Malware Analysis Report

2024-09-09 13:19

Sample ID 240613-ahtznawgla
Target a316ce65a53be706b5e89488824b1b11_JaffaCakes118
SHA256 5c5a19ae8705afaa77b5923a59f002945e886f45c40a24cca6e39ac3b40afc31
Tags
banker collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5c5a19ae8705afaa77b5923a59f002945e886f45c40a24cca6e39ac3b40afc31

Threat Level: Shows suspicious behavior

The file a316ce65a53be706b5e89488824b1b11_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Queries information about running processes on the device

Requests cell location

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current nearby Wi-Fi networks

Acquires the wake lock

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Queries information about active data network

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 00:13

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 00:13

Reported

2024-06-13 00:17

Platform

android-x86-arm-20240611.1-en

Max time kernel

176s

Max time network

131s

Command Line

com.yunva.yaya

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.yunva.yaya

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 rqd.uu.qq.com udp
HK 43.135.106.212:80 rqd.uu.qq.com tcp
US 1.1.1.1:53 bbs2.yunva.com udp
US 1.1.1.1:53 aya2.yunva.com udp
US 1.1.1.1:53 hmma.baidu.com udp
HK 103.235.47.161:80 hmma.baidu.com tcp
US 1.1.1.1:53 version.yunva.com udp
US 1.1.1.1:53 cgi.connect.qq.com udp
HK 43.154.252.110:80 cgi.connect.qq.com tcp
HK 43.154.252.110:443 cgi.connect.qq.com tcp
US 1.1.1.1:53 data.iapppay.com udp
KR 192.186.12.154:8083 data.iapppay.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp

Files

/data/data/com.yunva.yaya/databases/bugly_db_-journal

MD5 b109dd0cedfbcc3112e83c2cad554981
SHA1 6cfe84b488e6ed409bb93a777ed8d8085d03f38d
SHA256 de2d61b53ad70ec6bbf083b74a290395b117253f55dabe3ffe40dd6390fac06e
SHA512 4ba35d2ec7fbd93e04af563e250009de55b1dac4da328957120a77719aa96ec54bfeeb2ad2167baacbee747e3f6e60849377258513b8f07e56a6342b5636cb9d

/data/data/com.yunva.yaya/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.yunva.yaya/databases/bugly_db_-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.yunva.yaya/databases/bugly_db_-wal

MD5 eb3e759118b69ef0379d55ee0c45908b
SHA1 897b9d303a4e0818a13889be04e961af8fc5f8a3
SHA256 8c42d467d6f505f9ed8135e7c8f05739d2a44745ec6af976391e3554e028087c
SHA512 a6f8737e2146fda37b220b81a88f626c7bc3fd63784970cef3a9e8c2eeb6deeb84229d92af53dbc0e232a5016eff57ad4e157f1fd86ad99e3ed834a6835d82f9

/storage/emulated/0/Android/data/com.yunva.yaya/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/storage/emulated/0/backups/system/.confd-journal

MD5 33f6af78ee085ba3d9fa45b5e1c65eb4
SHA1 a2bd843ef9252f7a517cabf289c09ea1fd205e00
SHA256 844b4c0d69adb67497f678cdb8626910b9e9ec84d5adccc24aa7b9e3967dfef5
SHA512 a96445df195f9ddca765974b924c247ee0d29e4a166b91a3a9d5e2525598aa197ee573c6562cf9acd195786b63659745ba52b900fac4b305477711281e47d977

/storage/emulated/0/backups/system/.confd

MD5 048c73f536f234f0ad0d2fa8bdbda899
SHA1 dba2e666721e0b0988807b8bb3ce0452dad3448c
SHA256 f1a64586ce75e770e2f36a7ef6f7419e26ebb9e9e786df3c5adce50a196d2d07
SHA512 6ae398c682724f0008ce47cfc790a7ad3dd7cc801fb3a8a692d28da5533ea7ed830ea36933bd3e3219fc8cbade90f073c2c418611921bc7d6877d94b6745c4f0

/data/data/com.yunva.yaya/files/libcuid.so

MD5 b2f38d7f785329b1c1de7549ccf6c330
SHA1 783f2a39564f9dbf4e07ac0dd79f74568596be1c
SHA256 e3e33b4a9cad8a399cd185bc399849b7a1d9a010a0975edf5de8bbf5a3389871
SHA512 7d2482b278e724a4db115bf084ad4bb909c1c26a512b39e79b6e14436eac33f515eba243f1a535c61fe1ed98eae323b5f149694358e84672204fb2a98514fc1f

