Overview

overview

10

Static

static

10

93a6d1ee5f...1d.apk

android-9-x86

1

93a6d1ee5f...1d.apk

android-10-x64

1

93a6d1ee5f...1d.apk

android-11-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    139s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    06/02/2024, 02:58 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    93a6d1ee5fe2b32a2a6815c27353351d.apk

  • Size

    8.3MB

  • MD5

    93a6d1ee5fe2b32a2a6815c27353351d

  • SHA1

    4b7dc401dea4389b940b6d36c9a249bb653bed0f

  • SHA256

    523e22ea51351b043fd3c1d2c178db8cc36032dee85d724db2116809e2e8fad3

  • SHA512

    19656ab145aeb322be8a0ccf143f21646dacbf85622e8b99e25e06e23d59864eff6110da86bbc9bc1720a5ffd9110ecc53217a41f0462f43e2565d676506e45a

  • SSDEEP

    196608:rgrcC++OI4pVby9wlpRvSjztDubR7rf0JmlYB:srcC+nJ29wpajYbFoUc

Score
1/10

Malware Config

Signatures

Processes

  • com.cyberdynelabs.fstravelzone
    1⤵
      PID:4246

    Network

    • flag-us
      DNS
      maps.googleapis.com
      Remote address:
      1.1.1.1:53
      Request
      maps.googleapis.com
      IN A
      Response
      maps.googleapis.com
      IN A
      142.250.187.234
      maps.googleapis.com
      IN A
      172.217.169.10
      maps.googleapis.com
      IN A
      142.250.180.10
      maps.googleapis.com
      IN A
      142.250.200.10
      maps.googleapis.com
      IN A
      216.58.212.202
      maps.googleapis.com
      IN A
      172.217.16.234
      maps.googleapis.com
      IN A
      216.58.204.74
      maps.googleapis.com
      IN A
      142.250.178.10
      maps.googleapis.com
      IN A
      142.250.179.234
      maps.googleapis.com
      IN A
      216.58.201.106
      maps.googleapis.com
      IN A
      142.250.200.42
      maps.googleapis.com
      IN A
      142.250.187.202
      maps.googleapis.com
      IN A
      216.58.213.10
    • flag-gb
      GET
      http://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700|Roboto:300,400,500,700|Playfair+Display:400italic
      Remote address:
      142.250.187.202:80
      Request
      GET /css?family=Source+Sans+Pro:300,400,600,700|Roboto:300,400,500,700|Playfair+Display:400italic HTTP/1.1
      Host: fonts.googleapis.com
      Connection: keep-alive
      User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
      Accept: text/css,*/*;q=0.1
      Accept-Encoding: gzip, deflate
      Accept-Language: en-US
      X-Requested-With: com.cyberdynelabs.fstravelzone
      Response
      HTTP/1.1 200 OK
      Content-Type: text/css; charset=utf-8
      Access-Control-Allow-Origin: *
      Timing-Allow-Origin: *
      Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
      Expires: Tue, 06 Feb 2024 02:59:02 GMT
      Date: Tue, 06 Feb 2024 02:59:02 GMT
      Cache-Control: private, max-age=86400, stale-while-revalidate=604800
      Last-Modified: Tue, 06 Feb 2024 02:59:02 GMT
      Cross-Origin-Opener-Policy: same-origin-allow-popups
      Cross-Origin-Resource-Policy: cross-origin
      Content-Encoding: gzip
      Transfer-Encoding: chunked
      Server: ESF
      X-XSS-Protection: 0
      X-Frame-Options: SAMEORIGIN
      X-Content-Type-Options: nosniff
    • flag-gb
      GET
      http://fonts.gstatic.com/s/playfairdisplay/v37/nuFRD-vYSZviVYUb_rj3ij__anPXDTnCjmHKM4nYO7KN_qiTXtHA-X-oE0o.woff2
      Remote address:
      216.58.201.99:80
      Request
      GET /s/playfairdisplay/v37/nuFRD-vYSZviVYUb_rj3ij__anPXDTnCjmHKM4nYO7KN_qiTXtHA-X-oE0o.woff2 HTTP/1.1
      Host: fonts.gstatic.com
      Connection: keep-alive
      Origin: null
      User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
      Accept: */*
      Referer: http://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700|Roboto:300,400,500,700|Playfair+Display:400italic
      Accept-Encoding: gzip, deflate
      Accept-Language: en-US
      X-Requested-With: com.cyberdynelabs.fstravelzone
      Response
      HTTP/1.1 200 OK
      Accept-Ranges: bytes
      Access-Control-Allow-Origin: *
      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
      Cross-Origin-Resource-Policy: cross-origin
      Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
      Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
      Timing-Allow-Origin: *
      Content-Length: 21876
      X-Content-Type-Options: nosniff
      Server: sffe
      X-XSS-Protection: 0
      Date: Sat, 03 Feb 2024 19:16:41 GMT
      Expires: Sun, 02 Feb 2025 19:16:41 GMT
      Cache-Control: public, max-age=31536000
      Last-Modified: Wed, 31 Jan 2024 23:15:14 GMT
      Content-Type: font/woff2
      Age: 200542
    • flag-gb
      GET
      http://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu3cOWxw.woff2
      Remote address:
      216.58.201.99:80
      Request
      GET /s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu3cOWxw.woff2 HTTP/1.1
      Host: fonts.gstatic.com
      Connection: keep-alive
      Origin: null
      User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
      Accept: */*
      Referer: http://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700|Roboto:300,400,500,700|Playfair+Display:400italic
      Accept-Encoding: gzip, deflate
      Accept-Language: en-US
      X-Requested-With: com.cyberdynelabs.fstravelzone
      Response
      HTTP/1.1 200 OK
      Accept-Ranges: bytes
      Access-Control-Allow-Origin: *
      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
      Cross-Origin-Resource-Policy: cross-origin
      Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
      Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
      Timing-Allow-Origin: *
      Content-Length: 14780
      X-Content-Type-Options: nosniff
      Server: sffe
      X-XSS-Protection: 0
      Date: Fri, 02 Feb 2024 21:55:15 GMT
      Expires: Sat, 01 Feb 2025 21:55:15 GMT
      Cache-Control: public, max-age=31536000
      Last-Modified: Thu, 01 Jun 2023 22:52:56 GMT
      Content-Type: font/woff2
      Age: 277428
    • flag-us
      DNS
      android.apis.google.com
      Remote address:
      1.1.1.1:53
      Request
      android.apis.google.com
      IN A
      Response
      android.apis.google.com
      IN CNAME
      clients.l.google.com
      clients.l.google.com
      IN A
      216.58.213.14
    • 142.250.187.234:443
      maps.googleapis.com
      tls
      2.6kB
       73.6kB
       36
      58
    • 142.250.187.202:80
      http://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700|Roboto:300,400,500,700|Playfair+Display:400italic
      http
      748 B
       2.1kB
       5
      5

