Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    06/09/2024, 18:29 UTC

General

  • Target

    d03206189788f7f2780b7c1668d6e19e_JaffaCakes118.apk

  • Size

    3.4MB

  • MD5

    d03206189788f7f2780b7c1668d6e19e

  • SHA1

    3146ccf56d12b313723b878e374926f4a4ec31bf

  • SHA256

    1f97af5141574e01bef06ffd23fd374530b5aeddd63d3c69ab0e875eb659760c

  • SHA512

    7b29dab7f5c3c39e0a9f320c693b83e67bcf6d4cd1363385b1aa5fb949a889b667341be5973e7d5bdbd9efe31892dfc979fcbfbf54fbe877c9543a707a151fc5

  • SSDEEP

    98304:pdGrAdMGjbRROjBFcnBa9vRQGogBB1xFQZtw:pkoWOn6RuW1xOtw

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.ninefold.bondisushi
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4784
  • com.ninefold.bondisushi:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4838

Network

  • flag-us
    DNS
    www.youtube.com
    Remote address:
    1.1.1.1:53
    Request
    www.youtube.com
    IN A
    Response
    www.youtube.com
    IN CNAME
    youtube-ui.l.google.com
    youtube-ui.l.google.com
    IN A
    142.250.179.238
    youtube-ui.l.google.com
    IN A
    142.250.187.238
    youtube-ui.l.google.com
    IN A
    216.58.201.110
    youtube-ui.l.google.com
    IN A
    172.217.16.238
    youtube-ui.l.google.com
    IN A
    216.58.204.78
    youtube-ui.l.google.com
    IN A
    142.250.200.46
    youtube-ui.l.google.com
    IN A
    172.217.169.46
    youtube-ui.l.google.com
    IN A
    172.217.169.78
    youtube-ui.l.google.com
    IN A
    142.250.180.14
    youtube-ui.l.google.com
    IN A
    142.250.178.14
    youtube-ui.l.google.com
    IN A
    172.217.169.14
    youtube-ui.l.google.com
    IN A
    142.250.187.206
    youtube-ui.l.google.com
    IN A
    142.250.200.14
    youtube-ui.l.google.com
    IN A
    216.58.213.14
    youtube-ui.l.google.com
    IN A
    216.58.212.206
    youtube-ui.l.google.com
    IN A
    216.58.212.238
  • flag-us
    DNS
    api.birbira.xyz
    Remote address:
    1.1.1.1:53
    Request
    api.birbira.xyz
    IN A
    Response
    api.birbira.xyz
    IN A
    172.67.177.167
    api.birbira.xyz
    IN A
    104.21.17.160
  • flag-us
    POST
    https://api.birbira.xyz/v2/client
    Remote address:
    172.67.177.167:443
    Request
    POST /v2/client HTTP/2.0
    host: api.birbira.xyz
    content-type: application/x-www-form-urlencoded
    content-length: 198
    accept-encoding: gzip
    user-agent: okhttp/3
    Response
    HTTP/2.0 200
    date: Tue, 10 Sep 2024 10:04:36 GMT
    content-type: application/json
    cf-cache-status: DYNAMIC
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ApFiERNVhRP9BGpKLPEa2AS6cAA7SEEdTR0CfS9RMN%2FZULB6KVAndi2YciNszJnrJyP7rMg4XoRyjEJYJfWZUe8TD%2FoRlAyFy9As%2BlCymYjX%2BMUC%2BZtYmubkrqcYCi4rXbg%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 8c0e9845af1d63ab-LHR
    content-encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://api.birbira.xyz/v2/settings?client_id=ab2f3d7f-f3f6-836d-dcdf-96a57f147dee&sdk_ver=85&a_ver=30&ts=0
    Remote address:
    172.67.177.167:443
    Request
    GET /v2/settings?client_id=ab2f3d7f-f3f6-836d-dcdf-96a57f147dee&sdk_ver=85&a_ver=30&ts=0 HTTP/2.0
    host: api.birbira.xyz
    accept-encoding: gzip
    user-agent: okhttp/3
    Response
    HTTP/2.0 200
    date: Tue, 10 Sep 2024 10:04:40 GMT
    content-type: text/html; charset=UTF-8
    iv: NWVjYzBmMDEyZjhhOTM0MQ==
    cf-cache-status: DYNAMIC
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=laQ%2FiSi2SLmPzXu11ViEbmyYks2hfpQIHxOR3c2M6b3ClNguouLgcb5i7e7ok6qcQepq6vriqvKvuZHYoeTAwLRvHvN0rS9dMe8YZ9v5PLbyUD9rhQ9a%2F%2F0pL0wrQV7Q9aI%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 8c0e985f9fd363ab-LHR
    content-encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    startup.mobile.yandex.net
    Remote address:
    1.1.1.1:53
    Request
    startup.mobile.yandex.net
    IN A
    Response
    startup.mobile.yandex.net
    IN A
    213.180.204.244
  • flag-ru
    GET