/storage/emulated/0/backups/system/.confd-wal

MD5 46ef63537b78a38c90df2b996ef81c2b
SHA1 a9ea9964786ea9238517a0af85a46a798c0ec71c
SHA256 e1362b3c2d31964ddfe7cbc0fbd54c32d42796d158316ce8846f70f9dc555bef
SHA512 52d28d3b40b483983d2145d90abfa84305d8f7645af02e35498c2468827d1f0242d3e9b4e11c5d89cfc5d19877de7f41c24add104a17075d9444b72b4554eaaf

/storage/emulated/0/backups/.SystemConfig/.cuid

MD5 95bcb6465dbf94a689a73a842d941e0b
SHA1 8b1c74a84a19986ca749d658cf99b4db9387f857
SHA256 6c9d2cbb6fa9ce43f67876b5a6ad456029dd0c6be46b6d3e0e45f8c4cde2206c
SHA512 5ad26408704fd1410a7f17aa9a12ffb9f8efba1ebc592b351627328233fc266f84f7cd13655809b005e51ee333309be7d3bc037ce1e7590d12a7c3e86ef9a893

/data/data/com.yunva.yaya/files/__local_stat_cache.json

MD5 cc6139825b3159a15faf892fbceb19c8
SHA1 6e0cab833ca249fb26cc80ac295b1708f90e3d62
SHA256 e8ba438c6d403e50b014849aae7da89afba7eba168de1635baa20a78b8ca0207
SHA512 6aad8931b2b2db04b8c9d2ca4c4bd2c223ffa1d8c0689e982ff9dc699f6b8f8e09afcb0ac0b6d1a6d3f87bc87fd0ba7e4986c00ad990213fc8dd86eb6304fc4c

/data/data/com.yunva.yaya/files/__local_ap_info_cache.json

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/storage/emulated/0/backups/system/.timestamp

MD5 64b301003694a76cdf98b981599acd6a
SHA1 ee8adb2e589671477e843218a2a41481ad94b34d
SHA256 3c76c0461d1f10f62dbedfdc558b6b8bc535425898121f4a75c4c54fe869e502
SHA512 cb90eb4bcedcc52cdd822f844017d51a39cd6c93e39b6547c1ead588103cf119ef720ee7048573ba7d2c2630517109d46c936458425c7b28e262c3989f2084a0

/data/data/com.yunva.yaya/files/__send_data_1718237661674

MD5 a736eb7123ccbb7483746e5b29979b8a
SHA1 24ac8b47452ed5e89aad190af6b578f076119ae7
SHA256 0d24e3b9fd2a2c338713a571eaf2c14a772ef711efd5f599409a76be0a25a0e9
SHA512 d35f771fc72a1b108f845b0647dc6841dc0ca9853e30705f4154468c715be0490bf50ea0672c97a565ae2bcd3de75b1b61198f5413e8440336dc5427e099a0c9

/storage/emulated/0/backups/system/.confd-wal

MD5 e67289b3fcb62c258e52befc5148c04f
SHA1 907a080b1552f45d1bb8313b1d84040a00f01134
SHA256 e91417c9d53e77faddba8dee34fe05023eb5e5335df4bb67f845539a8d225097
SHA512 6c48e5bcf2957b5a55dad410ab7659f3b00fe091dfd0fe3ba7cc811f41f904edefd81da453767c04fadd02d204cd90d4668d4d53cf5638aa0e1100650361d25f

/storage/emulated/0/backups/system/.confd

MD5 55923621b66b89d2bcb3226796538513
SHA1 c24904af6bf2db5a2269f187e02c87ab669de605
SHA256 2cc715954d142a0570ae0076302b838abf36d79d490a57276d4abe86ee0f1fa6
SHA512 ccd5c705840da97b877966fc02acdaab17cc0370e291eb7b38a9dd94a9107300bf6b74353a9512307fce1c9166b1576732b326e313cdd8fab1517e9e2f278859

/storage/emulated/0/backups/system/.confd-wal

MD5 72c1b7b1db56225605c23ee77b94d2ca
SHA1 079364695d465676d99d5339094b6c64f9a98506
SHA256 0ab163541966219ab7065bdd3c1db93850b19ea19a2b9e2d92e1d958b7e5c225
SHA512 7fbdca57c03fe3a8b50b05b8543f8c184fb6869760aea434dbcef9e4b5421bf9929455fd6b54e7eae53c4c092d68bbe0693b77561537d50b047ce60a9a9693ff

