Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

59efc82bce...5b.apk

android-9-x86

10

59efc82bce...5b.apk

android-10-x64

10

59efc82bce...5b.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    21/10/2024, 22:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59efc82bcef2f2c4b5ad0e8c19e3730d5af2cc356c64486dfd49ae9cbb36a65b.apk

  • Size

    217KB

  • MD5

    234464f2c0bdddfa469a290246ec7c24

  • SHA1

    f3f1dcc25cb2ef0ab2990af5395931211886398b

  • SHA256

    59efc82bcef2f2c4b5ad0e8c19e3730d5af2cc356c64486dfd49ae9cbb36a65b

  • SHA512

    2a2bbc98490e7af205f9347eaaacc276d482689c6702b58b6e4fddf0e3602291ca824d6a06f8de296024f7c8bdcc20a1f37f9079a9d25b049c1873aec8f44861

  • SSDEEP

    3072:GMm+j5Y8OnH9xmf/g1yZUn5hXmLtiDfEvcMdbXeJpFv2Wzz2HyBBvrfYVQiGK:a+j7y9YHgXn58YDfEjreJpY9SjY8K

Score
10/10
xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.226.105:28844

DES_key
1
4162356431513332

Signatures

Processes

  • dznz.vdhdx.qdhkn
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Reads the content of the MMS message.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Requests changing the default SMS application.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4511

