Analysis Overview
score
10/10
Threat Level: Known bad
The file https://www.mediafire.com/file/uut7jo6m92glu7t/tiktok.apk/file was found to be: Known bad.
Malicious Activity Summary
SLocker
SLocker payload
Requests dangerous framework permissions
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
N/A
Analysis: static1
Detonation Overview
Reported
2024-07-26 18:06
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-26 18:06
Reported
2024-07-26 18:11
Platform
android-33-x64-arm64-20240624-en
Max time kernel
298s
Max time network
312s
Command Line
com.android.chrome
Signatures
SLocker
SLocker payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.201.100:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| US | 1.1.1.1:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | the.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 1.1.1.1:53 | btloader.com | udp |
| US | 1.1.1.1:53 | www.ezojs.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| US | 1.1.1.1:53 | translate.google.com | udp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 1.1.1.1:53 | static.cloudflareinsights.com | udp |
| GB | 142.250.179.238:443 | translate.google.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| DE | 142.250.185.200:443 | udp | |
| NL | 18.239.18.117:443 | cdn.amplitude.com | tcp |
| US | 104.16.114.74:443 | www.mediafire.com | udp |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 172.67.73.78:443 | www.mediafiredls.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| US | 104.16.113.74:443 | www.mediafire.com | udp |
| US | 104.16.52.110:443 | cdn.otnolatrnup.com | tcp |
| DE | 142.250.186.170:443 | content-autofill.googleapis.com | tcp |
| DE | 142.250.186.170:443 | tcp | |
| US | 35.82.39.1:443 | api.amplitude.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| DE | 142.250.186.74:443 | translate.googleapis.com | tcp |
| US | 216.239.36.181:443 | analytics.google.com | tcp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | tcp |
| DE | 142.250.186.170:443 | udp | |
| DE | 216.58.212.170:443 | optimizationguide-pa.googleapis.com | tcp |
| DE | 142.250.186.132:443 | udp | |
| DE | 142.250.186.74:443 | udp | |
| DE | 142.250.186.74:443 | translate.googleapis.com | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| US | 104.16.52.110:443 | udp | |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | udp |
| US | 104.21.63.106:443 | www.ezojs.com | udp |
| DE | 142.250.185.142:443 | udp | |
| US | 199.91.155.17:443 | download2276.mediafire.com | tcp |
| US | 199.91.155.17:443 | tcp | |
| US | 216.239.36.181:443 | udp | |
| US | 104.21.63.210:443 | 1redlink.com | tcp |
| US | 104.21.63.210:443 | tcp | |
| DE | 142.250.186.74:443 | udp | |
| US | 104.21.63.210:443 | udp | |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 104.18.95.41:443 | udp | |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| GB | 216.58.201.100:443 | udp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| US | 34.104.35.123:443 | edgedl.me.gvt1.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 34.104.35.123:443 | udp | |
| DE | 142.250.186.78:80 | redirector.gvt1.com | tcp |
| DE | 74.125.108.105:80 | r4---sn-i5h7lnll.gvt1.com | tcp |
| DE | 74.125.108.103:80 | r2---sn-i5h7lnll.gvt1.com | tcp |
| DE | 142.250.185.100:443 | udp | |
| US | 1.1.1.1:53 | voilatile-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | voilatile-pa.googleapis.com | tcp |
| DE | 142.250.186.46:443 | tcp | |
| DE | 142.250.186.46:443 | tcp | |
| DE | 142.250.186.46:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | udp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.179.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.179.238:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.187.194:443 | tcp | |
| GB | 142.250.187.194:443 | tcp | |
| GB | 142.250.200.38:443 | tcp | |
| GB | 142.250.180.2:443 | tcp | |
| GB | 142.250.187.194:443 | tcp | |
| GB | 172.217.169.46:443 | tcp | |
| US | 216.239.34.36:443 | tcp | |
| GB | 172.217.169.42:443 | voilatile-pa.googleapis.com | tcp |
| GB | 172.217.16.225:443 | tcp | |
| GB | 142.250.179.225:443 | tcp | |
| GB | 172.217.16.225:443 | tcp | |
| GB | 172.217.16.225:443 | tcp | |
| GB | 172.217.16.225:443 | tcp | |
| GB | 172.217.16.225:443 | tcp |
Files
/storage/emulated/0/Download/.pending-1722622037-tiktok.apk (deleted)
| MD5 | 59071590099d21dd439896592338bf95 |
| SHA1 | 6a521e1d2a632c26e53b83d2cc4b0edecfc1e68c |
| SHA256 | 07854d2fef297a06ba81685e660c332de36d5d18d546927d30daad6d7fda1541 |
| SHA512 | eedb6cadbceb2c991fc6f68dccb80463b3f660c5358acd7d705398ae2e3df2b4327f0f6c6746486848bd2992b379776483a98063ae96edb45877bb0314874668 |
/storage/emulated/0/Download/.pending-1722622037-tiktok.apk
| MD5 | 7cc805be68b2392cbc8d9b643b6f1a35 |
| SHA1 | d808a8aee11a2335e09ceb2744b60a00544f0b71 |
| SHA256 | 3ad6a04700902fdc4dcf1fcdaa39490335319860c6777b9efa32a58cda8dcc77 |
| SHA512 | 3f6c825a2f3aa40d1d8caef0220b2fe40166efd864a26a63df5573f489fc073aa7d1dcf50b4c41a53e31f3c7397fb171f46603168e261558601df28e8503b81c |
files/dom-0.html
| MD5 | a9fc5ee9473aecad51b1440523f03a39 |
| SHA1 | aeecc415a1c52e2457138f6bb237dda50dee0b40 |
| SHA256 | 6f9d6d5abbe029dd63263748ad46512889479a21891e403de9cc6d8c72959ae7 |
| SHA512 | 222aa1a9bfbe998030f2af06a3b1b0c4ec4f6ac93801c1a422b449c3942e8ccc23fe4351453cc8252d4816d72473d78afedd5b33e2c4bb42cc95370a00cfd6b3 |
files/dom-1.html
| MD5 | 1335c351bf36193d364de30056207aa0 |
| SHA1 | 78668edb9da525f9fcc59b5e5b6c0f34f9680652 |
| SHA256 | 0914fa07767812cb1c48ae028b2fdb7915620317db6b85bee531b71c9ab9c378 |
| SHA512 | 9b31a1746e2b41ba379ca06380f0c1cdf7a0d78e79deda5f4dceacd7807fa5d70a2b3edb8a5753b6daf99c70f800e4f774a6033b7b70d78ba65c3a97062453f0 |