Malware Analysis Report

2024-10-16 05:20

Sample ID 240325-wr1z8aeh82
Target https://www.mediafire.com/file/d30u711rj7w1kpm/ready.apk/file
Tags
spynote banker collection infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.mediafire.com/file/d30u711rj7w1kpm/ready.apk/file was found to be: Known bad.

Malicious Activity Summary

spynote banker collection infostealer rat trojan

Spynote

Reads the content of photos stored on the user's device.

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-25 18:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-25 18:10

Reported

2024-03-25 18:16

Platform

android-x64-20240221-en

Max time kernel

366s

Max time network

382s

Command Line

com.android.chrome

Signatures

Spynote

banker trojan infostealer rat spynote

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A
URI accessed for read content://media/external/images/media N/A N/A
URI accessed for read content://media/external/images/media N/A N/A
URI accessed for read content://media/external/images/media N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE N/A N/A
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards). android.permission.BIND_INPUT_METHOD N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Processes

com.android.chrome

com.android.chrome

com.android.chrome

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
BE 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 the.gatekeeperconsent.com udp
US 1.1.1.1:53 btloader.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 the.gatekeeperconsent.com udp
US 1.1.1.1:53 btloader.com udp
US 172.64.135.21:443 the.gatekeeperconsent.com tcp
US 1.1.1.1:53 privacy.gatekeeperconsent.com udp
US 1.1.1.1:53 www.ezojs.com udp
US 172.64.134.21:443 privacy.gatekeeperconsent.com tcp
US 1.1.1.1:53 translate.google.com udp
US 1.1.1.1:53 static.cloudflareinsights.com udp
US 1.1.1.1:53 cdn.amplitude.com udp
US 172.64.97.6:443 www.ezojs.com tcp
US 1.1.1.1:53 static.mediafire.com udp
GB 142.250.200.14:443 translate.google.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
GB 52.85.142.123:443 cdn.amplitude.com tcp
GB 142.250.200.14:443 translate.google.com tcp
GB 52.85.142.123:443 cdn.amplitude.com tcp
US 1.1.1.1:53 www.mediafiredls.com udp
US 1.1.1.1:53 clients1.google.com udp
US 1.1.1.1:53 translate.googleapis.com udp
US 1.1.1.1:53 api.amplitude.com udp
US 52.88.83.173:443 api.amplitude.com tcp
US 1.1.1.1:53 www.mediafiredls.com udp
US 104.26.2.173:443 www.mediafiredls.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 172.217.169.46:443 clients1.google.com tcp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 1.1.1.1:53 g.ezoic.net udp
GB 172.217.169.46:443 clients1.google.com tcp
DE 3.67.181.148:443 g.ezoic.net tcp
US 1.1.1.1:53 btloader.com udp
US 172.67.41.60:443 btloader.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 translate.googleapis.com udp
US 1.1.1.1:53 go.ezodn.com udp
US 172.64.174.21:443 go.ezodn.com tcp
US 172.64.174.21:443 go.ezodn.com tcp
US 172.64.174.21:443 go.ezodn.com tcp
US 1.1.1.1:53 analytics.google.com udp
US 1.1.1.1:53 stats.g.doubleclick.net udp
BE 66.102.1.154:443 stats.g.doubleclick.net tcp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
BE 66.102.1.154:443 stats.g.doubleclick.net tcp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 g.ezodn.com udp
US 1.1.1.1:53 securepubads.g.doubleclick.net udp
US 1.1.1.1:53 ads.pubmatic.com udp
GB 23.219.196.188:443 ads.pubmatic.com tcp
US 1.1.1.1:53 bshr.ezodn.com udp
US 172.64.174.21:443 bshr.ezodn.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 sptnatggonkqw udp
US 1.1.1.1:53 smjusego udp
US 1.1.1.1:53 vgudgpcivw udp
US 1.1.1.1:53 translate.googleapis.com udp
GB 216.58.201.106:443 translate.googleapis.com tcp
US 1.1.1.1:53 fundingchoicesmessages.google.com udp
GB 216.58.212.227:443 update.googleapis.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.179.234:443 safebrowsing.googleapis.com tcp
GB 142.250.200.42:443 tcp
GB 216.58.201.106:443 translate.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 download1479.mediafire.com udp
US 205.196.123.167:443 download1479.mediafire.com tcp
US 205.196.123.167:443 download1479.mediafire.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
US 1.1.1.1:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 1.1.1.1:53 translate.google.com udp
GB 216.58.212.206:443 translate.google.com tcp
