Analysis Overview
SHA256
2a9287911eea92821cdf5cbe945605ce2f654308c48fe213d271cfabb7f528c0
Threat Level: Shows suspicious behavior
The file app-release.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Queries information about active data network
Requests dangerous framework permissions
Legitimate hosting services abused for malware hosting/C2
Checks CPU information
Checks memory information
MITRE ATT&CK
Enterprise Matrix V15
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-01 22:08
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-01 22:08
Reported
2024-07-01 22:18
Platform
android-x64-arm64-20240624-en
Max time kernel
429s
Max time network
474s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.admin.minecraftjavaeditionapk1208021downloadforandroid
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ads.webintoapp.com | udp |
| US | 34.30.128.92:443 | ads.webintoapp.com | tcp |
| US | 1.1.1.1:53 | install.webintoapp.com | udp |
| US | 34.30.128.92:443 | install.webintoapp.com | tcp |
| US | 1.1.1.1:53 | modfyp.com | udp |
| US | 104.26.12.32:443 | modfyp.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 1.1.1.1:53 | ajax.googleapis.com | udp |
| US | 1.1.1.1:53 | images.dmca.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 1.1.1.1:53 | static.cloudflareinsights.com | udp |
| US | 1.1.1.1:53 | static.addtoany.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| GB | 143.244.38.136:443 | images.dmca.com | tcp |
| GB | 143.244.38.136:443 | images.dmca.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.22.71.197:443 | static.addtoany.com | tcp |
| US | 104.22.71.197:443 | static.addtoany.com | tcp |
| US | 104.22.71.197:443 | static.addtoany.com | tcp |
| US | 1.1.1.1:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 1.1.1.1:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.169.1:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.okay.cz | udp |
| CA | 23.227.38.74:443 | www.okay.cz | tcp |
| US | 1.1.1.1:53 | csi.gstatic.com | udp |
| US | 172.253.127.120:443 | csi.gstatic.com | tcp |
| US | 1.1.1.1:53 | cdn.shopify.com | udp |
| CA | 23.227.60.200:443 | cdn.shopify.com | tcp |
| CA | 23.227.60.200:443 | cdn.shopify.com | tcp |
| CA | 23.227.60.200:443 | cdn.shopify.com | tcp |
| CA | 23.227.60.200:443 | cdn.shopify.com | tcp |
| US | 1.1.1.1:53 | insiacare-shopify.hurass.cz | udp |
| US | 1.1.1.1:53 | shop.app | udp |
| CA | 23.227.60.200:443 | cdn.shopify.com | tcp |
| US | 1.1.1.1:53 | sgtm.okay.cz | udp |
| SE | 185.146.173.20:443 | shop.app | tcp |
| DE | 128.140.108.245:443 | insiacare-shopify.hurass.cz | tcp |
| US | 216.239.32.21:443 | sgtm.okay.cz | tcp |
| US | 1.1.1.1:53 | cdn.pagefly.io | udp |
| US | 1.1.1.1:53 | cdn.judge.me | udp |
| NL | 185.172.149.104:443 | cdn.judge.me | tcp |
| GB | 52.84.90.39:443 | cdn.pagefly.io | tcp |
| US | 1.1.1.1:53 | region1.analytics.google.com | udp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | www.google.co.uk | udp |
| GB | 64.233.166.154:443 | stats.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | connect.facebook.net | udp |
| US | 1.1.1.1:53 | bat.bing.com | udp |
| US | 1.1.1.1:53 | s2.adform.net | udp |
| US | 1.1.1.1:53 | cdn.botx.cloud | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 1.1.1.1:53 | front.boldem.cz | udp |
| DK | 37.157.2.250:443 | s2.adform.net | tcp |
| US | 172.66.41.30:443 | cdn.botx.cloud | tcp |
| CZ | 185.219.169.240:443 | front.boldem.cz | tcp |