      HTTP Request

      GET http://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700|Roboto:300,400,500,700|Playfair+Display:400italic

      HTTP Response

      200
    • 216.58.201.99:80
      http://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu3cOWxw.woff2
      http
      2.4kB
       39.7kB
       24
      29

      HTTP Request

      GET http://fonts.gstatic.com/s/playfairdisplay/v37/nuFRD-vYSZviVYUb_rj3ij__anPXDTnCjmHKM4nYO7KN_qiTXtHA-X-oE0o.woff2

      HTTP Response

      200

      HTTP Request

      GET http://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu3cOWxw.woff2

      HTTP Response

      200
    • 142.250.200.46:443
      tls, https
      858 B
       40 B
       1
      1
    • 216.58.213.14:443
      android.apis.google.com
      tls
      4.7kB
       8.7kB
       14
      22
    • 142.250.178.10:443
      maps.googleapis.com
      tls, https
      1.2kB
       40 B
       1
      1
    • 224.0.0.251:5353
      3.7kB
       11
    • 1.1.1.1:53
      maps.googleapis.com
      dns
      65 B
       273 B
       1
      1

      DNS Request

      maps.googleapis.com

      DNS Response

      142.250.187.234
      172.217.169.10
      142.250.180.10
      142.250.200.10
      216.58.212.202
      172.217.16.234
      216.58.204.74
      142.250.178.10
      142.250.179.234
      216.58.201.106
      142.250.200.42
      142.250.187.202
      216.58.213.10

    • 1.1.1.1:53
      android.apis.google.com
      dns
      69 B
       109 B
       1
      1

      DNS Request

      android.apis.google.com

      DNS Response

      216.58.213.14

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.