US 1.1.1.1:53 www.mediafiredls.com udp
US 104.26.2.173:443 www.mediafiredls.com tcp
US 1.1.1.1:53 g.ezoic.net udp
US 104.26.2.173:443 www.mediafiredls.com tcp
US 1.1.1.1:53 g.ezoic.net udp
FR 35.181.89.222:443 g.ezoic.net tcp
US 1.1.1.1:53 api.amplitude.com udp
US 54.69.165.92:443 api.amplitude.com tcp
US 1.1.1.1:53 download1479.mediafire.com udp
US 205.196.123.167:443 download1479.mediafire.com tcp
US 205.196.123.167:443 download1479.mediafire.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
US 1.1.1.1:53 stats.g.doubleclick.net udp
US 1.1.1.1:53 bshr.ezodn.com udp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
US 172.64.175.21:443 bshr.ezodn.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 1.1.1.1:53 fundingchoicesmessages.google.com udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 1.1.1.1:53 analytics.google.com udp
US 216.239.34.181:443 analytics.google.com tcp
US 1.1.1.1:53 fundingchoicesmessages.google.com udp
US 1.1.1.1:53 bwyaviozbccxzar udp
US 1.1.1.1:53 tvejhybxwuzswo udp
US 1.1.1.1:53 ecvlwngfeqlf udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 1.1.1.1:53 translate.google.com udp
GB 142.250.187.206:443 translate.google.com tcp
US 1.1.1.1:53 www.mediafiredls.com udp
US 104.26.2.173:443 www.mediafiredls.com tcp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 1.1.1.1:53 api.amplitude.com udp
US 1.1.1.1:53 g.ezoic.net udp
FR 15.188.219.54:443 g.ezoic.net tcp
US 1.1.1.1:53 translate.googleapis.com udp
US 1.1.1.1:53 download1479.mediafire.com udp
US 205.196.123.167:443 download1479.mediafire.com tcp
US 205.196.123.167:443 download1479.mediafire.com tcp
US 1.1.1.1:53 api.amplitude.com udp
US 35.166.206.7:443 api.amplitude.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
US 1.1.1.1:53 bshr.ezodn.com udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 172.64.175.21:443 bshr.ezodn.com tcp
US 1.1.1.1:53 translate.googleapis.com udp
GB 142.250.200.10:443 translate.googleapis.com tcp
GB 142.250.200.10:443 translate.googleapis.com tcp
US 1.1.1.1:53 fundingchoicesmessages.google.com udp
GB 142.250.200.14:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.14:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 csi.gstatic.com udp
IN 142.250.192.99:443 csi.gstatic.com tcp
IN 142.250.192.99:443 csi.gstatic.com tcp
US 1.1.1.1:53 mikucdrgm udp
US 1.1.1.1:53 wrpyubakoxfwja udp
US 1.1.1.1:53 uxapuhpeocypiqf udp
US 1.1.1.1:53 accounts.google.com udp
BE 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.mediafire.com udp
US 1.1.1.1:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 1.1.1.1:53 translate.google.com udp
GB 216.58.204.78:443 translate.google.com tcp
US 1.1.1.1:53 www.mediafiredls.com udp
US 1.1.1.1:53 api.amplitude.com udp
US 1.1.1.1:53 g.ezoic.net udp
US 35.162.174.19:443 api.amplitude.com tcp
FR 15.188.219.54:443 g.ezoic.net tcp
US 1.1.1.1:53 download1479.mediafire.com udp
US 1.1.1.1:53 stats.g.doubleclick.net udp
US 1.1.1.1:53 www.mediafiredls.com udp
US 172.67.73.78:443 www.mediafiredls.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
US 1.1.1.1:53 bshr.ezodn.com udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 172.64.174.21:443 bshr.ezodn.com tcp
US 1.1.1.1:53 fundingchoicesmessages.google.com udp
GB 216.58.212.238:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 download1479.mediafire.com udp
GB 216.58.212.238:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 analytics.google.com udp
US 205.196.123.167:443 download1479.mediafire.com tcp
US 205.196.123.167:443 download1479.mediafire.com tcp
GB 142.250.180.14:443 analytics.google.com tcp
US 1.1.1.1:53 stats.g.doubleclick.net udp
US 1.1.1.1:53 www.google.com udp
BE 64.233.167.155:443 stats.g.doubleclick.net tcp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 csi.gstatic.com udp
US 1.1.1.1:53 csi.gstatic.com udp
GB 216.58.212.238:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 qmytlfrfh udp
US 1.1.1.1:53 gynkmfdsxxuusk udp
US 1.1.1.1:53 ppeeggldx udp
US 1.1.1.1:53 csi.gstatic.com udp
US 216.239.32.3:443 csi.gstatic.com tcp
US 216.239.32.3:443 csi.gstatic.com tcp
GB 216.58.212.226:443 tcp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
PL 83.30.40.183:6666 tcp
US 1.1.1.1:53 temp-mail.org udp
US 104.26.7.95:443 temp-mail.org tcp
US 1.1.1.1:53 web2.temp-mail.org udp
US 104.26.7.95:443 web2.temp-mail.org tcp
US 1.1.1.1:53 cdn.paddle.com udp
