Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

com.zlya.i...19.apk

android-9-x86

7

com.zlya.i...19.apk

android-11-x64

7

Analysis

  • max time kernel
    156s
  • max time network
    177s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23/05/2024, 12:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    com.zlya.intfire-2.1.19.apk

  • Size

    12.7MB

  • MD5

    5e676f122c3c2d3e5bb7dd0cecf67de8

  • SHA1

    38ea665ee74341892c34ed1c177e7646e18e1920

  • SHA256

    a2d84f922955b79be2e7d4e166f7f5fc91e34086d37dff79577fc3e9615d1fd4

  • SHA512

    f65b89d4e8b89bd29a9d09ac2acaf6cb3fcbd0a52d97271b466f0cb57e00ecb6d12f660464f425758b424e8792354309cb88c1de9c269fd72007dcaf950334bf

  • SSDEEP

    196608:t/bHwnDz5FS6nPWE6N3q1HMiZ7ElDv3QvpBBI9rUmM+5gluU6LXweY0LpHSrB:t/qp46nhT5fZ7ccvp3luJbAd

Score
7/10
discoveryevasionpersistence

Malware Config

Signatures

Processes

  • com.zlya.intfire
    1⤵
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4302

Network

  • flag-us
    DNS
    gosspublic.alicdn.com
    Remote address:
    1.1.1.1:53
    Request
    gosspublic.alicdn.com
    IN A
    Response
    gosspublic.alicdn.com
    IN CNAME
    gosspublic.alicdn.com.danuoyi.alicdn.com
    gosspublic.alicdn.com.danuoyi.alicdn.com
    IN A
    163.181.154.230
    gosspublic.alicdn.com.danuoyi.alicdn.com
    IN A
    163.181.154.229
  • flag-us
    DNS
    api.map.baidu.com
    Remote address:
    1.1.1.1:53
    Request
    api.map.baidu.com
    IN A
    Response
    api.map.baidu.com
    IN CNAME
    api.map.n.shifen.com
    api.map.n.shifen.com
    IN A
    103.235.46.245
  • flag-us
    GET
    http://gosspublic.alicdn.com/aliyun-oss-sdk-5.3.2.min.js
    Remote address:
    163.181.154.230:80
    Request
    GET /aliyun-oss-sdk-5.3.2.min.js HTTP/1.1
    Host: gosspublic.alicdn.com
    Connection: keep-alive
    User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
    Accept: */*
    Referer: http://localhost/
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US
    X-Requested-With: com.zlya.intfire
    Response
    HTTP/1.1 200 OK
    Server: Tengine
    Content-Type: application/javascript
    Content-Length: 103885
    Connection: keep-alive
    Date: Thu, 23 May 2024 13:07:03 GMT
    x-oss-request-id: 664F3F779DDDB03038F78F77
    Accept-Ranges: bytes
    x-oss-object-type: Normal
    x-oss-storage-class: Standard
    Content-MD5: PW8/mB9wPIAMrLcnFHmFkw==
    x-oss-server-time: 23
    Ali-Swift-Global-Savetime: 1716469623
    Via: cache5.l2fr1[861,861,304-0,H], cache29.l2fr1[863,0], ens-cache18.gb4[0,0,200-0,H], ens-cache17.gb4[1,0]
    Vary: Accept-Encoding
    Last-Modified: Tue, 17 Jul 2018 17:51:12 GMT
    x-oss-hash-crc64ecma: 1298386237509627368
    Content-Encoding: gzip
    Age: 1686
    X-Cache: HIT TCP_MEM_HIT dirn:-2:-2
    X-Swift-SaveTime: Thu, 23 May 2024 13:07:03 GMT
    X-Swift-CacheTime: 3600
    Timing-Allow-Origin: *
    EagleId: a3b59aa517164713099447974e
  • flag-hk
    GET
    http://api.map.baidu.com/api?v=2.0&ak=zufTp4dQ5373tKhW4KPC48wcWvomRCIA
    Remote address:
    103.235.46.245:80
    Request
    GET /api?v=2.0&ak=zufTp4dQ5373tKhW4KPC48wcWvomRCIA HTTP/1.1
    Host: api.map.baidu.com
    Connection: keep-alive
    User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
    Accept: */*
    Referer: http://localhost/
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US
    X-Requested-With: com.zlya.intfire
    Response
    HTTP/1.1 200 OK
    Cache-Control: max-age=86400
    Connection: keep-alive
    Content-Length: 238
    Content-Type: text/javascript;charset=utf-8
    Date: Thu, 23 May 2024 13:35:11 GMT
    Expires: Fri, 24 May 2024 13:35:11 GMT
    Http_x_bd_logid: 2111041724
    Http_x_bd_logid64: 2111041550557917194
    Http_x_bd_product: map
    Http_x_bd_subsys: apimap
    P3p: CP=" OTI DSP COR IVA OUR IND COM "
    P3p: CP=" OTI DSP COR IVA OUR IND COM "
    Server: apache
    Set-Cookie: BAIDUID=82F630CD7B77FCE25CB5470CC2377664:FG=1; expires=Fri, 23-May-25 13:35:11 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
    Set-Cookie: BAIDUID=7EF09B9500849F44F1712597646EFFE9:FG=1; expires=Fri, 23-May-25 13:35:11 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
    Tracecode: 21110417241288513802052321
  • flag-hk
    GET
    http://api.map.baidu.com/getscript?v=2.0&ak=zufTp4dQ5373tKhW4KPC48wcWvomRCIA&services=&t=20240108120844
    Remote address:
    103.235.46.245:80
    Request
    GET /getscript?v=2.0&ak=zufTp4dQ5373tKhW4KPC48wcWvomRCIA&services=&t=20240108120844 HTTP/1.1
    Host: api.map.baidu.com