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    172.217.16.238
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    docs.google.com
    Remote address:
    1.1.1.1:53
    Request
    docs.google.com
    IN A
    Response
    docs.google.com
    IN A
    142.250.179.238
  • flag-gb
    GET
    https://docs.google.com/document/d/1s0n64k12_r9MglT5m9lr63M5F3e-xRyaMeYP7rdOTrA/mobilebasic
    Remote address:
    142.250.179.238:443
    Request
    GET /document/d/1s0n64k12_r9MglT5m9lr63M5F3e-xRyaMeYP7rdOTrA/mobilebasic HTTP/1.1
    User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Mobile Safari/537.36
    Accept: text/html,*/*;q=0.8
    Accept-Encoding: gzip
    Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
    Cache-Control: no-cache
    Host: docs.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: text/html; charset=utf-8
    X-Robots-Tag: noarchive
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Mon, 21 Oct 2024 22:08:41 GMT
    Content-Encoding: gzip
    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
    Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt
    Content-Security-Policy: base-uri 'self';object-src 'none';report-uri https://docs.google.com/document/cspreport;script-src 'report-sample' 'nonce-dxeiebhcNl7Rf7zNGO4yPA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';worker-src 'self' blob:
    Reporting-Endpoints: default="/document/d/1s0n64k12_r9MglT5m9lr63M5F3e-xRyaMeYP7rdOTrA/web-reports?bl=editors.documents-frontend_20241015.02_p2&context=eJwV0HlUVFcSB-Dre7eeCs2qaEQ2BVTcAijRyCY03dMwoiQq98kohk0O0YGIqOMSR4njGbdxwCgqIs0Otu0ajrtoFFeiEhUjOkQdVxaNSyPCBOaXP75T95yqU7eqrP7t5NgZy7RcsI2KYNF9BCuEldaCmeGIRrArEGYvWAm4OQo23EkwLVyAhAGC1QwUbPQnglVBtLNgLoMFi3URrNRNsDR3wbqGCpbsKZhmmGCucAa6RgpmM1owB6iEUWMEyx0r2Do_wfQBgm2AbdDzmWDTJgh2a6JgTyA0RLAvZmIGVbAJcDNOsIdQGC_Y3QTBnkPfZMEGwZ0UwcbPFywCWhbjT_hltWAvoHKNYMfgerZgTRDxnWAzYOJmwQywYbtgu8A7T7AA6N4hmO1OwbJ3Y07ILkSE0UbBgiC_VDATXDUL1gj9DwrmBcercT9oOi3YKxhyUTA_-BY2Q-RlwWZB2DXsBfo63A52QhWMuilYIFQ3CFYL70C-K9i_7gm2B8oakYPjcAV-bBLsZ3B7JNhYyHsiWAXYPRXMHQ7Dj3ARGuD5C8E-QOJbwTLhGbRDop3KzsJN0NirzAWeD1RZlLPK4sB-vMo8YO5nKlsMJ-Ea7PpcZXuhAZ5B32iVhcSobCp8D-umq2w7HFVV9ihOZWvmqCwHwhJU9gWcS1RZPdgvQn-YkaWyratUlg8P4Al0gfx3lQ0GTzgP1-AXeAhtYIFfnepZ3MgWKRE2zX4jfQ-NqW-kx_CP82-kzZD6-K2UAYM-fScNgZjYd5IKB8ZapKNwztciuRks0jCY-a1FmgMuqy2SFwzMtkju0H7CInXD7lqLVApX5n-Q6mFZUIe0BtTgDukriJvXISXCyQ0d0nmom_lRug0TVnyUQsHx6kfJGfre_Cg5QKBjp6SFQd91SkNgw8ZOKfcPxk5pF6Tu-p-UAWu_7JY2QXtPt9QNp1x6pAswY36PNBt8l_VIE0Fa3iNZQWkmk_dB40MmP4Ztxb1kQ2kvOQbcN0vycLhklOQbcPEC3rIs3wAPH1keASe_lOXzMHemLKdC9TpZPgsZF2R5Kbx9KsudsNiKy7UeXP4JWl9N4u_B8cMk7gw5zYF8J6x_Fchz4O37QN4J96cF8QE7grgbPNoXxF9CqnMwz4A6n2DuMTGYj4ANecF8G9h5hfCBsGRcCF8FZ5JD-EVYnx7Cc6CBQnkTRG8J5TOh-3IoV66E8qr6UH4IBo-fzD2BqZN5Hwi7M5k7uoZxZ-gyhHElMowXRYXxKrjRGsZ_hZq2MH4JlPBwbguvV4Tzqh3h_BAcqAznNVBnCue3wckczl2hSaPlXgO1fDQ0x2j5Wzj9jZbXwuslWv4BPq7U8l7farnrGi33hsYDWv4Ynh7W8jZYcUvLN8KpO1p-Aea0aHkKuL5BPeiHRPCpYBkawckzgv9NjeD_hOVfR_Dt-RG8HForIvh78GuP4J_DNBBQBYfglquO34cHw3S8FcYN13EtyCN1vB_kJ-n47TTkoWChjpfB5CU6bgCrHB13hCSzjq89o-ObYM8lHQ_7WccjYd8zHf8BTnvoeS0sCNDzLHg6Qc8t8G6unndBZ4KeWyXq-bgteh4IhU4GfhnSXQ18FWRDLoyKNfBxkJtq4Hf3GPhj8Gww8L_0i-RJcKV_JL8HJz-J5Beh9_JIbgfJvaP4AthgFcVzwTStkPpNL6TBcOFoIdWB7fVCKvtPIVXDp32NFAoecUYaAYNSjDTkD6uN5AePthppaYmRCk4YqQzSTxppCQTXGEkHNu-N5ARZ7UZaC3s7jHQY8noVUQUMjy-i6wVF1ASZx4poOYz8qYj8YWpPEcXCw9nF9AI0u4upP3gXFNMYqCwtpoNQ_7aYtmaWUD4U5pTQAehsKSGptYTSXpfQQuBSKfWHuAWllAh1bmV0G3zSy6hsbRmZQf6hjBqiyqnnz-XUe0o5rd9aTlePlFMjHDtdTudhlrmCEuDcfyuoHnLcK2lAUCUNgxtrKqkRlOpKsoWQ5r2kh6Lf91IVHB9sonOwZ4yJquB8lImugetUE3kDizFRH-ibYiIH8FllovHgvd1EYyC32kTFMKJ2H63kZloLwT5m0oHnKDONgrwAM1XA4a_NdAKmLDPTDLhcYaabYHPMTE6w6LiZVoBHl5l8YcCI_eQGpuj9dASGJu2nkWDJ2E9lIc1kht0pzVQKThnN5A0Vm5vpAGgdWshrWguNh4w5LbQU2u-1UDeoD1roK3AJbSUv-E20UgcMP9xKE0B_opWmwodzrdQDk33aKAaSA9rIe1YbjQH_XW00CdrOttHvYOfzhtzBHGWtHIZOYa1IqrVyNcdaaYTYCmslHh49sVZeQo3FWpnx0VqZ3mmtqPAnP40ioEenUXrrNYocr1Eq0zXKQbi4XKM0wNQ8jRIL7_I1Sgf07NYodgUapTDTRqkAQ7WNEgMPj9ooLyD2lI3iNc9WGQ07sm0VI_TZYqvYg12NrbLymq1S8NROOTjFXlk4316Jb7ZX5oEhxkFZ89JBibd3VAITHRVH6z4vi-4fU-x_e7_O0dk6OiMxbUFKeMKitKShPinJaVkZmYvGJmckLf5rSnrWojHzMjPSs1LSk-f6-_qP9_P1Cxjr6z_3G___A45D42E&build-label=editors.documents-frontend_20241015.02_p2&imp-sid=CLSy3am-oIkDFdvX0gQdoLIYcA&is-cached-offline=false"
    Referrer-Policy: strict-origin-when-cross-origin
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
    Server: GSE
    Set-Cookie: NID=518=yZzgd0waw_nR5QM-OHrbpDhmwNPIuqoAU8fB8OAOOxi5hpO-QFLHMkq-PaUv-CG3XBIcdz1Iy5QMxE09KOAX94bebuyfQJkr1eU0UCL38sFP1plGoepVsuDi0WHS11ShikBH2RYWG-9z4o6Qejt02pn8eMmYEAlmSOMNB8Ny-7SqdHI; expires=Tue, 22-Apr-2025 22:08:40 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    x-l2-request-path: l2-managed-5
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://docs.google.com/document/d/1IIB6hhf_BB1DaxzC1aNfLEG1K97LsPsN55AT5pFWYKo/mobilebasic