    https://startup.mobile.yandex.net/analytics/startup?deviceid=765d4347fc0e865a06930a637f18b45f&deviceid2=765d4347fc0e865a06930a637f18b45f&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&app_platform=android&protocol_version=2&analytics_sdk_version_name=3.6.4&model=Pixel%202&manufacturer=Google&os_version=11&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&locale=en_US&device_type=phone&queries=1&query_hosts=2&features=ec%2Cpi%2Cs%2Cpc%2Cfc%2Cflc%2Cblc%2Cflbc%2Cblbc%2Ctrtlt%2Ca%2Cg%2Cwa%2Cwc%2Com%2Cca%2Csi%2Csm%2Cap%2Csl&s=1&app_id=com.ninefold.bondisushi&flc=1&app_debuggable=0&sl=1&blc=1&detect_locale=1&uuid=fa07db4de93143adbd71705976dcf96a&time=1&requests=1&stat_sending=1&permissions=1
    Remote address:
    213.180.204.244:443
    Request
    GET /analytics/startup?deviceid=765d4347fc0e865a06930a637f18b45f&deviceid2=765d4347fc0e865a06930a637f18b45f&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&app_platform=android&protocol_version=2&analytics_sdk_version_name=3.6.4&model=Pixel%202&manufacturer=Google&os_version=11&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&locale=en_US&device_type=phone&queries=1&query_hosts=2&features=ec%2Cpi%2Cs%2Cpc%2Cfc%2Cflc%2Cblc%2Cflbc%2Cblbc%2Ctrtlt%2Ca%2Cg%2Cwa%2Cwc%2Com%2Cca%2Csi%2Csm%2Cap%2Csl&s=1&app_id=com.ninefold.bondisushi&flc=1&app_debuggable=0&sl=1&blc=1&detect_locale=1&uuid=fa07db4de93143adbd71705976dcf96a&time=1&requests=1&stat_sending=1&permissions=1 HTTP/1.1
    Accept: application/json
    User-Agent: com.yandex.mobile.metrica.sdk/3.6.4.45179 (Google Pixel 2; Android 11)
    Accept-Encoding: encrypted
    Host: startup.mobile.yandex.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 Ok
    Content-Encoding: encrypted
    Content-Length: 1344
    Content-Type: application/octet-stream
    Date: Tue, 10 Sep 2024 10:04:37 GMT
  • flag-us
    DNS
    report.appmetrica.yandex.net
    Remote address:
    1.1.1.1:53
    Request
    report.appmetrica.yandex.net
    IN A
    Response
    report.appmetrica.yandex.net
    IN A
    213.180.193.226
  • flag-ru
    POST
    https://report.appmetrica.yandex.net/report?encrypted_request=1&deviceid=765d4347fc0e865a06930a637f18b45f&uuid=fa07db4de93143adbd71705976dcf96a&analytics_sdk_version_name=3.6.4&app_version_name=31.1.3&app_build_number=3017&os_version=11&os_api_level=30&analytics_sdk_build_number=45179&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&attribution_id=1&api_key_128=7c352535-6c59-4310-a0dc-96ecbe866e49&app_id=com.ninefold.bondisushi&app_platform=android&model=Pixel%202&manufacturer=Google&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&device_type=phone&android_id=af54fd33bea0cdd5&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&limit_ad_tracking=0&request_id=0
    Remote address:
    213.180.193.226:443
    Request
    POST /report?encrypted_request=1&deviceid=765d4347fc0e865a06930a637f18b45f&uuid=fa07db4de93143adbd71705976dcf96a&analytics_sdk_version_name=3.6.4&app_version_name=31.1.3&app_build_number=3017&os_version=11&os_api_level=30&analytics_sdk_build_number=45179&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&attribution_id=1&api_key_128=7c352535-6c59-4310-a0dc-96ecbe866e49&app_id=com.ninefold.bondisushi&app_platform=android&model=Pixel%202&manufacturer=Google&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&device_type=phone&android_id=af54fd33bea0cdd5&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&limit_ad_tracking=0&request_id=0 HTTP/1.1
    Accept: application/json
    User-Agent: com.yandex.mobile.metrica.sdk/3.6.4.45179 (Google Pixel 2; Android 11)
    Send-Timestamp: 1725962676
    Send-Timezone: 0
    Content-Type: application/x-www-form-urlencoded
    Host: report.appmetrica.yandex.net
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Content-Length: 384
    Response
    HTTP/1.1 200 Ok
    Content-Length: 21
    Content-Type: application/json; encoding=utf-8
    Date: Tue, 10 Sep 2024 10:04:38 GMT
  • flag-ru
    POST
