Overview

overview

10

Static

static

10

20a520aa04...39.apk

android-9-x86

6

20a520aa04...39.apk

android-10-x64

1

20a520aa04...39.apk

android-11-x64

6

Analysis

  • max time kernel
    12s
  • max time network
    139s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    10/04/2024, 09:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20a520aa0437428e4f93157979eaf181f3c3276abaea6ad01ce083ffa6e55e39.apk

  • Size

    4.7MB

  • MD5

    88d421b5b9a7f52f1a961e52c49019b1

  • SHA1

    1c69cd22dd43e313a4d2369ec382a30b661d16c1

  • SHA256

    20a520aa0437428e4f93157979eaf181f3c3276abaea6ad01ce083ffa6e55e39

  • SHA512

    2767836d7e3c71c9f1b2bf1c3be0779a054d7892ce1582d6121172bcba58541006a10cc278fa2bf9583d04e4c9257f463501f8b7bc2d2fe94a20c89c4ebb3b79

  • SSDEEP

    98304:xti9x0frPpcI72EEjpDGKz+4NnPV+hNd8NTNrl+P3eWp0CHvwxU:9T725nxPQNSrgPuYHIxU

Score
6/10
evasion

Malware Config

Signatures

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion

Processes

  • com.custom.vcopy
    1⤵
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4223

Network

  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.202
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.178.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.201.106
    semanticlocation-pa.googleapis.com
    IN A
    216.58.204.74
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.234
    semanticlocation-pa.googleapis.com
    IN A
    172.217.16.234
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.74
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.42
    semanticlocation-pa.googleapis.com
    IN A
    142.250.180.10
  • flag-us
    DNS
    r4dc3btbyzip0edkbykb1qteulwb.de
    Remote address:
    1.1.1.1:53
    Request
    r4dc3btbyzip0edkbykb1qteulwb.de
    IN A
    Response
    r4dc3btbyzip0edkbykb1qteulwb.de
    IN A
    104.21.95.98
    r4dc3btbyzip0edkbykb1qteulwb.de
    IN A
    172.67.144.25
  • flag-us
    GET
    https://r4dc3btbyzip0edkbykb1qteulwb.de/socket.io/?EIO=3&transport=websocket
    Remote address:
    104.21.95.98:443
    Request
    GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Key: IeLdQi2U7kd8LhwKaDtRSA==
    Sec-WebSocket-Version: 13
    Cookie: token =
    Host: r4dc3btbyzip0edkbykb1qteulwb.de
    Accept-Encoding: gzip
    User-Agent: okhttp/3.14.1
    Response
    HTTP/1.1 101 Switching Protocols
    Date: Wed, 10 Apr 2024 09:57:14 GMT
    Connection: upgrade
    Upgrade: websocket
    Sec-WebSocket-Accept: 4KeiZF9zX/tzgwvCTIe0FgXJNSQ=
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=95WuipmBM2ywpOaN%2FkC%2F4yRuutNYw6%2B5koKPSZXNCBdvEJu%2FAlMWEL3XEYBPBpnjGraSOr4yU4AEotpKKQQRa6ofNwt0oQMN1ptwwSfKKh0y7ITkFUJ94sVEz6ceoBdufjPUsxzs5v%2FSyOsvSY5vcroV"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8721df1a5f4423d1-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    172.217.16.238
  • 142.250.187.202:443
    semanticlocation-pa.googleapis.com
    tls
    1.8kB
     6.2kB
     12
    12
  • 104.21.95.98:443
    https://r4dc3btbyzip0edkbykb1qteulwb.de/socket.io/?EIO=3&transport=websocket
    tls, http
    1.8kB
     7.4kB
     19
    18

    HTTP Request

    GET https://r4dc3btbyzip0edkbykb1qteulwb.de/socket.io/?EIO=3&transport=websocket

    HTTP Response

    101
  • 142.250.187.206:443
    tls, https
    858 B
     40 B
     1
    1
  • 172.217.16.238:443
    android.apis.google.com
    tls
    4.7kB
     8.6kB
     14
    22
  • 172.217.169.10:443
    tls, https
    1.2kB
     40 B
     1
    1
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     272 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    142.250.187.202
    142.250.187.234
    142.250.178.10
    142.250.200.10
    216.58.201.106
    216.58.204.74
    216.58.212.234
    142.250.179.234
    172.217.16.234
    172.217.169.74
    142.250.200.42
    142.250.180.10

  • 1.1.1.1:53
    r4dc3btbyzip0edkbykb1qteulwb.de
    dns
    77 B
     109 B
     1
    1

    DNS Request

    r4dc3btbyzip0edkbykb1qteulwb.de

    DNS Response

    104.21.95.98
    172.67.144.25

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    172.217.16.238

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.custom.vcopy/databases/prdownloader.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.custom.vcopy/databases/prdownloader.db-journal
    Filesize

    512B

    MD5

    e980137909eaf442fee2f4785146ca83

    SHA1

    24280649aeecda449e0a5a6c8dce4e956ce80ce3

    SHA256

    59fcb0332975b5791995aa611c7e9f9e527fc982c399eff66c1862111cc0845f

    SHA512

    d8b98d0fb91b6e6c0d379dea4a0ae98b3ecf76424743514d98be442cbfab3e4d5efaa6aa25820f849cac4d23eda2deab5bc90cbef6c12f501dca07ba2b447d8e

    Download Submit

  • /data/data/com.custom.vcopy/databases/prdownloader.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.custom.vcopy/databases/prdownloader.db-wal
    Filesize

    28KB

    MD5

    6cb51fd4dcb8c18bb067d7e66c9138ea

    SHA1

    86f9dc1d59f66da1af7a674b37e72871192c15b7

    SHA256

    b035df03f8349d798199f7f40e02d31a2c85c7f87edfb96a68369104ebd36fc9

    SHA512

    a8c36bedc29f17ca6136eae08a63aa0ec5420afc7faf22a9fd1c3d165683ebcb8d69d2d7a3b800b4539ca47adcec37762965b47f14f6348578ae9c1af182e5fd

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.