Malware Analysis Report

2024-10-16 05:21

Sample ID 240325-wkbrraef97
Target https://www.mediafire.com/file/eac4inflb7kpkme/ready.apk/file
Tags
spynote banker infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.mediafire.com/file/eac4inflb7kpkme/ready.apk/file was found to be: Known bad.

Malicious Activity Summary

spynote banker infostealer rat trojan

Spynote

Declares services with permission to bind to the system

Requests dangerous framework permissions

Declares broadcast receivers with permission to handle system events

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-03-25 17:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-25 17:58

Reported

2024-03-25 18:02

Platform

android-x64-arm64-20240221-en

Max time kernel

192s

Max time network

212s

Command Line

com.android.chrome

Signatures

Spynote

banker trojan infostealer rat spynote

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE N/A N/A
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards). android.permission.BIND_INPUT_METHOD N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Processes

com.android.chrome

com.android.chrome

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 udp
GB 172.217.169.46:443 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.mediafire.com udp
US 1.1.1.1:53 accounts.google.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
BE 108.177.15.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.mediafire.com udp
US 1.1.1.1:53 accounts.google.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 172.217.16.234:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 the.gatekeeperconsent.com udp
US 172.64.135.21:443 the.gatekeeperconsent.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 btloader.com udp
US 1.1.1.1:53 privacy.gatekeeperconsent.com udp
US 1.1.1.1:53 www.ezojs.com udp
US 172.67.41.60:443 btloader.com tcp
US 172.64.135.21:443 privacy.gatekeeperconsent.com tcp
US 1.1.1.1:53 translate.google.com udp
US 172.64.97.6:443 www.ezojs.com tcp
US 1.1.1.1:53 static.cloudflareinsights.com udp
US 1.1.1.1:53 cdn.amplitude.com udp
US 1.1.1.1:53 static.mediafire.com udp
GB 142.250.179.238:443 translate.google.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
FR 13.224.57.60:443 cdn.amplitude.com tcp
US 1.1.1.1:53 cdn.otnolatrnup.com udp
US 1.1.1.1:53 www.mediafiredls.com udp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.200.14:443 clients1.google.com tcp
US 1.1.1.1:53 api.btloader.com udp
US 1.1.1.1:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 1.1.1.1:53 api.amplitude.com udp
US 1.1.1.1:53 translate.googleapis.com udp
US 54.191.91.13:443 api.amplitude.com tcp
US 1.1.1.1:53 g.ezoic.net udp
FR 15.188.219.54:443 g.ezoic.net tcp
US 1.1.1.1:53 cdn.otnolatrnup.com udp
US 1.1.1.1:53 www.mediafiredls.com udp
US 104.19.214.37:443 cdn.otnolatrnup.com tcp
US 104.26.2.173:443 www.mediafiredls.com tcp
US 1.1.1.1:53 go.ezodn.com udp
US 172.64.175.21:443 go.ezodn.com tcp
US 172.64.175.21:443 go.ezodn.com tcp
US 172.64.175.21:443 go.ezodn.com tcp
US 1.1.1.1:53 g.ezodn.com udp
US 1.1.1.1:53 securepubads.g.doubleclick.net udp
US 1.1.1.1:53 ads.pubmatic.com udp
GB 216.58.212.226:443 securepubads.g.doubleclick.net tcp
GB 2.23.160.192:443 ads.pubmatic.com tcp
US 1.1.1.1:53 stats.g.doubleclick.net udp
BE 74.125.206.157:443 stats.g.doubleclick.net tcp
US 1.1.1.1:53 otnolatrnup.com udp
US 1.1.1.1:53 translate-pa.googleapis.com udp
US 1.1.1.1:53 bshr.ezodn.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 fundingchoicesmessages.google.com udp
GB 142.250.187.206:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 analytics.google.com udp
