Analysis
-
max time kernel
4s -
max time network
137s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
08-10-2024 02:39
Behavioral task
behavioral1
Sample
5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
Resource
android-x86-arm-20240910-en
General
-
Target
5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
-
Size
3.6MB
-
MD5
d836feab9d4bf3c6cf086bdc14724c8b
-
SHA1
c837cf7b181679a0081165e5fe4aa0eb94f748f8
-
SHA256
5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
-
SHA512
8c7801c5f1d8dfda39e0c65bdbea83feb8f217b41b69a245d01dd9e983a6a357c8b0b2be79123bed07e638655fc66ef3a093cc01be68c696ecfea5ab6c692dad
-
SSDEEP
98304:5s13ZL3Vf6JqeomaMDmQZ75ub8GoRJ6Odp/9hBbW+te6lXhAyHzwI:eTLVf6JumaMiQVWovl9jS+oS4I
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.systemservice -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.systemservice
Processes
Network
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A142.250.179.232
-
Remote address:1.1.1.1:53Requestprotocol-a100.phoneparental.comIN AResponseprotocol-a100.phoneparental.comIN A172.67.144.220protocol-a100.phoneparental.comIN A104.21.47.58
-
Remote address:172.67.144.220:80RequestGET /protocols/get-brand-info.aspx?brand_info=tts HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001)
Host: protocol-a100.phoneparental.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Vary: Accept-Encoding
Set-Cookie: ASP.NET_SessionId=et554p15ycb3bknzpf3y2t5i; path=/; HttpOnly; SameSite=Lax
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T3NfNXbQUETXI6CSOiPATCi7dsKCPlatQ2wDJJGE41ctKvYsEpKOdpp1VNpVjq0PYB%2BaDpiGBxvcNGS7VJIBVCdw4nIDILaB6e84teQQ2g3%2BE2bnPcFFdtAqQO9UIRJv8f0YUYiphvd27zXULLiSb4HA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Speculation-Rules: "/cdn-cgi/speculation"
Server: cloudflare
CF-RAY: 8cf2c340be639485-LHR
Content-Encoding: gzip
-
Remote address:172.67.144.220:80RequestGET /protocols/get-brand-info.aspx?brand_info=tts HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001)
Host: protocol-a100.phoneparental.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Vary: Accept-Encoding
Set-Cookie: ASP.NET_SessionId=yhdr2qxsfcvitbbxskmvcwpe; path=/; HttpOnly; SameSite=Lax
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mozTnTW19OpxJaeTNRnTZuky%2B9OR9hR7sDvschvqJsVMtEmH3JyoUMmhtLCh0jAFrLuiwOX7%2BhH9ORbThbk6EyDsZUpKl7jbPU6p8v1cHauYbzlQ8hGlFvb6qK0O7KAlPx7aBBvsO74svlefMSMlLlEy"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Speculation-Rules: "/cdn-cgi/speculation"
Server: cloudflare
CF-RAY: 8cf2c3479a1a9485-LHR
Content-Encoding: gzip
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A216.58.212.238
-
Remote address:1.1.1.1:53Requestg.tenor.comIN AResponseg.tenor.comIN CNAMEtenor.googleapis.comtenor.googleapis.comIN A216.58.212.202tenor.googleapis.comIN A142.250.180.10tenor.googleapis.comIN A142.250.187.202tenor.googleapis.comIN A142.250.187.234tenor.googleapis.comIN A172.217.16.234tenor.googleapis.comIN A172.217.169.42tenor.googleapis.comIN A142.250.200.42tenor.googleapis.comIN A142.250.179.234tenor.googleapis.comIN A216.58.201.106tenor.googleapis.comIN A216.58.204.74tenor.googleapis.comIN A216.58.213.10tenor.googleapis.comIN A142.250.178.10tenor.googleapis.comIN A142.250.200.10tenor.googleapis.comIN A172.217.169.10
-
Remote address:1.1.1.1:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.178.4
-
520 B 10
-
520 B 10
-
1.3kB 6.2kB 8 8
-
520 B 10
-
172.67.144.220:80http://protocol-a100.phoneparental.com/protocols/get-brand-info.aspx?brand_info=ttshttp922 B 3.4kB 8 9
HTTP Request
GET http://protocol-a100.phoneparental.com/protocols/get-brand-info.aspx?brand_info=ttsHTTP Response
200HTTP Request
GET http://protocol-a100.phoneparental.com/protocols/get-brand-info.aspx?brand_info=ttsHTTP Response
200 -
900 B 40 B 1 1
-
4.7kB 8.6kB 14 21
-
2.3kB 5.9kB 10 10
-
1.7kB 7.9kB 11 12
-
128 B 40 B 2 1
-
128 B 40 B 2 1
-
2.1kB 8.8kB 13 15
-
3.7kB 11
-
70 B 86 B 1 1
DNS Request
ssl.google-analytics.com
DNS Response
142.250.179.232
-
77 B 109 B 1 1
DNS Request
protocol-a100.phoneparental.com
DNS Response
172.67.144.220104.21.47.58
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
216.58.212.238
-
57 B 312 B 1 1
DNS Request
g.tenor.com
DNS Response
216.58.212.202142.250.180.10142.250.187.202142.250.187.234172.217.16.234172.217.169.42142.250.200.42142.250.179.234216.58.201.106216.58.204.74216.58.213.10142.250.178.10142.250.200.10172.217.169.10
-
60 B 76 B 1 1
DNS Request
www.google.com
DNS Response
142.250.178.4
-
1.5kB 49 B 2 1
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5ea628e04765adaf4238a5dcdff4bbd51
SHA1a801947619ea8c368efe9c006a324dc6339ac60b
SHA256885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe
-
Filesize
512B
MD5646d1cbcd9453bb009e441dd0d8c752b
SHA15841ab3f01dd1bdbe3ea1ff52e5a3f81395d7e01
SHA256d4b48b1187487d808b0b52cf9035df861bad76f874b24cf84c59c2e50c33b00d
SHA5121156e36c2309ae480bdd43fa3f2ddb234782a602dd97e098ec66de85b184b7284a7fba5642b1f8984073428542a8bae49867cf5e5455bf199fa698812a8c06d1
-
Filesize
8KB
MD5d0cb6ff9424ac5c0009eeff155fcb654
SHA120165cbf24b7aa0a548d8421b18d844a3c971a93
SHA2569ac2396c73f99b9914a462e0ad3329fd1e6591fac726c26441be29be30ac0e50
SHA512ff655625af6b65dd4727b31c3175e4e71371cc2c65697c6cadb5c2e2326d41968f3da6ca4513ee25f877fe9098670dacf2afc870a900f1579d685d4199594f2a
-
Filesize
8KB
MD5be9fd8535a8aac38602e8258f2e52322
SHA1e99843ddeca0fe34ef4ec7958f1cc08013cc957f
SHA256d2c98a5fdef91476ca6caae268e3e19159f0877a03cddf3e72beb6aaeff362ce
SHA512a853d39d05f9d1596d54b94e673cb4274426ad87d7d16ac93257a600ff727780e934b976dc95c91f64541fadcba46abf068b6dcdb636c0705e3180f77f93b7df
-
Filesize
36KB
MD5045489a0639eee27bca52f48828cd93d
SHA1436e7966e7c019273c44faa4d8c5709b816dfda3
SHA2560151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e