Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    116s
  • max time network
    129s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    09/03/2024, 20:13 UTC

General

  • Target

    https://e-z.bio/vojtax

Score
7/10

Malware Config

Signatures

  • Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs

Processes

  • com.android.chrome
    1⤵
    • Reads the content of photos stored on the user's device.
    PID:5023

Network

  • flag-us
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
    Response
    accounts.google.com
    IN A
    173.194.76.84
  • flag-us
    DNS
    e-z.bio
    Remote address:
    1.1.1.1:53
    Request
    e-z.bio
    IN A
    Response
    e-z.bio
    IN A
    104.26.11.196
    e-z.bio
    IN A
    172.67.74.119
    e-z.bio
    IN A
    104.26.10.196
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    216.58.212.200
  • flag-us
    DNS
    safebrowsing.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    safebrowsing.googleapis.com
    IN A
    Response
    safebrowsing.googleapis.com
    IN A
    172.217.16.234
  • flag-us
    DNS
    safebrowsing.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    safebrowsing.googleapis.com
    IN A
  • flag-us
    DNS
    r2-bios.e-z.host
    Remote address:
    1.1.1.1:53
    Request
    r2-bios.e-z.host
    IN A
  • flag-us
    DNS
    r2-bios.e-z.host
    Remote address:
    1.1.1.1:53
    Request
    r2-bios.e-z.host
    IN A
    Response
    r2-bios.e-z.host
    IN A
    172.67.216.169
    r2-bios.e-z.host
    IN A
    104.21.45.167
  • flag-us
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.178.4
  • flag-us
    DNS
    update.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    update.googleapis.com
    IN A
    Response
    update.googleapis.com
    IN A
    142.250.200.3
  • flag-gb
    POST
    https://update.googleapis.com/service/update2
    Remote address:
    142.250.200.3:443
    Request
    POST /service/update2 HTTP/1.1
    Content-Length: 661
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: update.googleapis.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Content-Security-Policy: script-src 'report-sample' 'nonce-KLLqDeSs9WOumhpGwwD9Rw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Sat, 09 Mar 2024 20:14:17 GMT
    Content-Type: text/xml; charset=UTF-8
    X-Daynum: 6277
    X-Daystart: 44057
    Content-Encoding: gzip
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    X-XSS-Protection: 1; mode=block
    Server: GSE
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    POST
    https://update.googleapis.com/service/update2
    Remote address:
    142.250.200.3:443
    Request
    POST /service/update2 HTTP/1.1
    Content-Length: 655
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: update.googleapis.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Content-Security-Policy: script-src 'report-sample' 'nonce-XrAyyBSerzTWeCpRznLDaw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Sat, 09 Mar 2024 20:14:18 GMT
    Content-Type: text/xml; charset=UTF-8
    X-Daynum: 6277
    X-Daystart: 44058
    Content-Encoding: gzip
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    X-XSS-Protection: 1; mode=block
    Server: GSE
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-us
    DNS
    cotpqpkgiqdw
    Remote address:
    1.1.1.1:53
    Request
    cotpqpkgiqdw
    IN A
    Response
  • flag-us
    DNS
    ubgwoiignsslzzw
    Remote address:
    1.1.1.1:53
    Request
    ubgwoiignsslzzw
    IN A
    Response
  • flag-us
    DNS
    zosikfowofnnhkw
    Remote address:
    1.1.1.1:53
    Request
    zosikfowofnnhkw
    IN A
    Response
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.187.206
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.187.228
  • 173.194.76.84:443
    accounts.google.com
    tls
    2.1kB
    7.6kB
    18
    13
  • 104.26.11.196:443
    e-z.bio
    tls
    8.1kB
    282.9kB
    118
    211
  • 104.26.11.196:443
    e-z.bio
    tls
    987 B
    940 B
    7
    4
  • 216.58.212.200:443
    ssl.google-analytics.com
    tls
    2.2kB
    6.0kB
    10
    7
  • 104.26.11.196:443
    e-z.bio
    tls
    953 B
    4.4kB
    7
    6
  • 172.67.216.169:443
    r2-bios.e-z.host
    tls
    1.8kB
    1.0kB
    11
    5
  • 172.67.216.169:443
    r2-bios.e-z.host
    tls
    1.7kB
    8.4kB
    13
    15
  • 142.250.178.4:443
    www.google.com
    tls
    2.2kB
    11.3kB
    19
    20
  • 142.250.200.3:443
    https://update.googleapis.com/service/update2
    tls, http
    4.1kB
    8.5kB
    14
    15