US 1.1.1.1:53 tags.crwdcntrl.net udp
US 1.1.1.1:53 ad.crwdcntrl.net udp
US 1.1.1.1:53 bcp.crwdcntrl.net udp
US 216.239.38.181:443 analytics.google.com tcp
GB 18.245.143.58:443 tags.crwdcntrl.net tcp
IE 52.211.99.1:443 bcp.crwdcntrl.net tcp
IE 99.80.254.97:443 bcp.crwdcntrl.net tcp
US 1.1.1.1:53 bshr.ezodn.com udp
US 172.64.174.21:443 bshr.ezodn.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 nruhpoyqhwat udp
US 1.1.1.1:53 kqnyofiklsbpyg udp
US 1.1.1.1:53 rbeqhlggseyux udp
GB 142.250.187.206:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 hbopenbid.pubmatic.com udp
US 1.1.1.1:53 htlb.casalemedia.com udp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
FR 15.188.219.54:443 g.ezoic.net tcp
US 1.1.1.1:53 2c694d299d3082a124fe4c05c3f33e0e.safeframe.googlesyndication.com udp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 142.250.179.225:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 cdn.ampproject.org udp
GB 142.250.200.33:443 cdn.ampproject.org tcp
GB 142.250.200.33:443 cdn.ampproject.org tcp
GB 142.250.200.33:443 cdn.ampproject.org tcp
GB 142.250.200.33:443 cdn.ampproject.org tcp
GB 142.250.200.33:443 cdn.ampproject.org tcp
US 1.1.1.1:53 2c694d299d3082a124fe4c05c3f33e0e.safeframe.googlesyndication.com udp
GB 142.250.200.1:443 2c694d299d3082a124fe4c05c3f33e0e.safeframe.googlesyndication.com tcp
US 1.1.1.1:53 redirector.gvt1.com udp
US 1.1.1.1:53 r2---sn-aigl6nz7.gvt1.com udp
GB 74.125.168.103:443 r2---sn-aigl6nz7.gvt1.com tcp
US 1.1.1.1:53 r4---sn-aigl6nzl.gvt1.com udp
GB 74.125.168.169:443 r4---sn-aigl6nzl.gvt1.com tcp
US 1.1.1.1:53 download1514.mediafire.com udp
US 205.196.123.202:443 download1514.mediafire.com tcp
US 205.196.123.202:443 download1514.mediafire.com tcp
US 1.1.1.1:53 r2---sn-aigl6nsd.gvt1.com udp
GB 74.125.105.39:443 r2---sn-aigl6nsd.gvt1.com tcp
US 1.1.1.1:53 xml-v4.trafficmoose.com udp
US 174.137.133.16:80 xml-v4.trafficmoose.com tcp
US 174.137.133.16:80 xml-v4.trafficmoose.com tcp
US 1.1.1.1:53 92274df4b6c58a86fc25e15b21894cdd.safeframe.googlesyndication.com udp
GB 216.58.204.65:443 92274df4b6c58a86fc25e15b21894cdd.safeframe.googlesyndication.com tcp
US 1.1.1.1:53 r5---sn-aigzrn7l.gvt1.com udp
GB 173.194.5.234:443 r5---sn-aigzrn7l.gvt1.com tcp
US 1.1.1.1:53 adserving.unibet.com udp
US 13.107.246.64:443 adserving.unibet.com tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp
US 1.1.1.1:53 r4---sn-aigl6nzk.gvt1.com udp
US 1.1.1.1:53 www.unibet.co.uk udp
MT 85.184.96.0:443 www.unibet.co.uk tcp
US 1.1.1.1:53 welcome.unibet.co.uk udp
US 104.18.43.104:443 welcome.unibet.co.uk tcp
US 1.1.1.1:53 a1s-cdn.unibet.com udp
US 1.1.1.1:53 ajax.googleapis.com udp
US 1.1.1.1:53 use.fontawesome.com udp
MT 85.184.96.5:443 a1s-cdn.unibet.com tcp
US 1.1.1.1:53 a1s.unibet.com udp
US 1.1.1.1:53 use.fontawesome.com udp
US 1.1.1.1:53 use.fontawesome.com udp
GB 74.125.175.105:443 r4---sn-aigl6nzk.gvt1.com tcp
US 1.1.1.1:53 r4---sn-aigl6nzs.gvt1.com udp
GB 74.125.175.73:443 r4---sn-aigl6nzs.gvt1.com tcp
US 1.1.1.1:53 r2---sn-aigl6ns6.gvt1.com udp
GB 74.125.105.7:443 r2---sn-aigl6ns6.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigl6nzr.gvt1.com udp
GB 74.125.175.138:443 r5---sn-aigl6nzr.gvt1.com tcp
US 1.1.1.1:53 r1---sn-aigl6nzl.gvt1.com udp
GB 74.125.168.166:443 r1---sn-aigl6nzl.gvt1.com tcp
US 1.1.1.1:53 use.fontawesome.com udp
US 1.1.1.1:53 connect.facebook.net udp
US 1.1.1.1:53 secure.adnxs.com udp
GB 157.240.221.16:443 connect.facebook.net tcp
DE 37.252.172.123:443 secure.adnxs.com tcp
US 1.1.1.1:53 unibet.co.uk udp
US 1.1.1.1:53 www.facebook.com udp