    https://report.appmetrica.yandex.net/report?encrypted_request=1&deviceid=765d4347fc0e865a06930a637f18b45f&uuid=fa07db4de93143adbd71705976dcf96a&analytics_sdk_version_name=3.6.4&app_version_name=31.1.3&app_build_number=3017&os_version=11&os_api_level=30&analytics_sdk_build_number=45179&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&attribution_id=1&api_key_128=20799a27-fa80-4b36-b2db-0f8141f24180&app_id=com.ninefold.bondisushi&app_platform=android&model=Pixel%202&manufacturer=Google&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&device_type=phone&android_id=af54fd33bea0cdd5&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&limit_ad_tracking=0&request_id=0
    Remote address:
    213.180.193.226:443
    Request
    POST /report?encrypted_request=1&deviceid=765d4347fc0e865a06930a637f18b45f&uuid=fa07db4de93143adbd71705976dcf96a&analytics_sdk_version_name=3.6.4&app_version_name=31.1.3&app_build_number=3017&os_version=11&os_api_level=30&analytics_sdk_build_number=45179&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&attribution_id=1&api_key_128=20799a27-fa80-4b36-b2db-0f8141f24180&app_id=com.ninefold.bondisushi&app_platform=android&model=Pixel%202&manufacturer=Google&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&device_type=phone&android_id=af54fd33bea0cdd5&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&limit_ad_tracking=0&request_id=0 HTTP/1.1
    Accept: application/json
    User-Agent: com.yandex.mobile.metrica.sdk/3.6.4.45179 (Google Pixel 2; Android 11)
    Send-Timestamp: 1725962676
    Send-Timezone: 0
    Content-Type: application/x-www-form-urlencoded
    Host: report.appmetrica.yandex.net
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Content-Length: 480
    Response
    HTTP/1.1 200 Ok
    Content-Length: 21
    Content-Type: application/json; encoding=utf-8
    Date: Tue, 10 Sep 2024 10:04:38 GMT
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    172.217.169.8
  • flag-us
    DNS
    api.tridrongo.info
    Remote address:
    1.1.1.1:53
    Request
    api.tridrongo.info
    IN A
    Response
    api.tridrongo.info
    IN A
    172.67.161.129
    api.tridrongo.info
    IN A
    104.21.66.157
  • flag-us
    POST
    https://api.tridrongo.info/v2/event
    Remote address:
    172.67.161.129:443
    Request
    POST /v2/event HTTP/2.0
    host: api.tridrongo.info
    content-type: application/x-www-form-urlencoded
    content-length: 68
    accept-encoding: gzip
    user-agent: okhttp/3
    Response
    HTTP/2.0 200
    date: Tue, 10 Sep 2024 10:04:40 GMT
    content-type: text/html; charset=UTF-8
    cf-cache-status: DYNAMIC
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LpVROpVwaeP8My5AsHhZo6W%2FUFjmPMod58H6zmN0kQSUBgmdxexlc39BixiHqVaTtL1wbwH1YDm%2FRKThyRPwfqhQa%2FwKiC0qy27E5pJOK7XkgxySm6wUuE3MP5Jy83Ssvw4kMQI%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 8c0e986198533dca-LHR
    content-encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    api.oradaph.pw
    Remote address:
    1.1.1.1:53
    Request
    api.oradaph.pw
    IN A
    Response
    api.oradaph.pw
    IN A
    172.67.140.65
    api.oradaph.pw
    IN A
    104.21.8.212
  • flag-us
    POST
    https://api.oradaph.pw/v2/event
    Remote address:
    172.67.140.65:443
    Request
    POST /v2/event HTTP/2.0
    host: api.oradaph.pw
    content-type: application/x-www-form-urlencoded
    content-length: 145
    accept-encoding: gzip
    user-agent: okhttp/3
    Response
    HTTP/2.0 200
    date: Tue, 10 Sep 2024 10:04:41 GMT
    content-type: text/html; charset=UTF-8
    cf-cache-status: DYNAMIC
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0mMyM4VGEiy12czHmmXi1guddxNJ0jrNEmWzdOxH2%2BsCC0nZeJ5BVBOy%2BuuJcheA0aLilNbMMopCkIlfIO7pqKI6QePLvuH5XfksyjMCSl%2FyeVgyWHwhFSyhfN%2Fnp94%2BWg%3D%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 8c0e986498f294ae-LHR
    content-encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    arb.grattomania.space
    Remote address:
    1.1.1.1:53
    Request
    arb.grattomania.space
    IN A
    Response
  • 216.239.38.223:443
    https
    336 B
    40 B
    1
    1
  • 142.250.179.238:443
    www.youtube.com
    tls
    2.1kB
    8.3kB
    18
    15
  • 172.67.177.167:443
    https://api.birbira.xyz/v2/settings?client_id=ab2f3d7f-f3f6-836d-dcdf-96a57f147dee&sdk_ver=85&a_ver=30&ts=0
    tls, http2
    2.3kB
    15.5kB
    25
    25

