Overview

overview

8

Static

static

6

ff88655c70...eb.apk

android-9-x86

8

ff88655c70...eb.apk

android-10-x64

8

ff88655c70...eb.apk

android-11-x64

8

Analysis

  • max time kernel
    4033802s
  • max time network
    139s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    28/12/2023, 23:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ff88655c7078c46852e0e758ffa2bdeb.apk

  • Size

    516KB

  • MD5

    ff88655c7078c46852e0e758ffa2bdeb

  • SHA1

    f1a06231c59346d1d4a6f170973457cdb3e05ef5

  • SHA256

    c57d7db302de417c7d444478379cbf5c70e3ff839a9fc7a1bd844f087acf49b2

  • SHA512

    5d073e5095f968a611d46896ef59fa977e86d7a28ccac76a5b7d95544a4bbd6ad266fc024f861f980d580f7ca69c7e3c7a910258bcaef8ceeee8ef57a0ab9fd3

  • SSDEEP

    12288:KdNevVTX89hc6pMbgztokQ7903pcClHaWpHM4ai9aKhTY:KdAvJapMbgibB057dM4j9ay0

Score
8/10
banker

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
    banker

Processes

  • com.g365.accelerate
    1⤵
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    PID:4632

Network

  • flag-us
    DNS
    cp.g365.cn
    Remote address:
    1.1.1.1:53
    Request
    cp.g365.cn
    IN A
    Response
    cp.g365.cn
    IN CNAME
    365yz.365-yz.com
    365yz.365-yz.com
    IN A
    154.211.12.106
  • flag-hk
    GET
    http://cp.g365.cn/register.php?code=pDMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRlmJw
    Remote address:
    154.211.12.106:80
    Request
    GET /register.php?code=pDMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRlmJw HTTP/1.1
    Host: cp.g365.cn
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Tue, 09 Jan 2024 22:51:45 GMT
    Content-Type: text/html
    Content-Length: 146
    Connection: keep-alive
  • flag-hk
    GET
    http://cp.g365.cn/register.php?code=jNMDAwMDN8NTAwMDF8bnVsbHxudWxsfFBpeGVsIDJ8MzIwKjU5MnwxMXwwfDEuNC4zfDE0M3wyoTb
    Remote address:
    154.211.12.106:80
    Request
    GET /register.php?code=jNMDAwMDN8NTAwMDF8bnVsbHxudWxsfFBpeGVsIDJ8MzIwKjU5MnwxMXwwfDEuNC4zfDE0M3wyoTb HTTP/1.1
    Host: cp.g365.cn
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Tue, 09 Jan 2024 22:51:45 GMT
    Content-Type: text/html
    Content-Length: 146
    Connection: keep-alive
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.178.14
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    216.58.201.104
  • flag-hk
    GET
    http://cp.g365.cn/register.php?code=qyMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRl4Ka
    Remote address:
    154.211.12.106:80
    Request
    GET /register.php?code=qyMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRl4Ka HTTP/1.1
    Host: cp.g365.cn
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Tue, 09 Jan 2024 22:51:47 GMT
    Content-Type: text/html
    Content-Length: 146
    Connection: keep-alive
  • flag-hk
    GET
    http://cp.g365.cn/register.php?code=FxMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRlUHg
    Remote address:
    154.211.12.106:80
    Request
    GET /register.php?code=FxMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRlUHg HTTP/1.1
    Host: cp.g365.cn
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Tue, 09 Jan 2024 22:51:47 GMT
    Content-Type: text/html
    Content-Length: 146
    Connection: keep-alive
  • flag-hk
    GET
    http://cp.g365.cn/icon.php?userid=-1&product=00003
    Remote address:
    154.211.12.106:80
    Request
    GET /icon.php?userid=-1&product=00003 HTTP/1.1
    Host: cp.g365.cn
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Tue, 09 Jan 2024 22:51:47 GMT
    Content-Type: text/html
    Content-Length: 146
    Connection: keep-alive
  • flag-hk
    GET
    http://cp.g365.cn/announce.php?userid=-1&product=00003
    Remote address:
    154.211.12.106:80
    Request
    GET /announce.php?userid=-1&product=00003 HTTP/1.1
    Host: cp.g365.cn
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Tue, 09 Jan 2024 22:51:47 GMT
    Content-Type: text/html
    Content-Length: 146
    Connection: keep-alive
  • 154.211.12.106:80
    http://cp.g365.cn/register.php?code=pDMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRlmJw
    http
    677 B
     510 B
     8
    4