US 1.1.1.1:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 1.1.1.1:53 use.fontawesome.com udp
US 1.1.1.1:53 use.fontawesome.com udp
US 172.64.207.38:443 use.fontawesome.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.67:443 update.googleapis.com tcp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 1.1.1.1:53 www.mediafire.com udp
US 1.1.1.1:53 accounts.google.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 1.1.1.1:53 www.mediafire.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 1.1.1.1:53 translate.google.com udp
GB 172.217.16.238:443 translate.google.com tcp
US 1.1.1.1:53 g.ezoic.net udp
FR 15.188.219.54:443 g.ezoic.net tcp
US 1.1.1.1:53 btloader.com udp
US 104.22.74.216:443 btloader.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.mediafire.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
US 104.16.113.74:443 www.mediafire.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.mediafire.com udp
BE 74.125.206.84:443 accounts.google.com tcp
US 104.16.113.74:443 www.mediafire.com tcp
US 104.16.113.74:443 www.mediafire.com tcp
US 1.1.1.1:53 translate.google.com udp
US 1.1.1.1:53 btloader.com udp
US 104.22.74.216:443 btloader.com tcp
US 1.1.1.1:53 www.mediafiredls.com udp
US 104.26.3.173:443 www.mediafiredls.com tcp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 1.1.1.1:53 api.amplitude.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.162.174.19:443 api.amplitude.com tcp
US 1.1.1.1:53 g.ezoic.net udp
FR 15.188.219.54:443 g.ezoic.net tcp
US 1.1.1.1:53 ad-delivery.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 1.1.1.1:53 translate.google.com udp
GB 172.217.16.238:443 translate.google.com tcp
US 1.1.1.1:53 download1514.mediafire.com udp
US 205.196.123.202:443 download1514.mediafire.com tcp
US 205.196.123.202:443 download1514.mediafire.com tcp
US 35.162.174.19:443 api.amplitude.com tcp
US 1.1.1.1:53 otnolatrnup.com udp
US 104.19.215.37:443 otnolatrnup.com tcp
US 104.19.215.37:443 otnolatrnup.com tcp
US 1.1.1.1:53 api.btloader.com udp
US 104.19.215.37:443 otnolatrnup.com tcp
US 1.1.1.1:53 stats.g.doubleclick.net udp
BE 74.125.71.156:443 stats.g.doubleclick.net tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 bshr.ezodn.com udp
US 172.64.174.21:443 bshr.ezodn.com tcp
US 1.1.1.1:53 ad.crwdcntrl.net udp
US 1.1.1.1:53 www.google.com udp
IE 52.50.52.56:443 ad.crwdcntrl.net tcp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 api.btloader.com udp
US 172.64.174.21:443 bshr.ezodn.com tcp
US 1.1.1.1:53 translate-pa.googleapis.com udp
US 1.1.1.1:53 fundingchoicesmessages.google.com udp
US 1.1.1.1:53 analytics.google.com udp
GB 142.250.180.14:443 analytics.google.com tcp
US 1.1.1.1:53 hbopenbid.pubmatic.com udp
US 1.1.1.1:53 htlb.casalemedia.com udp
US 1.1.1.1:53 btlr.sharethrough.com udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
DE 18.192.77.154:443 btlr.sharethrough.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 1.1.1.1:53 fundingchoicesmessages.google.com udp
US 1.1.1.1:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 1.1.1.1:53 vxpnhpfrmz udp
US 1.1.1.1:53 cdmlngnv udp
US 1.1.1.1:53 zggapjbsqbts udp
US 1.1.1.1:53 fundingchoicesmessages.google.com udp
GB 216.58.204.78:443 fundingchoicesmessages.google.com tcp
US 172.64.174.21:443 bshr.ezodn.com tcp
US 1.1.1.1:53 fa32312d00b2f3004605bed60a90ec70.safeframe.googlesyndication.com udp
GB 142.250.200.1:443 fa32312d00b2f3004605bed60a90ec70.safeframe.googlesyndication.com tcp
US 1.1.1.1:53 4b7ceb86d69df0f4296c901cb18d485c.safeframe.googlesyndication.com udp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 142.250.179.225:443 tpc.googlesyndication.com tcp