    HTTP Request

    POST https://api.birbira.xyz/v2/client

    HTTP Response

    200

    HTTP Request

    GET https://api.birbira.xyz/v2/settings?client_id=ab2f3d7f-f3f6-836d-dcdf-96a57f147dee&sdk_ver=85&a_ver=30&ts=0

    HTTP Response

    200
  • 213.180.204.244:443
    https://startup.mobile.yandex.net/analytics/startup?deviceid=765d4347fc0e865a06930a637f18b45f&deviceid2=765d4347fc0e865a06930a637f18b45f&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&app_platform=android&protocol_version=2&analytics_sdk_version_name=3.6.4&model=Pixel%202&manufacturer=Google&os_version=11&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&locale=en_US&device_type=phone&queries=1&query_hosts=2&features=ec%2Cpi%2Cs%2Cpc%2Cfc%2Cflc%2Cblc%2Cflbc%2Cblbc%2Ctrtlt%2Ca%2Cg%2Cwa%2Cwc%2Com%2Cca%2Csi%2Csm%2Cap%2Csl&s=1&app_id=com.ninefold.bondisushi&flc=1&app_debuggable=0&sl=1&blc=1&detect_locale=1&uuid=fa07db4de93143adbd71705976dcf96a&time=1&requests=1&stat_sending=1&permissions=1
    tls, http
    2.1kB
    7.1kB
    11
    10

    HTTP Request

    GET https://startup.mobile.yandex.net/analytics/startup?deviceid=765d4347fc0e865a06930a637f18b45f&deviceid2=765d4347fc0e865a06930a637f18b45f&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&app_platform=android&protocol_version=2&analytics_sdk_version_name=3.6.4&model=Pixel%202&manufacturer=Google&os_version=11&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&locale=en_US&device_type=phone&queries=1&query_hosts=2&features=ec%2Cpi%2Cs%2Cpc%2Cfc%2Cflc%2Cblc%2Cflbc%2Cblbc%2Ctrtlt%2Ca%2Cg%2Cwa%2Cwc%2Com%2Cca%2Csi%2Csm%2Cap%2Csl&s=1&app_id=com.ninefold.bondisushi&flc=1&app_debuggable=0&sl=1&blc=1&detect_locale=1&uuid=fa07db4de93143adbd71705976dcf96a&time=1&requests=1&stat_sending=1&permissions=1

    HTTP Response

    200
  • 213.180.193.226:443
    https://report.appmetrica.yandex.net/report?encrypted_request=1&deviceid=765d4347fc0e865a06930a637f18b45f&uuid=fa07db4de93143adbd71705976dcf96a&analytics_sdk_version_name=3.6.4&app_version_name=31.1.3&app_build_number=3017&os_version=11&os_api_level=30&analytics_sdk_build_number=45179&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&attribution_id=1&api_key_128=7c352535-6c59-4310-a0dc-96ecbe866e49&app_id=com.ninefold.bondisushi&app_platform=android&model=Pixel%202&manufacturer=Google&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&device_type=phone&android_id=af54fd33bea0cdd5&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&limit_ad_tracking=0&request_id=0
    tls, http
    2.6kB
    4.6kB
    11
    9

    HTTP Request

    POST https://report.appmetrica.yandex.net/report?encrypted_request=1&deviceid=765d4347fc0e865a06930a637f18b45f&uuid=fa07db4de93143adbd71705976dcf96a&analytics_sdk_version_name=3.6.4&app_version_name=31.1.3&app_build_number=3017&os_version=11&os_api_level=30&analytics_sdk_build_number=45179&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&attribution_id=1&api_key_128=7c352535-6c59-4310-a0dc-96ecbe866e49&app_id=com.ninefold.bondisushi&app_platform=android&model=Pixel%202&manufacturer=Google&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&device_type=phone&android_id=af54fd33bea0cdd5&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&limit_ad_tracking=0&request_id=0