    HTTP Request

    POST https://update.googleapis.com/service/update2

    HTTP Response

    200

    HTTP Request

    POST https://update.googleapis.com/service/update2

    HTTP Response

    200
  • 142.250.180.10:443
    tls, https
    128 B
    40 B
    2
    1
  • 142.250.178.14:443
    tls, https
    857 B
    40 B
    1
    1
  • 142.250.187.206:443
    android.apis.google.com
    tls
    3.7kB
    7.9kB
    12
    18
  • 216.58.204.68:443
    tls, https
    430 B
    40 B
    2
    1
  • 142.250.187.228:443
    www.google.com
    tls
    12.3kB
    9.6kB
    27
    30
  • 216.58.201.106:443
    tls, https
    3.6kB
    40 B
    3
    1
  • 224.0.0.251:5353
    3.7kB
    11
  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
    81 B
    1
    1

    DNS Request

    accounts.google.com

    DNS Response

    173.194.76.84

  • 1.1.1.1:53
    e-z.bio
    dns
    53 B
    101 B
    1
    1

    DNS Request

    e-z.bio

    DNS Response

    104.26.11.196
    172.67.74.119
    104.26.10.196

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
    86 B
    1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    216.58.212.200

  • 1.1.1.1:53
    safebrowsing.googleapis.com
    dns
    146 B
    89 B
    2
    1

    DNS Request

    safebrowsing.googleapis.com

    DNS Request

    safebrowsing.googleapis.com

    DNS Response

    172.217.16.234

  • 1.1.1.1:53
    r2-bios.e-z.host
    dns
    62 B
    1

    DNS Request

    r2-bios.e-z.host

  • 1.1.1.1:53
    r2-bios.e-z.host
    dns
    62 B
    94 B
    1
    1

    DNS Request

    r2-bios.e-z.host

    DNS Response

    172.67.216.169
    104.21.45.167

  • 1.1.1.1:53
    www.google.com
    dns
    60 B
    76 B
    1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.178.4

  • 1.1.1.1:53
    update.googleapis.com
    dns
    67 B
    83 B
    1
    1

    DNS Request

    update.googleapis.com

    DNS Response

    142.250.200.3

  • 1.1.1.1:53
    cotpqpkgiqdw
    dns
    58 B
    133 B
    1
    1

    DNS Request

    cotpqpkgiqdw

  • 1.1.1.1:53
    ubgwoiignsslzzw
    dns
    61 B
    136 B
    1
    1

    DNS Request

    ubgwoiignsslzzw

  • 1.1.1.1:53
    zosikfowofnnhkw
    dns
    61 B
    136 B
    1
    1

    DNS Request

    zosikfowofnnhkw

  • 1.1.1.1:53
    android.apis.google.com
    dns
    138 B
    109 B
    2
    1

    DNS Request

    android.apis.google.com

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.187.206

  • 1.1.1.1:53
    www.google.com
    dns
    60 B
    76 B
    1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.187.228

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • files/dom-0.html

    Filesize

    6KB

    MD5

    2debd58b21acefa88d0ee9af317eb693

    SHA1

    b5c28117cb2c594b1a9e898aff5a705652096032

    SHA256

    0136028f79df96b782c5daf302fc8e927d7269ef49f8fcabacba20cd22d9250c

    SHA512

    593e8c4fe2c5a8bd311c90a266910f1c37087caaa7256e62414337b54a33a18c8d4e85f99c17b0522154a59e5afc2cd35fa89a85f62e273400d6db1e71dda3dc

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.