Malware Analysis Report

2025-01-19 05:04

Sample ID 240605-vmdhpace9t
Target 98b61b4c66d6c05131d59792cc364c66_JaffaCakes118
SHA256 23375e855f92a3bbee249d859df8b2c79a47eb3bb4dac0eefb51f83e0ba73985
Tags
banker collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

23375e855f92a3bbee249d859df8b2c79a47eb3bb4dac0eefb51f83e0ba73985

Threat Level: Shows suspicious behavior

The file 98b61b4c66d6c05131d59792cc364c66_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks Android system properties for emulator presence.

Queries information about running processes on the device

Requests cell location

Reads the content of the SMS messages.

Reads the content of SMS inbox messages.

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 17:06

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 17:06

Reported

2024-06-05 17:09

Platform

android-x86-arm-20240603-en

Max time kernel

37s

Max time network

180s

Command Line

com.zoc.dktowj

Signatures

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.zoc.dktowj/files/pu/SyxJwdUAf.jar N/A N/A
N/A /data/user/0/com.zoc.dktowj/files/Plugin2.apk N/A N/A
N/A /data/user/0/com.zoc.dktowj/app_dex/utopay.jar N/A N/A
N/A /data/user/0/com.zoc.dktowj/files/yl_plugin.apk N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of SMS inbox messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/inbox N/A N/A

Reads the content of the SMS messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/ N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.zoc.dktowj

getprop ro.product.cpu.abi

getprop ro.product.cpu.abi2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 app.jtmtht.com udp
US 107.178.223.183:89 app.jtmtht.com tcp
US 107.178.223.183:89 app.jtmtht.com tcp
US 107.178.223.183:89 app.jtmtht.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 107.178.223.183:89 app.jtmtht.com tcp
US 107.178.223.183:89 app.jtmtht.com tcp
US 107.178.223.183:89 app.jtmtht.com tcp
CN 120.55.89.238:8977 tcp
US 1.1.1.1:53 passport.migu.cn udp
US 1.1.1.1:53 sdk.qipagame.cn udp
CN 112.25.126.116:80 passport.migu.cn tcp
US 1.1.1.1:53 jx.hamofo.com udp
US 1.1.1.1:53 xiafa.hamofo.com udp
US 1.1.1.1:53 zyin.bjmcmj.cn udp
US 1.1.1.1:53 vpay.api.eerichina.com udp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 120.55.89.238:8977 tcp
CN 112.25.126.116:80 passport.migu.cn tcp
CN 116.62.54.183:9004 tcp
CN 115.159.152.136:8090 tcp
US 107.178.223.183:89 app.jtmtht.com tcp
CN 116.62.54.183:9004 tcp
US 1.1.1.1:53 v3.utopay.cn udp
US 1.1.1.1:53 p1.ilast.cc udp
US 3.237.86.197:80 p1.ilast.cc tcp
US 1.1.1.1:53 log1.ilast.cc udp
US 3.237.86.197:80 log1.ilast.cc tcp
GB 216.58.201.110:443 tcp
GB 142.250.187.194:443 tcp
US 107.178.223.183:89 app.jtmtht.com tcp
US 107.178.223.183:89 app.jtmtht.com tcp
US 107.178.223.183:89 app.jtmtht.com tcp

Files

/data/data/com.zoc.dktowj/files/pu/SyxJwdUAf.jar

MD5 acc3e349cee0a5faf192399dfb733a63
SHA1 8835c70383bd730b776543b13d39f9da162b969d
SHA256 c11420d1589c524341296b0f4e48d26d8a8ec40a1c3b70eae09af8871798f34f
SHA512 5dc0064cb61b3127efb2540befe93ce946464ade632937060ca62f2a7bc539550ea03686657e15a972a8fc7eae762c488905368e1ab024525f59bc5985d83723

/data/user/0/com.zoc.dktowj/files/pu/SyxJwdUAf.jar

MD5 d1e2758aad333705aec8379bc1cb960e
SHA1 895f26303c024d1b2e248ad92050a0bb994e9af6
SHA256 ab29174673032abeecf1949eb353d692e8d70650911a83053510efc25c6bca05
SHA512 bff553cd969abbb29710be2aa0bc3bbd1bae6246f0eb678d5d84cdfbaf090b1a8def36d4b4a95e333d39106c98f65a18632385d0bd5c26c6579dcbf180133997

/data/data/com.zoc.dktowj/databases/740410100062013-journal

MD5 482ad01a361a56ffe0cf2bca59381e46
SHA1 8b15eacf8d177b4c1497d9ec4e9b6c07f4338f9b
SHA256 1da4f8198331e3af0399f7c111dbeb263c7ac7f8d813a396a0d12187be951aa5
SHA512 0f5f331b6df2082817c2310d160cd86652bcb79c642317aa618b3410fcfba2f2037c402cd9089577c3fbf01ddb765a3580ff19acfd67397bcf09be73169f9ce1

/data/data/com.zoc.dktowj/databases/740410100062013

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.zoc.dktowj/databases/740410100062013-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.zoc.dktowj/databases/740410100062013-wal

MD5 69c252e63fccd119cc5dc3b8fbc83b82
SHA1 004e91d2f7377098bd1362bd9d21c29429d39bdc
SHA256 3fbca5729526da804848fb4f173faf1c4fea81f3ab2eb1bb9811161d1ae392d7
SHA512 3f890b9364de1d75ddac6afad384c995141d85df57e09cf473d49638976c01d9c68cf42dcce61cc13a87cbb196ea6e7b9ee5c1a09eb270e4df8a1189f7af71cf