    HTTP Response

    200
  • 213.180.193.226:443
    https://report.appmetrica.yandex.net/report?encrypted_request=1&deviceid=765d4347fc0e865a06930a637f18b45f&uuid=fa07db4de93143adbd71705976dcf96a&analytics_sdk_version_name=3.6.4&app_version_name=31.1.3&app_build_number=3017&os_version=11&os_api_level=30&analytics_sdk_build_number=45179&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&attribution_id=1&api_key_128=20799a27-fa80-4b36-b2db-0f8141f24180&app_id=com.ninefold.bondisushi&app_platform=android&model=Pixel%202&manufacturer=Google&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&device_type=phone&android_id=af54fd33bea0cdd5&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&limit_ad_tracking=0&request_id=0
    tls, http
    2.7kB
    4.7kB
    11
    10

    HTTP Request

    POST https://report.appmetrica.yandex.net/report?encrypted_request=1&deviceid=765d4347fc0e865a06930a637f18b45f&uuid=fa07db4de93143adbd71705976dcf96a&analytics_sdk_version_name=3.6.4&app_version_name=31.1.3&app_build_number=3017&os_version=11&os_api_level=30&analytics_sdk_build_number=45179&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&attribution_id=1&api_key_128=20799a27-fa80-4b36-b2db-0f8141f24180&app_id=com.ninefold.bondisushi&app_platform=android&model=Pixel%202&manufacturer=Google&screen_width=640&screen_height=320&screen_dpi=160&scalefactor=1.0&device_type=phone&android_id=af54fd33bea0cdd5&adv_id=14a61297-17bd-4636-bc8b-4d1b8cd5fe09&limit_ad_tracking=0&request_id=0

    HTTP Response

    200
  • 172.217.169.8:443
    ssl.google-analytics.com
    tls
    1.4kB
    5.9kB
    10
    9
  • 172.67.161.129:443
    https://api.tridrongo.info/v2/event
    tls, http2
    1.5kB
    4.6kB
    15
    13

    HTTP Request

    POST https://api.tridrongo.info/v2/event

    HTTP Response

    200
  • 172.67.140.65:443
    https://api.oradaph.pw/v2/event
    tls, http2
    1.5kB
    4.6kB
    15
    13

    HTTP Request

    POST https://api.oradaph.pw/v2/event

    HTTP Response

    200
  • 142.250.200.46:443
    www.youtube.com
    tls
    135 B
    40 B
    2
    1
  • 142.250.200.33:443
    tls
    270 B
    40 B
    4
    1
  • 216.239.38.223:443
    tls, https
    256 B
    40 B
    4
    1
  • 216.58.204.65:443
    tls
    270 B
    40 B
    4
    1
  • 216.239.38.223:443
    tls, https
    408 B
    6
  • 224.0.0.251:5353
    3.9kB
    13
  • 1.1.1.1:53
    www.youtube.com
    dns
    61 B
    351 B
    1
    1

    DNS Request

    www.youtube.com

    DNS Response

    142.250.179.238
    142.250.187.238
    216.58.201.110
    172.217.16.238
    216.58.204.78
    142.250.200.46
    172.217.169.46
    172.217.169.78
    142.250.180.14
    142.250.178.14
    172.217.169.14
    142.250.187.206
    142.250.200.14
    216.58.213.14
    216.58.212.206
    216.58.212.238

  • 142.250.179.238:443
    www.youtube.com
    https
    1.4kB
    54 B
    1
    1
  • 1.1.1.1:53
    api.birbira.xyz
    dns
    61 B
    93 B
    1
    1

    DNS Request

    api.birbira.xyz

    DNS Response

    172.67.177.167
    104.21.17.160

  • 1.1.1.1:53
    startup.mobile.yandex.net
    dns
    71 B
    87 B
    1
    1

    DNS Request

    startup.mobile.yandex.net

    DNS Response

    213.180.204.244

  • 1.1.1.1:53
    report.appmetrica.yandex.net
    dns
    74 B
    90 B
    1
    1

    DNS Request

    report.appmetrica.yandex.net

    DNS Response

    213.180.193.226

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
    86 B
    1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    172.217.169.8

  • 1.1.1.1:53
    api.tridrongo.info
    dns
    64 B
    96 B
    1
    1

    DNS Request

    api.tridrongo.info

    DNS Response

    172.67.161.129
    104.21.66.157

  • 1.1.1.1:53
    api.oradaph.pw
    dns
    60 B
    92 B
    1
    1

    DNS Request

    api.oradaph.pw

    DNS Response

    172.67.140.65
    104.21.8.212

  • 1.1.1.1:53
    arb.grattomania.space
    dns
    67 B
    132 B
    1
    1

    DNS Request

    arb.grattomania.space

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.ninefold.bondisushi/files/ZPkFS.log