/storage/emulated/0/backups/system/.confd

MD5 b588e2490bcce471506ee6753ce4bf63
SHA1 3420e6a0337dbe618b2c16c66b86c8f0f2237dce
SHA256 f5cf0d292b2f3327cb1d33835fe05fd9f805090615df7e22341b1a060ce74e59
SHA512 f66c61ddfecad4d50cc8a16a03ef09b71033fb9ae24368ef9f2c9cef34f54324471c67205244ed9b729a651ba5d23b814b9f0c23a10d7e4317425fa4f98b1038

/storage/emulated/0/backups/system/.confd-wal

MD5 37c932f7d42b63600a67915fdcb2899f
SHA1 10a302a3e5ce5e804e76cc98b94a20f054296870
SHA256 1989a05bf38b3d9cb2b16670412b4088c31a57b46b6bc0a92c0cb2ef5a4b6035
SHA512 87fb246c5761cbabd653fe6c24d1af141843a2dde006857bfa796dd6e9142ae140542c04065c7d2d51744dce75b8b9b9bc79dede3a7d90caf8355cc0b03b9ea6

/data/data/com.yunva.yaya/files/__local_last_session.json

MD5 ead8c33869abe4ae107bd95f26a9fc57
SHA1 2d3ff32a1c1c92362ca153edb042c583747b6505
SHA256 ae7e106c37e66f4766d43ede9e381c04c5c99336614ece3811c11c912a824878
SHA512 928dbee27c9170b463ef1e7dafe3a3bbe7e83a975d9dcb127f31b24b3dce91e232b58a6ab5961cb19d4de6d22f5519285fb52af746c6c43e77366a8beec03444

/storage/emulated/0/backups/system/.confd

MD5 554d618e18bdc2c6058d55f9c03de905
SHA1 91b10f69cfdc4fa38e21e699fb9760ebb929a993
SHA256 0b4e5f4be837ce483a8713379190142886494df9b395ddce3affe7ae691d49d0
SHA512 ded5e87d33e41d25df7bedcbf0c49d3d57810da5097c3f8d68b5a3923a73cecb056fcc0b41094e468fd693569974d65f07f84b27cff2345f9790607e515f9945

/storage/emulated/0/backups/system/.timestamp

MD5 3bea36a1ec9f2f0899674125ec17500a
SHA1 032a7f7bd72ccb2c749290629772458519a682ed
SHA256 c71dead98b1433ae1ef9a46cd169f60a8e96478307e8e595a5c34ce6751db88e
SHA512 86953bb8bb69b673e3713c73d2b4313f5e4851a25e5699f0391e49845cce657e088baaa21922fe32f8c98e0911c07d816e03c8f7e1fdf1ba8d83e12d6854bbe1

/storage/emulated/0/backups/system/.confd-wal

MD5 c73887bc0c3f920396bcd072c15f14b9
SHA1 9de2bc431ad8b841ed2eebabf75afab9163034d6
SHA256 cb3c22e7f5ff3f838a55d65faa3432086114b421442d5e40b54d1999fad25f74
SHA512 340655b9e4268e7e06b795250b515ed5fd39b25d66cbc3b1f07cf40ff379a036f87f622a3d2e7a9cc940405ac788d37cbfb9e12cc42eb5f9d2d6d574e9124237

/storage/emulated/0/backups/system/.confd

MD5 fa8659431632b78f04c2cc6e56b740f6
SHA1 7e4a7d900d7c796b1b8b441a0a2c60eef347d306
SHA256 68743edb0d68b93105abe9eaa8cd8220389f0401e2b9bbd0575199b82826e5de
SHA512 80da6b9a31f03480598eeaefa1b3349a5b7df55ed8038aae1da713b3919d3aef12d78c6d6fbadaeca44e7b6cbedafe12212f44c5aeb83a66b3fd3505b724f9bf

/storage/emulated/0/yaya/uuinfo/phone_uuid.tmp

MD5 4bcc8d24991f1a5bc0c02aaf04154896
SHA1 3caf2c7c3a59842c53c9f7bdf1828f30740143e9
SHA256 4e9abf29174c587de2f51cf91a92717f76a8bc0b7f11016ea842c115082573c4
SHA512 4d62b7ad29cd33ae2b0f7337d3a52b797c9cbe41b88864c423bce9ee3036cbff5f26aff14cd52d585b9f584e40871f9b70ae53fa8ff5519d1d76e7889a8bc150