US 172.66.43.196:443 cdn.paddle.com tcp
US 172.66.43.196:443 cdn.paddle.com tcp
US 1.1.1.1:53 static.cloudflareinsights.com udp
US 1.1.1.1:53 cdn4.buysellads.net udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 1.1.1.1:53 stats.g.doubleclick.net udp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
GB 159.65.16.11:443 cdn4.buysellads.net tcp
GB 159.65.16.11:443 cdn4.buysellads.net tcp
GB 142.250.200.35:443 tcp
US 1.1.1.1:53 btloader.com udp
US 1.1.1.1:53 securepubads.g.doubleclick.net udp
US 172.67.41.60:443 btloader.com tcp
GB 216.58.201.98:443 securepubads.g.doubleclick.net tcp
GB 216.58.201.98:443 securepubads.g.doubleclick.net tcp
US 1.1.1.1:53 c.amazon-adsystem.com udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 1.1.1.1:53 config.aps.amazon-adsystem.com udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
DE 18.245.31.9:443 config.aps.amazon-adsystem.com tcp
US 1.1.1.1:53 secure.cdn.fastclick.net udp
US 1.1.1.1:53 tags.crwdcntrl.net udp
US 1.1.1.1:53 cdn.hadronid.net udp
US 1.1.1.1:53 cdn.id5-sync.com udp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
FR 18.155.129.56:443 tags.crwdcntrl.net tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
US 1.1.1.1:53 bcp.crwdcntrl.net udp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 1.1.1.1:53 id.hadron.ad.gt udp
IE 54.72.51.53:443 bcp.crwdcntrl.net tcp
IE 54.72.51.53:443 bcp.crwdcntrl.net tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 1.1.1.1:53 a.ad.gt udp
US 104.22.4.69:443 a.ad.gt tcp
US 1.1.1.1:53 lb.eu-1-id5-sync.com udp
US 1.1.1.1:53 srv.buysellads.com udp
US 104.22.4.69:443 a.ad.gt tcp
GB 167.172.55.208:443 srv.buysellads.com tcp
US 1.1.1.1:53 script.4dex.io udp
US 104.26.8.169:443 script.4dex.io tcp
US 1.1.1.1:53 hb-api.omnitagjs.com udp
US 1.1.1.1:53 hbopenbid.pubmatic.com udp
US 1.1.1.1:53 prg.smartadserver.com udp
US 1.1.1.1:53 rt.marphezis.com udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
US 1.1.1.1:53 pbjs.e-planning.net udp
US 1.1.1.1:53 tlx.3lift.com udp
NL 81.17.55.160:443 prg.smartadserver.com tcp
US 1.1.1.1:53 mp.4dex.io udp
NL 81.17.55.160:443 prg.smartadserver.com tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
US 178.128.135.204:443 rt.marphezis.com tcp
US 1.1.1.1:53 fastlane.rubiconproject.com udp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 1.1.1.1:53 hb.yellowblue.io udp
GB 108.138.217.48:443 hb.yellowblue.io tcp
US 1.1.1.1:53 bidder.criteo.com udp
US 1.1.1.1:53 prebid.media.net udp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 34.120.63.153:443 prebid.media.net tcp
US 1.1.1.1:53 ib.adnxs.com udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 1.1.1.1:53 onetag-sys.com udp
NL 81.17.55.160:443 prg.smartadserver.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
US 1.1.1.1:53 aax.amazon-adsystem.com udp
US 178.128.135.204:443 rt.marphezis.com tcp
GB 18.244.134.43:443 aax.amazon-adsystem.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
GB 18.244.134.43:443 aax.amazon-adsystem.com tcp
US 1.1.1.1:53 c.4dex.io udp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 1.1.1.1:53 cadmus.script.ac udp
US 104.26.8.169:443 script.4dex.io tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 1.1.1.1:53 c94337d57e9c490bc6093a5f66478e36.safeframe.googlesyndication.com udp
GB 142.250.178.1:443 c94337d57e9c490bc6093a5f66478e36.safeframe.googlesyndication.com tcp
US 1.1.1.1:53 static.criteo.net udp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
US 1.1.1.1:53 d4550e1758f8dd17b31ff3abe3875c1b.safeframe.googlesyndication.com udp
DE 141.95.33.120:443 lb.eu-1-id5-sync.com tcp
GB 142.250.187.225:443 d4550e1758f8dd17b31ff3abe3875c1b.safeframe.googlesyndication.com tcp
US 1.1.1.1:53 eb2.3lift.com udp
GB 142.250.187.225:443 d4550e1758f8dd17b31ff3abe3875c1b.safeframe.googlesyndication.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 1.1.1.1:53 ads.pubmatic.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
GB 2.23.160.192:443 ads.pubmatic.com tcp
US 1.1.1.1:53 visitor.omnitagjs.com udp
GB 2.23.160.192:443 ads.pubmatic.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
US 1.1.1.1:53 contextual.media.net udp
US 104.18.34.178:443 mp.4dex.io tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 1.1.1.1:53 acdn.adnxs.com udp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 1.1.1.1:53 eus.rubiconproject.com udp
GB 104.115.32.26:443 contextual.media.net tcp