    Connection: keep-alive
    User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
    Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
    Accept: */*
    Referer: http://localhost/
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US
    Cookie: BAIDUID=7EF09B9500849F44F1712597646EFFE9:FG=1
    X-Requested-With: com.zlya.intfire
    Response
    HTTP/1.1 200 OK
    Cache-Control: max-age=86400
    Connection: keep-alive
    Content-Encoding: gzip
    Content-Type: text/javascript;charset=utf-8
    Date: Thu, 23 May 2024 13:35:11 GMT
    Expires: Fri, 24 May 2024 13:35:11 GMT
    Http_x_bd_logid: 2111402658
    Http_x_bd_logid64: 2111402882790315018
    Http_x_bd_product: map
    Http_x_bd_subsys: apimap
    Server: apache
    Tracecode: 21114026582593142794052321
    Vary: Accept-Encoding
    Transfer-Encoding: chunked
  • flag-hk
    GET
    http://api.map.baidu.com/?qt=verify&v=2.1&ak=zufTp4dQ5373tKhW4KPC48wcWvomRCIA&callback=BMap._rd._cbk46365&seckey=-1%2C-1&timeStamp=1716471308762&sign=3ce2e21124b3
    Remote address:
    103.235.46.245:80
    Request
    GET /?qt=verify&v=2.1&ak=zufTp4dQ5373tKhW4KPC48wcWvomRCIA&callback=BMap._rd._cbk46365&seckey=-1%2C-1&timeStamp=1716471308762&sign=3ce2e21124b3 HTTP/1.1
    Host: api.map.baidu.com
    Connection: keep-alive
    User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
    Accept: */*
    Referer: http://localhost/
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US
    Cookie: BAIDUID=7EF09B9500849F44F1712597646EFFE9:FG=1
    X-Requested-With: com.zlya.intfire
    Response
    HTTP/1.1 200 OK
    Cache-Control: max-age=86400
    Connection: keep-alive
    Content-Type: application/javascript;charset=utf-8
    Date: Thu, 23 May 2024 13:35:14 GMT
    Expires: Fri, 24 May 2024 13:35:14 GMT
    Http_x_bd_logid: 2114104519
    Http_x_bd_logid64: 2114104443863298314
    Http_x_bd_product: map
    Http_x_bd_subsys: apimap
    Server: apache
    Tracecode: 21141045193885119498052321
    Content-Length: 57
  • flag-hk
    GET
    http://api.map.baidu.com/images/blank.gif?product=jsapi&sub_product=jsapi&v=2.0&sub_product_v=2.0&t=38086810&code=5000&da_src=5000&device_pixel_ratio=1&platform=Linux%20i686
    Remote address:
    103.235.46.245:80
    Request
    GET /images/blank.gif?product=jsapi&sub_product=jsapi&v=2.0&sub_product_v=2.0&t=38086810&code=5000&da_src=5000&device_pixel_ratio=1&platform=Linux%20i686 HTTP/1.1
    Host: api.map.baidu.com
    Connection: keep-alive
    User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36
    Accept: image/webp,image/apng,image/*,*/*;q=0.8
    Referer: http://localhost/
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US
    Cookie: BAIDUID=7EF09B9500849F44F1712597646EFFE9:FG=1
    X-Requested-With: com.zlya.intfire
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cache-Control: max-age=86400
    Connection: keep-alive
    Content-Length: 49
    Content-Type: image/gif
    Date: Thu, 23 May 2024 13:35:14 GMT
    Etag: "660d9014-31"
    Expires: Fri, 24 May 2024 13:35:14 GMT
    Http_x_bd_logid: 2114102211
    Http_x_bd_logid64: 2114102270409656586
    Http_x_bd_product: map
    Http_x_bd_subsys: apimap
    Last-Modified: Wed, 03 Apr 2024 17:21:24 GMT
    Server: apache
  • flag-us
    DNS
    log.ys7.com
    Remote address:
    1.1.1.1:53
    Request
    log.ys7.com
    IN A
    Response
    log.ys7.com
    IN CNAME
    logcn.ys7.com
    logcn.ys7.com
    IN A
    115.238.23.23
  • flag-us
    DNS
    dlswbr.baidu.com
    Remote address:
    1.1.1.1:53
    Request
    dlswbr.baidu.com
    IN A
    Response
    dlswbr.baidu.com
    IN CNAME
    dlswbr.baidu.com.a.bdydns.com
    dlswbr.baidu.com.a.bdydns.com
    IN CNAME
    opencdnsslv6.jomodns.com
    opencdnsslv6.jomodns.com
    IN A
    125.74.1.35
    opencdnsslv6.jomodns.com
    IN A
    125.74.110.35
    opencdnsslv6.jomodns.com
    IN A
    171.214.23.35
    opencdnsslv6.jomodns.com
    IN A
    171.214.24.35
    opencdnsslv6.jomodns.com
    IN A
    175.4.51.35
    opencdnsslv6.jomodns.com
    IN A
    182.84.110.35
    opencdnsslv6.jomodns.com
    IN A
    182.106.158.35
    opencdnsslv6.jomodns.com
    IN A
    182.140.225.35
    opencdnsslv6.jomodns.com
    IN A
    183.61.177.35
    opencdnsslv6.jomodns.com
    IN A
    220.169.152.35
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.179.238
  • 172.217.169.10:443
    tls
    11.4kB
     240.3kB
     89
    178
  • 163.181.154.230:80
    http://gosspublic.alicdn.com/aliyun-oss-sdk-5.3.2.min.js
    http
    2.2kB
     107.8kB
     42
    78