/data/data/com.yunva.yaya/databases/tencent_analysis.db-journal

MD5 557962e881c095a5445422b66df3b361
SHA1 ec546f57a36aa5b26ba2dae1acd9442b766ede3d
SHA256 744a098b1a65c6a9a6a2ebf3cd6a5980d7b3886e620c578a02c2b5009aff8896
SHA512 b1b28ef9db5419808ef8bcf287322f5467f92d8fb817a4bc541adfe065df279c081de33fe4cb0b9570dfd63447ed763c0e702109a9d8a704f43a64da05355228

/data/data/com.yunva.yaya/databases/tencent_analysis.db-wal

MD5 5770dfa7f6e75e489d9cb4f2f8dce72c
SHA1 e04b306e455b26b70e77e8432725c9ad4f2bdb4a
SHA256 0951a3e907676041bc177fb3a51ac4e3a2cc897fbf4175b52d537f4afc6476ca
SHA512 793a593a0a5ab3ec5480f25d3e76ea58a0ab3d91fa354945074cb5d5c39f4ddb4f0803b53fd7b582631f0db59c63029a05b8b02d787e58acdf3220d256c0763f

/storage/emulated/0/iapppay/statistics/com.yunva.yaya/statistics.log

MD5 e5ab550f1c9c0adea7af3ba8acbad260
SHA1 51d9fc07514d5e39c7e98b0e3021b1aed26761fb
SHA256 f64ff8aebc64e5851c1d893d0675275fe2ed25c001a57fa823988bb59025ac32
SHA512 44fd650e549c7ba57771b8489c51843dbdf82dc5e9e006d64956c5ced451950867a570f452a178ea8feed2d301921f0895c3113c8abeced2296b7baee3e6418d

/data/data/com.yunva.yaya/files/com.tencent.open.config.json.101046990

MD5 f526172de1566b34fdcea744710d9559
SHA1 000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d
SHA256 8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940
SHA512 dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

/data/data/com.yunva.yaya/databases/evernote_jobs.db-journal

MD5 7059ee8d1339bc48f3117a2281c4632a
SHA1 178eced83e42c599413df6307b9ec40cc2229770
SHA256 597b768de21ed3e8a077e509305322e4d38c9ece22feed848b1cf70e7c787062
SHA512 4890857eb0087f5a4bd944800e8606d1674696be3149f4c660081d4298278d5256776e4e358be2badb3ad8bf2b984ab2cf05454c4cc95258306d60301e578140

/data/data/com.yunva.yaya/databases/evernote_jobs.db-wal

MD5 e17370659ca4e8dedd1d0a1e0fc25e35
SHA1 e2addb5f81dd504d7f18236fa9f8549f99d3af2b
SHA256 b81288ce50146c8adb1f198dc8bbe5708b9f08ba4f0ab3155b4880596400ac8f
SHA512 6eea1521eaafb6791af09e019ff904ed5e74335f38fc0a9008217210375c728bf61963baa40c2bc9e13691aad6959064b8c9248fd483ccbb01df3a149133974f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 00:13

Reported

2024-06-13 00:17

Platform

android-x86-arm-20240611.1-en

Max time network

157s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 00:13

Reported

2024-06-13 00:17

Platform

android-x64-20240611.1-en

Max time network

148s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 142.250.200.42:443 tcp
GB 172.217.16.234:443 tcp
GB 142.250.200.42:443 tcp
GB 172.217.16.234:443 tcp
GB 216.58.204.78:443 tcp
BE 74.125.133.188:5228 tcp
GB 216.58.204.74:443 tcp
GB 216.58.201.106:443 tcp
GB 216.58.201.106:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp
GB 172.217.16.234:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.212.202:443 tcp
GB 142.250.180.3:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
US 1.1.1.1:53 g.tenor.com udp
GB 216.58.212.202:443 g.tenor.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 142.250.178.10:443 mdh-pa.googleapis.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-13 00:13

Reported

2024-06-13 00:17

Platform

android-x64-arm64-20240611.1-en

Max time network

179s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.187.206:443 tcp
BE 142.251.5.188:5228 tcp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 142.250.178.10:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 216.58.213.1:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 142.250.187.225:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 142.251.5.84:443 accounts.google.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 216.58.212.202:443 mdh-pa.googleapis.com tcp

Files

N/A