    Filesize

    90B

    MD5

    58c81acdb6fece00b36c4dc8512b6e47

    SHA1

    62ba8e89bd96f34f1c88c81368fb27549b7cd790

    SHA256

    9d1255f5df695ab48a31622bd8da1ecaa502f9ff672b345f801dc7fbcdc309cb

    SHA512

    3719a0843f236494ad55abb0f36bc7123dd97253a539d547e8da67e575bd3aa5924f9abbb54bd286e50764cd673f48ba44dcc61f971e7ac96c8f7576af6268dc

  • /data/user/0/com.ninefold.bondisushi/no_backup/credentials.dat

    Filesize

    234B

    MD5

    27fc7db61027f9a5cb4a5c916d53dda5

    SHA1

    1f7847decbc7df3abca42ba9aad7038000d3fa80

    SHA256

    319d58c66def1b9c99ecd55d672b0b4e5bfdf79190adcf7957c91c3455d0d367

    SHA512

    e9d28277192df26629c01d30927d305b1a0a5c6f838df23f84ef119ad50e9adbc8b9e1b1cc81c2ca3009710ff15f3f22fb53d92cd50b8429418d8f71b9964db3

  • /data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi

    Filesize

    36KB

    MD5

    ca52a8b491c9fc4b49e504625045ce6c

    SHA1

    fb68c117f349968751bab9fd59918af6c34b62aa

    SHA256

    13229af5185e7cbb4e989d1161a5ef430ae51e06a108a3be9454763d228820c0

    SHA512

    f747277e2a6f44fa159bd7f0fca4c81904088622fe3a517c8bbfb7199eaf293ebe10d8fc44132129ba6b3bea1a81d66100ab59a30cc559b14cab6df2a88ea3ef

  • /data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

    Filesize

    20KB

    MD5

    cd3910aea859f3e883ce44494b8f8bdf

    SHA1

    b7321ae9fc9bf5e509bc557379a7c4149ff05b50

    SHA256

    ddd1ce5c2ab9bdd139289395819e8652ca9fe47387975237730bebf1031c7b39

    SHA512

    3bdda056da2fe68211d5a70f512621b7cd1c4b65017f057e9dc944f17dea80cf11b59b35a1e841fbc8c178a280ddfe72481a684a7a8237a2cdb0d5d5fac6de70

  • /data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

    Filesize

    8KB

    MD5

    79755793d4239135d9150307b82b878f

    SHA1

    786a3eea14c4c06db40c8288da285d9bcc69459c

    SHA256

    ef1ebe3297670e4de70b95f23fb3f967a2c90836aee31fd261fb4d12ce9b7c2d

    SHA512

    19ff94f0653ef1ec090fd5d42f2f17c901945f921c0a763e5e5812cdf8dea40532dac8a878fe698a24db38a9ecd42de5e07d7e860c03cf264eee04c74ff00879

  • /data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

    Filesize

    8KB

    MD5

    6654b68cdb1175cbb540e9559930dba7

    SHA1

    aee3499cd9469d0abb16bfe75b15505d8fb9dfc7

    SHA256

    76c538d6ee602e19c6fa8a8b2f11f735682e364e913b15efd71d9bf83a6ca251

    SHA512

    91345f578f4a7e079e8b9d9735d72e331bf16de79ff57c00b855a79dd7fcdbee71c3a8bf6da5079bb939e69643653c9c873dbef60c69b65af9a67ad16b70a0f7

  • /data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

    Filesize

    12KB

    MD5

    d099ec65ac973661db8591c7f174ce5c

    SHA1

    6c1fab82536c08823ee17e01c427b36feb1c9557

    SHA256

    131b05f451c1db7a2de262ff0ded6b4f5c98d0d8da879a8a7194932524d186d7

    SHA512

    bb7f0503c3446a0c2b49bbe4b32064c94a048b07e6c432800552eb5871a796cf19068e2eb78e9c7530926c3e04ee9231c0de3f0c0db6b2d494f83a3ce750de83

  • /data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

    Filesize

    12KB

    MD5

    167054de0d2923bb812d6196fa149849

    SHA1

    312d9c134e738265a20132590d6c31436dd06eea

    SHA256

    b0315f7109b679e11250a0330dff2735e8265c531bcca9b5efdb36ceab383ed2

    SHA512

    ca78bf3b1d8e1a4e52a61bf683d44db18ec2550dbb66b263606848c3041ad31db2af3bf6c16e3d34daec613cecaeb9cfc054ba9f30ceffaf72162dc95de5a86a