    HTTP Request

    GET http://gosspublic.alicdn.com/aliyun-oss-sdk-5.3.2.min.js

    HTTP Response

    200
  • 103.235.46.245:80
    http://api.map.baidu.com/?qt=verify&v=2.1&ak=zufTp4dQ5373tKhW4KPC48wcWvomRCIA&callback=BMap._rd._cbk46365&seckey=-1%2C-1&timeStamp=1716471308762&sign=3ce2e21124b3
    http
    3.8kB
     81.4kB
     43
    68

    HTTP Request

    GET http://api.map.baidu.com/api?v=2.0&ak=zufTp4dQ5373tKhW4KPC48wcWvomRCIA

    HTTP Response

    200

    HTTP Request

    GET http://api.map.baidu.com/getscript?v=2.0&ak=zufTp4dQ5373tKhW4KPC48wcWvomRCIA&services=&t=20240108120844

    HTTP Response

    200

    HTTP Request

    GET http://api.map.baidu.com/?qt=verify&v=2.1&ak=zufTp4dQ5373tKhW4KPC48wcWvomRCIA&callback=BMap._rd._cbk46365&seckey=-1%2C-1&timeStamp=1716471308762&sign=3ce2e21124b3

    HTTP Response

    200
  • 103.235.46.245:80
    http://api.map.baidu.com/images/blank.gif?product=jsapi&sub_product=jsapi&v=2.0&sub_product_v=2.0&t=38086810&code=5000&da_src=5000&device_pixel_ratio=1&platform=Linux%20i686
    http
    1.0kB
     1.2kB
     8
    6

    HTTP Request

    GET http://api.map.baidu.com/images/blank.gif?product=jsapi&sub_product=jsapi&v=2.0&sub_product_v=2.0&t=38086810&code=5000&da_src=5000&device_pixel_ratio=1&platform=Linux%20i686

    HTTP Response

    200
  • 115.238.23.23:443
    log.ys7.com
    420 B
     7
  • 115.238.23.23:443
    log.ys7.com
    420 B
     7
  • 125.74.1.35:443
    dlswbr.baidu.com
    420 B
     7
  • 125.74.1.35:443
    dlswbr.baidu.com
    420 B
     7
  • 142.250.180.14:443
    tls, https
    858 B
     40 B
     1
    1
  • 142.250.179.238:443
    android.apis.google.com
    tls
    4.7kB
     8.9kB
     14
    22
  • 142.250.187.206:443
    640 B
     10
  • 125.74.110.35:443
    dlswbr.baidu.com
    360 B
     6
  • 125.74.110.35:443
    dlswbr.baidu.com
    360 B
     6
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    gosspublic.alicdn.com
    dns
    67 B
     143 B
     1
    1

    DNS Request

    gosspublic.alicdn.com

    DNS Response

    163.181.154.230
    163.181.154.229

  • 1.1.1.1:53
    api.map.baidu.com
    dns
    63 B
     110 B
     1
    1

    DNS Request

    api.map.baidu.com

    DNS Response

    103.235.46.245

  • 1.1.1.1:53
    log.ys7.com
    dns
    57 B
     93 B
     1
    1

    DNS Request

    log.ys7.com

    DNS Response

    115.238.23.23

  • 1.1.1.1:53
    dlswbr.baidu.com
    dns
    62 B
     297 B
     1
    1

    DNS Request

    dlswbr.baidu.com

    DNS Response

    125.74.1.35
    125.74.110.35
    171.214.23.35
    171.214.24.35
    175.4.51.35
    182.84.110.35
    182.106.158.35
    182.140.225.35
    183.61.177.35
    220.169.152.35

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.179.238

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.