GB 104.115.32.26:443 contextual.media.net tcp
US 1.1.1.1:53 warp.media.net udp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
GB 104.115.33.62:443 eus.rubiconproject.com tcp
US 1.1.1.1:53 secure.adnxs.com udp
US 151.101.129.108:443 acdn.adnxs.com tcp
US 1.1.1.1:53 id5-sync.com udp
GB 23.39.224.21:443 warp.media.net tcp
US 1.1.1.1:53 qsearch-a.akamaihd.net udp
US 1.1.1.1:53 hblg.media.net udp
DE 162.19.138.120:443 id5-sync.com tcp
DE 162.19.138.120:443 id5-sync.com tcp
GB 2.19.117.36:443 qsearch-a.akamaihd.net tcp
GB 2.19.117.36:443 qsearch-a.akamaihd.net tcp
GB 2.19.117.36:443 qsearch-a.akamaihd.net tcp
GB 2.19.117.36:443 qsearch-a.akamaihd.net tcp
GB 2.19.117.36:443 qsearch-a.akamaihd.net tcp
GB 2.19.117.36:443 qsearch-a.akamaihd.net tcp
US 1.1.1.1:53 image6.pubmatic.com udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 1.1.1.1:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 1.1.1.1:53 lg3.media.net udp
GB 92.122.196.27:443 lg3.media.net tcp
GB 92.122.196.27:443 lg3.media.net tcp
US 1.1.1.1:53 token.rubiconproject.com udp
NL 213.19.162.90:443 token.rubiconproject.com tcp
GB 216.58.201.98:443 securepubads.g.doubleclick.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 216.58.201.98:443 securepubads.g.doubleclick.net tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 1.1.1.1:53 dis.criteo.com udp
US 1.1.1.1:53 api-2-0.spot.im udp
NL 178.250.1.9:443 dis.criteo.com tcp
FR 99.86.91.26:443 api-2-0.spot.im tcp
US 1.1.1.1:53 ssc-cms.33across.com udp
US 1.1.1.1:53 creativecdn.com udp
US 1.1.1.1:53 x.bidswitch.net udp
US 1.1.1.1:53 secure-assets.rubiconproject.com udp
US 1.1.1.1:53 match.prod.bidr.io udp
US 1.1.1.1:53 match.adsrvr.org udp
GB 104.82.143.163:443 secure-assets.rubiconproject.com tcp
US 1.1.1.1:53 image8.pubmatic.com udp
US 35.71.131.137:443 match.adsrvr.org tcp
IE 52.215.86.157:443 match.prod.bidr.io tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
FR 99.86.91.26:443 api-2-0.spot.im tcp
NL 178.250.1.9:443 dis.criteo.com tcp
FR 99.86.91.26:443 api-2-0.spot.im tcp
US 1.1.1.1:53 csync.loopme.me udp
US 1.1.1.1:53 b1sync.zemanta.com udp
US 1.1.1.1:53 sync.srv.stackadapt.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 1.1.1.1:53 ap.lijit.com udp
NL 185.184.8.90:443 creativecdn.com tcp
US 1.1.1.1:53 jadserve.postrelease.com udp
IE 52.49.50.56:443 ap.lijit.com tcp
US 1.1.1.1:53 cs-server-s2s.yellowblue.io udp
US 1.1.1.1:53 bttrack.com udp
IE 54.74.219.194:443 jadserve.postrelease.com tcp
US 50.19.121.137:443 cs-server-s2s.yellowblue.io tcp
US 1.1.1.1:53 id.rlcdn.com udp
US 192.132.33.69:443 bttrack.com tcp
US 50.19.121.137:443 cs-server-s2s.yellowblue.io tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 192.132.33.69:443 bttrack.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
IE 52.49.50.56:443 ap.lijit.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
IE 54.74.219.194:443 jadserve.postrelease.com tcp
NL 35.214.238.211:443 csync.loopme.me tcp
US 50.31.142.95:443 b1sync.zemanta.com tcp
US 50.31.142.95:443 b1sync.zemanta.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 104.18.34.178:443 mp.4dex.io tcp
US 50.31.142.95:443 b1sync.zemanta.com tcp
US 50.31.142.95:443 b1sync.zemanta.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 1.1.1.1:53 8513035d51d5b3e0f81472701d295f34.safeframe.googlesyndication.com udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 92.122.196.27:443 lg3.media.net tcp
US 1.1.1.1:53 ssc-cms.33across.com udp
US 67.202.105.23:443 ssc-cms.33across.com tcp
US 67.202.105.23:443 ssc-cms.33across.com tcp
US 1.1.1.1:53 sync.srv.stackadapt.com udp
US 52.73.237.27:443 sync.srv.stackadapt.com tcp
US 52.73.237.27:443 sync.srv.stackadapt.com tcp
DE 37.252.173.215:443 secure.adnxs.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
GB 167.172.55.208:443 srv.buysellads.com tcp
US 1.1.1.1:53 fra1-ib.adnxs.com udp
PL 83.30.40.183:6666 tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
DE 37.252.173.215:443 fra1-ib.adnxs.com tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
DE 37.252.173.215:443 fra1-ib.adnxs.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
NL 81.17.55.160:443 prg.smartadserver.com tcp
DE 37.252.173.215:443 fra1-ib.adnxs.com tcp
US 1.1.1.1:53 fastlane.rubiconproject.com udp
US 1.1.1.1:53 pbjs.e-planning.net udp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 193.3.178.4:443 pbjs.e-planning.net tcp