GB 216.58.204.78:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 4b7ceb86d69df0f4296c901cb18d485c.safeframe.googlesyndication.com udp
GB 172.217.16.225:443 4b7ceb86d69df0f4296c901cb18d485c.safeframe.googlesyndication.com tcp
US 1.1.1.1:53 bcp.crwdcntrl.net udp
US 1.1.1.1:53 csi.gstatic.com udp
JP 216.58.220.131:443 csi.gstatic.com tcp
JP 216.58.220.131:443 csi.gstatic.com tcp
US 1.1.1.1:53 translate.googleapis.com udp
PL 83.30.40.183:7771 tcp
US 1.1.1.1:53 temp-mail.org udp
US 172.67.73.98:443 temp-mail.org tcp
US 1.1.1.1:53 static.cloudflareinsights.com udp
US 1.1.1.1:53 cdn.paddle.com udp
US 1.1.1.1:53 cdn4.buysellads.net udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 172.66.43.196:443 cdn.paddle.com tcp
GB 46.101.85.187:443 cdn4.buysellads.net tcp
US 1.1.1.1:53 web2.temp-mail.org udp
US 1.1.1.1:53 stats.g.doubleclick.net udp
BE 108.177.15.154:443 stats.g.doubleclick.net tcp
US 104.26.7.95:443 web2.temp-mail.org tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 btloader.com udp
US 1.1.1.1:53 securepubads.g.doubleclick.net udp
GB 172.217.169.66:443 securepubads.g.doubleclick.net tcp
US 104.22.75.216:443 btloader.com tcp
US 1.1.1.1:53 c.amazon-adsystem.com udp
IE 18.66.167.55:443 c.amazon-adsystem.com tcp
GB 172.217.169.66:443 securepubads.g.doubleclick.net tcp
IE 18.66.167.55:443 c.amazon-adsystem.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 1.1.1.1:53 ad-delivery.net udp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
IE 18.66.167.55:443 c.amazon-adsystem.com tcp
US 1.1.1.1:53 config.aps.amazon-adsystem.com udp
DE 18.245.31.65:443 config.aps.amazon-adsystem.com tcp
US 1.1.1.1:53 tags.crwdcntrl.net udp
US 1.1.1.1:53 secure.cdn.fastclick.net udp
US 1.1.1.1:53 srv.buysellads.com udp
GB 64.227.34.52:443 srv.buysellads.com tcp
US 1.1.1.1:53 fastlane.rubiconproject.com udp
US 1.1.1.1:53 tlx.3lift.com udp
US 1.1.1.1:53 hb-api.omnitagjs.com udp
US 1.1.1.1:53 pbjs.e-planning.net udp
DE 3.124.64.248:443 tlx.3lift.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 1.1.1.1:53 prg.smartadserver.com udp
US 1.1.1.1:53 hbopenbid.pubmatic.com udp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 1.1.1.1:53 onetag-sys.com udp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
US 1.1.1.1:53 408613d7b63041852ed4b2446f97bafc.safeframe.googlesyndication.com udp
NL 18.239.18.118:443 tags.crwdcntrl.net tcp
US 1.1.1.1:53 hb.yellowblue.io udp
NL 52.222.139.33:443 hb.yellowblue.io tcp
US 1.1.1.1:53 mp.4dex.io udp
GB 142.250.187.193:443 408613d7b63041852ed4b2446f97bafc.safeframe.googlesyndication.com tcp
US 1.1.1.1:53 bidder.criteo.com udp
GB 142.250.187.193:443 408613d7b63041852ed4b2446f97bafc.safeframe.googlesyndication.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 1.1.1.1:53 rt.marphezis.com udp
US 178.128.135.204:443 rt.marphezis.com tcp
US 1.1.1.1:53 prebid.media.net udp
US 178.128.135.204:443 rt.marphezis.com tcp
US 178.128.135.204:443 rt.marphezis.com tcp
US 178.128.135.204:443 rt.marphezis.com tcp
US 1.1.1.1:53 ib.adnxs.com udp
US 34.120.63.153:443 prebid.media.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
US 1.1.1.1:53 aax.amazon-adsystem.com udp
NL 81.17.55.113:443 prg.smartadserver.com tcp
US 1.1.1.1:53 c.4dex.io udp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 18.245.185.228:443 aax.amazon-adsystem.com tcp
US 35.241.34.106:443 c.4dex.io tcp
US 1.1.1.1:53 bcp.crwdcntrl.net udp
US 1.1.1.1:53 cdn.hadronid.net udp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
GB 142.250.179.225:443 tpc.googlesyndication.com tcp