/data/data/com.zoc.dktowj/files/Plugin2.apk

MD5 3d216f8fddb9705a6720a285475837f1
SHA1 f053d23b284bfe2faf6e76d353ff052471e2de2c
SHA256 de7bf40574754a5144fa5cf3bc5e97f7adc7f5abebb18c41e8f0631917db4c0c
SHA512 38be39da8f96abc87109cfd57b2d63ddfa72971f023024a5b4ce1f97cd905a96a94e19eea19ae9b745f28d02c6689a4473627ce57ec85dce2018a77e699620cb

/data/user/0/com.zoc.dktowj/files/Plugin2.apk

MD5 2a425e0fae74f20a2c475da937a619a2
SHA1 4d701c7e6d828aa96ba8a493720e7282c49ec741
SHA256 2c61a25f1ad5783bf82eea9faa2536cac4788ed3147bc1864d9ef17ea01be6a7
SHA512 44c8d2a837b606de99055badbd4b5e708424ca9809b1583d13aefadc4d4af974658dc3a3f179fc3047eef7167151c638ff66dd6c8d38121b6ecdfb464d2a5a60

/data/data/com.zoc.dktowj/databases/wochi_v4.db-journal

MD5 9fcb43f8e56d68ab6a92e05217ad7038
SHA1 1345f498ff64e7c66c525ff95e8e7523675fd923
SHA256 49e0b6314c1204bec3d51bee2d65799a91f29d10a2bb2cf7ee9e4613ba076fa3
SHA512 3f388b2bdcf67d53fa6d5e74c30c17a11a58dab65e4805656011a3f653dab8f4569fac5d2a1d452ffb5d165bd8c3841f42fb53a9b29255ae87dfd4f00dec1265

/data/data/com.zoc.dktowj/databases/wochi_v4.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.zoc.dktowj/databases/wochi_v4.db-wal

MD5 469f9842602e916a2c5292eb52bfa096
SHA1 12ee14d8f29f2902e180031c017e9974cfc5405e
SHA256 d8c6c11a0ee087156dfe8926045b3828e0852cdc212a122a9f7ff8f3187dd755
SHA512 af1bb8fbdd8fd6eba3f27308d2be536bf3225db735bb0078520d0f1831ad5f74e99a12079d7da3c05278270c6d25216adf955956b375a7d53cd33d1d52ef3751

/data/data/com.zoc.dktowj/app_dex/utopay.jar

MD5 eb6089c1acfa9f12535e533aebee845e
SHA1 165e39ee07dcd9ed00fc2dc1ff466bc1d6b813c9
SHA256 b825cde84e3dddfc147c71265d2259c422d51a7e56d1dcdba1321e3119b1df07
SHA512 5b1bc26bcbcf05fc331865fb4dd572b673a52650d68ab4d9b028ea15219e0d93c1ec17996953436801913388d78e25c67ea33aa93544d65e96a799eb06cc70f5

/data/user/0/com.zoc.dktowj/app_dex/utopay.jar

MD5 5220524411d0bacd600da60814d1ee9f
SHA1 fef7210ff44e757328bc0ff7aae7bb2191cbf634
SHA256 6286a800597b845785eb664710253ebd20771737dddd5b80067e0e9d37c804b2
SHA512 b2d8af5019c176d682634747d83320e609fb6122ef850f4069a0c78c2415d242087099cf60ecb03039a9ab71902a4e3b22e9cf144de89e506991fb93280f6a5f

/data/data/com.zoc.dktowj/files/yl_plugin.apk

MD5 5a4c666b43ee7f2b6995aaf3527e4a4d
SHA1 b205bcb022797f3b16635db139c7524c0c388adc
SHA256 05eb3e1ca331b8c6a1f60f92abb2bddbac54a7b2c229ac07bf26c756297fe72a
SHA512 c84fceddbf9928110fc3b85e0989b9cedd06383007ff99dea5a25096d8f892ab52d30ed9b52b72211449041f1274ead85bb42929ec269b58b6b0e616a8545e17

/data/user/0/com.zoc.dktowj/files/yl_plugin.apk

MD5 918890b3fc5a3dc184a57d027ead24da
SHA1 c638f375f49bc4731b633bdc001aeeadf9462039
SHA256 57d03ac2189851d5069515da6997e12ca307c145aa21679da001477df5f81836
SHA512 fd9bfe41ce4041dc8c7db17df2a2164a24ea96372c212399c499f94d1fb7d95d430b8a7eb86041b9b2db88dfca0cf39e53cba2dad1e346aebed29e4ca5deb2ef

/data/data/com.zoc.dktowj/files/log.dat

MD5 ff9229f8e7c92d44d48e25206d43b021
SHA1 be3d75050c16c5b7484652ba292fdd6510f205d3
SHA256 77fc3599be409f7e73e643de843c0ebcfa20662964c498fc59e245c7f5e003a2
SHA512 be7b3aa8d670a2873c6b7bfd4ca93121fd2450723cbbc36d9d06d152fafa3ce90451f0a60ab56bc96bccb81cf5aae0167b404073db14dc17b9513ac73d455c58

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 17:06

Reported

2024-06-05 17:06

Platform

android-x86-arm-20240603-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-05 17:06

Reported

2024-06-05 17:06

Platform

android-x64-20240603-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-05 17:06

Reported

2024-06-05 17:06

Platform

android-x64-arm64-20240603-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp

Files

N/A