| US | 1.1.1.1:53 | ct.pinterest.com | udp |
| US | 151.101.64.84:443 | ct.pinterest.com | tcp |
| US | 1.1.1.1:53 | c.imedia.cz | udp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| CZ | 77.75.77.163:443 | c.imedia.cz | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 1.1.1.1:53 | c.seznam.cz | udp |
| CZ | 77.75.77.172:443 | c.seznam.cz | tcp |
| US | 1.1.1.1:53 | track.adform.net | udp |
| DK | 37.157.6.232:443 | track.adform.net | tcp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| CZ | 185.219.169.240:443 | front.boldem.cz | tcp |
| US | 1.1.1.1:53 | cf.storeify.app | udp |
| US | 1.1.1.1:53 | d23dclunsivw3h.cloudfront.net | udp |
| US | 1.1.1.1:53 | d5zu2f4xvqanl.cloudfront.net | udp |
| US | 1.1.1.1:53 | cdn1.judge.me | udp |
| GB | 143.204.68.35:443 | d23dclunsivw3h.cloudfront.net | tcp |
| US | 104.26.13.21:443 | cf.storeify.app | tcp |
| NL | 185.172.149.104:443 | cdn1.judge.me | tcp |
| DE | 18.245.45.33:443 | d5zu2f4xvqanl.cloudfront.net | tcp |
| US | 1.1.1.1:53 | monorail-edge.shopifysvc.com | udp |
| US | 34.111.94.218:443 | monorail-edge.shopifysvc.com | tcp |
| US | 1.1.1.1:53 | img.jena-nabytek.cz | udp |
| US | 1.1.1.1:53 | img.okay.cz | udp |
| CZ | 185.115.0.6:443 | img.okay.cz | tcp |
| CZ | 185.115.0.6:443 | img.okay.cz | tcp |
| CZ | 185.115.0.6:443 | img.okay.cz | tcp |
| CZ | 185.115.0.6:443 | img.okay.cz | tcp |
| CZ | 185.115.0.6:443 | img.okay.cz | tcp |
| CZ | 185.115.0.6:443 | img.okay.cz | tcp |
| CZ | 185.115.0.6:443 | img.okay.cz | tcp |
| US | 1.1.1.1:53 | www.google.cz | udp |
| GB | 216.58.201.99:443 | www.google.cz | tcp |
| US | 1.1.1.1:53 | api.mapy.cz | udp |
| CZ | 77.75.76.182:443 | api.mapy.cz | tcp |
| CZ | 77.75.76.182:443 | api.mapy.cz | tcp |
| CZ | 77.75.76.182:443 | api.mapy.cz | tcp |
| CZ | 77.75.76.182:443 | api.mapy.cz | tcp |
| CZ | 77.75.76.182:443 | api.mapy.cz | tcp |
| CZ | 77.75.76.182:443 | api.mapy.cz | tcp |
| CZ | 77.75.76.182:443 | api.mapy.cz | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | static.xx.fbcdn.net | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | static.xx.fbcdn.net | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | static.xx.fbcdn.net | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | encrypted-tbn0.gstatic.com | udp |
| US | 1.1.1.1:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.180.14:443 | clients1.google.com | tcp |
| GB | 142.250.180.14:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 142.250.178.14:443 | play.google.com | tcp |
| US | 1.1.1.1:53 | consent.google.com | udp |
| GB | 216.58.204.78:443 | consent.google.com | tcp |
| US | 1.1.1.1:53 | cdn.ampproject.org | udp |
| GB | 142.250.200.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.1:443 | cdn.ampproject.org | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | github.githubassets.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 1.1.1.1:53 | avatars.githubusercontent.com | udp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | user-images.githubusercontent.com | udp |
| US | 1.1.1.1:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 1.1.1.1:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | harshalbenake.blogspot.in | udp |
| GB | 142.250.178.1:80 | harshalbenake.blogspot.in | tcp |
| GB | 142.250.178.1:80 | harshalbenake.blogspot.in | tcp |
| US | 1.1.1.1:53 | harshalbenake.blogspot.com | udp |
| GB | 216.58.213.1:80 | harshalbenake.blogspot.com | tcp |