GB 142.250.179.225:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 cdn.id5-sync.com udp
GB 142.250.179.225:443 tpc.googlesyndication.com tcp
GB 142.250.179.225:443 tpc.googlesyndication.com tcp
IE 52.215.126.161:443 bcp.crwdcntrl.net tcp
US 1.1.1.1:53 script.4dex.io udp
US 1.1.1.1:53 qsearch-a.akamaihd.net udp
US 104.22.53.173:443 cdn.hadronid.net tcp
US 1.1.1.1:53 static.criteo.net udp
US 172.67.75.241:443 script.4dex.io tcp
GB 2.19.117.36:443 qsearch-a.akamaihd.net tcp
US 172.67.75.241:443 script.4dex.io tcp
GB 2.19.117.36:443 qsearch-a.akamaihd.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 142.250.179.225:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 id.hadron.ad.gt udp
US 104.22.5.69:443 id.hadron.ad.gt tcp
GB 172.217.169.66:443 securepubads.g.doubleclick.net tcp
US 1.1.1.1:53 eus.rubiconproject.com udp
US 1.1.1.1:53 visitor.omnitagjs.com udp
US 1.1.1.1:53 acdn.adnxs.com udp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 172.67.75.241:443 script.4dex.io tcp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 1.1.1.1:53 ads.pubmatic.com udp
GB 23.219.196.188:443 ads.pubmatic.com tcp
US 1.1.1.1:53 eb2.3lift.com udp
GB 172.217.169.66:443 securepubads.g.doubleclick.net tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 1.1.1.1:53 secure.adnxs.com udp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
GB 172.217.169.66:443 securepubads.g.doubleclick.net tcp
GB 142.250.180.2:443 tcp
GB 142.250.179.234:443 translate-pa.googleapis.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
US 1.1.1.1:53 secure-assets.rubiconproject.com udp
US 1.1.1.1:53 fastlane.rubiconproject.com udp
US 1.1.1.1:53 ssc-cms.33across.com udp
US 67.202.105.21:443 ssc-cms.33across.com tcp
US 1.1.1.1:53 cadmus.script.ac udp
US 67.202.105.21:443 ssc-cms.33across.com tcp
US 1.1.1.1:53 onetag-sys.com udp
US 1.1.1.1:53 image6.pubmatic.com udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 1.1.1.1:53 a.ad.gt udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 172.67.23.234:443 a.ad.gt tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 172.67.23.234:443 a.ad.gt tcp
GB 92.123.242.2:443 eus.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
US 178.128.135.204:443 rt.marphezis.com tcp
US 1.1.1.1:53 dis.criteo.com udp
US 1.1.1.1:53 api-2-0.spot.im udp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 18.239.50.70:443 api-2-0.spot.im tcp
US 1.1.1.1:53 gum.criteo.com udp
US 1.1.1.1:53 x.bidswitch.net udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 1.1.1.1:53 creativecdn.com udp
US 1.1.1.1:53 match.prod.bidr.io udp
NL 185.184.8.90:443 creativecdn.com tcp
IE 52.17.199.188:443 match.prod.bidr.io tcp
US 1.1.1.1:53 a4e19bffc88a00e5628fdeeca6ebd76d.safeframe.googlesyndication.com udp
US 1.1.1.1:53 token.rubiconproject.com udp
NL 213.19.162.90:443 token.rubiconproject.com tcp
GB 216.58.212.225:443 a4e19bffc88a00e5628fdeeca6ebd76d.safeframe.googlesyndication.com tcp
US 1.1.1.1:53 fra1-ib.adnxs.com udp
US 1.1.1.1:53 match.adsrvr.org udp
US 52.223.40.198:443 match.adsrvr.org tcp
GB 216.58.212.225:443 a4e19bffc88a00e5628fdeeca6ebd76d.safeframe.googlesyndication.com tcp
US 1.1.1.1:53 csync.loopme.me udp
NL 35.214.160.3:443 csync.loopme.me tcp
US 1.1.1.1:53 lb.eu-1-id5-sync.com udp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
US 1.1.1.1:53 id5-sync.com udp
DE 162.19.138.83:443 id5-sync.com tcp
DE 162.19.138.83:443 id5-sync.com tcp
US 1.1.1.1:53 b1sync.zemanta.com udp
US 70.42.32.223:443 b1sync.zemanta.com tcp
US 1.1.1.1:53 image8.pubmatic.com udp
GB 185.64.190.79:443 image8.pubmatic.com tcp
US 70.42.32.223:443 b1sync.zemanta.com tcp