  • /data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

    Filesize

    12KB

    MD5

    42301ee47c9cfb32a40536914e9b2b34

    SHA1

    f77361f6d3f199650a93d7553e5371b3cd8a5f53

    SHA256

    d9946c91078497d40250770207bfeb6b1c77eb4b43397893a6d3c28cf3ece1f5

    SHA512

    928af0468a4965a87bd2ce0d1e6cffabff9f7b5b89a4dfe518c8f2ba2f9bba6854895694d9019abf5745a912ad1d4ebc178f45a6651edeb2117a29eeb66ba10b

  • /data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180

    Filesize

    36KB

    MD5

    90f07299bdb749dc2292ac0a07d50927

    SHA1

    5c8e2548b6da12def9bc9a299f59516a4d2084a2

    SHA256

    e500153f695543398415c70249bfb06c06223393a72b987f012363ad9f07244f

    SHA512

    52ef6ed9fd774c7aa79d6926c4796d623305fc59ee104e485d395f36f7484d25b4c4ba736059e494a0f2fb523db74d86c12c40d0b4c5f2ae2458dc424ad728c3

  • /data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    512B

    MD5

    f7e133d042a58802580d73393e9a7b23

    SHA1

    0352b2ed8993bb99eb1697ecda26f2aa23049c4c

    SHA256

    0fe524d32d04d75271c46bb42c54d72e8b79c92a346d7f52fc624346f22aaf98

    SHA512

    f481a50a903d3a2fc0de123f282d44b85abbcab943ecc47067d314ee4d4818693a8f736f0a8706012f2646ca28ddc15adcc0cb2f1f3351bf3cfa0d961c8d1b1a

  • /data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    eb8e139357c37cae2b3c2143e3790211

    SHA1

    333bc78a4a0f2a342fd7d197c6c2c6a46ca6bb6c

    SHA256

    54e11be8a80c8376be5fd64b125c23dd1d422d5851ac1f01e150320579237b63

    SHA512

    ce0403a0364dc13429507b9067003f02545af6a03767a5e6d7918c201b799438760d2525108b346b50724b932c65e835d2376bf57b22e35a8fbfe0c555c5d958

  • /data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    9a6a22828b75b06ce6d917fcdd4c4331

    SHA1

    2c99a4529bd8e9d3f090b392eaf6dae406d66f47

    SHA256

    2d0bd6becae0abae5153894e85d05412a63917307ab1490dc3a90c47208d9bb0

    SHA512

    1ecb84d954ab44f29eed6be2ac4faf343519a42e3543b0b812e292ee13cf9eac4b05bf00cc648bf35f3b4de43fcd94c2d4f3f45c8c3d98dae31d2e25a2a75702

  • /data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    8da553582f7c1513c2653218af6f3e94

    SHA1

    6dea9b647f4ea11a97a344d22542dec5d5392652

    SHA256

    195e8f21e924fba374c5320a69a483b9c85127ef177b99ee35eecfda27dcec71

    SHA512

    a6fbc851fac7a751fca6fd231ce394975037eae3afc066076e80ef4e9ca8020590d09c90c05c1eef68c04fb47714b00da2d9647b8cfe45ea0d414709f012eb7a

  • /data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    9390a8df2c326672c5b29e7c10b1f320

    SHA1

    9a9a2c5ea19a509bab84f25b14b6bf303d437b44

    SHA256

    9acd4442356c1cbbe785e95a02922bd50626331424769326b35d2e34c70b89f0

    SHA512

    7d8c277e554fa599515086666e3fc3dcafddf3bc70dd8710bc8db2e00a58a016bebf9f20461a8adb0db72685338d44fd3176c09fdbc6bb907b594d3b29310024

  • /data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    1a915dca9f3da1c2beaf40a216b8e9f9

    SHA1

    6dab9664531a788f0828d906b3a3e9cad5e13705

    SHA256

    93da85548b8c129cefbd929c37544054f9ae5bf8b7deb1eb227419460cfea157

    SHA512

    880620003890aa9063d1919b3b43707309284a9201932e04cec84346f51f118138296bac47939d8cd146a68ebbe9420c0d8050d28675e839aa2636a4054cd57d

  • /data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    4c3e2de974e46b10405ed949287b48a4

    SHA1

    f587100807f635ebcac90b18418a620c1c9414a3

    SHA256

    7badbe7b8dc71e54fddb35822ac730b2b8a3897f059f276e09f2087db44dd9c1

    SHA512

    8c4f7e589204a28adeed7ef122942ea499e27668651838be814c599e82c769c8b9129e29501e2e4bcb4ba936d2cb8644e780b576ef4fa847ec674287fed40853

  • /data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    08a4a06893f6a2798f964184f4dd4fad