    Remote address:
    142.250.179.238:443
    Request
    GET /document/d/1IIB6hhf_BB1DaxzC1aNfLEG1K97LsPsN55AT5pFWYKo/mobilebasic HTTP/1.1
    User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Mobile Safari/537.36
    Accept: text/html,*/*;q=0.8
    Accept-Encoding: gzip
    Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
    Cache-Control: no-cache
    Host: docs.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: text/html; charset=utf-8
    X-Robots-Tag: noindex, nofollow, nosnippet
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Mon, 21 Oct 2024 22:08:42 GMT
    Content-Encoding: gzip
    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
    Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt
    Content-Security-Policy: base-uri 'self';object-src 'none';report-uri https://docs.google.com/document/cspreport;script-src 'report-sample' 'nonce-JDymXVcbBNtG5-SENP9cQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';worker-src 'self' blob:
    Reporting-Endpoints: default="/document/d/1IIB6hhf_BB1DaxzC1aNfLEG1K97LsPsN55AT5pFWYKo/web-reports?bl=editors.documents-frontend_20241015.02_p2&context=eJwV0HtYzdkaB_Dl91vvj7RLNXJJERVym0oNo5va7X12jWhmaP10XKabnnCKhOM6Mo5zxuV4yhCSdveybcJ03MXIPbdBiNPguHbhiK2LM3W-88fnedZ613re9a5vzyJHh45otlERLLKHYHmw0lowMxzWCHYZQuwEK4SBDoINcxRMC9UQ20ewqr6CjeonmAkinQTrN0CwaGfBigYKljxIsE9DBEtwE0wzVDAXOA2fRghmM0oweyiDkaMFyxoj2HpvwfR-gm2AbdD1hWBTxgl2e7xgzyA4SLC4rwRLg6-nYRZVsHFwM0awx5A3S7B7sYK9BKsEwfrD3UTBfOcJFgaNi_E23F8j2CsoyxDsKFxfK1g9hP0g2FQYv1kwA2zYLtgu8MgWzA86dwhmu1OwtbsxL9zPRR9Ym4c9jDIKFgA5RcgDrpgFq4PeFYK5w7FK5An1pwR7A4MvCOYNq2AzhF8SbDqEXMX_QF-DLGEnlMOIm4JNgLI7mBtOQg1U1gp2Ht6DfE-wfz4QbA8U1-EMjsFl-KVesF9h4BPBxkD2M8FKoddzwQbBIfgFLkAtvHwlWCvEtSBzeAEfIa6Xys7ATdDYqcwZXvZVWYSTymLAzldlrjD7C5UthhNwFXZ9qbK9UAsvwCpSZUFRKpsMP8H6b1W2HY6oKnsSo7KMmSrLhJBYlX0NZ-NUdgvsFqE_TE1X2dbVKsuBMqiAR_AMBnyvMje4BnfhPjyGZrDAb463WMyIRikONs14J_0EdUnvpKfwt3PvpM3QbW6LZAVJT1ukVOj_-XtpMERFv5dUODDGIh2Bs14WaaDBIg2Faass0kxwXmOR3KHvWos0CD4et0idsPu8RSqCy_NapVuwLKBNygA1sE36DmLmtElxcGJDm3QOaqa1S3dg3Ip2KRgcrrRLTmB1s12yB3-HDkkL_X_okAbDho0dUtYfjB3SLkja9T8pFdZ90yltgo9dnVInnHTukqph6rwuaQZ4LeuSxoO0vEvqCUVpTN4HdY-Z_BS2FXSTDUXd5CgYtFmSh8FFoyTfgAvVWMuyfANcPWV5OJz4RpbPwexpspwEletl-QykVsvyUmh5LssdsLgnl8-7cvkaNL2ZwD-AQ-sE7gSZDf58J_z4xp9nQssHf94BD6cE8D47AvhAeLIvgL-GJKdAngo1noHcdXwgHw4bsgP5NujlHsT7wpKxQXw1nE4I4hfg-5Qg_neopWBeD5Fbgvk06LwUzJXLwbz8VjA_CAN8J3I3YOpE3gNC7k7kzi4h3B0-GUK4Eh7C8yNCeDncaArhv0FVcwi_CEpoKLeFtytCefmOUH4QDpSF8iqoMYXyO-BoDuUuUK_Rcve-Wj4KGqK0vAVOLdDy8_B2iZa3QvtKLe-2SstdMrTcA-oOaPlTeH5Iy5thxW0t3wgn72p5Ncxs1PJEcHmH-6AfHMYng2VIGCe3MP5XNYz_A5bPDePbc8J4CTSVhvEP4P0xjH8JOoiEcjgIb6EVbrvo-EN4NFTHm2DsMB3XQk68jt9JRh1yF-p4MUxcouMG6Jmp4w4Qb9bxdad1fBPsuajjIb_qeDjse6HjP8MpVz0_D_P99Dwdno_Tcwu8n63nn6AjVs97xun52C167g95jgZ-CVJcDHw1rIUsGBlt4GMhK8nA7-0x8KfgVmvgf_4snMfD5d7h_AGc6BfOL0D35eG8FyR0j-DzYUPPCJ4Fpil59Nm3eTQAqo_kUQ3YXs-j4n_nUSV8bmWkYHCNMdJw6J9opMF_WGMkb3iy1UhLC42Ue9xIxZBywkhLILDKSDqw-WAkR0j_aKR1sLfNSIcgu1s-lcKwWfl0PTef6iHtaD4thxHX8skHJnflUzQ8nlFAr0Czu4B6g0duAY2GsqICqoBbLQW0Na2QciAvs5AOQEdjIUlNhZT8tpAWApeKqDfEzC-iOKgZWEx3wDOlmHLWFVMhyD8XU21ECXV9VULdJ5XQj1tL6MrhEqqDo6dK6Bzsv1tC_4Lp5lKKhbP_KaVbkDmojPoElNFQuJFRRnWgVJaRLQQ17CU95P--l8rh2AATnYU9o01UDi6TTeQBLMpEPcAq0UT24LnaRL7gsd1EoyGr0kQFMPz8PlrJzbQOAj3NpAO3kWYaCdl-ZiqFQ3PNdBwmLTPTVLhUaqabYHPUTI6w6JiZVoDrJzN5gSlyPx2GIfH7aQRYUvdTcVADmWF3YgMVgWNqA3lA6eYGOgBa-0Zyn9JIvpA6s5GWwscHjdQJ6qNG-g6cg5vIHf4rmqgNhh1qonGgP95Ek6H1bBN1wUTPZoqCBL9m8pjeTKPBZ1czTYDmM830O9h5viNXMEdYK4egQ1grkmqtXMm0VuogutRamQVPnlkrr6HKYq1MbbdWpnegDn_y1igCunQapbteo8izNEpZikapgAvLNUotTM7WKNHwPkejtAHL1Sh2kJdmo5SCodJGiYKGIzZKC0SftFHc59gqo2DHWlvFCD222Cp20KvKVll51VbJfd5LqZhkpyycZ6cYouyVjNf2yiw7B8U_zkFxsO7RkP_wqGJX0dq6wMk6MjUueX5iaOyi5PghnokJyempaYvGJKTGL_5LYkr6otFz0lJT0hNTEmb7ePn4ent5-43x8pm9wOf_AIHyhA&build-label=editors.documents-frontend_20241015.02_p2&imp-sid=CMOFp6q-oIkDFb0PqQEdkwcZMQ&is-cached-offline=false"
    Referrer-Policy: strict-origin-when-cross-origin
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
    Server: GSE
    Set-Cookie: NID=518=EFmkpSkNr4XBC-5s99St6IxmqLPMFIPc6NCo7Lv6RKOqY_mV8zMcOEBFYTJOdJeW7CiDKwidiWjnoqiR-P4LxVWkMW0ZkSJ8LDGiKBuYIl4QVMfz9_9qRzTCPYYjM_B7q41G1THch1q-Z-F1TqwCyVKh-6cXekE3yWloa53ZFtLCu8w; expires=Tue, 22-Apr-2025 22:08:41 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    x-l2-request-path: l2-managed-5
    Transfer-Encoding: chunked
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    172.217.16.232
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
  • 142.250.180.14:443
    tls, https
    4.4kB
     40 B
     4
    1
  • 142.250.180.14:443
    https
    1.6kB
     40 B
     2
    1
  • 142.250.179.238:443
    https://docs.google.com/document/d/1s0n64k12_r9MglT5m9lr63M5F3e-xRyaMeYP7rdOTrA/mobilebasic
    tls, http
    2.0kB
     19.7kB
     17
    19