Files

/storage/emulated/0/Download/.pending-1711994362-ready.apk (deleted)

MD5 59071590099d21dd439896592338bf95
SHA1 6a521e1d2a632c26e53b83d2cc4b0edecfc1e68c
SHA256 07854d2fef297a06ba81685e660c332de36d5d18d546927d30daad6d7fda1541
SHA512 eedb6cadbceb2c991fc6f68dccb80463b3f660c5358acd7d705398ae2e3df2b4327f0f6c6746486848bd2992b379776483a98063ae96edb45877bb0314874668

/storage/emulated/0/Download/.pending-1711994362-ready.apk

MD5 69c2e1516b03c0dfc7e47d8a431915db
SHA1 6674c6caf412ce7abbb90da7044c83298e9daadc
SHA256 2a98b192d1a3cd835293b145d406b115994336732770fc22d26c78208887c1bd
SHA512 f2106886d3c3e29ced73c9891b4ce604fb8b67c6a08c63af98d66b0825d54e9516e68531ad1b24fa4d5c761c3ba8e42880d0adcdfbc2486244107e0260b559b6

files/dom-0.html

MD5 136d3274fb2e3b959ef9a9b8b758df92
SHA1 6633f7c2cacbc4c9de15358932301337a08bdfce
SHA256 80168da3fdecb1239cecbe1812f4bbdefd4477bd92c90c081355d857f725ba77
SHA512 b1f758d349fc4b6281188697587b4e01b8c0442ff979326c1dc6b062ec9f80b1035ea0c1c57b089ba8d67f4d05831813f4ec6296a1579770239bad9d4a3b81a4

files/dom-1.html

MD5 aba238a158f9f4a238ff0365d9bd0f27
SHA1 87f104286ea19d5a92969d9276339704fcd83a03
SHA256 294ce1689bdf905c5cc7ff7f14e033be7de51c6d1a298cf0ed4d310fecc80c40
SHA512 7fe9ef7be668a8bd5e9b439adfc311d61e06ce64b4ac58b3e219ba4d3467a96e5290729f33a79d383a5db38f1617d39c85147afde7d81cd60cef48c0c3da631f

/storage/emulated/0/Download/.com.google.Chrome.I8qQN4

MD5 1d5e4dae1a357fd48bfc8ce59397856c
SHA1 b9d0bd6b837bbc08da26999a0bc64d994747f21a
SHA256 192f00ef10d9e611d06deff0350b8f1ac08ba939657e74c1cb068adcdcc7372d
SHA512 a16b3d5becb9d032ab3a80d4436f16d177462cbae8e87fdbdd6fa8796f8200898b0c51f3c01f5d217da3f56e76b29aae67f50d094cba1a482eb3e7a518602ff1