    SHA1

    8659afd29b9f19f7d5342f6753a963f81ee95468

    SHA256

    d8844124c009682347e15b7300a49708982bb248a187bf059d01210b8a49f75f

    SHA512

    147234fecc4a1152d6cf96492dd0c14d18d0239e7d517ef6aa947d3cca00a9f79add57db9b21450b9dffa20cee0e606561d9e5cfd36d8e3b166c9f7f55efed20

  • /data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    f047a97c151d5d2d52a5a8f274433984

    SHA1

    1d8f50e5d2bd463a4947bb13fdf9e5dd6fd5e337

    SHA256

    572de7b1abf4b893533c46337cc7aef63621df8085c2925aeacf9a1626461461

    SHA512

    db5c062edd52edfa1d2e81df17ecb6508ff30db8bb5220d6a8b5a00236795b1bbf938928fe314e6f3f074afe4d5a7b220beed004d70f15dbc909702c520c01b7

  • /data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    71d15b5e4cf6b7ffd58e1fc0731b9e84

    SHA1

    c8d1a1a93e99c479920f7c64d13b550b1fb959f2

    SHA256

    839b84e70623874222ec96a90d3a10b0c21202797f07fc43e9ea8cbb4fb31a8e

    SHA512

    4ee4c5ce57b60a8820d8b1aaecae2be32e5fa8cf8fbf9033e239d08d9731246c370066532fee27249ebc01ebc2b8b7507fc2526003b09e6334b40f990a103dcd

  • /data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    0fb849d5e3d022f002dcda2a9a43a5fd

    SHA1

    4d8d607a28306d72e265daeb88a4ff5f49338868

    SHA256

    95ab6da8b8849de678d670596e0061b69bcfaed4ab275658263111ccaaa8bfd7

    SHA512

    58286e1a4f1cec8afb1a967adaff5ae81baad001b6a472bfcff431f0bc6639783f20c9169b9070d54b6d8f3b2adbe0952501c732502e12da523d3a6575fdaf03

  • /data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    f34028f095f9c0043d6b908c05ca9e65

    SHA1

    4e90d23cf5d1a40825b3ce97597b81e945594e08

    SHA256

    c2fe492a59dd4f5b042abc6fe6e8b58ed522deaadcb429a35ff5a4dcf352fc9e

    SHA512

    1dec568f6d6c99792cfbd98a2e66b2f3f44a34ea88a0b9084177b8fa8d1879a6430861c35239bb42fedfd160aa7fd9117f30d607ee6def4d4039f4bf7bf805c7

  • /data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    060af74a6efd4974820f1f0439efef63

    SHA1

    b874c0a7678245e99c19d6c672b6dc80be22e54d

    SHA256

    fa5716200c9879e90caa79264bde477822f6fd62ea5d407870ed8656e91d1b02

    SHA512

    db6171d00202540473fd91a83335b97616ada07b1068f8c8111d9833db18da0edf2175c47602b026ecf81532902741bee02be07a0810dd66ace7c700fb5a6067

  • /data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

    Filesize

    20KB

    MD5

    b261d472738f262ccba76f5700ba8127

    SHA1

    f7da39a3a235256f669c80835525902615dac8b0

    SHA256

    2ad08b3ff01a60876cf46fdb483c8c4cd6ccef021921f7680906269e5ccd0456

    SHA512

    768e5e5d71e9deeadb40cb36b61bf4b7f3e661cf563219443327fc18a03efdb8739c9b4a2d82460984a26ced7f5deb92cf397d4d28e77d4acda1fa77639bbc72

  • /data/user/0/com.ninefold.bondisushi/no_backup/metrica_data.db

    Filesize

    44KB

    MD5

    f82f4266415f8db7bc483a26fd91c404

    SHA1

    83f2bdd273810431d35e9dbdebea2c1c997ff8cf

    SHA256

    5639bfc36a057fc0331bc88374c9cc531e10ba00314c46c137547d9373d6a26e

    SHA512

    e799295acf3619572463d16b0ae51448714503f6b7f7a365249ee55963c9b669bd6fc4087c4362aa5ab5378a28154a6a3ec1b6dc4bbd3ec890cc045e81b9623b

  • /data/user/0/com.ninefold.bondisushi/no_backup/metrica_data.db-journal

    Filesize

    12KB

    MD5

    815704eefc705c841c016db7bacf6084

    SHA1

    b76ab06cf17c6c319cb0ca9a842d53b4aba91f82

    SHA256

    44ee637318488301f2f2aacba2e0aae031e43c8e9f469a6e2b0840b74cfea315

    SHA512

    cc01ac81f5b366354e69b837e3e87e0886f0786f4e631760f35de94c8aa39d938ac2dbb5e1ba75526761096ce1fa6ab7fdc4ac7dcac5f91d6f3ee5e41f24543f

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.