| GB | 216.58.213.1:443 | harshalbenake.blogspot.com | tcp |
| US | 1.1.1.1:53 | www.blogger.com | udp |
| US | 1.1.1.1:53 | www.blogger.com | udp |
| GB | 216.58.201.105:443 | www.blogger.com | tcp |
| US | 1.1.1.1:53 | blogger.googleusercontent.com | udp |
| GB | 172.217.169.1:443 | blogger.googleusercontent.com | tcp |
| GB | 172.217.169.1:443 | blogger.googleusercontent.com | tcp |
| GB | 172.217.169.1:443 | blogger.googleusercontent.com | tcp |
| GB | 172.217.169.1:443 | blogger.googleusercontent.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.1:443 | blogger.googleusercontent.com | tcp |
| US | 1.1.1.1:53 | resources.blogblog.com | udp |
| GB | 142.250.200.41:443 | resources.blogblog.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | redirector.gvt1.com | udp |
| GB | 216.58.204.78:443 | redirector.gvt1.com | tcp |
| US | 1.1.1.1:53 | r3---sn-5hnekn7l.gvt1.com | udp |
| NL | 74.125.100.8:443 | r3---sn-5hnekn7l.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-5hne6nzy.gvt1.com | udp |
| NL | 172.217.132.166:443 | r1---sn-5hne6nzy.gvt1.com | tcp |
| US | 1.1.1.1:53 | r4---sn-5hne6nsr.gvt1.com | udp |
| NL | 172.217.132.73:443 | r4---sn-5hne6nsr.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-5hne6nsy.gvt1.com | udp |
| NL | 172.217.132.102:443 | r1---sn-5hne6nsy.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-5hne6nzs.gvt1.com | udp |
| NL | 74.125.8.102:443 | r1---sn-5hne6nzs.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-5hne6nzd.gvt1.com | udp |
| NL | 74.125.100.230:443 | r1---sn-5hne6nzd.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-5hne6nsd.gvt1.com | udp |
| NL | 172.217.132.6:443 | r1---sn-5hne6nsd.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-5hne6nzk.gvt1.com | udp |
| NL | 172.217.132.134:443 | r1---sn-5hne6nzk.gvt1.com | tcp |
| US | 1.1.1.1:53 | r2---sn-5hne6nsz.gvt1.com | udp |
| NL | 74.125.100.71:443 | r2---sn-5hne6nsz.gvt1.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | github.com | udp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| GB | 142.250.187.227:443 | tcp | |
| US | 1.1.1.1:53 | github.com | udp |
| US | 1.1.1.1:53 | www.blogger.com | udp |
| GB | 142.250.178.1:80 | harshalbenake.blogspot.in | tcp |
| US | 1.1.1.1:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 1.1.1.1:53 | lh5.googleusercontent.com | udp |
| GB | 142.250.187.193:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.187.193:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.187.193:443 | lh5.googleusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 172.217.16.238:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 1.1.1.1:53 | encrypted-tbn0.gstatic.com | udp |
| US | 1.1.1.1:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.187.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.238:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | camo.githubusercontent.com | udp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 1.1.1.1:53 | twitter.com | udp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 1.1.1.1:53 | x.com | udp |
| US | 1.1.1.1:53 | abs.twimg.com | udp |
| US | 1.1.1.1:53 | api.twitter.com | udp |
| US | 1.1.1.1:53 | api.x.com | udp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 104.244.42.130:443 | api.x.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 1.1.1.1:53 | t.co | udp |
| US | 1.1.1.1:53 | pbs.twimg.com | udp |
| PL | 93.184.221.165:443 | t.co | tcp |
| GB | 199.232.56.159:443 | pbs.twimg.com | tcp |