    HTTP Request

    GET http://cp.g365.cn/register.php?code=pDMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRlmJw

    HTTP Response

    404
  • 154.211.12.106:80
    http://cp.g365.cn/register.php?code=jNMDAwMDN8NTAwMDF8bnVsbHxudWxsfFBpeGVsIDJ8MzIwKjU5MnwxMXwwfDEuNC4zfDE0M3wyoTb
    http
    797 B
     715 B
     10
    9

    HTTP Request

    GET http://cp.g365.cn/register.php?code=jNMDAwMDN8NTAwMDF8bnVsbHxudWxsfFBpeGVsIDJ8MzIwKjU5MnwxMXwwfDEuNC4zfDE0M3wyoTb

    HTTP Response

    404
  • 142.250.178.14:443
    tls, https
    1.5kB
     40 B
     1
    1
  • 142.250.178.14:443
    tls, https
    1.5kB
     40 B
     1
    1
  • 216.58.201.104:443
    ssl.google-analytics.com
    tls
    1.3kB
     5.9kB
     9
    9
  • 154.211.12.106:80
    http://cp.g365.cn/register.php?code=qyMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRl4Ka
    http
    625 B
     562 B
     7
    5

    HTTP Request

    GET http://cp.g365.cn/register.php?code=qyMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRl4Ka

    HTTP Response

    404
  • 154.211.12.106:80
    http://cp.g365.cn/register.php?code=FxMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRlUHg
    http
    625 B
     562 B
     7
    5

    HTTP Request

    GET http://cp.g365.cn/register.php?code=FxMDAwMDN8NTAwMDF8MDI6MDA6MDA6MDA6MDA6MDB8bnVsbHxQaXhlbCAyfDMyMCo1OTJ8MTF8MHwxLjQuM3wxNDN8MXxjb20uZzM2NS5hY2NlbGVyYXRlUHg

    HTTP Response

    404
  • 154.211.12.106:80
    http://cp.g365.cn/icon.php?userid=-1&product=00003
    http
    582 B
     856 B
     8
    5

    HTTP Request

    GET http://cp.g365.cn/icon.php?userid=-1&product=00003

    HTTP Response

    404
  • 154.211.12.106:80
    http://cp.g365.cn/announce.php?userid=-1&product=00003
    http
    586 B
     856 B
     8
    5

    HTTP Request

    GET http://cp.g365.cn/announce.php?userid=-1&product=00003

    HTTP Response

    404
  • 142.250.178.14:443
    android.apis.google.com
    tls
    5.7kB
     8.6kB
     23
    20
  • 142.250.178.4:443
    tls, https
    929 B
     40 B
     2
    1
  • 142.250.178.4:443
    www.google.com
    tls
    11.9kB
     12.1kB
     33
    33
  • 142.250.178.4:443
    www.google.com
    tls
    1.5kB
     4.7kB
     9
    8
  • 142.250.178.4:443
    www.google.com
    tls
    1.4kB
     4.7kB
     8
    7
  • 224.0.0.251:5353
    3.7kB
     11
  • 142.250.187.234:443
    https
    408 B
     50 B
     8
    1
  • 142.250.200.46:443
    https
    51 B
     50 B
     1
    1
  • 1.1.1.1:53
    cp.g365.cn
    dns
    56 B
     102 B
     1
    1

    DNS Request

    cp.g365.cn

    DNS Response

    154.211.12.106

  • 1.1.1.1:53
    android.apis.google.com
    dns
    138 B
     109 B
     2
    1

    DNS Request

    android.apis.google.com

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.178.14

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    216.58.201.104

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.