Files

/storage/emulated/0/Android/data/com.android.chrome/files/Download/Unconfirmed 351779.crdownload

MD5 1f87977b94c51f7b8ab6a954ea1f7620
SHA1 83902a250bdc4856dc4fe7d2b4a29d0f85977484
SHA256 9b95854d18f7cf0b9bceb3b63d39df88bd322499de4a222d5f0ef218c6e62e79
SHA512 61694cf63c1b316c56d93425134cffed78e1af857b07d46b2d6179f5d019e240a1b4cf6a725cba0af688411a6ec684d6c2bcbd111663cfb44a173381cc3091f4

files/dom-0.html

MD5 6d9c5883a6c159f108455b19037c359e
SHA1 81a9340f7302921b26bce4e08e53cd0c1bdbd11c
SHA256 bc58995e340b450774576d19f7b5764c8a5296b306c99e513302e8e318cd2784
SHA512 305aa7daae5ee3dbdb0149e26f5e0dc2c317a2aaf8b28406f375d1a13b4733aa5d4d301561112ab59eae13157337d32816081c9237560662b46947d2388e2502

files/dom-1.html

MD5 2dd6b09fd0bb963824f60cd1829e72ab
SHA1 63d6d1e72589c1c81e3f812662a7ef4525a30f3a
SHA256 29a4f193936b58ded597b2cc914a5a2aa41598eb679267e068134593fe6b0af6
SHA512 a15ddfec3e7d1e03285dc16f700ef94db45e5cd3ac34221cdb9fb2c29cabd8936c64420f22c8c18081c7d51fd054193a8827dbe7441b99a8a177d62b12c6c972

/storage/emulated/0/Download/ready (1).apk

MD5 668bf1092550455df61108228ebc2d50
SHA1 eaae1fe1f8b3f71fabf632929add4461dcec505a
SHA256 accb0cdb8ea7370e5ab75f2277cd5d302f1ddce36850c1018e124a8d4196d97d
SHA512 34f183762725260aba52f0ab3456727d4bacbc5b19e057df12351e00eafd009025d4a672ef75857ed841c601b7123a089005c2f6f1b625a455c17afaa72184d6

/storage/emulated/0/Download/ready (1).apk

MD5 dcee97a590fedde0ce60944d7fd62477
SHA1 82664a4d6870087385ef598bf1fa2f58f4d74269
SHA256 ca564818231e1175d73519b6af9b2413864c81fe756767f5871cf166e3104f44
SHA512 db00b42688cfb09f15d4fc4df2a5298224b5ae02a3c22321274fbab0d22ad5deb294c56a7cce7983d668951b267bc267fffcd0b0c8e05a0899f92964ba3b7528