5148ac15283b303357107ab4f4f17caf00d96291154ade7809202f9ab8746d0b

Analysis

max time kernel
175s
max time network
181s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
25/06/2024, 01:24 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5148ac15283b303357107ab4f4f17caf00d96291154ade7809202f9ab8746d0b.apk
Size

8.5MB
MD5

4a40410e3ed082aa20d4eaa508ed451d
SHA1

ace5a4e3ab9a2d25ce475ef88ddc1d3a27cacb9e
SHA256

5148ac15283b303357107ab4f4f17caf00d96291154ade7809202f9ab8746d0b
SHA512

3e987d73dc8ae629798263478540dc7d066716df6aa7dba54151147c026a7178c92e3934deb0959d348913fdc8a0e6e70591cebd4eb30a20ffd1d515ff27d409
SSDEEP

196608:z/Xt8rpEImj6nR78YHMTJ2+dMwC+dMwU+dMwg+dMws+dMwi:zvApC6R78YY2qMwCqMwUqMwgqMwsqMwi

Score

8^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.velociraptor.raptor

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.velociraptor.raptor

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.velociraptor.raptor

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.velociraptor.raptor

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.velociraptor.raptor

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.velociraptor.raptor

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.velociraptor.raptor

com.velociraptor.raptor
1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Makes use of the framework's foreground persistence service
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4960

Network

DNS

www.revdl.com

Remote address:

1.1.1.1:53

Request

www.revdl.com

IN A

Response

www.revdl.com

IN A

104.21.70.39

www.revdl.com

IN A

172.67.219.112
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.200.8
DNS

static.cloudflareinsights.com

Remote address:

1.1.1.1:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.80.73

static.cloudflareinsights.com

IN A

104.16.79.73
DNS

challenges.cloudflare.com

Remote address:

1.1.1.1:53

Request

challenges.cloudflare.com

IN A

Response

challenges.cloudflare.com

IN A

104.17.2.184

challenges.cloudflare.com

IN A

104.17.3.184
DNS

semanticlocation-pa.googleapis.com

Remote address:

1.1.1.1:53

Request

semanticlocation-pa.googleapis.com

IN A

Response

semanticlocation-pa.googleapis.com

IN A

142.250.179.234

semanticlocation-pa.googleapis.com

IN A

142.250.200.42

semanticlocation-pa.googleapis.com

IN A

142.250.187.202

semanticlocation-pa.googleapis.com

IN A

216.58.204.74

semanticlocation-pa.googleapis.com

IN A

216.58.212.234

semanticlocation-pa.googleapis.com

IN A

172.217.169.10

semanticlocation-pa.googleapis.com

IN A

172.217.16.234

semanticlocation-pa.googleapis.com

IN A

142.250.187.234

semanticlocation-pa.googleapis.com

IN A

142.250.178.10

semanticlocation-pa.googleapis.com

IN A

142.250.180.10

semanticlocation-pa.googleapis.com

IN A

216.58.201.106

semanticlocation-pa.googleapis.com

IN A

142.250.200.10

semanticlocation-pa.googleapis.com

IN A

216.58.213.10
DNS

www.districtjudiciarycharsadda.gov.pk

Remote address:

1.1.1.1:53

Request

www.districtjudiciarycharsadda.gov.pk

IN A

Response

www.districtjudiciarycharsadda.gov.pk

IN CNAME

districtjudiciarycharsadda.gov.pk

districtjudiciarycharsadda.gov.pk

IN A

65.108.233.244
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 242
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:25:25 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:25:25 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:25:29 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:25:34 GMT
Server: Apache
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:25:39 GMT
Server: Apache
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:25:44 GMT
Server: Apache
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:25:49 GMT
Server: Apache
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:25:54 GMT
Server: Apache
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:25:59 GMT
Server: Apache
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:26:04 GMT
Server: Apache
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:26:09 GMT
Server: Apache
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:26:14 GMT
Server: Apache
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:26:19 GMT
Server: Apache
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.16.238
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:26:24 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:26:29 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:26:34 GMT
Server: Apache
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:26:39 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:26:44 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:26:49 GMT
Server: Apache
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:26:54 GMT
Server: Apache
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:26:59 GMT
Server: Apache
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:27:04 GMT
Server: Apache
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:27:09 GMT
Server: Apache
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:27:14 GMT
Server: Apache
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:27:19 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:27:24 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:27:29 GMT
Server: Apache
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:27:34 GMT
Server: Apache
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:27:40 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:27:44 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:27:49 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:27:54 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:27:59 GMT
Server: Apache
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:28:04 GMT
Server: Apache
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:28:09 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
POST

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

Remote address:

65.108.233.244:443

Request

POST /assets/test/test/public/commands.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Host: www.districtjudiciarycharsadda.gov.pk
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

Response

HTTP/1.1 200 OK

Date: Tue, 25 Jun 2024 01:28:14 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8

104.21.70.39:443

www.revdl.com

tls

20.9kB
280.3kB
174
239
142.250.200.8:443

ssl.google-analytics.com

tls

1.3kB
5.8kB
8
7
104.16.80.73:443

static.cloudflareinsights.com

tls

1.9kB
13.0kB
16
17
104.17.2.184:443

challenges.cloudflare.com

tls

1.9kB
18.6kB
16
23
65.108.233.244:443

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

tls, http

1.8kB
5.2kB
13
11

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200
65.108.233.244:443

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

tls, http

6.7kB
8.7kB
35
23

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php
104.17.2.184:443

challenges.cloudflare.com

tls

74.9kB
436.4kB
170
371
142.250.200.46:443

tls, https

857 B
40 B
1
1
172.217.16.238:443

android.apis.google.com

tls

4.7kB
8.7kB
14
22
142.250.187.228:443

tls, https

491 B
40 B
2
1
142.250.187.228:443

www.google.com

tls

8.7kB
7.9kB
25
36
65.108.233.244:443

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

tls, http

2.7kB
1.9kB
14
11

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php
65.108.233.244:443

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

tls, http

4.9kB
3.4kB
24
15

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php
65.108.233.244:443

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

tls, http

3.2kB
2.3kB
16
12

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php
65.108.233.244:443

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

tls, http

2.3kB
1.6kB
12
10

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php
65.108.233.244:443

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

tls, http

3.2kB
2.3kB
16
12

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php
65.108.233.244:443

https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

tls, http

1.8kB
1.4kB
9
6

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

HTTP Request

POST https://www.districtjudiciarycharsadda.gov.pk/assets/test/test/public/commands.php

HTTP Response

200

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

www.revdl.com

dns

59 B
91 B
1
1

DNS Request

www.revdl.com

DNS Response

104.21.70.39

172.67.219.112
1.1.1.1:53

ssl.google-analytics.com

dns

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

142.250.200.8
1.1.1.1:53

static.cloudflareinsights.com

dns

75 B
107 B
1
1

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.80.73

104.16.79.73
1.1.1.1:53

challenges.cloudflare.com

dns

71 B
103 B
1
1

DNS Request

challenges.cloudflare.com

DNS Response

104.17.2.184

104.17.3.184
1.1.1.1:53

semanticlocation-pa.googleapis.com

dns

80 B
288 B
1
1

DNS Request

semanticlocation-pa.googleapis.com

DNS Response

142.250.179.234

142.250.200.42

142.250.187.202

216.58.204.74

216.58.212.234

172.217.169.10

172.217.16.234

142.250.187.234

142.250.178.10

142.250.180.10

216.58.201.106

142.250.200.10

216.58.213.10
1.1.1.1:53

www.districtjudiciarycharsadda.gov.pk

dns

83 B
113 B
1
1

DNS Request

www.districtjudiciarycharsadda.gov.pk

DNS Response

65.108.233.244
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

172.217.16.238

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.velociraptor.raptor/cache/cache_an/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response