connection: Keep-Alive
User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
ResponseHTTP/1.1 404 Not Found
Date: Tue, 09 Jan 2024 22:51:47 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
-
154.211.12.106:80http://cp.g365.cn/register.php?code=pDMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRlmJwhttp677 B 510 B 8 4
HTTP Request
GET http://cp.g365.cn/register.php?code=pDMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRlmJwHTTP Response
404 -
154.211.12.106:80http://cp.g365.cn/register.php?code=jNMDAwMDN8NTAwMDF8bnVsbHxudWxsfFBpeGVsIDJ8MzIwKjU5MnwxMXwwfDEuNC4zfDE0M3wyoTbhttp797 B 715 B 10 9
HTTP Request
GET http://cp.g365.cn/register.php?code=jNMDAwMDN8NTAwMDF8bnVsbHxudWxsfFBpeGVsIDJ8MzIwKjU5MnwxMXwwfDEuNC4zfDE0M3wyoTbHTTP Response
404 -
1.5kB 40 B 1 1
-
1.5kB 40 B 1 1
-
1.3kB 5.9kB 9 9
-
154.211.12.106:80http://cp.g365.cn/register.php?code=qyMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRl4Kahttp625 B 562 B 7 5
HTTP Request
GET http://cp.g365.cn/register.php?code=qyMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRl4KaHTTP Response
404 -
154.211.12.106:80http://cp.g365.cn/register.php?code=FxMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRlUHghttp625 B 562 B 7 5
HTTP Request
GET http://cp.g365.cn/register.php?code=FxMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRlUHgHTTP Response
404 -
582 B 856 B 8 5
HTTP Request
GET http://cp.g365.cn/icon.php?userid=-1&product=00003HTTP Response
404 -
586 B 856 B 8 5
HTTP Request
GET http://cp.g365.cn/announce.php?userid=-1&product=00003HTTP Response
404 -
5.7kB 8.6kB 23 20
-
929 B 40 B 2 1
-
11.9kB 12.1kB 33 33
-
1.5kB 4.7kB 9 8
-
1.4kB 4.7kB 8 7
-
3.7kB 11
-
408 B 50 B 8 1
-
51 B 50 B 1 1
-
56 B 102 B 1 1
DNS Request
cp.g365.cn
DNS Response
154.211.12.106
-
138 B 109 B 2 1
DNS Request
android.apis.google.com
DNS Request
android.apis.google.com
DNS Response
142.250.178.14
-
70 B 86 B 1 1
DNS Request
ssl.google-analytics.com
DNS Response
216.58.201.104