    HTTP Request

    GET https://docs.google.com/document/d/1s0n64k12_r9MglT5m9lr63M5F3e-xRyaMeYP7rdOTrA/mobilebasic

    HTTP Response

    200
  • 142.250.179.238:443
    https://docs.google.com/document/d/1IIB6hhf_BB1DaxzC1aNfLEG1K97LsPsN55AT5pFWYKo/mobilebasic
    tls, http
    3.2kB
     24.2kB
     25
    25

    HTTP Request

    GET https://docs.google.com/document/d/1IIB6hhf_BB1DaxzC1aNfLEG1K97LsPsN55AT5pFWYKo/mobilebasic

    HTTP Response

    200
  • 91.204.226.105:28844
    180 B
     3
  • 172.217.16.238:443
    android.apis.google.com
    tls
    13.4kB
     14.4kB
     54
    48
  • 172.217.16.232:443
    ssl.google-analytics.com
    tls
    3.3kB
     6.6kB
     13
    9
  • 91.204.226.105:28844
    1.6kB
     1.1kB
     18
    10
  • 91.204.226.105:28844
    1.8kB
     1.0kB
     17
    8
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 142.250.179.228:443
    tls, https
    846 B
     40 B
     2
    1
  • 142.250.179.228:443
    www.google.com
    tls
    11.7kB
     14.8kB
     34
    37
  • 91.204.226.105:28844
    2.0kB
     733 B
     17
    8
  • 91.204.226.105:28844
    1.2kB
     666 B
     13
    7
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    968 B
     598 B
     11
    7
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    1.1kB
     1.1kB
     13
    9
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    908 B
     613 B
     10
    7
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    908 B
     598 B
     10
    7
  • 91.204.226.105:28844
    913 B
     608 B
     10
    7
  • 91.204.226.105:28844
    913 B
     608 B
     10
    7
  • 91.204.226.105:28844
    913 B
     608 B
     10
    7
  • 91.204.226.105:28844
    913 B
     608 B
     10
    7
  • 91.204.226.105:28844
    913 B
     608 B
     10
    7
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    138 B
     109 B
     2
    1

    DNS Request

    android.apis.google.com

    DNS Request

    android.apis.google.com

    DNS Response

    172.217.16.238

  • 1.1.1.1:53
    docs.google.com
    dns
    61 B
     77 B
     1
    1

    DNS Request

    docs.google.com

    DNS Response

    142.250.179.238

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    140 B
     86 B
     2
    1

    DNS Request

    ssl.google-analytics.com

    DNS Request

    ssl.google-analytics.com

    DNS Response

    172.217.16.232

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/dznz.vdhdx.qdhkn/files/dex
    Filesize

    456KB

    MD5

    c5654523e4899cf11630fe902e74b494

    SHA1

    d51781ac831b0442d5aaa8fb801d664f0daeb1c4

    SHA256

    fd7e515d5732df7cc5632a8411671fdad79815c7df963ef68f728398c8c8db31

    SHA512

    19e1fdb04673dec606e0376b0ffb4e32bd12d37cf50d22815c114ccc2a76824b114835ef858e0fbc84d89dc6be1e1951be047e24521771c05d6ce43fac137bdb

    Download Submit

  • /data/user/0/dznz.vdhdx.qdhkn/files/oat/dex.cur.prof
    Filesize

    1KB

    MD5

    fac0bbc00f561210e5571657d7bb778a

    SHA1

    ddcd3923257c046c426aa9f5312a63094c210069

    SHA256

    e0ae105d117a5326ca9854a7683e191e1e8c4c8767fd6956119208af22e4b894

    SHA512

    a7536cb83f68afa18c5c9a7d8844f335b50c3d6c6abc58200f2e6bf4c159fdf63bb531bc01989e9d58e1bf6c0bf836ee4f5eefcc8306cf8a4b5d834d09385d43

    Download Submit

  • /storage/emulated/0/.msg_device_id.txt
    Filesize

    36B

    MD5

    a6be25ea0d1a3870647adbb67450f2a1

    SHA1

    0223c8a6813621f3107dad287ab0abc51a24263b

    SHA256

    265913795bfd72fdd2c6e5b0c380331c2f27c6dab21342122f7579a67ad4ce01

    SHA512

    6a8406cc5ae23af52ffaa1d4cb11d62ced5ee705c8f326c58f09505101bc8f6397fe07ebd4d8262f5fd4bd26ad08fdcd75320e5b99fbe17eb357fd387ae499b8

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.